Problems with login page - restricting access to page
Hello. I am trying to create a page where users can login to a restricted page, using their email address and user name to login to a special members area.
I have managed it, so that the users can log in to a members area - but I would also like specific member information only, to be displayed on that page, which related to that member - i.e. defined by the username and password.
My problem is, that although the user can login to the members area using their password and email address, the page they log into, displays the information of the first row of the table - not the information specific to the login details.
I have doen this all through dreamweaver so don't really know how the code works. In the login page I have set email as my username column and password as my password column.
thanks
sorry - I only have 110 points left for this...
I have managed it, so that the users can log in to a members area - but I would also like specific member information only, to be displayed on that page, which related to that member - i.e. defined by the username and password.
My problem is, that although the user can login to the members area using their password and email address, the page they log into, displays the information of the first row of the table - not the information specific to the login details.
I have doen this all through dreamweaver so don't really know how the code works. In the login page I have set email as my username column and password as my password column.
thanks
sorry - I only have 110 points left for this...
<?php require_once('../../Connections/connectionc.php'); ?><?php
//initialize the session
if (!isset($_SESSION)) {
session_start();
}
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
$logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
//to fully log out a visitor we need to clear the session varialbles
$_SESSION['MM_Username'] = NULL;
$_SESSION['MM_UserGroup'] = NULL;
$_SESSION['PrevUrl'] = NULL;
unset($_SESSION['MM_Username']);
unset($_SESSION['MM_UserGroup']);
unset($_SESSION['PrevUrl']);
$logoutGoTo = "../index.htm";
if ($logoutGoTo) {
header("Location: $logoutGoTo");
exit;
}
}
?>
<?php
if (!isset($_SESSION)) {
session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && true) {
$isValid = true;
}
}
return $isValid;
}
$MM_restrictGoTo = "../sorry.html";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
<?php
mysql_select_db($database_connectionc, $connectionc);
$query_m = "SELECT autonumber, password, email, name FROM chinastudents";
$m = mysql_query($query_m, $connectionc) or die(mysql_error());
$row_m = mysql_fetch_assoc($m);
$totalRows_m = mysql_num_rows($m);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
EMB01
Hey, could you show me the part of the code (or post the whole code) where the variable is echoed so I know which recordset to investigate? Thanks.
ASKER
Hi,
Code pasted below.
thanks
Code pasted below.
thanks
<?php require_once('../../Connections/connectionc.php'); ?><?php
//initialize the session
if (!isset($_SESSION)) {
session_start();
}
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
$logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
//to fully log out a visitor we need to clear the session varialbles
$_SESSION['MM_Username'] = NULL;
$_SESSION['MM_UserGroup'] = NULL;
$_SESSION['PrevUrl'] = NULL;
unset($_SESSION['MM_Username']);
unset($_SESSION['MM_UserGroup']);
unset($_SESSION['PrevUrl']);
$logoutGoTo = "../index.htm";
if ($logoutGoTo) {
header("Location: $logoutGoTo");
exit;
}
}
?>
<?php
if (!isset($_SESSION)) {
session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && true) {
$isValid = true;
}
}
return $isValid;
}
$MM_restrictGoTo = "../sorry.html";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
<?php
mysql_select_db($database_connectionc, $connectionc);
$query_m = "SELECT autonumber, password, email, name FROM chinastudents";
$m = mysql_query($query_m, $connectionc) or die(mysql_error());
