Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 20
  1. #1
    New Coder
    Join Date
    Oct 2010
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Basic Members Page + Profile Pages

    I'm trying to set up a very simple (WIP) members page that you can click registered users to see their profile page that will display basic information.

    I'm having trouble with the sessions and retrieving this info from my database. I'm very new to this so it's all pretty amateur.

    I've been looking at this code for several hours trying to fix things but I start to make some progress, then change stuff, and go backwards. I had a members page that displayed the registered users in my database, but after a while of altering to try to get the profiles to work, I messed it up . I have basic login and register pages.

    I need some seperate eyes to take a look. Any help is so much appreciated. Thanks!


    members.php
    Code:
    <?php
    session_start();
    require 'mysql-connect.php';
    $auser=$_SESSION['user'];
    
    
    if(isset($auser)){
    $Members = mysql_query("SELECT * FROM user WHERE username='$username'") or die(mysql_error());
    $numRowsMembers = mysql_num_rows($Members);
    
    ?>
    
    <table border="1">
    
    <?php
    for($count = 1; $count <= $numRowsMembers; $count++)
    {
        $name = mysql_fetch_array($Members);
        ?>
        
        <tr>
        <?php
        echo '<td><a href="member_profile.php?username=' . $name['username'] . '">' . $name['username'] . '</a></td>';
    }
    }
       ?>
     
        </tr>
    </table>

    member_profile.php
    Code:
    <?php
    session_start();
    require 'mysql-connect.php';
    $auser=$_SESSION['user'];
    
    if(isset($auser)){
    
    $username = $_GET['username'];
    $user = mysql_query("SELECT * FROM user WHERE username = '$username'");
    echo $user;
    $user=mysql_fetch_assoc($user);
    
    
    echo "<h1>User Info</h1>";
    
    echo "<b>Username:".$user['username']."<br>";
    
    echo "<br>";
      echo '<form name="backlistfrm" method="post" action="members.php">';
    echo '<input type="submit" value="Back to The List">';
    echo '</form>';
    echo "<br>";
    }
    ?>

    my login handler
    Code:
    <?php
    include 'mysql-connect.php';
    
    $username = $_POST['user'];
    $password = $_POST['pass'];
    $query1 = mysql_query("SELECT * FROM user WHERE username='$username'");
    $result = mysql_num_rows($query1);
    if($result == 0)
    {
    echo '<h1>Error!</h1>The username you specified does not exist!';
    }
    else
    {
    
    $checkuser = mysql_query("SELECT * FROM user WHERE username='$username'");
    
                            $row = mysql_fetch_array($checkuser);
                                                            $password2 = $row['password'];
                                                            //$status = $row['status'];
                                    if ($password == $password2)
                                            {
                                     echo "Hi $username.";
    								 include("index.php"); 
                                            }
                                    else
                                            {
                                            echo '<h1>Error!</h1>The username and password combination you entered does not match the ones we have in the database.';
                                            }
    
    }
    ?>
    mysql-connect.php
    Code:
    <?php
    
    	$host = "localhost";
        $username = "root";
        $password = "";
        $database = "ug54";
        $link = mysql_connect($host, $username, $password);//Connects to database with host, username, and password
        $select = mysql_select_db($database);
    ?>
    and my simple database
    Code:
    CREATE TABLE IF NOT EXISTS `user` (
      `id` int(4) unsigned NOT NULL AUTO_INCREMENT,
      `username` varchar(32) NOT NULL,
      `password` varchar(32) NOT NULL,
      `firstname` varchar(20) NOT NULL,
      `lastname` varchar(20) NOT NULL,
      `email` varchar(30) NOT NULL,
      PRIMARY KEY (`id`)
    ) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=7 ;
    
    --
    -- Dumping data for table `user`
    --
    
    INSERT INTO `user` (`id`, `username`, `password`, `firstname`, `lastname`, `email`) VALUES
    (1, '', '', '', '', '0'),
    (2, 'abc', '123', '', '', '0'),
    (3, 'a', 'b', 'c', 'd', '0'),
    (4, 'hfg', 'rgfdg', 'gdfg', 'dfgdf', '0'),
    (5, '999', '999', '999', '999', '999');

  • #2
    Senior Coder DJCMBear's Avatar
    Join Date
    Mar 2010
    Location
    United Kindom
    Posts
    1,173
    Thanks
    14
    Thanked 136 Times in 136 Posts
    Try these out. also I would suggest using MD5 to encrypt your passwords so that the passwords are not on display in your database.

    members.php
    PHP Code:
    <?php
    # Starting the session
    session_start();

    # Requiring SQL connection
    require_once 'mysql-connect.php';

    # Setting auser as SESSION['user']
    $auser $_SESSION['user'];

    # SQL protecting variables
    $username mysql_real_escape_string($_GET['username']);

    # Checking through each query
    if(isset($auser)) {
      
    $sql mysql_query("SELECT * FROM `user` WHERE `username` = '{$username}'") or die(mysql_error());
      if(
    mysql_num_rows($sql)) {
        
    $page "<table border=\"1\">\n";
        while(
    $row mysql_fetch_array($sql)) {
          
    $page .= "  <tr>\n";
          
    $page .= "    <td><a href=\"member_profile.php?username={$row['username']}\">{$row['username']}</a></td>\n";
          
    $page .= "  </tr>\n";
        }
        
    $page .= "</table>";
      } else {
        
    $page "ERROR: No members found.";
      }
    } else {
      
    $page "ERROR: Not logged in.";
    }

    # Printing the final output
    print $page;
    ?>
    member_profile.php
    PHP Code:
    <?php
    # Starting the session
    session_start();

    # Requiring SQL connection
    require_once 'mysql-connect.php';

    # Setting auser as SESSION['user']
    $auser $_SESSION['user'];

    # SQL protecting variables
    $username mysql_real_escape_string($_GET['username']);

    # Checking through each query
    if(isset($auser)) {
      
    $sql mysql_query("SELECT * FROM `user` WHERE `username` = '$username'");
      if(
    mysql_num_rows($sql)) {
        while(
    $row mysql_fetch_array($sql)) {
          
    $page "<h1>User Info</h1>".
                  
    "<b>Username: {$row['username']}<br /><br />".
                  
    "<form name=\"backlistfrm\" method=\"post\" action=\"members.php\">".
                  
    "  <input type=\"submit\" value=\"Back to The List\">".
                  
    "</form><br />";
        }
      } else {
        
    $page "ERROR: No member found for username: <strong>{$_GET['username']}</strong>.";
      }
    } else {
      
    $page "ERROR: Not logged in.";
    }

    # Printing the final output
    print $page;
    ?>
    login handler
    PHP Code:
    <?php
    # Requiring SQL connection
    require_once 'mysql-connect.php';

    # SQL protecting variables
    $username mysql_real_escape_string($_POST['user']);
    $password mysql_real_escape_string($_POST['pass']);

    # Sending a query to MYSQL
    $sql mysql_query("SELECT * FROM `user` WHERE `username` = '{$username}'");
    if(
    mysql_num_rows($sql)) {
      while(
    $row mysql_fetch_array($sql)) {
        if(
    $password == $row['password']) {
          
    $page  "Hi {$username}.";
          
    $allow true;
        } else {
          
    $page "<h1>Error!</h1> The username and password combination you entered ".
                  
    "does not match the ones we have in the database.";
        }
      }
    } else {
      
    $page "<h1>Error!</h1> The username you specified does not exist!";
    }

    # Printing the final output
    print $page;

    # Requiring the index file
    if($allow) require_once "index.php";
    ?>
    mysql-connect.php
    PHP Code:
    <?php
    # SQL Config
    $SQL = array(
      
    "host" => "localhost",
      
    "user" => "root",
      
    "pass" => "",
      
    "name" => "ug54"
    );

    # Connect to SQL
    mysql_connect($SQL['host'],$SQL['user'],$SQL['pass']);
    mysql_select_db($SQL['name']);
    ?>
    Last edited by DJCMBear; 11-30-2010 at 09:49 PM.
    Official BinPress hand picked coder.
    For anyone worried about SQL injection go have a look at my small yet powerful script here.
    Go Pledge for Light Table, if it hit's $300,000 Python and other languages will get added.
    I am 1 of 65,608 people to get a Pebble Watch :P

  • #3
    New Coder
    Join Date
    Oct 2010
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for your quick answer. When trying your code I get...

    after logging in, clicking members.php on index...

    Notice: Undefined variable: _SESSION in C:\wamp\www\members.php on line 14

    Notice: Undefined index: username in C:\wamp\www\members.php on line 17
    ERROR: Not logged in.


    or logged in, clicking a direct member_profiles link on index....

    Notice: Undefined index: user in C:\wamp\www\member_profile.php on line 18

    Notice: Undefined index: username in C:\wamp\www\member_profile.php on line 21
    ERROR: Not logged in.



    Am I being immediately logged off?

  • #4
    Senior Coder DJCMBear's Avatar
    Join Date
    Mar 2010
    Location
    United Kindom
    Posts
    1,173
    Thanks
    14
    Thanked 136 Times in 136 Posts
    At the top of all php pages write this.

    PHP Code:
    <?php error_reporting(E_ALL E_NOTICE); ?>
    The errors your getting are not errors they are notices which are displayed for telling you information about the php coding but you don't really need the notices turned on.
    Official BinPress hand picked coder.
    For anyone worried about SQL injection go have a look at my small yet powerful script here.
    Go Pledge for Light Table, if it hit's $300,000 Python and other languages will get added.
    I am 1 of 65,608 people to get a Pebble Watch :P

  • #5
    Senior Coder DJCMBear's Avatar
    Join Date
    Mar 2010
    Location
    United Kindom
    Posts
    1,173
    Thanks
    14
    Thanked 136 Times in 136 Posts
    Oh and just to let you know in the login page you haven't set the session value for user so add this into the script just above the $allow = true; piece of code.

    $_SESSION['user'] = $username;

    And put session_start(); at the top of the login file.
    Official BinPress hand picked coder.
    For anyone worried about SQL injection go have a look at my small yet powerful script here.
    Go Pledge for Light Table, if it hit's $300,000 Python and other languages will get added.
    I am 1 of 65,608 people to get a Pebble Watch :P

  • #6
    New Coder
    Join Date
    Oct 2010
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by DJCMBear View Post
    At the top of all php pages write this.

    PHP Code:
    <?php error_reporting(E_ALL E_NOTICE); ?>
    The errors your getting are not errors they are notices which are displayed for telling you information about the php coding but you don't really need the notices turned on.

    Oh ok, I see. I actually like to see the notices so I can check out those certain lines of code.
    Last edited by blt4424; 11-30-2010 at 10:24 PM.

  • #7
    Senior Coder DJCMBear's Avatar
    Join Date
    Mar 2010
    Location
    United Kindom
    Posts
    1,173
    Thanks
    14
    Thanked 136 Times in 136 Posts
    Quote Originally Posted by blt4424 View Post
    Oh ok, I see. I actually like to see the notices so I can check out those certain lines of code.
    Well when the site goes online remember to turn them off as you don't want everyone knowing what's going on in your code.
    Official BinPress hand picked coder.
    For anyone worried about SQL injection go have a look at my small yet powerful script here.
    Go Pledge for Light Table, if it hit's $300,000 Python and other languages will get added.
    I am 1 of 65,608 people to get a Pebble Watch :P

  • #8
    New Coder
    Join Date
    Oct 2010
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by DJCMBear View Post
    Well when the site goes online remember to turn them off as you don't want everyone knowing what's going on in your code.
    Good point! I'm still very much in the infant stages though.

    Ok, It'll give me the profile page, but does not display the user's username.

    Also, members.php still says I'm not logged in.

  • #9
    Senior Coder DJCMBear's Avatar
    Join Date
    Mar 2010
    Location
    United Kindom
    Posts
    1,173
    Thanks
    14
    Thanked 136 Times in 136 Posts
    Did you edit your login file to add in the extra few lines?
    Official BinPress hand picked coder.
    For anyone worried about SQL injection go have a look at my small yet powerful script here.
    Go Pledge for Light Table, if it hit's $300,000 Python and other languages will get added.
    I am 1 of 65,608 people to get a Pebble Watch :P

  • #10
    New Coder
    Join Date
    Oct 2010
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yeah, here's the login handler now with the bolded changes.

    Code:
    <body>
    <?php error_reporting(E_ALL ^ E_NOTICE);
    
    session_start();
    # Requiring SQL connection
    require_once 'mysql-connect2.php';
    
    # SQL protecting variables
    $username = mysql_real_escape_string($_POST['user']);
    $password = mysql_real_escape_string($_POST['pass']);
    
    # Sending a query to MYSQL
    $sql = mysql_query("SELECT * FROM `user` WHERE `username` = '{$username}'");
    if(mysql_num_rows($sql)) {
      while($row = mysql_fetch_array($sql)) {
        if($password == $row['password']) {
          $page  = "Hi {$username}.";
    	  $_SESSION['user'] = $username;
          $allow = true;
        } else {
          $page = "<h1>Error!</h1> The username and password combination you entered ".
                  "does not match the ones we have in the database.";
        }
      }
    } else {
      $page = "<h1>Error!</h1> The username you specified does not exist!";
    }
    
    # Printing the final output
    print $page;
    
    # Requiring the index file
    if($allow) require_once "index.php";
    ?>

  • #11
    Senior Coder DJCMBear's Avatar
    Join Date
    Mar 2010
    Location
    United Kindom
    Posts
    1,173
    Thanks
    14
    Thanked 136 Times in 136 Posts
    Ok now replace the code for members.php to this.

    PHP Code:
    <?php
    # Starting the session
    session_start();

    # Requiring SQL connection
    require_once 'mysql-connect.php';

    # Setting auser as SESSION['user']
    $auser $_SESSION['user'];

    # Checking through each query
    if(isset($auser)) {
      
    $sql mysql_query("SELECT * FROM `user`") or die(mysql_error());
      if(
    mysql_num_rows($sql)) {
        
    $page "<table border=\"1\">\n";
        while(
    $row mysql_fetch_array($sql)) {
          
    $page .= "  <tr>\n";
          
    $page .= "    <td><a href=\"member_profile.php?username={$row['username']}\">{$row['username']}</a></td>\n";
          
    $page .= "  </tr>\n";
        }
        
    $page .= "</table>";
      } else {
        
    $page "ERROR: No members found.";
      }
    } else {
      
    $page "ERROR: Not logged in.";
    }

    # Printing the final output
    print $page;
    ?>
    Official BinPress hand picked coder.
    For anyone worried about SQL injection go have a look at my small yet powerful script here.
    Go Pledge for Light Table, if it hit's $300,000 Python and other languages will get added.
    I am 1 of 65,608 people to get a Pebble Watch :P

  • #12
    New Coder
    Join Date
    Oct 2010
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Ok great that fixes it. Now the only issues are when I try to view the member_profile page via index after logging in, it still does not display the username. The members page however does display all the database user table entries and their pages when clicked do display their username.

  • #13
    Senior Coder DJCMBear's Avatar
    Join Date
    Mar 2010
    Location
    United Kindom
    Posts
    1,173
    Thanks
    14
    Thanked 136 Times in 136 Posts
    Ok well for this you need to replace this line in the profile file.

    $username = mysql_real_escape_string($_GET['username']);

    With this.

    $username = (isset($_GET['username']))?mysql_real_escape_string($_GET['username']):$username;
    Official BinPress hand picked coder.
    For anyone worried about SQL injection go have a look at my small yet powerful script here.
    Go Pledge for Light Table, if it hit's $300,000 Python and other languages will get added.
    I am 1 of 65,608 people to get a Pebble Watch :P

  • #14
    New Coder
    Join Date
    Oct 2010
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hmmm still no change.


    It's directing to http://localhost/member_profile2.php, I think it should direct to http://localhost/member_profile2.php...me=theusername, right?

  • #15
    Senior Coder DJCMBear's Avatar
    Join Date
    Mar 2010
    Location
    United Kindom
    Posts
    1,173
    Thanks
    14
    Thanked 136 Times in 136 Posts
    Ok if you want to do that just do this, replace this line in your login code.

    if($allow) require_once "index.php";

    To this.

    if($allow) header("location: member_profile2.php?username={$_SESSON['user']}");

    And then delete the print $page; which is just above that code in the login page.
    Official BinPress hand picked coder.
    For anyone worried about SQL injection go have a look at my small yet powerful script here.
    Go Pledge for Light Table, if it hit's $300,000 Python and other languages will get added.
    I am 1 of 65,608 people to get a Pebble Watch :P


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •