0

Can someone recommend a good, reliable open source PHP script that allows for a user to login with a username and password/id.

I want to allow a user to enter his/her username and password, where the password pulls specific data from the database, such as all the data with a certain store number - such that a manager could access all the information for each one of their different stores.

<?php


if(isset($_POST['submit'])) {
	$jobnumber=$_POST['jobnumber'];

	$con = mysql_connect("localhost","root","");
	if (!$con)
	  {
	  die('Could not connect: ' . mysql_error());
	  }

	mysql_select_db("", $con);

	$query = "SELECT * FROM customers WHERE job_number='$jobnumber' OR email='$jobnumber'";
	
	$result = mysql_query($query);

In this script, I have it so a customer can access his or her specific information about their product order. But where I'm stuck is incorporating a separate login/password form where the password pulls all the data that has a particular number. Do I still use the $_POST function if I'm pulling large sections of data?

Thanks for any help, as always.

2
Contributors
12
Replies
13
Views
9 Years
Discussion Span
Last Post by ProfessorPC
0

I've tried this method:

if(isset($_POST['submit'])) {
	$storeid=$_POST['store_id'];

	$con = mysql_connect("localhost","root","");
	if (!$con)
	  {
	  die('Could not connect: ' . mysql_error());
	  }

	mysql_select_db("", $con);

	$query = "SELECT * FROM retailers WHERE store_id='$storeid'";
	
	$result = mysql_query($query);
	
	echo "<table class='sample'>";
	while ($row = mysql_fetch_array($result))  {

But I'm getting this error:

Notice: Undefined index: store_id in /Users/laurenyoung/Sites/parsec/sox.php on line 103

Line 103 = $storeid=$_POST;

0

I don't think I explained myself right.

What I'm trying to do is allow for multiple users (managers from various stores) the ability to access their store information by typing in a identification number. All the information, from all the different stores, would be within 1 single database.

If a manager with an ID 7200 types in 7200 they will receive all the information from the database with the ID 7200.

I don't think my code above will work.

Thanks again for any help.

0

will the user be able to access other pages to display more information?
if this is the case you can set the id into a session. also with letting the users know this number and depending on the information stored this could a security risk.?
could have the user login and when they login have a field in the db storing the storeid. on login set that store id into a session.
example:

if(isset($_POST['login'])){
$query = mysql_query("SELECT * FROM users WHERE UserName = '".$_POST['username']."' and Password='".md5($_POST['pass'])."'")or die(mysql_error());

 $info=mysql_fetch_array($query);

$_SESSION['store_ref']=$info['store_id'];

then when you need to pull info for the user to view you can use this in your query

$viewinfo = mysql_query("SELECT * FROM table WHERE store_id = '".$_SESSION['store_ref']."'") or die(mysql_error());
//display info
while($row=mysql_fetch_assoc($viewinfo)){
echo $row['datacolumn'];
}

but this is just an idea

0

I will have the user login to have access to a page with a simple form asking for a Store ID.

When the manager puts in his/her Store ID, all the Store ID's with that number will be pulled from the database.

So I guess the problem is more simple than I've realized. All I want is a script that will pull multiple rows from a table in the database, instead of just one. This code below pulls a single row from a table in the database:

if(isset($_POST['submit'])) {
	
        $jobnumber=$_POST['jobnumber'];

	$con = mysql_connect("localhost","root","");
	if (!$con)
	  {
	  die('Could not connect: ' . mysql_error());
	  }

	mysql_select_db("", $con);

	$query = "SELECT * FROM customers WHERE job_number='$jobnumber' OR email='$jobnumber'";
	
	$result = mysql_query($query);

It pulls the row with that job number. What I need is something that will pull ALL the rows with that job number, which could be several hundreds. Could this work?

$viewinfo = mysql_query("SELECT * FROM retailers WHERE store_id = 'store_id'".$_SESSION['store_ref']."'") or die(mysql_error());

//display info
while($row=mysql_fetch_assoc($viewinfo)){
echo $row['datacolumn'];
}

Thanks!

0

I don't understand why I'm getting an "undefined index error" here??? on line 5 which is:

$id=$_POST['store_id'];
<?php

if(isset($_POST['submit'])) {
	
	$id=$_POST['store_id'];

	$con = mysql_connect("localhost","root","//");
	if (!$con)
	  {
	  die('Could not connect: ' . mysql_error());
	  }

	mysql_select_db("//", $con);

	$query = "SELECT * FROM retailers WHERE store_id='$id' ";
	
	$result = mysql_query($query);
	
	echo "<table class='sample'>";
	while ($row = mysql_fetch_array($result))  {
		
		//store id
		
		echo "<th>Store ID</th>";
		
		echo "<td>" . $row['store_id'] . "</td>";
		echo "</tr>";
		
		//name
		
		echo "<th>Customer Name</th>";
		
		echo "<td>" . $row['name'] ."</td>";
		echo "</tr>";
		
		//email
		
		echo "<th>Email</th>";
		
		echo "<td>".$row['email']."</td>";
		echo "</tr>";
		
		//repair number
		
		echo "<th>Repair Number</th>";
		
		echo "<td>".$row['repair_number']."</td>";
		echo "</tr>";
		
		//in date
		
		echo "<th>In Date</th>";
		
		echo "<td>".$row['in_date']."</td>";
		echo "</tr>";
		
		
		//est date
		
		echo "<th>Estimated Date</th>";
		
		echo "<td>".$row['est_date']."</td>";
		echo "</tr>";
		

	}
		echo "</table>";
	}
?>
0
<?php

$con = mysql_connect("localhost","root","//");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("parsec", $con);

echo $_POST['store_id'];

?>

did I do that correctly? It tells me I have an UNDEFINED INDEX ERROR

Could that be something to do with how it is entered in the database?

Thanks!

0

can you post a bit of your form too? you want to make sure everything is the correct case. you are dealing with case sensitive items. if you can post a bit of your form code i think it will help a bit.

0

Here's the first page (b.php), which is a simple input form:

<html>
	<body>
		<h1>Sample</h1>
		<div id="container">

<h2></h2>

	<form action="sox.php" method="post">
	
	<label for="store_id" style="font-size: 14px; margin-top: 10px; font-weight: bold; font-variant: small-caps;">Store ID:</label>
	<input type="text" name="first_name" value="" maxlength="30" style="width:49.6%; font-size: 30px;"<br /><?php if (isset($_POST['store_id'])) echo $_POST['store_id']; ?><br /></p>
	
	
	<form method="post" action="sox.php">
	<input type="submit" style="width:90px; height: 35px; margin-left: 260px; -moz-border-radius: 10px;" name="submit" value="get info">
</form>

			</div>
		<div id="extraDiv1"><span></span></div>
	</html>
</body>

Here's the second page (sox.php), which I would like to display the results:

<?php


if(isset($_POST['submit'])) {
	
	$store_id=mysql_real_escape_string( $_POST['store_id'] );

	$con = mysql_connect("localhost","root","....");
	if (!$con)
	  {
	  die('Could not connect: ' . mysql_error());
	  }

	mysql_select_db(".....", $con);

	$query = "SELECT * FROM retailers WHERE store_id='$store_id' ";
	
	$result = mysql_query($query);
	
	echo "<table class='sample'>";
	while ($row = mysql_fetch_array($result))  {
		
		//store id
		
		echo "<th>Store ID</th>";
		
		echo "<td>" . $row['store_id'] . "</td>";
		echo "</tr>";
		
		//name
		
		echo "<th>Customer Name</th>";
		
		echo "<td>" . $row['name'] ."</td>";
		echo "</tr>";
		
		//email
		
		echo "<th>Email</th>";
		
		echo "<td>".$row['email']."</td>";
		echo "</tr>";
		
		//repair number
		
		echo "<th>Repair Number</th>";
		
		echo "<td>".$row['repair_number']."</td>";
		echo "</tr>";
		
		//in date
		
		echo "<th>In Date</th>";
		
		echo "<td>".$row['in_date']."</td>";
		echo "</tr>";
		
		
		//est date
		
		echo "<th>Estimated Date</th>";
		
		echo "<td>".$row['est_date']."</td>";
		echo "</tr>";
		

	}
		echo "</table>";
	}
?>

Theoretically, I would like to have the fields displayed horizontally rather than vertically, but that's something else of a battle.

Thanks!

0

see your using a little protection for sql injection. good deal. ok you are setting the label to store id. will you try changing your storeid part of the form to this:

<form action="sox.php" method="post">
<label for="store_id" style="font-size: 14px; margin-top: 10px; font-weight: bold; font-variant: small-caps;">Store ID:</label>
	<input type="text" name="store_id" value="" maxlength="30" style="width:49.6%; font-size: 30px;"<br />

<input type="submit" style="width:90px; height: 35px; margin-left: 260px; -moz-border-radius: 10px;" name="submit" value="get_info">
</form>

this is going to take the text the user enters and set this as store_id. on your other page you can simply do this to pull that over.

<?php
if(isset($_POST['get_info'])){
$storeid = $_POST['store_id'];
//complete your code

or you can keep it the same and just change the textfield name to name="store_id".

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.