Member Avatar for digiplaystudios

Hi There,

I've got a membership script and a login using PHP and MySQL databases however when it logs in it simply displays a PHP page - the same one for all users.

I want to be able to customise the members page so it says things like:

Hello, <username>.

I also want users to be able to update their account details so they update on MySQL.

How do I do that?

Here is my login.php script:

<?php
include("functions.php"); // Includes the db and form info.
session_start(); // Starts the session.
if ($_SESSION['logged'] == 1) { // User is already logged in.
	header("Location: main.php"); // Goes to main page.
	exit(); // Stops the rest of the script.
} else {
	if (!isset($_POST['submit'])) { // The form has not been submitted.
		include 'loginform.php';
	} else {
		$username = form($_POST['username']);
		$password = md5($_POST['password']); // Encrypts the password.
 
		$q = mysql_query("SELECT * FROM `users` WHERE username = '$username' AND password = '$password'") or die (mysql_error()); // mySQL query
		$r = mysql_num_rows($q); // Checks to see if anything is in the db. 
 
		if ($r == 1) { // There is something in the db. The username/password match up.
			$_SESSION['logged'] = 1; // Sets the session.
			header("Location: main.php"); // Goes to main page.
			exit(); // Stops the rest of the script.
		} else { // Invalid username/password.
			exit("Incorrect username/password!"); // Stops the script with an error message.
		}
	}
}
mysql_close($db_connect); // Closes the connection.
?>

Here is my main.php script:

<?php
include("functions.php"); // Includes the db and form info.
session_start(); // Starts the session.
if ($_SESSION['logged'] != 1) { // There was no session found!
	header("Location: login.php"); // Goes to login page.
	exit(); // Stops the rest of the script.
}
include 'updateinfo.php';
?>
  • 3 Contributors
  • 4 Replies
  • 212 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by P0lT10n

Recommended Answers

All 4 Replies

Member Avatar for Nyight

After line 18 in login.php

// THIS CODE ASSUMES YOU HAVE A COLUMN NAMED ID FOR THE USERS ID NUMBER
$u = mysql_fetch_assoc($q);
$_SESSION['id'] = $u['id'];
$_SESSION['username'] = $u['username'];

Once you have done that, in your main.php you will be able to access their username and anything else via the superglobal $_SESSION.

Another thing to consider would be to grab the users information within main.php so that you have access to whatever you want from their account.

$u=mysql_query("SELECT * FROM `users` WHERE `id`='".$_SESSION['id']."' AND `username`='".$_SESSION['username']."' LIMIT 1");
if(mysql_num_rows($u)!=1){
   // log user out
}
$user = mysql_fetch_assoc($u);
// The $user variable now contains all information that is stored within the database.
Member Avatar for P0lT10n

After line 18 in login.php

// THIS CODE ASSUMES YOU HAVE A COLUMN NAMED ID FOR THE USERS ID NUMBER
$u = mysql_fetch_assoc($q);
$_SESSION['id'] = $u['id'];
$_SESSION['username'] = $u['username'];

Once you have done that, in your main.php you will be able to access their username and anything else via the superglobal $_SESSION.

Another thing to consider would be to grab the users information within main.php so that you have access to whatever you want from their account.

$u=mysql_query("SELECT * FROM `users` WHERE `id`='".$_SESSION['id']."' AND `username`='".$_SESSION['username']."' LIMIT 1");
if(mysql_num_rows($u)!=1){
   // log user out
}
$user = mysql_fetch_assoc($u);
// The $user variable now contains all information that is stored within the database.

You are right !!!

In the line 8. and 9. of login.php you have something wrong.

you write:

if (!isset($_POST['submit'])) { // The form has not been submitted.
include 'loginform.php';

It's:

if ($_SERVER['REQUEST_METHOD']=="POST") { // If you submited the form, it will return with REQUEST_METHOD = POST and this will be the same but more efficient, you are not depending in the button SUBMIT !
include("loginform.php");
Member Avatar for Nyight

Fyi P0lT10n, he could have a field with the name of submit that he's using...

Member Avatar for P0lT10n

Fyi P0lT10n, he could have a field with the name of submit that he's using...

I don't think so... he never used submit here... It's the button SUBMIT... he MUST use my code...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.