please if u can help me
i have created a log in on dreamweaver and i had created one intranet in one company coz i have on study project to do
i have created emploeys with their datas
and created a log in form on dreamweaver
but the problem is: when i log in as a username :grisel with the pasword :grisel the programs showed me my datas and all the other users datas
i want a restrict acces when i log in as grisel, program show me only grisel datas and not the others users datas
if u got it the problem,please give me an asnwer

Recommended Answers

All 11 Replies

you need to filter the sql syntax that you are using, can you post the code here?

prova _db.php :

<?php
# FileName="Connection_php_mysql.htm"
# Type="MYSQL"
# HTTP="true"
$hostname_prova_db = "localhost";
$database_prova_db = "intranet_db";
$username_prova_db = "root";
$password_prova_db = "";
$prova_db = mysql_pconnect($hostname_prova_db, $username_prova_db, $password_prova_db) or trigger_error(mysql_error(),E_USER_ERROR); 
?>

prova.php :
<?php require_once('../Connections/prova_db.php'); ?>
<?php
mysql_select_db($database_prova_db, $prova_db);
$query_rs1 = "SELECT * FROM punonjesit ";
$rs1 = mysql_query($query_rs1, $prova_db) or die(mysql_error());
$row_rs1 = mysql_fetch_assoc($rs1);
$totalRows_rs1 = mysql_num_rows($rs1);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<?php echo $row_rs1['Emri_Depart']; ?>
<p>
  <?php
mysql_free_result($rs1);
?>
</p>
<p><?php echo $row_rs1['Emri_drejtor']; ?></p>
<body>
</body>
</html>

loglog.php :
<?php require_once('../../../Connections/user1_db.php'); ?><?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "Connections/user1.php";
  $MM_redirectLoginFailed = "loglog.php";
  $MM_redirecttoReferrer = true;
  mysql_select_db($database_user1_db, $user1_db);

  $LoginRS__query=sprintf("SELECT username, mbiemri FROM punonjesit WHERE username='%s' AND mbiemri='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 

  $LoginRS = mysql_query($LoginRS__query, $user1_db) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";

    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;      

    if (isset($_SESSION['PrevUrl']) && true) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];  
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?><!DOCTYPE html>
<html lang="en">
<head>
<title>Home</title>
    <meta charset="utf-8">
    <meta name="description" content="Your description">
    <meta name="keywords" content="Your keywords">
    <meta name="author" content="Your name">
    <link rel="stylesheet" href="css/style.css">
    <script src="js/jquery-1.6.4.min.js"></script>
    <script src="js/cufon-yui.js"></script>
    <script src="js/Franklin_Gothic_Medium_400.font.js"></script>
    <script src="js/cufon-replace.js"></script>
    <script src="js/script.js"></script>
<!--[if lt IE 7]>
  <div class='aligncenter'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://storage.ie6countdown.com/assets/100/images/banners/warning_bar_0000_us.jpg"border="0"></a></div>  
    <![endif]-->
    <!--[if lt IE 9]>
    <script src="js/html5.js"></script>
  <link rel="stylesheet" href="css/ie.css"> 
<![endif]-->
</head>
<body>
<div class="bg">
    <!--==============================header=================================-->
    <header>
        <div class="main">
            <h1>&nbsp;</h1>
            <nav>
                <ul class="sf-menu">
                    <li class="current"><a href="index.html">home</a><ul>
                            <li><a href="../../../Home.htm">Historik</a></li>
                            <li><a href="more.html">Struktura Organizative</a></li>
                            <li><a href="Kushtet_e_pergjithshme_te_punes_te_Bankes_se_Shqiperise.pdf">Rregulla Administrative </a></li>
                        </ul>
                  </li>
                    <li><a href="../../../POLITIKA MONETARE.docx">politika monetare </a></li>
                    <li><a href="../../../ISO_14001_TRAINING_ALB.pdf">trajnime</a></li>
                    <li><a href="index-4.html">blog</a></li>
<li></a></li>
                    <li></li>
                </ul>

                <form action="/webroot/intranet_site/intranet_result.php" method="get" name="fmsearch" id="fmsearch">
                <table width="323">
                  <!--DWLayoutTable-->
                  <tr>
                    <th width="40" height="35"><!--DWLayoutEmptyCell-->&nbsp;</th>
<th width="150" valign="top"><!--DWLayoutEmptyCell-->&nbsp;</th>
<th width="52" valign="top"><!--DWLayoutEmptyCell-->&nbsp;</th>
</tr></table>
</form>
 </nav>
            <div class="clear"></div>
          <div class="shadow">
                <div class="main-img"></div>
                <img src="../../../images/banka2.bmp" alt="banka" longdesc="../../../images/banka2.bmp">
                <ul class="links">
                    <li></li>
                    <li></li>
                    <li></li>
                </ul>
          </div>
        </div>
  </header>
    <!--==============================content================================-->
    <section id="content">

</div>
                    </div>
                    <h3>User Login</h3>

<table border="0">
<form method="POST" action="<?php echo $loginFormAction; ?>">
<tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20"></td></tr>
<tr><td>Password</td><td>:</td>
  <td><a href="http://localhost/webroot/intranet_site/Templates/free_extended-package-templates_udwl2lyk39k5pqr9/site/user1.php"></a>
    <input type="password" name="password" size="20"></td></tr>
<tr><td>&nbsp;</td><td>&nbsp;</td>
  <td><a href="http://localhost/webroot/intranet_site/Templates/free_extended-package-templates_udwl2lyk39k5pqr9/site/user1.php">
    <input name="submit" type="submit" value="Login" >
  </a></td>
</tr> 
</form>
</table>

