Member Avatar for justinmyoung

Can someone recommend a good, reliable open source PHP script that allows for a user to login with a username and password/id.

I want to allow a user to enter his/her username and password, where the password pulls specific data from the database, such as all the data with a certain store number - such that a manager could access all the information for each one of their different stores.

<?php


if(isset($_POST['submit'])) {
	$jobnumber=$_POST['jobnumber'];

	$con = mysql_connect("localhost","root","");
	if (!$con)
	  {
	  die('Could not connect: ' . mysql_error());
	  }

	mysql_select_db("", $con);

	$query = "SELECT * FROM customers WHERE job_number='$jobnumber' OR email='$jobnumber'";
	
	$result = mysql_query($query);

In this script, I have it so a customer can access his or her specific information about their product order. But where I'm stuck is incorporating a separate login/password form where the password pulls all the data that has a particular number. Do I still use the $_POST function if I'm pulling large sections of data?

Thanks for any help, as always.

  • 2 Contributors
  • 12 Replies
  • 569 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by Ole Raptor
Member Avatar for justinmyoung

I've tried this method:

if(isset($_POST['submit'])) {
	$storeid=$_POST['store_id'];

	$con = mysql_connect("localhost","root","");
	if (!$con)
	  {
	  die('Could not connect: ' . mysql_error());
	  }

	mysql_select_db("", $con);

	$query = "SELECT * FROM retailers WHERE store_id='$storeid'";
	
	$result = mysql_query($query);
	
	echo "<table class='sample'>";
	while ($row = mysql_fetch_array($result))  {

But I'm getting this error:

Notice: Undefined index: store_id in /Users/laurenyoung/Sites/parsec/sox.php on line 103

Line 103 = $storeid=$_POST;

Member Avatar for justinmyoung

I don't think I explained myself right.

What I'm trying to do is allow for multiple users (managers from various stores) the ability to access their store information by typing in a identification number. All the information, from all the different stores, would be within 1 single database.

If a manager with an ID 7200 types in 7200 they will receive all the information from the database with the ID 7200.

I don't think my code above will work.

Thanks again for any help.

Member Avatar for Ole Raptor

will the user be able to access other pages to display more information?
if this is the case you can set the id into a session. also with letting the users know this number and depending on the information stored this could a security risk.?
could have the user login and when they login have a field in the db storing the storeid. on login set that store id into a session.
example:

if(isset($_POST['login'])){
$query = mysql_query("SELECT * FROM users WHERE UserName = '".$_POST['username']."' and Password='".md5($_POST['pass'])."'")or die(mysql_error());

 $info=mysql_fetch_array($query);

$_SESSION['store_ref']=$info['store_id'];

then when you need to pull info for the user to view you can use this in your query

$viewinfo = mysql_query("SELECT * FROM table WHERE store_id = '".$_SESSION['store_ref']."'") or die(mysql_error());
//display info
while($row=mysql_fetch_assoc($viewinfo)){
echo $row['datacolumn'];
}

but this is just an idea

Member Avatar for justinmyoung

I will have the user login to have access to a page with a simple form asking for a Store ID.

When the manager puts in his/her Store ID, all the Store ID's with that number will be pulled from the database.

So I guess the problem is more simple than I've realized. All I want is a script that will pull multiple rows from a table in the database, instead of just one. This code below pulls a single row from a table in the database:

if(isset($_POST['submit'])) {
	
        $jobnumber=$_POST['jobnumber'];

	$con = mysql_connect("localhost","root","");
	if (!$con)
	  {
	  die('Could not connect: ' . mysql_error());
	  }

	mysql_select_db("", $con);

	$query = "SELECT * FROM customers WHERE job_number='$jobnumber' OR email='$jobnumber'";
	
	$result = mysql_query($query);

It pulls the row with that job number. What I need is something that will pull ALL the rows with that job number, which could be several hundreds. Could this work?

$viewinfo = mysql_query("SELECT * FROM retailers WHERE store_id = 'store_id'".$_SESSION['store_ref']."'") or die(mysql_error());

//display info
while($row=mysql_fetch_assoc($viewinfo)){
echo $row['datacolumn'];
}

Thanks!

Member Avatar for justinmyoung

I don't understand why I'm getting an "undefined index error" here??? on line 5 which is:

$id=$_POST['store_id'];
<?php

if(isset($_POST['submit'])) {
	
	$id=$_POST['store_id'];

	$con = mysql_connect("localhost","root","//");
	if (!$con)
	  {
	  die('Could not connect: ' . mysql_error());
	  }

	mysql_select_db("//", $con);

	$query = "SELECT * FROM retailers WHERE store_id='$id' ";
	
	$result = mysql_query($query);
	
	echo "<table class='sample'>";
	while ($row = mysql_fetch_array($result))  {
		
		//store id
		
		echo "<th>Store ID</th>";
		
		echo "<td>" . $row['store_id'] . "</td>";
		echo "</tr>";
		
		//name
		
		echo "<th>Customer Name</th>";
		
		echo "<td>" . $row['name'] ."</td>";
		echo "</tr>";
		
		//email
		
		echo "<th>Email</th>";
		
		echo "<td>".$row['email']."</td>";
		echo "</tr>";
		
		//repair number
		
		echo "<th>Repair Number</th>";
		
		echo "<td>".$row['repair_number']."</td>";
		echo "</tr>";
		
		//in date
		
		echo "<th>In Date</th>";
		
		echo "<td>".$row['in_date']."</td>";
		echo "</tr>";
		
		
		//est date
		
		echo "<th>Estimated Date</th>";
		
		echo "<td>".$row['est_date']."</td>";
		echo "</tr>";
		

	}
		echo "</table>";
	}
?>
Member Avatar for Ole Raptor

have you echoed the $_POST to see what is there?

Member Avatar for justinmyoung 
<?php

$con = mysql_connect("localhost","root","//");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("parsec", $con);

echo $_POST['store_id'];

?>

did I do that correctly? It tells me I have an UNDEFINED INDEX ERROR

Could that be something to do with how it is entered in the database?

Thanks!

Member Avatar for Ole Raptor

can you post a bit of your form too? you want to make sure everything is the correct case. you are dealing with case sensitive items. if you can post a bit of your form code i think it will help a bit.

Member Avatar for justinmyoung

Here's the first page (b.php), which is a simple input form:

<html>
	<body>
		<h1>Sample</h1>
		<div id="container">

<h2></h2>

	<form action="sox.php" method="post">
	
	<label for="store_id" style="font-size: 14px; margin-top: 10px; font-weight: bold; font-variant: small-caps;">Store ID:</label>
	<input type="text" name="first_name" value="" maxlength="30" style="width:49.6%; font-size: 30px;"<br /><?php if (isset($_POST['store_id'])) echo $_POST['store_id']; ?><br /></p>
	
	
	<form method="post" action="sox.php">
	<input type="submit" style="width:90px; height: 35px; margin-left: 260px; -moz-border-radius: 10px;" name="submit" value="get info">
</form>

			</div>
		<div id="extraDiv1"><span></span></div>
	</html>
</body>

Here's the second page (sox.php), which I would like to display the results:

<?php


if(isset($_POST['submit'])) {
	
	$store_id=mysql_real_escape_string( $_POST['store_id'] );

	$con = mysql_connect("localhost","root","....");
	if (!$con)
	  {
	  die('Could not connect: ' . mysql_error());
	  }

	mysql_select_db(".....", $con);

	$query = "SELECT * FROM retailers WHERE store_id='$store_id' ";
	
	$result = mysql_query($query);
	
	echo "<table class='sample'>";
	while ($row = mysql_fetch_array($result))  {
		
		//store id
		
		echo "<th>Store ID</th>";
		
		echo "<td>" . $row['store_id'] . "</td>";
		echo "</tr>";
		
		//name
		
		echo "<th>Customer Name</th>";
		
		echo "<td>" . $row['name'] ."</td>";
		echo "</tr>";
		
		//email
		
		echo "<th>Email</th>";
		
		echo "<td>".$row['email']."</td>";
		echo "</tr>";
		
		//repair number
		
		echo "<th>Repair Number</th>";
		
		echo "<td>".$row['repair_number']."</td>";
		echo "</tr>";
		
		//in date
		
		echo "<th>In Date</th>";
		
		echo "<td>".$row['in_date']."</td>";
		echo "</tr>";
		
		
		//est date
		
		echo "<th>Estimated Date</th>";
		
		echo "<td>".$row['est_date']."</td>";
		echo "</tr>";
		

	}
		echo "</table>";
	}
?>

Theoretically, I would like to have the fields displayed horizontally rather than vertically, but that's something else of a battle.

Thanks!

Member Avatar for Ole Raptor

see your using a little protection for sql injection. good deal. ok you are setting the label to store id. will you try changing your storeid part of the form to this:

<form action="sox.php" method="post">
<label for="store_id" style="font-size: 14px; margin-top: 10px; font-weight: bold; font-variant: small-caps;">Store ID:</label>
	<input type="text" name="store_id" value="" maxlength="30" style="width:49.6%; font-size: 30px;"<br />

<input type="submit" style="width:90px; height: 35px; margin-left: 260px; -moz-border-radius: 10px;" name="submit" value="get_info">
</form>

this is going to take the text the user enters and set this as store_id. on your other page you can simply do this to pull that over.

<?php
if(isset($_POST['get_info'])){
$storeid = $_POST['store_id'];
//complete your code

or you can keep it the same and just change the textfield name to name="store_id".

Member Avatar for justinmyoung

Thanks for your help! Works now!

Member Avatar for Ole Raptor

Your welcome. Glad I could help.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.