$row_m = mysql_fetch_assoc($m);
$totalRows_m = mysql_num_rows($m);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=hz-gb-2312" />
<title>Welcome to the Members Area</title>
<META NAME="Keywords" CONTENT="(-ýû~bùbÁºYf„íY.(-ý:û~MÁºY
æ|? ¨ïå(ÙÌ~0ðÄÁºíY.Ùå MÊL0„D›ÏïåYˆñíÊvÖí.û~¨„ÁºbùbíYvU¨êñ„íþ
. ß
Yì„D™vvFÆ‚, ôèí, ÎÊ)Ë.">
<META NAME="Description" CONTENT="hiwaijiao.com„—è/.©óf`í„f (-ýû~ÁºY. ,QÙ O(-ýó`Yˆñí, ÕíŒvÖíþ
„L0Yì. „ˆþ0¹êš.">
<META NAME="robots" CONTENT="ALL">
<style type="text/css">
td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}
body {
background-color: #FFA466;
margin-top: 0px;
}
td img {display: block;}td img {display: block;}
td img {display: block;}td img {display: block;}
td img {display: block;}
td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}
td img {display: block;}td img {display: block;}
.style39 {color: #FF6600; font-size: 11px;}
.style50 {
font-family: SimHei;
color: #000000;
font-size: 12px;
}td img {display: block;}td img {display: block;}
.style55 {font-size: 12px; font-family: Arial, Helvetica, sans-serif; }
.style56 {font-family: Arial, Helvetica, sans-serif}
.style57 {font-size: 12px; font-family: SimHei; }td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}
.style61 {
font-family: SimHei;
font-size: 16px;
color: #FF6600;
}
.style62 {
font-family: SimHei;
font-size: 14px;
color: #FF6600;
}
</style>
<script type="text/JavaScript">
<!--
function MM_preloadImages() { //v3.0
var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}
//-->
</script>
</head>
<body>
<Div Align="Center">
<table width="772" border="0" cellpadding="1" cellspacing="0" bgcolor="#FF6600">
<!--DWLayoutTable-->
<tr>
<td width="770" height="1"></td>
</tr>
<tr>
<td height="483" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0">
<!--DWLayoutTable-->
<tr>
<td height="14" colspan="2" valign="top"><!--DWLayoutEmptyCell--> </td>
</tr>
<tr>
<td height="361" colspan="2" valign="top" bgcolor="#FFFFFF"><table border="0" cellpadding="0" cellspacing="0" width="779">
<!-- fwtable fwsrc="welcome member_china.png" fwbase="membersarea.jpg" fwstyle="Dreamweaver" fwdocid = "1986916010" fwnested="1" -->
<tr>
<td><table align="left" border="0" cellpadding="0" cellspacing="0" width="779">
<tr>
<td><table align="left" border="0" cellpadding="0" cellspacing="0" width="523">
<tr>
<td><img name="membersarea_r1_c1" src="images/membersarea_r1_c1.jpg" width="523" height="62" border="0" id="membersarea_r1_c1" alt="" /></td>
</tr>
<tr>
<td><table align="left" border="0" cellpadding="0" cellspacing="0" width="523">
<tr>
<td><img name="membersarea_r3_c1" src="images/membersarea_r3_c1.jpg" width="71" height="32" border="0" id="membersarea_r3_c1" alt="" /></td>
<td><img name="membersarea_r3_c2" src="images/membersarea_r3_c2.jpg" width="452" height="32" border="0" id="membersarea_r3_c2" alt="" /></td>
</tr>
</table></td>
</tr>
<tr>
<td><img name="membersarea_r4_c1" src="images/membersarea_r4_c1.jpg" width="523" height="31" border="0" id="membersarea_r4_c1" alt="" /></td>
</tr>
</table></td>
<td><table align="left" border="0" cellpadding="0" cellspacing="0" width="256">
<tr>
<td><table align="left" border="0" cellpadding="0" cellspacing="0" width="256">
<tr>
<td><img name="membersarea_r1_c4" src="images/membersarea_r1_c4.jpg" width="200" height="32" border="0" id="membersarea_r1_c4" alt="" /></td>
<td><a href="<?php echo $logoutAction ?>"><img name="membersarea_r1_c5" src="images/membersarea_r1_c5.jpg" width="56" height="32" border="0" id="membersarea_r1_c5" alt="" /></a></td>
</tr>
</table></td>
</tr>
<tr>
<td><img name="membersarea_r2_c4" src="images/membersarea_r2_c4.jpg" width="256" height="93" border="0" id="membersarea_r2_c4" alt="" /></td>
</tr>
</table></td>
</tr>
</table></td>
</tr>
<tr>
<td><table width="779" height="236" border="0" align="left" cellpadding="0" cellspacing="0">
<!--DWLayoutTable-->
<tr>
<td width="384" height="236" valign="top"><blockquote>
<p> </p>
<p align="left" class="style61">è <span class="style55"><?php echo $row_m['name']; ?></span></p>
<p align="left" class="style62">(ÙÌ`ïåå
Y„Tû¹
ô¥ßÖìÖ—Tû
(ÙÌ`Øïå« </p>
<p align="left" class="style62">{~ëPfí</p>
<p> </p>
</blockquote></td>
<td width="395"><img name="membersarea_r5_c3" src="images/membersarea_r5_c3.jpg" width="395" height="236" border="0" id="membersarea_r5_c3" alt="" /></td>
</tr>
</table></td>
</tr>
</table></td>
</tr>
<tr>
<td width="442" height="275" valign="top" bgcolor="#FFFFFF"><table border="0" cellpadding="0" cellspacing="0" width="441">
<!-- fwtable fwsrc="memberspage collage.png" fwbase="membersimage.jpg" fwstyle="Dreamweaver" fwdocid = "1056347649" fwnested="0" -->
<tr>
<td><img src="images/spacer.gif" alt="" name="undefined_4" width="219" height="1" border="0" id="undefined_4" /></td>
<td><img src="images/spacer.gif" alt="" name="undefined_4" width="222" height="1" border="0" id="undefined_4" /></td>
<td><img src="images/spacer.gif" alt="" name="undefined_4" width="1" height="1" border="0" id="undefined_4" /></td>
</tr>
<tr>
<td><a href="HiWaijiao_Video.html" target="_blank"><img name="membersimage_r1_c1" src="images/membersimage_r1_c1.jpg" width="219" height="123" border="0" id="membersimage_r1_c1" alt="" /></a></td>
<td><a href="Mvideoprofile.php" target="_blank"><img name="membersimage_r1_c2" src="images/membersimage_r1_c2.jpg" width="222" height="123" border="0" id="membersimage_r1_c2" alt="" /></a></td>
<td><img src="images/spacer.gif" alt="" name="undefined_4" width="1" height="123" border="0" id="undefined_4" /></td>
</tr>
<tr>
<td><a href="The Radio Room.htm" target="_blank"><img name="membersimage_r2_c1" src="images/membersimage_r2_c1.jpg" width="219" height="125" border="0" id="membersimage_r2_c1" alt="" /></a></td>
<td><a href="HiWaijiaoTV.html" target="_blank"><img name="membersimage_r2_c2" src="images/membersimage_r2_c2.jpg" width="222" height="125" border="0" id="membersimage_r2_c2" alt="" /></a></td>
<td><img src="images/spacer.gif" alt="" name="undefined_4" width="1" height="125" border="0" id="undefined_4" /></td>
</tr>
</table></td>
<td width="337" valign="top" bgcolor="#FFFFFF"><table width="337" height="276" border="0" cellpadding="0" cellspacing="0">
<!--DWLayoutTable-->
<!-- fwtable fwsrc="searchbox.png" fwbase="searchbox.jpg" fwstyle="Dreamweaver" fwdocid = "799730015" fwnested="0" -->
<tr>
<td width="10" height="1"><img src="images/spacer.gif" alt="" name="undefined_3" width="10" height="1" border="0" id="undefined_3" /></td>
<td width="310"><img src="images/spacer.gif" alt="" name="undefined_3" width="310" height="1" border="0" id="undefined_3" /></td>
<td width="16"><img src="images/spacer.gif" alt="" name="undefined_3" width="16" height="1" border="0" id="undefined_3" /></td>
<td width="1"><img src="images/spacer.gif" alt="" name="undefined_3" width="1" height="1" border="0" id="undefined_3" /></td>
</tr>
<tr>
<td rowspan="3"><img name="searchbox_r1_c1" src="images/searchbox_r1_c1.jpg" width="10" height="275" border="0" id="searchbox_r1_c1" alt="" /></td>
<td height="72" colspan="2"><img name="searchbox_r1_c2" src="images/searchbox_r1_c2.jpg" width="326" height="72" border="0" id="searchbox_r1_c2" alt="" /></td>
<td><img src="images/spacer.gif" alt="" name="undefined_3" width="1" height="72" border="0" id="undefined_3" /></td>
</tr>
<tr>
<td height="162" valign="top"><form id="form1" name="form1" method="get" action="MemberNewTeacherprofile.php">
<table width="264" border="0">
<tr>
<td width="96"><span class="style56"><img src="language.jpg" width="96" height="26" /></span></td>
<td width="158"><div align="left"><span class="style55">
<select name="teachingprovince" class="style56" id="teachingprovince">
<option value="">@ ý</option>
<option value="Anhui">‰½</option>
<option value="Beijing">¬</option>
<option value="Fujian">ú</option>
<option value="Gansu">ƒ</option>
<option value="Guangdong">
</option>
<option value="Guizhou">5Þ</option>
<option value="Hainan">wW</option>
<option value="Hebei">³</option>
<option value="Heilongjiang">љ_</option>
<option value="Henan">³W</option>
