...

View Full Version : Basic Members Page + Profile Pages



blt4424
11-30-2010, 10:05 PM
I'm trying to set up a very simple (WIP) members page that you can click registered users to see their profile page that will display basic information.

I'm having trouble with the sessions and retrieving this info from my database. I'm very new to this so it's all pretty amateur.

I've been looking at this code for several hours trying to fix things but I start to make some progress, then change stuff, and go backwards. I had a members page that displayed the registered users in my database, but after a while of altering to try to get the profiles to work, I messed it up :mad:. I have basic login and register pages.

I need some seperate eyes to take a look. Any help is so much appreciated. Thanks!


members.php

<?php
session_start();
require 'mysql-connect.php';
$auser=$_SESSION['user'];


if(isset($auser)){
$Members = mysql_query("SELECT * FROM user WHERE username='$username'") or die(mysql_error());
$numRowsMembers = mysql_num_rows($Members);

?>

<table border="1">

<?php
for($count = 1; $count <= $numRowsMembers; $count++)
{
$name = mysql_fetch_array($Members);
?>

<tr>
<?php
echo '<td><a href="member_profile.php?username=' . $name['username'] . '">' . $name['username'] . '</a></td>';
}
}
?>

</tr>
</table>


member_profile.php

<?php
session_start();
require 'mysql-connect.php';
$auser=$_SESSION['user'];

if(isset($auser)){

$username = $_GET['username'];
$user = mysql_query("SELECT * FROM user WHERE username = '$username'");
echo $user;
$user=mysql_fetch_assoc($user);


echo "<h1>User Info</h1>";

echo "<b>Username:".$user['username']."<br>";

echo "<br>";
echo '<form name="backlistfrm" method="post" action="members.php">';
echo '<input type="submit" value="Back to The List">';
echo '</form>';
echo "<br>";
}
?>


my login handler


<?php
include 'mysql-connect.php';

$username = $_POST['user'];
$password = $_POST['pass'];
$query1 = mysql_query("SELECT * FROM user WHERE username='$username'");
$result = mysql_num_rows($query1);
if($result == 0)
{
echo '<h1>Error!</h1>The username you specified does not exist!';
}
else
{

$checkuser = mysql_query("SELECT * FROM user WHERE username='$username'");

$row = mysql_fetch_array($checkuser);
$password2 = $row['password'];
//$status = $row['status'];
if ($password == $password2)
{
echo "Hi $username.";
include("index.php");
}
else
{
echo '<h1>Error!</h1>The username and password combination you entered does not match the ones we have in the database.';
}

}
?>

mysql-connect.php

<?php

$host = "localhost";
$username = "root";
$password = "";
$database = "ug54";
$link = mysql_connect($host, $username, $password);//Connects to database with host, username, and password
$select = mysql_select_db($database);
?>

and my simple database


CREATE TABLE IF NOT EXISTS `user` (
`id` int(4) unsigned NOT NULL AUTO_INCREMENT,
`username` varchar(32) NOT NULL,
`password` varchar(32) NOT NULL,
`firstname` varchar(20) NOT NULL,
`lastname` varchar(20) NOT NULL,
`email` varchar(30) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=7 ;

--
-- Dumping data for table `user`
--

INSERT INTO `user` (`id`, `username`, `password`, `firstname`, `lastname`, `email`) VALUES
(1, '', '', '', '', '0'),
(2, 'abc', '123', '', '', '0'),
(3, 'a', 'b', 'c', 'd', '0'),
(4, 'hfg', 'rgfdg', 'gdfg', 'dfgdf', '0'),
(5, '999', '999', '999', '999', '999');

DJCMBear
11-30-2010, 10:47 PM
Try these out. also I would suggest using MD5 to encrypt your passwords so that the passwords are not on display in your database.

members.php


<?php
# Starting the session
session_start();

# Requiring SQL connection
require_once 'mysql-connect.php';

# Setting auser as SESSION['user']
$auser = $_SESSION['user'];

# SQL protecting variables
$username = mysql_real_escape_string($_GET['username']);

# Checking through each query
if(isset($auser)) {
$sql = mysql_query("SELECT * FROM `user` WHERE `username` = '{$username}'") or die(mysql_error());
if(mysql_num_rows($sql)) {
$page = "<table border=\"1\">\n";
while($row = mysql_fetch_array($sql)) {
$page .= " <tr>\n";
$page .= " <td><a href=\"member_profile.php?username={$row['username']}\">{$row['username']}</a></td>\n";
$page .= " </tr>\n";
}
$page .= "</table>";
} else {
$page = "ERROR: No members found.";
}
} else {
$page = "ERROR: Not logged in.";
}

