Member Avatar for peppermints

Hello,

I am attempting to to make a PHP application that is a basic online banking service.

Everything is working fine separately, however for some reason I can't reference the username that is logged in on pages such as transaction and bill pay page.

Here is my code for the login page:

<?php
	session_start();
	db_connect();
	$sec_password = md5($_POST['password']) ;
	$login = mysql_query ("SELECT * FROM login WHERE user_id = '".$_POST['username']."' and password = '$sec_password';", $c);
	$_SESSION["username"] = $_POST["username"];
	if(isset($_POST[Login]))
		{
			echo "login succesful";
			header("Location: http://i211.informatics.indiana.edu/~jwlyons/project/iusobhome.html");
			} else {
				echo "Sorry, you are not currently logged in." ;
				}


?>

And here is an example of what I'm trying to do with a transactions page, which accesses a database that has a history of your transactions and adds what you input to them: (broken down into the relevant parts)

<?php
	function db_connect() {
		include('db-connect.php') ;

		global $c ; 
		$c = mysql_connect($db_host,$db_user,$db_pass) ;
			if ($c) {
				mysql_select_db($db_db,$c) ;
				return true;
			} else {
				return false ;
	} }


	//Start the Session
	session_start();
	$user = $_SESSION['username'];

In this I connect to the database and attempt to assign the $user variable to the $username variable that was assigned when the user logs in.

Now, when I try to add a transaction, it just adds it with the user_id as a blank value.

Here's an example of what I have:

$query = $query = "insert into transactions values ('".$_POST['user']."', '".$date."', '".$_POST["description"]."', '".$_POST["type"]."', '".$_POST["amount"]."');" ;
							$queryForChecking = "select * from balance where user_id = '".$_POST['user']."';";
							$resultOfChecking = mysql_query($queryForChecking, $c);
							if(mysql_num_rows($resultOfChecking) >0){
								$queryb = "update balance set current_balance ='".$current_balance."' where user_id = '".$_POST['user']."';";
							
							}else{
								$queryb = "insert into balance values ('".$_POST['user']."', '".$current_balance."');" ;
							}
							
							$result2 = mysql_query($query, $c) ;		
							$resultb2 = mysql_query($queryb, $c) ;}

							show_trans_table() ; 
							db_disconnect() ;
							}

What's really baffling me is that I made a simple test page:

<?php
	function db_connect() {
		include('db-connect.php') ;

		global $c ; 
		$c = mysql_connect($db_host,$db_user,$db_pass) ;
			if ($c) {
				mysql_select_db($db_db,$c) ;
				return true;
			} else {
				return false ;
	} }


	//Start the Session
	session_start();
	$user = $_SESSION['username'];
	
	echo $user;
	
	?>

And that is able to make a call to the login variable. So I'm guessing that it has something to do with my syntax somewhere, I just can't figure it out.

  • 2 Contributors
  • 1 Reply
  • 140 Views
  • 6 Hours Discussion Span
  • Latest Post Latest Post by Stefano Mtangoo
Member Avatar for Stefano Mtangoo

In Login:
1. Check if login info are sent if not redirect back to login page with ambiguous error message
2. If logged in check for credentials with ambiguous error message
3. If logged in redirect to members page

you skipped number 1

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.