$post

franches

10-04-2004, 07:34 AM

i know you will be able to help me with my probs.

could you please examine my code. this is the code that validates after the user enter username and password at the login page.

<?php
session_start();
$dbHost = "localhost"; // Database Connection Details - host
$dbUser = "root"; // Database Connection Details - username
$dbname = "TEST"; // Database Connection Details - database name

$username = $_POST['username'];
// Stores our inputted data in these variable names

$password = $_POST['password'];
// Stores our inputted data in these variable names

$db = mysql_connect($dbHost,$dbUser); // Connection Code
mysql_select_db($dbname); // Connects to database
$query = "(SELECT PIN, Password,Name FROM StaffTable WHERE PIN = '$username' AND Password = '$password')";
$result = mysql_query($query);

if(mysql_num_rows($result)) {
$_SESSION['loggedin'] = 1;
header('Location: <a href="http://copernicus/rhodora/statuslog/trial/admin.php" target="_blank">http://copernicus/rhodora/statuslog/trial/admin.php</a>');
exit(); }
else {
header('Location: <a href="http://copernicus/rhodora/statuslog/trial/...?error=1" target="_blank">http://copernicus/rhodora/statuslog/trial/...?error=1</a>');
exit(); }
?>

and this is my page after successful login. and my problem is I am not able to display the username which is the ID number or PIN of the user and his/her name. i think i used the wrong code in calling the PIN and Name.

thank you in advance. I'll be looking forward for your response.

<?php
session_start();

if(!isset($_SESSION['loggedin'])) {
header('Location: <a href="http://copernicus/rhodora/statuslog/trial/...?error=1" target="_blank">http://copernicus/rhodora/statuslog/trial/...?error=1</a>');
exit();
}

?>
<head>
<script>
blah blah
</script>
</head>
<body>
<?php
mysql_connect("localhost", "root")
or die( "Unable to connect\n". mysql_error() );

mysql_select_db("TEST")
or die("Unable to select db ".mysql_error()."\n");

<form action="<?php echo $_SERVER["PHP_SELF"] ?>" method="post">

<fieldset>
<div>
<label for="pin">PIN :</label> <? echo $username ?><br>
<label for="name">Name : </label><? echo $name ?> <br>
</div>

blah blah blah
</fieldset>
</form>
</body>
</html>

Nightfire

10-04-2004, 10:48 AM

First thing, Change this line

if(mysql_num_rows($result)) {

to

if(mysql_num_rows($result) >0) {

This is cause mysql_num_rows always returns a value
Next thing, you're missing a closing php tag
or die("Unable to select db ".mysql_error()."\n");

?>
<form action="<?php echo $_SERVER["PHP_SELF"] ?>" method="post">

Third thing, use a session to hold the idnumber and the password md5() of the user. Then carry the session around the site. On your second page, you're not querying the database for anything. You make a connection, but that's it. You'll need to use the session in the query.

franches

10-05-2004, 02:34 AM

Third thing, use a session to hold the idnumber and the password md5() of the user. Then carry the session around the site. On your second page, you're not querying the database for anything. You make a connection, but that's it. You'll need to use the session in the query.

This is I do not know how to do it. I attached my code so you may be able to examine it and make some corrections. Your help will be greatly appreciated. This is the very 1st time I'm making this one. I have backgrounds in programming but not that very good at it. thanks and i will be looking forward for your response.