Dynamic page post LogIn

Hi everyone, I'm looking for some direction on how create a dynamic page that is populated based on the username and password from the login screen. I'm knowledgeable in php but can't seem to get a good direction on this.

Here's what my LogIn page looks like (login.php):
<?php
if(isset($_POST["Submit"])) {
$host="localhost";
$username="username";
$password="password";
$db_name="database";
$tbl_name="registered_members";
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$myusername=$_POST['username333'];
$mypassword=$_POST['password333'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1)
{
session_register("myusername");
session_register("mypassword");
header("location:success.php");
}
else {
echo "Wrong Username or Password";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<link href="CSS.css" rel="stylesheet" type="text/css" />
</head>

<body>
<div class="banner"></div>
<div class="mainMenu">

<form action="" method="post" name="form">
<table width="605" border="0" cellspacing="4" cellpadding="0">
<tr>
<td width="257" align="right" valign="top">Email:</td>
<td width="336" align="left" valign="top"><label>
<input name="username333" type="text" id="textfield" size="40" maxlength="40" />
</label></td>
</tr>
<tr>
<td align="right" valign="top">Password:</td>
<td align="left" valign="top"><label>
<input name="password333" type="password" id="textfield2" size="20" maxlength="20" />
</label></td>
</tr>
<tr>
<td align="right" valign="top"></td>
<td align="left" valign="top"></td>
</tr>
<tr>
<td align="right">&nbsp;</td>
<td align="left"><label>
<input type="submit" name="Submit" id="button" value="Log In" />
</label></td>
</tr>
</table>
</form></div>
</body>
</html>

This works fine. What happens is when the user enters his or her username and password correctly, they go to the webpage success.php, which starts with this php code:
<?
session_start();
if(!session_is_registered(myusername)){
header("location:login.php");
}
?>

This also works fine (visitors can't access this page unless they entered a username and password correctly in the login page). So far so good. Are you guys still with me? I know it's a lot of stuff.

In regards to the database, MySQL database has data for every username and password...data such as address, telephone number, and email for example.

So, here's my question. How can I get the success.php page to populate address, telephone number, and email based on the username and password of the visitor who just logged in? I know this seems (and probably is) simple but my mind is at a deadlock.

while the login proccess get a user's info and write it into a session

$_SESSION['user_info'] = array('id' => 1, 'name' => 'Romano', 'address' => 'Some address');

and retrieve it on the next page

$username = $_SESSION['user_info']['name'];

Do not (do not do not do not >.<) use session_register or session_is_registered. These are both deprecated functions that rely on the use of register_globals in order to work. Instead:

$_SESSION['myvarname'] = $value;
# replaces:
# $value = 'my value';
# $myvarname = $value;
# session_register($myvarname);

// AND
if (isset($_SESSION['myvarname']))
{
# replaces:
# session_is_registered('myvarname');


Don't forget that session_start needs to be called prior to processing any session usage, and must be done prior to flushing the headers.

As for getting your data, as mentioned you can pass it all in a session, or you can retrieve it when needed by querying based off of a userid or username/password combination or whatever uniquely identifies a user.

Thank you both. I already have session_start called, so I'm good there. Can you just guide me to where the code must go using my example. In my login.php page, I have this code...
$count=mysql_num_rows($result);
if($count==1)
{
session_register("myusername");
session_register("mypassword");
header("location:success.php");
}

I'm going to assume it should be changed to this in order to eliminate the deprecated code:

$count=mysql_num_rows($result);
if($count==1)
{
$_SESSION['myvarname'] = $value;
header("location:success.php");
}

Is that correct?

Lastly, how should the success.php page start? Sessions are somewhat new to me but I'm understanding the concept. I think I should be starting the success.php with...

<?
session_start();
if (isset($_SESSION['myvarname']))
{


Am I on the right track? Also, where is $value being called again in the first set of code ($_SESSION['myvarname'] = $value; ). I'd like to follow how the code is being processed so I can get a full understanding of 'Sessions'.

Again, thanks for the help and guidance.

Thank you both. I already have session_start called, so I'm good there. Can you just guide me to where the code must go using my example. In my login.php page, I have this code...
$count=mysql_num_rows($result);
if($count==1)
{
session_register("myusername");
session_register("mypassword");
header("location:success.php");
}



I'm confused about why you're putting their password into a session in the first place. Past the login, the password should be unnecessary.



I'm going to assume it should be changed to this in order to eliminate the deprecated code:

$count=mysql_num_rows($result);
if($count==1)
{
$_SESSION['myvarname'] = $value;
header("location:success.php");
}

Is that correct?



Assuming that you are checking on registration that the username is not already taken, yes, because it is unlikely, but possible that the same username could be in the database twice, with the same password. In this case, $count would be greater than one.

Better to limit to 1 in the query, and then check that it's greater than 0 when checking if it's in the database.

The session doesn't have to be called 'myvarname', you could call it whatever you want, and assign whatever value you want to it, normally the username, or as stated earlier, an array of user information for quick access.

But yes, your code is correct.



Lastly, how should the success.php page start? Sessions are somewhat new to me but I'm understanding the concept. I think I should be starting the success.php with...

<?
session_start();
if (isset($_SESSION['myvarname']))
{


Am I on the right track?



Yeah, that's correct.



Also, where is $value being called again in the first set of code ($_SESSION['myvarname'] = $value; ). I'd like to follow how the code is being processed so I can get a full understanding of 'Sessions'.

Again, thanks for the help and guidance.

As I said earlier in my post, you can set the session to whatever you want.

$_SESSION['login'] = $myusername;


That is probably how you want to do it.

The combination of all the replies made sense and my pages are working the way I need them to. Thank you very much!!