Forum Moderators: coopster
I am working on a member / client section and the script authenticates perfectly, however I can not get it to display the username once the username is logged in!
login.php
<?php
session_start();
$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
include 'config.php';
include 'opendb.php';
$userId = $_POST['txtUserId'];
$password = $_POST['txtPassword'];
// check if the user id and password combination exist in database
$sql = "SELECT user_id
FROM tbl_auth_user
WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
if (mysql_num_rows($result) ==$userId) {
// the user id and password match,
// set the session
$_SESSION['user_id'] = true;
}
// after login we move to the user pages
if ($userId=="dashford")header("Location: /cust/nd/");
else if ($userId=="admin"){header("Location: admin.php");
}
else header("Location: /cust/error.php");
echo $errorMessage = 'Sorry, wrong user id / password';
}
And here is the member page:
<?php
session_start();
// is the one accessing this page logged in or not?
if (!isset($_SESSION['user_id'])
¦¦ $_SESSION['user_id']!== true) {
// not logged in, move to login page
header('Location: /cust/');
}
?>
<p>Welcome <?=$_SESSION['user_id']?></p>
....
The above line outputs "Welcome 1" instead of the username?
Can anyone help with this?
<?=$_SESSION['user_id']?>prints user_id which is 1. You should SELECT username from the database if you want to display it.
You can change these lines:
// check if the user id and password combination exist in database
$sql = "SELECT user_id
FROM tbl_auth_user
WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";
to
// check if the user id and password combination exist in database
$sql = "SELECT user_id, user_name
FROM tbl_auth_user
WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";
so that you can then print it.
I also scanned your code and found couple of mistakes:
1) if (mysql_num_rows($result) ==$userId) {
this line is wrong. Its is true only for the user with id=1.
2)$_SESSION['user_id'] = true;
this line actually changes your user_id.
I think you should review the whole code again.
Similar problem with
if (!isset($_SESSION['user_id'])
¦¦ $_SESSION['user_id']!== true)
You are testing for identity, but which of your users has the specific user id of "boolean true"?
Set your user id to default to zero or an empty string which, presumably, are not allowed user ids. Then just test for anything that is not false (but not testing for identity, just equivalency).
Can anyone assist?
<?php
session_start();
// is the one accessing this page logged in or not?
if (!isset($_SESSION['db_is_logged_in'])
¦¦ $_SESSION['db_is_logged_in']!== true) {
// not logged in, move to login page
header('Location: /cust/');
}
include("db.inc.php");
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$id=$_POST['id'];
$query=" SELECT * FROM tbl_auth_user WHERE user_id='admin'";
$result=mysql_query($query);
$num=mysql_num_rows($result);
mysql_close();
$i=0;
while ($i < $num) {
$user_id=mysql_result($result,$i,"user_id");
?>
<?
++$i;
}
?>
