0

For example, I have a form that passes the username, the year of birth and the password. Is there anyway I can retrieve information from the database(using an SQL query) if the user is an admin and then convert it to a $_SESSION;? How can I retrieve additional information about the user, about his day of birth, month of birth etc. without having variables passed from a form? :S

My form.

<div id    ="body"    >
<div id    ='sidebar' > <form method='post' action='login.php'>
<label for = 'username'> Username:</label>
<input name='username' id='username'/><br/>  
<label for = 'password'>Password:</label>
<input name='password' id='password'/><br/>
<label for ='yearofbirth'> Year of Birth:</label>
<input name='yearofbirth' id='yearofbirth' /><br/>
<input type='submit'  value='Log in' /></form>
<!-- / end of login page -->
</div>

php script

<?php
//prevent sql injesctions
session_start();
ini_set('session.bug_compat_42',0);
ini_set('session.bug_compat_warn',0);

$uname 	= $_POST["username"];
$pword 	= $_POST["password"];
$ybirth = $_POST["yearofbirth"];
$num_rows = 0;
$errorMessage = "";

$uname  = htmlspecialchars($uname);
$pword  = htmlspecialchars($pword);
$ybirth = htmlspecialchars($ybirth);
$admin  = htmlspecialchars($admin);


if(!ctype_alnum($uname))
{
    echo "ERROR: Input contains characters other than letters and numbers.";
}


$conn = mysql_connect("localhost", "root", "") or die("cannot connect"); 
mysql_select_db("something") or die (mysql_error());




$sql = ("SELECT * FROM sc_users WHERE username = '$uname' and password = '$pword' and yearofbirth = '$ybirth'");
$result = mysql_query ($sql);


 if ($result) 
{
}
else {
$errorMessage = "Error logging on";
}

 
 if(mysql_num_rows($result)==0)
{
    echo "ERROR - No mactching rows from the database!<br/>";
}
else
{
	$_SESSION['gatekeeper'] = $_POST["username"];
	$_SESSION['password']   = $_POST["password"];
	$_SESSION['agez']       = $_POST["yearofbirth"];


    // Redirect to the main menu
    header ("Location: mainpage.php");
	$errorMessage = "logged on";

}

?>

Edited by SQLpower: n/a

2
Contributors
2
Replies
6
Views
5 Years
Discussion Span
Last Post by SQLpower
0

For example, I have a form that passes the username, the year of birth and the password. Is there anyway I can retrieve information from the database(using an SQL query) if the user is an admin and then convert it to a $_SESSION;? How can I retrieve additional information about the user, about his day of birth, month of birth etc. without having variables passed from a form? :S

My form.

<div id    ="body"    >
<div id    ='sidebar' > <form method='post' action='login.php'>
<label for = 'username'> Username:</label>
<input name='username' id='username'/><br/>  
<label for = 'password'>Password:</label>
<input name='password' id='password'/><br/>
<label for ='yearofbirth'> Year of Birth:</label>
<input name='yearofbirth' id='yearofbirth' /><br/>
<input type='submit'  value='Log in' /></form>
<!-- / end of login page -->
</div>

php script

<?php
//prevent sql injesctions
session_start();
ini_set('session.bug_compat_42',0);
ini_set('session.bug_compat_warn',0);

$uname 	= $_POST["username"];
$pword 	= $_POST["password"];
$ybirth = $_POST["yearofbirth"];
$num_rows = 0;
$errorMessage = "";

$uname  = htmlspecialchars($uname);
$pword  = htmlspecialchars($pword);
$ybirth = htmlspecialchars($ybirth);
$admin  = htmlspecialchars($admin);


if(!ctype_alnum($uname))
{
    echo "ERROR: Input contains characters other than letters and numbers.";
}


$conn = mysql_connect("localhost", "root", "") or die("cannot connect"); 
mysql_select_db("something") or die (mysql_error());




$sql = ("SELECT * FROM sc_users WHERE username = '$uname' and password = '$pword' and yearofbirth = '$ybirth'");
$result = mysql_query ($sql);


 if ($result) 
{
}
else {
$errorMessage = "Error logging on";
}

 
 if(mysql_num_rows($result)==0)
{
    echo "ERROR - No mactching rows from the database!<br/>";
}
else
{
	$_SESSION['gatekeeper'] = $_POST["username"];
	$_SESSION['password']   = $_POST["password"];
	$_SESSION['agez']       = $_POST["yearofbirth"];


    // Redirect to the main menu
    header ("Location: mainpage.php");
	$errorMessage = "logged on";

}

?>

In the database put an extra coloumn with role as heading and pit each users respective positions..ie whether they act as admin or any other.Then replace sql query
$sql = ("SELECT * FROM sc_users WHERE username = '$uname' and password = '$pword' and yearofbirth = '$ybirth'");
to
$sql = ("SELECT * FROM sc_users WHERE username = '$uname' and password = '$pword' and yearofbirth = '$ybirth' where role="admin"");
if he is admin then pass $_session;

0

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/wtf/public_html/project/login.php on line 49 ERROR - No mactching rows from the database!

Damn, I am getting this..

<?php
//prevent sql injesctions
session_start();
error_reporting (E_ALL ^ E_NOTICE);
// for error handling
ini_set('session.bug_compat_42',0);
ini_set('session.bug_compat_warn',0);

$uname 	= $_POST["username"];
$pword 	= $_POST["password"];
$ybirth = $_POST["yearofbirth"];
$num_rows = 0;
$errorMessage = "";

$uname  = htmlspecialchars($uname);
$pword  = htmlspecialchars($pword);
$ybirth = htmlspecialchars($ybirth);



if(!ctype_alnum($uname))
{
    echo "ERROR: Input contains characters other than letters and numbers.";
}


$conn = mysql_connect("localhost", "yvrachev", "Eer3num6") or die("cannot connect"); 
mysql_select_db("yvrachev") or die (mysql_error());




$sql = ("SELECT * FROM sc_users WHERE username = '$uname' and password = '$pword' and yearofbirth = '$ybirth' where isadmin ='1'");


$result = mysql_query ($sql);


 if ($result) 
{
}
else 
{
$errorMessage = "Error logging on";
}


 
 if(mysql_num_rows($result)==0)
{
    echo "ERROR - No mactching rows from the database!<br/>";
}
else
{
	$_SESSION['gatekeeper'] = $_POST["username"];
	$_SESSION['password']   = $_POST["password"];
	$_SESSION['agez']       = $_POST["yearofbirth"];
        $_SESSION['admin']      = $_POST["isadmin"];
 

    // Redirect to the main menu
    header ("Location: mainpage.php");
	$errorMessage = "logged on";

}

?>

Edited by SQLpower: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.