# Printing the final output
print $page;
?>


member_profile.php


<?php
# Starting the session
session_start();

# Requiring SQL connection
require_once 'mysql-connect.php';

# Setting auser as SESSION['user']
$auser = $_SESSION['user'];

# SQL protecting variables
$username = mysql_real_escape_string($_GET['username']);

# Checking through each query
if(isset($auser)) {
$sql = mysql_query("SELECT * FROM `user` WHERE `username` = '$username'");
if(mysql_num_rows($sql)) {
while($row = mysql_fetch_array($sql)) {
$page = "<h1>User Info</h1>".
"<b>Username: {$row['username']}<br /><br />".
"<form name=\"backlistfrm\" method=\"post\" action=\"members.php\">".
" <input type=\"submit\" value=\"Back to The List\">".
"</form><br />";
}
} else {
$page = "ERROR: No member found for username: <strong>{$_GET['username']}</strong>.";
}
} else {
$page = "ERROR: Not logged in.";
}

# Printing the final output
print $page;
?>


login handler


<?php
# Requiring SQL connection
require_once 'mysql-connect.php';

# SQL protecting variables
$username = mysql_real_escape_string($_POST['user']);
$password = mysql_real_escape_string($_POST['pass']);

# Sending a query to MYSQL
$sql = mysql_query("SELECT * FROM `user` WHERE `username` = '{$username}'");
if(mysql_num_rows($sql)) {
while($row = mysql_fetch_array($sql)) {
if($password == $row['password']) {
$page = "Hi {$username}.";
$allow = true;
} else {
$page = "<h1>Error!</h1> The username and password combination you entered ".
"does not match the ones we have in the database.";
}
}
} else {
$page = "<h1>Error!</h1> The username you specified does not exist!";
}

# Printing the final output
print $page;

# Requiring the index file
if($allow) require_once "index.php";
?>


mysql-connect.php


<?php
# SQL Config
$SQL = array(
"host" => "localhost",
"user" => "root",
"pass" => "",
"name" => "ug54"
);

# Connect to SQL
mysql_connect($SQL['host'],$SQL['user'],$SQL['pass']);
mysql_select_db($SQL['name']);
?>

blt4424
11-30-2010, 11:06 PM
Thanks for your quick answer. When trying your code I get...

after logging in, clicking members.php on index...

Notice: Undefined variable: _SESSION in C:\wamp\www\members.php on line 14

Notice: Undefined index: username in C:\wamp\www\members.php on line 17
ERROR: Not logged in.


or logged in, clicking a direct member_profiles link on index....

Notice: Undefined index: user in C:\wamp\www\member_profile.php on line 18

Notice: Undefined index: username in C:\wamp\www\member_profile.php on line 21
ERROR: Not logged in.


Am I being immediately logged off?

DJCMBear
11-30-2010, 11:16 PM
At the top of all php pages write this.



<?php error_reporting(E_ALL ^ E_NOTICE); ?>


The errors your getting are not errors they are notices which are displayed for telling you information about the php coding but you don't really need the notices turned on.

DJCMBear
11-30-2010, 11:19 PM
Oh and just to let you know in the login page you haven't set the session value for user so add this into the script just above the $allow = true; piece of code.

$_SESSION['user'] = $username;

And put session_start(); at the top of the login file.

blt4424
11-30-2010, 11:21 PM
At the top of all php pages write this.



<?php error_reporting(E_ALL ^ E_NOTICE); ?>


The errors your getting are not errors they are notices which are displayed for telling you information about the php coding but you don't really need the notices turned on.


Oh ok, I see. I actually like to see the notices so I can check out those certain lines of code.

DJCMBear
11-30-2010, 11:23 PM
Oh ok, I see. I actually like to see the notices so I can check out those certain lines of code.

Well when the site goes online remember to turn them off as you don't want everyone knowing what's going on in your code.

blt4424
11-30-2010, 11:28 PM
Well when the site goes online remember to turn them off as you don't want everyone knowing what's going on in your code.
Good point! I'm still very much in the infant stages though. :)

Ok, It'll give me the profile page, but does not display the user's username.

Also, members.php still says I'm not logged in.

DJCMBear
11-30-2010, 11:29 PM
Did you edit your login file to add in the extra few lines?

blt4424
11-30-2010, 11:33 PM
Yeah, here's the login handler now with the bolded changes.


<body>
<?php error_reporting(E_ALL ^ E_NOTICE);

session_start();
# Requiring SQL connection
require_once 'mysql-connect2.php';

# SQL protecting variables
$username = mysql_real_escape_string($_POST['user']);
$password = mysql_real_escape_string($_POST['pass']);

# Sending a query to MYSQL
$sql = mysql_query("SELECT * FROM `user` WHERE `username` = '{$username}'");
if(mysql_num_rows($sql)) {
while($row = mysql_fetch_array($sql)) {
if($password == $row['password']) {
$page = "Hi {$username}.";
$_SESSION['user'] = $username;
$allow = true;
} else {
$page = "<h1>Error!</h1> The username and password combination you entered ".
"does not match the ones we have in the database.";
}
}
} else {
$page = "<h1>Error!</h1> The username you specified does not exist!";
}

# Printing the final output
print $page;

# Requiring the index file
if($allow) require_once "index.php";
?>

DJCMBear
11-30-2010, 11:35 PM
Ok now replace the code for members.php to this.



<?php
# Starting the session
session_start();

# Requiring SQL connection
require_once 'mysql-connect.php';

# Setting auser as SESSION['user']
$auser = $_SESSION['user'];

# Checking through each query
if(isset($auser)) {
$sql = mysql_query("SELECT * FROM `user`") or die(mysql_error());
if(mysql_num_rows($sql)) {
$page = "<table border=\"1\">\n";
while($row = mysql_fetch_array($sql)) {
$page .= " <tr>\n";
$page .= " <td><a href=\"member_profile.php?username={$row['username']}\">{$row['username']}</a></td>\n";
$page .= " </tr>\n";
}
$page .= "</table>";
} else {
$page = "ERROR: No members found.";
}
} else {
$page = "ERROR: Not logged in.";
}

# Printing the final output
print $page;
?>

blt4424
11-30-2010, 11:42 PM
Ok great that fixes it. Now the only issues are when I try to view the member_profile page via index after logging in, it still does not display the username. The members page however does display all the database user table entries and their pages when clicked do display their username.

DJCMBear
11-30-2010, 11:47 PM
Ok well for this you need to replace this line in the profile file.

$username = mysql_real_escape_string($_GET['username']);

With this.

$username = (isset($_GET['username']))?mysql_real_escape_string($_GET['username']):$username;

blt4424
11-30-2010, 11:53 PM
Hmmm still no change.


It's directing to http://localhost/member_profile2.php, I think it should direct to http://localhost/member_profile2.php?username=theusername, right?

DJCMBear
11-30-2010, 11:59 PM
Ok if you want to do that just do this, replace this line in your login code.

if($allow) require_once "index.php";

To this.

if($allow) header("location: member_profile2.php?username={$_SESSON['user']}");

And then delete the print $page; which is just above that code in the login page.

blt4424
12-01-2010, 12:04 AM
I mean I have a link on my index page that is called profile, so that the logged in user can see their own info.

However when I click that, next to Username:, it's blank. The other user pages through members.php work fine though.

DJCMBear
12-01-2010, 12:07 AM
Ahhh i now understand you better all you have to do is don't change the login file code to the code in my previous post just add this to the link on the index page.

?username=<?php print $_SESSION['user']; ?>

And I am guessing you have session_start(); at the top of your index file.

blt4424
12-01-2010, 12:17 AM
Haha, I was just going to say, I think that's actually an issue with my index link.

Now I'm not sure I'm doing the link correctly.

I have links on a sidebar on my index.

<li><a href="member_profile.php?username=<?php print $_SESSION['user']; ?>">members</a></li>

How does this look? And yes I have <?php session_start(); ?> at the beginning of the body.

DJCMBear
12-01-2010, 12:19 AM
Shouldn't the link be Profile and not Members?

And yes the line of code you posted looks correct.

blt4424
12-01-2010, 12:46 AM
Oh shoot, yes!

Thanks so much DJCMBear you were a big help, I don't want to bother you anymore! I learned a bunch, thanks again.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum