Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New to the CF scene
    Join Date
    Jul 2005
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Exclamation A little help needed!! PHP/Cookies/SQL

    PHP Code:
    <?php
    include("config.php"); 

    // connect to the mysql server
    $link mysql_connect($server$db_user$db_pass)
    or die (
    "Could not connect to mysql because ".mysql_error());

    // select the database
    mysql_select_db($database)
    or die (
    "Could not select database because ".mysql_error());

    $username mysql_real_escape_string($_COOKIE['loggedin']); 
    $query "SELECT * FROM users WHERE username = \'$username\'"
    $rs mysql_query($query); 
    $data mysql_fetch_array($rs); 
    $firstname $data['firstname']; 
    echo 
    "Welcome to Your Account, $firstname"
    ?>
    Can someone please help me get this piece of code right..

    This is the error i get atm..
    Code:
    Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/ukgoped/public_html/pedads/account.php on line 41
    Welcome to Your Account,
    Any help will be appreciated!!

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Your incorrect line is here:
    PHP Code:
    $query "SELECT * FROM users WHERE username = \'$username\'"
    Change to:
    PHP Code:
    $query "SELECT * FROM users WHERE username = '" $username "'"
    and your good to go.
    On a side note, cookies are insecure, you should use sessions instead.

  • #3
    New to the CF scene
    Join Date
    Jul 2005
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Sessions aren't my strong point..

    If you could help me get sessions sorted that would be fantastic! Ijust wouldn't know where to start..

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Validating would be a toughy for it, and its been awhile since I've used straight sessions.
    All pages must include a session_start() at the top, thats how the sessions are accessed. They are passed using cookies if available, or otherwise with the url:
    PHP Code:
    <?php
    session_start
    ();
    ob_start();
    if (!isset(
    $_SESSION))
    {
         
    $_SESSION['username'] = 'Guest';
         
    $_SESSION['loggedin'] = 0;
         
    $_SESSION['ipaddress'] = $_SERVER['REMOTE_ADDR'];
         
    $_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
    }

    if ((
    $_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT']) OR ($_SESSION['ipaddress'] != $_SERVER['REMOTE_ADDR']))
    {
         
    $_SESSION = array();
         if (isset(
    $_COOKIE[session_name()]))
         {
              
    set_cookie(session_name(), ''time()-42000'/');
         }
         
    session_regenerate_id();
         
    $_SESSION['username'] = 'Guest';
         
    $_SESSION['ipaddress'] = $_SERVER['REMOTE_ADDR'];
         
    $_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
    }
    Use something of the sorts for a session.php file. Include this into all accessing files:
    PHP Code:
    <?php
    include_once('./session.php');
    include_once(
    './config.php');

    if (isset(
    $_SESSION['loggedin']))
    {
         die(
    'Welcome to your account ' $_SESSION['username']);
    }

    if (!empty(
    $_POST['submit']))
    {
         
    $query "SELECT `password` FROM users WHERE username = '" mysql_real_escape_string($_POST['username'])) . "'";
         
    $result mysql_query($query);
         
    $password mysql_result($result0);
         if (
    $password == $_POST['password'])
         {
              
    $_SESSION['username'] = $_POST['username'];
              
    $_SESSION['password'] = $password;
              
    $_SESSION['loggedin'] = true;
              
    header("location: " $_SERVER['PHP_SELF'] . "?" SID);
         }
         else
         {
              echo 
    'Username and/or password combination incorrect!  Please try again!<br />';
         }
    }
    ob_end_flush();
    ?>
    <form method="post">
      Username: <input type="text" name="username" /><br />
      Password: <input type="text" name="password" /><br />
      <input type="submit" name="submit" value="Submit" />
    </form>
    Or something of the sorts for a loggin script.

    Oh BTW, this is horribly standards uncompliant when it comes to XHTML.
    Last edited by Fou-Lu; 07-13-2005 at 05:31 AM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •