Member Avatar for -==Zero==-

I Got A Problem Here And Seem I Got Some Fix For The Code

The Problem Here

http://www.daniweb.com/web-development/php/threads/403345

But I Need To Know Something

This Code Work Ok

<?
if(isset($_SESSION['username']))
{
    $query = ("SELECT * FROM users WHERE password='$_SESSION[password]'");
    $result = mysql_query($query);
    while($row = mysql_fetch_array($result))
   {
    echo "Welcome<br/>";
    echo "Your Username : $row[username]<br/>";
    echo "Your Password Is : $_SESSION[password]<br/>";
    echo "Your Email : $row[email]<br/>";
    echo "Member ID : $row[id]";
    }

}else{
 
echo "<img src='Zimg/Login.Png' alt='Login' /><br/><br/>";
echo "Reg Plz";
echo "<META HTTP-EQUIV='refresh' CONTENT='2; URL=index.php'>";
 
}
?>

And When I Change

("SELECT * FROM users WHERE password='$_SESSION[password]'")

To

("SELECT * FROM users WHERE username='$_SESSION[username]'")

It Dont Show Anything

Why The Password Show And Work

But The Username Dont Show Anything ?

Edited by -==Zero==- because: n/a
  • 6 Contributors
  • 29 Replies
  • 262 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by sohbet

Recommended Answers

All 29 Replies

Member Avatar for HITMANOF44th

try using

$query = "SELECT * FROM `users` WHERE `username` = '".$_SESSION['username']."'";
Edited by HITMANOF44th because: n/a
Member Avatar for -==Zero==-

try using

$query = "SELECT * FROM `users` WHERE `username` = '".$_SESSION['username']."'";

I Tried This In The First Topic But No Luck

I Think The Session Has A Problem

I Tried This Now It Dont Show Anything

Why The Password Show Data And Username Doesnt Show Anything ?

Member Avatar for diafol

try to avoid using short codes: <?php instead of <?

Also have

session_start();

at the top of every page.

Member Avatar for HITMANOF44th

if you echo $query it always comes up blank ?
can you do a print_r for session
does that show anything set for the password session

print_r($_SESSION);

and also do you have session

session_start();

set at the top

Member Avatar for -==Zero==-

try to avoid using short codes: <?php instead of <?

Also have

session_start();

at the top of every page.

Thanks So Much

Iam Putting This In The Start Of The Page

<?php session_start();?>

And I Replaced All Short Tags

But No Luck Still Dont Show Anything :(

If I Used The Password Session

And I Have 2 Member With The Same Password

It Will Show All The Data In One Page

Is There's Any Solution For This Problem ?

Or Is There's Any Other Way To Show Data With The Session ?

Member Avatar for -==Zero==-

if you echo $query it always comes up blank ?
can you do a print_r for session
does that show anything set for the password session

print_r($_SESSION);

and also do you have session

session_start();

set at the top

This Is The Whole Page

<?php session_start(); ?>
 
<?php
include('func.php');
include('Admin/config.php');
?>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="rtl" lang="ar">
 
<head>
<title>Profile</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256" />
<link href="favicon.ico" rel="icon" type="image/x-icon" />
<link rel="stylesheet" type="text/css" href="Style.Css" />
 
</head>
 
<body>
 
<?php include "header.html" ?>
 
<div id="wrap">
 
<div class="Log_Content">
 
<?
if(isset($_SESSION['username']))
{
    $query = ("SELECT * FROM users WHERE password='$_SESSION[password]'");
    $result = mysql_query($query);
    while($row = mysql_fetch_array($result))
   {
    echo "Welcome<br/>";
    echo "Your Username : $row[username]<br/>";
    echo "Your Password Is : $_SESSION[password]<br/>";
    echo "Your Email : $row[email]<br/>";
    echo "Member ID : $row[id]";
    }

}else{
 
echo "<img src='Zimg/Login.Png' alt='Login' /><br/><br/>";
echo "Reg Plz";
echo "<META HTTP-EQUIV='refresh' CONTENT='2; URL=index.php'>";
 
}
?>
 
</div>
 
<div class="linksfooter">
<?php include "links.html"; ?>
</div>
 
</div>
 
<?php include "tags.html" ?>
 
<center>
<?php include "under.html" ?>
</center>
 
</body>
</html>

It Work Ok

But If You Changed

$query = ("SELECT * FROM users WHERE password='$_SESSION[password]'");

To

$query = ("SELECT * FROM users WHERE username='$_SESSION[username]'");

It Dont Show Anything

Member Avatar for HITMANOF44th

can u post the section of your code where the password is set ?

and also to single out one user you can

$query = "SELECT * FROM `users` WHERE `username` = '".$_SESSION['username']."' AND `password` = '".$_SESSION['password']."'";
Member Avatar for diafol 
$query = ("SELECT * FROM users WHERE user='{$_SESSION['username']}' LIMIT 1");

then run query
check the password outside the query:
no need for while if just one record:

$row = mysql_fetch_array($result);
if($row['password'] == $_SESSION['password']){
 ..success..
}else{
 ..fail..
}

however, I don't see the point of saving the pw in a session. Also think of hashing the pw - don't have it stored as a cleartext. You can use a variety of hashes for this - I have an example here:

http://www.diafol.org/md5.php

Edited by diafol because: n/a
commented: You Are Amazing Sir And Have Amazing Knowledge +3
Member Avatar for -==Zero==-

can u post the section of your code where the password is set ?

and also to single out one user you can

$query = "SELECT * FROM `users` WHERE `username` = '".$_SESSION['username']."' AND `password` = '".$_SESSION['password']."'";

This Is The Check.php File

<?php
include('Admin/config.php');
session_start();
$username = addslashes($_POST['username']);
$password = addslashes($_POST['password']);
if($username != null && $password != null){

$query = "SELECT `password` FROM `users` WHERE `username` = '$username'";
$result = mysql_query ($query) or die ("Query failed");
$answer = 'false';
while($n=mysql_fetch_array($result))
{

if($n['password'] == ($password)){
$_SESSION['username'] = $username;
$_SESSION['password'] = $n['password'];
$answer = 'true';
mysql_close($connect);
}

}

if($answer == 'true'){

include('Log_Success.php');

}else{

echo "Bad";

}

}else{

echo "You Must Fill The Username & Password Fields";

}
?>
Member Avatar for -==Zero==- 
$query = ("SELECT * FROM users WHERE user='{$_SESSION['username']}' LIMIT 1");

then run query
check the password outside the query:
no need for while if just one record:

$row = mysql_fetch_array($result);
if($row['password'] == $_SESSION['password']){
 ..success..
}else{
 ..fail..
}

however, I don't see the point of saving the pw in a session. Also think of hashing the pw - don't have it stored as a cleartext. You can use a variety of hashes for this - I have an example here:

http://www.diafol.org/md5.php

Thanks For Help Sir

But if I have 2 Users

Zero ---> Password = 1234
Mega ---> Password = 1234

If I Limit The Query To get Only 1 Result

How Will It Choose The Right One

May Zero Log In And It get Mega Info Instead Of Zero

Is This Right Or No ?

Member Avatar for HITMANOF44th

im not sure why you dont check for the username and password at the same time then
if that data is in the data base the user exist then set the sessions so that your username and password sessions are set
that would solve selecting the right user

<?php
session_start();
include('Admin/config.php');

$username = $_POST['username'];
$password = $_POST['password'];
$username  = stripslashes($username);
$password = stripslashes($password);
$username  = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
     

     $query = "SELECT `password` FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
$result=mysql_query($query);
$count=mysql_num_rows($result);

if($count==1){
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
}
else {
echo "Wrong Username or Password";
}


?>
Edited by HITMANOF44th because: n/a
commented: Thanks Sir For Your Help +3
Member Avatar for -==Zero==-

im not sure why you dont check for the username and password at the same time then
if that data is in the data base the user exist then set the sessions so that your username and password sessions are set
that would solve selecting the right user

<?php
session_start();
include('Admin/config.php');

$username = $_POST['username'];
$password = $_POST['password'];
$username  = stripslashes($username);
$password = stripslashes($password);
$username  = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
     

     $query = "SELECT `password` FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
$result=mysql_query($query);
$count=mysql_num_rows($result);

if($count==1){
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
}
else {
echo "Wrong Username or Password";
}


?>

Thanks I Added This

include('Log_Success.php');

After

if($count==1){
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

So It Include The Success Login Page

Now I Edited The Profile Page

$query = ("SELECT * FROM users WHERE username='$_SESSION[username]'");

It Still Dont Show Anything

Member Avatar for HITMANOF44th 
$query = ("SELECT * FROM users WHERE username='".$_SESSION['username']."'");
Edited by HITMANOF44th because: n/a
Member Avatar for HITMANOF44th

also where every you want that thing to show up print_r the session around there lets see if ti is getting there

Member Avatar for diafol

Never get an user's details based on password.

Use the combination of username and password to set an user to logged in.

You should avoid directly testing a password within an SQL statement.

Member Avatar for -==Zero==- 
$query = ("SELECT * FROM users WHERE username='".$_SESSION['username']."'");

Iam Sure I Made Something Wrong

I Edited Everything Like you Told Me

This Is Profile Page

<?php session_start(); ?>
 
<?php
include('func.php');
include('Admin/config.php');
?>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="rtl" lang="ar">
 
<head>
<title>Profile</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256" />
<link href="favicon.ico" rel="icon" type="image/x-icon" />
<link rel="stylesheet" type="text/css" href="Style.Css" />
 
</head>
 
<body>
 
<?php include "header.html" ?>
 
<div id="wrap">
 
<div class="Log_Content">
 
<?
if(isset($_SESSION['username']))
{
    $query = ("SELECT * FROM users WHERE username='".$_SESSION['username']."'");
    $result = mysql_query($query);
    while($row = mysql_fetch_array($result))
   {
    echo "Welcome<br/>";
    echo "Your Username : $row[username]<br/>";
    echo "Your Password Is : $_SESSION[password]<br/>";
    echo "Your Email : $row[email]<br/>";
    echo "Member ID : $row[id]";
    }

}else{
 
echo "<img src='Zimg/Login.Png' alt='Login' /><br/><br/>";
echo "Reg Plz";
echo "<META HTTP-EQUIV='refresh' CONTENT='2; URL=index.php'>";
 
}
?>
 
</div>
 
<div class="linksfooter">
<?php include "links.html"; ?>
</div>
 
</div>
 
<?php include "tags.html" ?>
 
<center>
<?php include "under.html" ?>
</center>
 
</body>
</html>

And This Check.php Page

<?php
session_start();
include('Admin/config.php');
 
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
 
 
$query = "SELECT `password` FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
$result=mysql_query($query);
$count=mysql_num_rows($result);
 
if($count==1){
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

include('Log_Success.php');

}
else {
echo "Wrong Username or Password";
}
?>
Member Avatar for -==Zero==-

Never get an user's details based on password.

Use the combination of username and password to set an user to logged in.

You should avoid directly testing a password within an SQL statement.

Ok Sir

When I Get The Data Based On password It Show

When I Use Combination Of Username & Password It Dont Show Anything

Plz Sir Check My Pages In the Previous Post To See If Something Wrong

Member Avatar for diafol 
if(isset($_SESSION['username']))
{
    $query = ("SELECT * FROM users WHERE username='".$_SESSION['username']."'");
    $result = mysql_query($query);
    while($row = mysql_fetch_array($result))
   {
    echo "Welcome<br/>";
    echo "Your Username : $row[username]<br/>";
    echo "Your Password Is : $_SESSION[password]<br/>";
    echo "Your Email : $row[email]<br/>";
    echo "Member ID : $row[id]";
    }

I'm really at a loss to why you want to display the password for everybody to see. Also, why put password into into a session?

Member Avatar for -==Zero==- 
if(isset($_SESSION['username']))
{
    $query = ("SELECT * FROM users WHERE username='".$_SESSION['username']."'");
    $result = mysql_query($query);
    while($row = mysql_fetch_array($result))
   {
    echo "Welcome<br/>";
    echo "Your Username : $row[username]<br/>";
    echo "Your Password Is : $_SESSION[password]<br/>";
    echo "Your Email : $row[email]<br/>";
    echo "Member ID : $row[id]";
    }

I'm really at a loss to why you want to display the password for everybody to see. Also, why put password into into a session?

You Say This Coz You Are Master Developer

But iam Still Learning (( Beginners ))

All I need To Do Is A Profile Page

The User Log Into Profile.php

And See All His Data

Username
Id
Email

So Iam Gonna Make Him Edit This Details Soon

Thats All Iam Trying To Do

Member Avatar for diafol

You Say This Coz You Are Master Developer

Actually, I'm not, but I get your point. Could I suggest that you only keep the user id in a session - nothing else.

Your login routine should take the username and the password only.

To login a user - just use the username in the SELECT query and retrieve the password. Check the retrieved password against the supplied password (usually hashed with something like md5 or sha..).

If passwords match - log in the user and store the user_id in a session variable. Otherwise refuse the login.

Your profile page variables can be retrieved from just the $_SESSION. Use it in a select query to retrieve the data.

If you need to allow the user to change their password, have 3 password fields:

old password, new password, confirm new password.

Member Avatar for -==Zero==-

Actually, I'm not, but I get your point. Could I suggest that you only keep the user id in a session - nothing else.

Your login routine should take the username and the password only.

To login a user - just use the username in the SELECT query and retrieve the password. Check the retrieved password against the supplied password (usually hashed with something like md5 or sha..).

If passwords match - log in the user and store the user_id in a session variable. Otherwise refuse the login.

Your profile page variables can be retrieved from just the $_SESSION. Use it in a select query to retrieve the data.

If you need to allow the user to change their password, have 3 password fields:

old password, new password, confirm new password.

Iam Gonna Take Your Advice Thanks So Much For Help

Member Avatar for fobos

Try this

<?php
$host="localhost"; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
session_start();
if(!session_is_registered(myusername)){
header("location:main_page.php");
}
}
else {
echo "Wrong Username or Password";
}
?>

Then put this at the top of each page;
session_start();
$username = $_SESSION;
$password = $_SESSION;

Edited by fobos because: n/a
commented: You Are Awesome Thanks +3
Member Avatar for hakeemtunde

can you send the sql struct of the database.

1. check the name used for the input text box for the username

2.when submit, first print the

$_POST['username']

- if it shows up the username

3. it might be from the feild/column name on your database (check smelling )

Member Avatar for -==Zero==-

Try this

<?php
$host="localhost"; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
session_start();
if(!session_is_registered(myusername)){
header("location:main_page.php");
}
}
else {
echo "Wrong Username or Password";
}
?>

Then put this at the top of each page;
session_start();
$username = $_SESSION;
$password = $_SESSION;

Gonna Test It Thanks For Help I Will Give You The Result

Member Avatar for -==Zero==-

can you send the sql struct of the database.

1. check the name used for the input text box for the username

2.when submit, first print the

$_POST['username']

- if it shows up the username

3. it might be from the feild/column name on your database (check smelling )

Thanks You Can See All My pages Here

Profile.php

<?php session_start(); ?>
 
<?php
include('func.php');
include('Admin/config.php');
?>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="rtl" lang="ar">
 
<head>
<title>Profile</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256" />
<link href="favicon.ico" rel="icon" type="image/x-icon" />
<link rel="stylesheet" type="text/css" href="Style.Css" />
 
</head>
 
<body>
 
<?php include "header.html" ?>
 
<div id="wrap">
 
<div class="Log_Content">
 
<?
if(isset($_SESSION['username']))
{
    $query = ("SELECT * FROM users WHERE password='$_SESSION[password]'");
    $result = mysql_query($query);
    while($row = mysql_fetch_array($result))
   {
    echo "Welcome<br/>";
    echo "Your Username : $row[username]<br/>";
    echo "Your Password Is : $_SESSION[password]<br/>";
    echo "Your Email : $row[email]<br/>";
    echo "Member ID : $row[id]";
    }

}else{
 
echo "<img src='Zimg/Login.Png' alt='Login' /><br/><br/>";
echo "Reg Plz";
echo "<META HTTP-EQUIV='refresh' CONTENT='2; URL=index.php'>";
 
}
?>
 
</div>
 
<div class="linksfooter">
<?php include "links.html"; ?>
</div>
 
</div>
 
<?php include "tags.html" ?>
 
<center>
<?php include "under.html" ?>
</center>
 
</body>
</html>

Check.php

<?php
session_start();
include('Admin/config.php');
 
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$query = "SELECT `password` FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
$result=mysql_query($query);
$count=mysql_num_rows($result);
 
if($count==1){
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

include('Log_Success.php');

}
else {
echo "Wrong Username or Password";
}
?>

Login_Tab.php

<form action='Check.php' method='post'> 
Name : <input class='regform2' type='text' name='username' size='20' maxlength='100' /> Pass : <input class='regform2' type='password' name='password' size='20' maxlength='100' /> <input class='Register_Button2' type='submit' value='Login' /> <a href='Register.php' class='Register_Button3'> Register </a>
</form>

What Else May Cause The Problem ?

Member Avatar for -==Zero==-

Try this

<?php
$host="localhost"; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
session_start();
if(!session_is_registered(myusername)){
header("location:main_page.php");
}
}
else {
echo "Wrong Username or Password";
}
?>

Then put this at the top of each page;
session_start();
$username = $_SESSION;
$password = $_SESSION;

You Are Awesome Thanks

This Finished The Annoying Problem :D

Thanks So Much For Your Help

Member Avatar for sohbet

thanks.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.