Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    Regular Coder
    Join Date
    Jul 2011
    Posts
    141
    Thanks
    8
    Thanked 0 Times in 0 Posts

    PHP account login help

    So basically in account.php, I want to do a SELECT*FROM users WHERE email=$email.....and display first name and last name
    Here are all the files associated with the login/account. i would appreciate the help


    dologin.php

    PHP Code:
    <?php
    include("dbsettings.php");
    mysql_connect("$host""$username""$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");
     
    $username mysql_real_escape_string($_POST['username']);
    $password md5(mysql_real_escape_string($_POST['password']));

    $sql="SELECT * FROM `user` WHERE `username`='{$username}' AND `password`='{$password}'";
    $result=mysql_query($sql);
     
    // do the check
    if($result)
    {
        if(
    mysql_num_rows($result) == 1)
        {
            
    $_SESSION['username'];
            
    $_SESSION['password'];
             
            
    header("location: account.php");
                exit();
        }
        else
        {
          echo 
    "Wrong username/password.";
        }
    }
    else
    {
        echo 
    "The query is not true.";
    }
    ?>
    login.php

    PHP Code:
    <html xmlns="http://www.w3.org/1999/xhtml">
    <
    head>
    <
    meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <
    titleLogin</title>
    </
    head>
    <
    body>
     
    <
    form method="POST" action="dologin.php">
      
    Username: <br /><input type="text" name="username" size="30" style="width:250px; height:50px;  font-size: 18px;"> <br />
      
    Password:<br /><input type="password" name="password" size="30" style="width:250px; height:50px; font-size: 18px;">
      <
    br /> <br />
      <
    div align="left">
        <
    p><input type="submit" value="Login" /></p>
        
    Dont have an account?<a href="signup.php"Signup </a>
        
     
    </
    body>
    </
    html
    account.php
    PHP Code:
    <?php session_start(); ?>
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Account Dashboard</title>
    </head>
    <body>
    <?php
    include('dbsettings.php');

    $con mysql_connect("$host","$user","$password");
    if (!
    $con)
      {
      die(
    'Could not connect: ' mysql_error());
      }

    mysql_select_db("$db_name"$con);
    $username$_POST['username'];

    $sql="SELECT * FROM `user` WHERE `username`='{$username}'";

    $result mysql_query("$sql");

    while(
    $row mysql_fetch_array($result))
      {
      echo 
    $row['firstname'] . " " $row['lastname'];
      echo 
    "<br />";
      }

    mysql_close($con);
    ?>
    <a href="logout.php"> Log Out </a>
    </body>
    </html>

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,500
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    So what is the problem or question ....?
    We can't run your scripts, so what are we supposed to do?


    .

  • #3
    Regular Coder
    Join Date
    Jul 2011
    Posts
    141
    Thanks
    8
    Thanked 0 Times in 0 Posts
    account.php is not selecting correctly

    $sql="SELECT * FROM `user` WHERE `username`='{$username}'";

  • #4
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,500
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    Make sure $username has something in it ... test it before you query.

    echo $username;
    exit;


    and remove brackets.

    $sql="SELECT * FROM `user` WHERE `username`='$username'";

    and remove quotes ...

    $result = mysql_query($sql);



    .

  • #5
    Regular Coder
    Join Date
    Jul 2011
    Posts
    141
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Ok well the $username echo didn't work, how can i fix this, remove brackets and quotes

  • #6
    Regular Coder
    Join Date
    Sep 2011
    Posts
    128
    Thanks
    2
    Thanked 21 Times in 21 Posts
    PHP Code:
    <?php
    // session_start(); // Uncomment this line if you don't have a session_start
    include("dbsettings.php"); 
    mysql_connect("$host""$username""$password")or die("cannot connect");  
    mysql_select_db("$db_name")or die("cannot select DB"); 
      
    $username mysql_real_escape_string($_POST['username']); 
    $password md5(mysql_real_escape_string($_POST['password'])); 

    $sql="SELECT * FROM `user` WHERE `username`='{$username}' AND `password`='{$password}'"
    $result=mysql_query($sql); 
      
    // do the check 
    if($result

        if(
    mysql_num_rows($result) == 1
        { 
            
    $_SESSION['username'] = $username// Editted
            
    $_SESSION['password'] = $password// Editted 
              
            
    header("location: account.php"); 
                exit(); 
        } 
        else 
        { 
          echo 
    "Wrong username/password."
        } 

    else 

        echo 
    "The query is not true."

    ?>
    PHP Code:
    <?php session_start(); ?> 
    <html xmlns="http://www.w3.org/1999/xhtml"> 
    <head> 
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
    <title>Account Dashboard</title> 
    </head> 
    <body> 
    <?php 
    include('dbsettings.php'); 

    $con mysql_connect("$host","$user","$password"); 
    if (!
    $con
      { 
      die(
    'Could not connect: ' mysql_error()); 
      } 

    mysql_select_db("$db_name"$con); 
    $username$_SESSION['username']; // Editted

    $sql="SELECT * FROM `user` WHERE `username`='{$username}'"

    $result mysql_query("$sql"); 

    while(
    $row mysql_fetch_array($result)) 
      { 
      echo 
    $row['firstname'] . " " $row['lastname']; 
      echo 
    "<br />"
      } 

    mysql_close($con); 
    ?> 
    <a href="logout.php"> Log Out </a> 
    </body> 
    </html>

  • Users who have thanked Wanna for this post:

    amcf1992 (09-17-2011)

  • #7
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,500
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    I just noticed this ...

    These lines:

    // session_start(); // Uncomment this line if you don't have a session_start
    include("dbsettings.php");
    mysql_connect("$host", "$username", "$password")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");

    $username = mysql_real_escape_string($_POST['username']);
    $password = md5(mysql_real_escape_string($_POST['password']));



    You need to read-in the variables first ...

    // session_start(); // Uncomment this line if you don't have a session_start
    include("dbsettings.php");

    $username = mysql_real_escape_string($_POST['username']);
    $password = md5(mysql_real_escape_string($_POST['password']));

    mysql_connect("$host", "$username", "$password")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");





    .

  • #8
    Senior Coder
    Join Date
    Jul 2011
    Posts
    1,226
    Thanks
    3
    Thanked 171 Times in 171 Posts
    Quote Originally Posted by mlseim View Post
    I just noticed this ...

    These lines:

    // session_start(); // Uncomment this line if you don't have a session_start
    include("dbsettings.php");
    mysql_connect("$host", "$username", "$password")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");

    $username = mysql_real_escape_string($_POST['username']);
    $password = md5(mysql_real_escape_string($_POST['password']));



    You need to read-in the variables first ...

    // session_start(); // Uncomment this line if you don't have a session_start
    include("dbsettings.php");

    $username = mysql_real_escape_string($_POST['username']);
    $password = md5(mysql_real_escape_string($_POST['password']));

    mysql_connect("$host", "$username", "$password")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");





    .
    It appears that dbsettings.php that's included has the mysql information in it, and his mysql information to connect etc. isn't working so I wouldn't make any changes like that.

    Like Wanna posted, and what mlseim means, the OP needs to add a assignment to $username as there's currently nothing in it.

    @amcf1992 - look at Wanna's posted code, and see the line commented '// Edited'


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •