Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Using an SQL statement and a starting a SESSION together

Status
Not open for further replies.
Sitehelp

Sitehelp

Technical User
Joined
Feb 4, 2004
Messages
142
Location
GB
Hello all! ok I have a quick question, on my login page I have a session that opens so that the users details can be opened on the next few pages. The username and password box are in the same form and the session, as its supposed to, is declared at the top of the code b4 the form iteself, however, when I have the form as:

<form action = &quot; Logged In/WelcomeUserPage.php&quot;>


It works great but it does not check the username and password using the sql at the top of the code. When I have the form as:

<form method=&quot;post&quot; onReset=&quot;MM_displayStatusMsg('Please enter your ClientID and Password');return document.MM_returnValue&quot;>

The SQL at the top of the page cross checks the user in the DB and logs them in if the fields are correct but does not implement the session and therefore I cannot get the users details on the other pages. Has anyone any idea how I could use the username and password authentication check (the SQL) and start the session as well. Just in case you need to see the SQL, it is:

session_start(); ?>
<?php
$sql = &quot;SELECT ClientID, cpassword FROM clientinfo
WHERE ClientID='$ClientID'
AND cpassword='$Password'&quot;;

$result = mysql_query($sql)
or die(&quot;Error: MySQL said &quot;.mysql_error());
$num = mysql_num_rows($result);
$row = mysql_fetch_assoc($result);

if ($num == 1)
header(&quot;location: Logged In/WelcomeUserPage.php?&quot;);
?>
//THE CODE FOR THE FORM ETC.... COMES NEXT!!!!!!!!!!!!!!!!


Does any one have any ideas, its driving me crazy. Cheers for the help.
 
Sort by date Sort by votes
I have within the form:

<?php
//$Home_Page='Welcome back';
session_register('Home_Page');
?>

Is that what you mean? cheers!
 
Upvote 0 Downvote
I am trying to get the users username and password validated by checking their details through the database and then posting there information across using a session. If I remove the session it checks their username and password and lets me though but without posting the info, if I use a session it doesnt check their password using the SQL but does post across whatever they type in the fields, if that makes sense, actually this may be easier, my code is:

<?php require_once('../Connections/MARTIN.php'); ?>
<?php
mysql_select_db($database_MARTIN, $MARTIN);
$query_Connect = &quot;SELECT * FROM clientinfo&quot;;
$Connect = mysql_query($query_Connect, $MARTIN) or die(mysql_error());
$row_Connect = mysql_fetch_assoc($Connect);
$totalRows_Connect = mysql_num_rows($Connect);
session_start();?>
<?php
$sql = &quot;SELECT ClientID, cpassword FROM clientinfo
WHERE ClientID='$ClientID'
AND cpassword='$Password'&quot;;

$result = mysql_query($sql)
or die(&quot;Error: MySQL said &quot;.mysql_error());
$num = mysql_num_rows($result);
$row = mysql_fetch_assoc($result);

if ($num == 1)
header(&quot;location: Logged In/WelcomeUserPage.php?&quot;);
?>
<html>
<head>
<title>HomePage</title>
<meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=iso-8859-1&quot;>
</head>
<body>
<p><img src=&quot;Sites%20Title%20Border.png&quot; width=&quot;799&quot; height=&quot;89&quot;></p>
<form action = &quot; Logged In/WelcomeUserPage.php&quot;>
<font color=&quot;Black&quot; size=&quot;5&quot;>Welcome to IT Help-OnLine</font>
<br>
<p align=&quot;&quot;>In order to process
your request quickly and efficiently could you please enter your
<br>details in below. If you are a new user please click <a href=&quot;New User Details/NewUserDetails.php&quot; target=&quot;_top&quot;>here</a>.</p>
<br>Please enter your <i>Client ID</i> and <i>password</i> below.
<br>
Client ID:<font color=&quot;#FFFFFF&quot;>::</font>
<input text type=&quot;text&quot; size=&quot;20&quot;
maxlength=&quot;20&quot; name=&quot;ClientID&quot; >
<br>Password: <input text type=&quot;Password&quot; size&quot;15&quot;
maxlength=&quot;20&quot; name=&quot;Password&quot; ><br>
<?php
//$Home_Page='Welcome back';
session_register('Home_Page');
?>
<br>
<input type = &quot;submit&quot; value=&quot;Click To Submit&quot;>
<input type = &quot;reset&quot; value=&quot;Reset&quot;>

</form>
<br>
Administrators log on <a href=&quot;Staff&Admin%20Login%20Page/Staff&Admin%20Login%20Page.php&quot;>here</a>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p><a href=&quot;mailto:user@hotmail.com&quot;>Email</a> us here</p>
</body>
</html>
<?php
mysql_free_result($Connect);
?>

Changing the FORMS title page (like I said in the first message) works for one way and not the other and vice versa, hope this makes sense! cheers!
 
Upvote 0 Downvote
The core of the problem is where you're setting your session variable. If the userid is successful, the script issues a &quot;Location:&quot; HTTP header, which immediately redirects the browser to the new URL. Script execution stops, before your code ever sets the session variable.

Also, you're writing code that assumes PHP's configuration directive register_globals is set to &quot;on&quot; (See section 1.1 of faq434-2999 for more information)

I've reorganized your code:

Code: 
<?php
function output_form ($error_message = '', $ClientID = '')
{
   print '<html>
   <head>
      <title>HomePage</title>
      <meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=iso-8859-1&quot;>
   </head>
   <body>
      <p><img src=&quot;Sites%20Title%20Border.png&quot; width=&quot;799&quot; height=&quot;89&quot;></p>
      <form action = &quot;[URL unfurl="true"]http://localhost/project/User[/URL] Logged In/WelcomeUserPage.php&quot;>
         <font color=&quot;Black&quot; size=&quot;5&quot;>Welcome to IT Help-OnLine</font>
         <br>
         <p align=&quot;&quot;>
            In order to process your request quickly and efficiently could you please enter your<br>
            details in below. If you are a new user please click <a href=&quot;New User Details/NewUserDetails.php&quot; target=&quot;_top&quot;>here</a>.
         </p>';
   
   if ($error_message != '')
   {
      print '
         <font color=red>' . $error_message . '</font>';
   }
   
   print '
         <br>Please enter your <i>Client ID</i> and <i>password</i> below.
         <br>
         Client ID:<font color=&quot;#FFFFFF&quot;>::</font><input text type=&quot;text&quot; size=&quot;20&quot; maxlength=&quot;20&quot; name=&quot;ClientID&quot;';
   
   if ($ClientID != '')
   {
      print ' value=&quot;' . $ClientID . '&quot;;
   }
   
   print '><br>
         Password: <input text type=&quot;Password&quot; size&quot;15&quot; maxlength=&quot;20&quot; name=&quot;Password&quot; ><br>
         <br>
         <input type = &quot;submit&quot; value=&quot;Click To Submit&quot;>
         <input type = &quot;reset&quot; value=&quot;Reset&quot;>
      </form>
      <br>
      Administrators log on <a href=&quot;Staff&Admin%20Login%20Page/Staff&Admin%20Login%20Page.php&quot;>here</a> 
      <br>
      <br>
      <br>
      <br>
      <p><a href=&quot;mailto:mkennelly@hotmail.com&quot;>Email</a> us here</p>
   </body>
</html>';
}

session_start();

require_once('../Connections/MARTIN.php');

mysql_select_db($database_MARTIN, $MARTIN);

if (isset($_POST['ClientID'] and isset($_POST['Password'])
{
   $sql = &quot;SELECT ClientID, cpassword FROM clientinfo WHERE ClientID='$ClientID' AND cpassword='$Password'&quot;;

   $result = mysql_query($sql) or die(&quot;Error: MySQL said &quot;.mysql_error());

   $num = mysql_num_rows($result); 
   $row = mysql_fetch_assoc($result);

   $_SESSION['Home_Page']='Welcome back';

   if ($num != 0)
   {
      header(&quot;location: [URL unfurl="true"]http://localhost/project/User[/URL] Logged In/WelcomeUserPage.php?&quot;);
   }
   else
   {
      output_form ('Your login was unsuccessful', $_POST['ClientID']);
   }
}
else
{
   output_form();
}
?>

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
cheers for this! however, I am not sure if u intended me to paste and copy the code above into my program, I did this anyway but it does not work correctly? any ideas?
 
Upvote 0 Downvote
&quot;does not work correctly&quot; is pretty vague.

No, I really hadn't intended my version of your code to work as-is. I hadn't tested it, as I would have to build a database to match your query.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
Sorry, well what it is is that I made similar alterations to the ones you suggested but, however, it still isnt running correctly, I am certain its the way I am typing it in but I cannot work out why. What I am getting when I do it the suggested way is different types of errors, like header already sent (I think I know what this means) and parse errors (which I know of but cannot locate the problem) etc. Is the MYSql code better put after the form information? very confused here! cheers for the help in this one as I am desperate to get this bit working! thanks!
 
Upvote 0 Downvote
There are a number of problems with this code as I look at it. Even my version.

But the parse errors.

Change this line:
print ' value=&quot;' . $ClientID . '&quot;;
to read:
print ' value=&quot;' . $ClientID . '&quot;';


Change this line:
if (isset($_POST['ClientID'] and isset($_POST['Password'])
to read:
if (isset($_POST['ClientID']) and isset($_POST['Password']))


Your form, however, is pointing to another script. But this one contains the code to process the user's input.



Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
I have made these ammendments and the page now loads up but it logs through as a session but doesnt check there password as you can enter any details and it still logs in. Any ideas. Thanks for this!
 
Upvote 0 Downvote
What is the method attribute of the form?

What action attribute are you using for your form? Is it pointing back to this script or is it pointing to that other script you were using?

If no data is being posted to this script, or if this data is being sent via POST, the script will also not work.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
I cant find any post action in teh script regarding the form. the code is now as:

<?php
function output_form ($error_message = '', $ClientID = '')
{
print '<html>
<head>
<title>HomePage</title>
<meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=iso-8859-1&quot;>
</head>
<body>
<p><img src=&quot;Sites%20Title%20Border.png&quot; width=&quot;799&quot; height=&quot;89&quot;></p>
<form action = &quot; Logged In/WelcomeUserPage.php&quot;>
<font color=&quot;Black&quot; size=&quot;5&quot;>Welcome to IT Help-OnLine</font>
<br>
<p align=&quot;&quot;>
In order to process your request quickly and efficiently could you please enter your<br>
details in below. If you are a new user please click <a href=&quot;New User Details/NewUserDetails.php&quot; target=&quot;_top&quot;>here</a>.
</p>';

if ($error_message != '')
{
print '
<font color=red>' . $error_message . '</font>';
}

print '
<br>Please enter your <i>Client ID</i> and <i>password</i> below.
<br>
Client ID:<font color=&quot;#FFFFFF&quot;>::</font><input text type=&quot;text&quot; size=&quot;20&quot; maxlength=&quot;20&quot; name=&quot;ClientID&quot;';

if ($ClientID != '')
{
print ' value=&quot;' . $ClientID . '&quot;';
}

print '><br>
Password: <input text type=&quot;Password&quot; size&quot;15&quot; maxlength=&quot;20&quot; name=&quot;Password&quot; ><br>
<br>
<input type = &quot;submit&quot; value=&quot;Click To Submit&quot;>
<input type = &quot;reset&quot; value=&quot;Reset&quot;>
</form>
<br>
Administrators log on <a href=&quot;Staff&Admin%20Login%20Page/Staff&Admin%20Login%20Page.php&quot;>here</a>
<br>
<br>
<br>
<br>
<p><a href=&quot;mailto:user@hotmail.com&quot;>Email</a> us here</p>
</body>
</html>';
}

session_start();

require_once('../Connections/MARTIN.php');

mysql_select_db($database_MARTIN, $MARTIN);

if (isset($_POST['ClientID']) and isset($_POST['Password']))
{
$sql = &quot;SELECT ClientID, cpassword FROM clientinfo WHERE ClientID='$ClientID' AND cpassword='$Password'&quot;;

$result = mysql_query($sql) or die(&quot;Error: MySQL said &quot;.mysql_error());

$num = mysql_num_rows($result);
$row = mysql_fetch_assoc($result);

$_SESSION['Home_Page']='Welcome back';

if ($num != 0)
{
header(&quot;location: Logged In/WelcomeUserPage.php?&quot;);
}
else
{
output_form ('Your login was unsuccessful', $_POST['ClientID']);
}
}
else
{
output_form();
}
?>

Like I said earlier the page loads up now and you type the username and password in then the next page comes up saying Welcome CLIENT ID HERE, so therefore this must suggest its posting the data across I guess, however, the script does not look at the SQL and therefore does not validate the user thus inputting any clientID would let you in e.g. type in letmein (made up) would show &quot;Welcome letmein&quot; etc etc... instead of only letting u insert a clientID that is in the DB like JBloggs. Hope this makes sense! Thanks
 
Upvote 0 Downvote
Again, what is the &quot;method&quot; attribute of the <form> tag from your script? Is there one? If not, it needs to be set to: method=&quot;POST&quot;

Also, to where is your form submitting the data? If it is to another script, you cannot expect this script to process the input.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
I presume you mean:

<p><img src=&quot;Sites%20Title%20Border.png&quot; width=&quot;799&quot; height=&quot;89&quot;></p>
<form method=&quot;POST&quot;
action = &quot; Logged In/WelcomeUserPage.php&quot;>

It is post here yes! The page it opens up to on submit is a standard page that calls the session variable up saying &quot;welcome ......&quot; then it gives a set of links the user can choose and counts how many calls are open under that clientID. The logged IN page is all pretty standard no complex scripts there I think. login page is still, however, letting anyone in, it prints their name on the logged in page suggesting the sessions are working but not validating there details with the database on the login page. Am I saying the correct info as just learning as I go along here. Thanks!
 
Upvote 0 Downvote
yeah it cross checks what they input to the clientID and password stored in the database using the code:

$sql = &quot;SELECT ClientID, cpassword FROM clientinfo WHERE ClientID='$ClientID' AND cpassword='$Password'&quot;;

$result = mysql_query($sql) or die(&quot;Error: MySQL said &quot;.mysql_error());

$num = mysql_num_rows($result);
$row = mysql_fetch_assoc($result);

Thus cross matching the field, clientID, in the Database to the field $ClientID in the form. Thus if both match, including the password as well, then they can have access to the next page, else, they will have to retype their details until they do match! thanks
 
Upvote 0 Downvote
WelcomeUserPage.php is the name of the site that they have access too if the details match up to the database. This is where it welcomes that user and allows them to choose a number of options. The full address being:

Logged In/WelcomeUserPage.php
 
Upvote 0 Downvote
Again, if the script we're discussing (the script we've been posting code back and forth about) is supposed to process the input from the user form, why are we setting the &quot;action&quot; attribute of the form tag to another script?

Don't we want the form to submit the value to this script, so that all that database and session variable code can actually run?

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

R
  • Locked
  • Question Question
How Can I Use MySQL To Send Data To An Email
Replies
1
Views
879
Chris Miller
Chris Miller
P
  • Locked
  • Question Question
JPgraph - How to stop a line graph from dropping to zero?
Replies
2
Views
979
Chris Miller
Chris Miller
EdLentz
  • Locked
  • Question Question
I need a simple example of how to send a table of info .
Replies
8
Views
1K
EdLentz
EdLentz
c0deM0nK424
  • Locked
  • Question Question
Gutenberg Block Editor - page edits and updates not working since wp site migration
Replies
1
Views
1K
spamjim
spamjim
lexer
  • Locked
  • Question Question
Fetching Data from Mysql and filling Inputs in a Form
Replies
0
Views
337
lexer
lexer

Part and Inventory Search

Sponsor

Back
Top