<form name="form1" method="post" action="">
  <label></label>
</form>
</body>
</html>

tell me if i have wrong query coz shows me the table with the attributes but dosnt show me the uesers data

I dont understant what's line 58: mysql_select_db($database_user1_db, $user1_db);
there's no variables ..._user1 are they on user1_db.php?

and the right query should be ?

and it goes to "Connections/user1.php"? are the sessions with the correct values on the other page?

ok thats mt worng,user 1 is not variabel.u w right,but i didnt change to prova.db that connect to the other page,here is the my right code,and i wanna know if u can give me an answer how i will get user details display

lolog.php


<?php require_once('../../../Connections/prova_db.php'); ?><?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "Connections/prova.php";
  $MM_redirectLoginFailed = "loglog.php";
  $MM_redirecttoReferrer = true;
  mysql_select_db($database_user1_db, $user1_db);

  $LoginRS__query=sprintf("SELECT username, mbiemri FROM punonjesit WHERE username='%s' AND mbiemri='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 

  $LoginRS = mysql_query($LoginRS__query, $user1_db) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";

    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;      

    if (isset($_SESSION['PrevUrl']) && true) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];  
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?><!DOCTYPE html>
<html lang="en">
<head>
<title>Home</title>
    <meta charset="utf-8">
    <meta name="description" content="Your description">
    <meta name="keywords" content="Your keywords">
    <meta name="author" content="Your name">
    <link rel="stylesheet" href="css/style.css">
    <script src="js/jquery-1.6.4.min.js"></script>
    <script src="js/cufon-yui.js"></script>
    <script src="js/Franklin_Gothic_Medium_400.font.js"></script>
    <script src="js/cufon-replace.js"></script>
    <script src="js/script.js"></script>
<!--[if lt IE 7]>
  <div class='aligncenter'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://storage.ie6countdown.com/assets/100/images/banners/warning_bar_0000_us.jpg"border="0"></a></div>  
    <![endif]-->
    <!--[if lt IE 9]>
    <script src="js/html5.js"></script>
  <link rel="stylesheet" href="css/ie.css"> 
<![endif]-->
</head>
<body>
<div class="bg">
    <!--==============================header=================================-->
    <header>
        <div class="main">
            <h1>&nbsp;</h1>
            <nav>
                <ul class="sf-menu">
                    <li class="current"><a href="index.html">home</a><ul>
                            <li><a href="../../../Home.htm">Historik</a></li>
                            <li><a href="more.html">Struktura Organizative</a></li>
                            <li><a href="Kushtet_e_pergjithshme_te_punes_te_Bankes_se_Shqiperise.pdf">Rregulla Administrative </a></li>
                        </ul>
                  </li>
                    <li><a href="../../../POLITIKA MONETARE.docx">politika monetare </a></li>
                    <li><a href="../../../ISO_14001_TRAINING_ALB.pdf">trajnime</a></li>
                    <li><a href="index-4.html">blog</a></li>
<li></a></li>
                    <li></li>
                </ul>

                <form action="/webroot/intranet_site/intranet_result.php" method="get" name="fmsearch" id="fmsearch">
                <table width="323">
                  <!--DWLayoutTable-->
                  <tr>
                    <th width="40" height="35"><!--DWLayoutEmptyCell-->&nbsp;</th>
<th width="150" valign="top"><!--DWLayoutEmptyCell-->&nbsp;</th>
<th width="52" valign="top"><!--DWLayoutEmptyCell-->&nbsp;</th>
</tr></table>
</form>
 </nav>
            <div class="clear"></div>
          <div class="shadow">
                <div class="main-img"></div>
                <img src="../../../images/banka2.bmp" alt="banka" longdesc="../../../images/banka2.bmp">
                <ul class="links">
                    <li></li>
                    <li></li>
                    <li></li>
                </ul>
          </div>
        </div>
  </header>
    <!--==============================content================================-->
    <section id="content">

</div>
                    </div>
                    <h3>User Login</h3>

<table border="0">
<form method="POST" action="<?php echo $loginFormAction; ?>">
<tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20"></td></tr>
<tr><td>Password</td><td>:</td>
  <td><a href="http://localhost/webroot/intranet_site/Templates/free_extended-package-templates_udwl2lyk39k5pqr9/site/user1.php"></a>
    <input type="password" name="password" size="20"></td></tr>
<tr><td>&nbsp;</td><td>&nbsp;</td>
  <td><a href="http://localhost/webroot/intranet_site/Templates/free_extended-package-templates_udwl2lyk39k5pqr9/site/user1.php">
    <input name="submit" type="submit" value="Login" >
  </a></td>
</tr> 
</form>
</table>

<form name="form1" method="post" action="">
  <label></label>
</form>
</body>
</html>

ok, questions: when you type your username everything is fine? it goes to success page?
after line 26 put this:
echo $LoginRS__query;

what appears?
go to your mysql console or phpmyadmin and paste the query that will appear on the page

Hey, I may be able to help if I understand your question correctly. You want to make it so only the user grisel can see grisel's data and no-one else can see grisel's data?

yes of course,only grisel can see the grisel datas and no only can see grisel datas,thats my question,when i log in as user 1 only user 1 can see his datas

@griseindria - Just select it off SESSIONS then..?

I.e.

<?php

  if(!isset($_SESSION['user_session']))
    exit("You do not have permission to access this page, sorry");

  $query = "SELECT * FROM profile WHERE user_id='{$_SESSION['user_id']}'";
  $res = mysql_query($query);
  if(!mysql_affected_rows() == 1)
    exit("Couldn't find the details");
  while($row = mysql_fetch_array($res))
  {
     // only display the users details
  }
?>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.