<option value="Hubei">V</option>
<option value="Hunan">VW</option>
<option value="Jiangsu">_Ï</option>
<option value="Jiangxi">_</option>
<option value="Jilin"> —</option>
<option value="Liaoning">½</option>
<option value="Qinghai">Rw</option>
<option value="Shaanxi">U</option>
<option value="Shandong">q
</option>
<option value="Shanghai">
w</option>
<option value="Shanxi">q</option>
<option value="Sichuan">ÛÝ</option>
<option value="Yunnan">‘W</option>
<option value="Zhejiang">Y_</option>
</select>
</span></div></td>
</tr>
<tr>
<td><span class="style56"><img src="region.jpg" width="96" height="26" /></span></td>
<td><div align="left"><span class="style55">
<select name="nativelanguage" class="style56" id="nativelanguage">
<option value="" selected="selected">@ í</option>
<option value="English">ñí</option>
<option value="French">Õí</option>
<option value="Spanish">íYí</option>
<option value="Portuguese">aYí</option>
<option value="German">·í</option>
<option value="Arabic">?É/í</option>
<option value="Japanese">åí</option>
<option value="korean">éí</option>
<option value="Italian">')í</option>
<option value="Danish">9¦í</option>
<option value="Holland">wpí</option>
<option value="Polish">âpí</option>
<option value="Polish">âpí</option>
<option value="Turkish"> 3ví</option>
<option value="Romanian">Wl<ší</option>
<option value="Russian">Äí</option>
<option value="Azerbaijani">?^܆í</option>
<option value="Vietnamese">ŠWí</option>
<option value="Indonesia">p¦<ší</option>
<option value="Indonesia">p¦<ší</option>
<option value="Thai">ðýí</option>
<option value="Tagalog">T ÉÏí</option>
<option value="Tamil">ðsí</option>
<option value="Cambodia">ìÔèí</option>
<option value="Nepalese"><Êí</option>
<option value="Hindu">p¦í</option>
<option value="Bulgarian">Ý )ší</option>
<option value="Bengali">_ Éí</option>
<option value="Myanmar">8í</option>
<option value="Zulu">Ví</option>
</select>
</span></div></td>
</tr>
<tr>
<td> </td>
<td><div align="left">
<p>
<input name="Submit" type="submit" class="style56" value="
"" />
</p>
<p><span class="style57">¹ûÛeا
"</span> </p>
</div></td>
</tr>
</table>
</form> </td>
<td rowspan="2"><img name="searchbox_r2_c3" src="images/searchbox_r2_c3.jpg" width="16" height="203" border="0" id="searchbox_r2_c3" alt="" /></td>
<td><img src="images/spacer.gif" alt="" name="undefined_3" width="1" height="162" border="0" id="undefined_3" /></td>
</tr>
<tr>
<td height="41"><img name="searchbox_r3_c2" src="images/searchbox_r3_c2.jpg" width="310" height="41" border="0" id="searchbox_r3_c2" alt="" /></td>
<td><img src="images/spacer.gif" alt="" name="undefined_3" width="1" height="41" border="0" id="undefined_3" /></td>
</tr>
</table></td>
</tr>
<tr>
<td height="83" colspan="2" valign="top" bgcolor="#FFFFFF"><p align="center" class="style39"><span class="style50">Tûì - øsþ¥ - M#ð - QÙ0þ - {U</span></p>
<p align="center" class="style39">(-ý¥×ÁºY„bùbíˆþ.(–a—Ì/ùYf ̹ý„:@Yf.<br />
íYì(hý0Yf- Öì(ÎϬ,
w,ñ3,Þ,™/,¥,Þý ˆþ. </p>
<p align="center" class="style39">ñívÖí„f`fXïå(hý0~0íY. ~MÁºíY, fèí, ÎÊ)Ë</p></td>
</tr>
<tr>
<td height="20" colspan="2" valign="top" bgcolor="#FFFFFF"><img src="footer777_20_hiwaijiao.jpg" width="777" height="20" /></td>
</tr>
</table></td>
</tr>
</table>
</Div>
</body>
</html>
<?php
mysql_free_result($m);
?>
So your member information recordset must me "m." Try changing the code starting at line 75 to what I've attached. Notice, I've added a new local variable and the "WHERE" clause to the SQL statement. Please also review the comments of the code snippet attached. Let me know how this works for you.
mysql_select_db($database_connectionc, $connectionc);
$name = $_SESSION['MM_Username']; // This line turns the session variable of to a local variable.
$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE name = $name"; // This line queries the database for rows in chinastudents where the name field is equal to the username of the current user's session.
$m = mysql_query($query_m, $connectionc) or die(mysql_error());
$row_m = mysql_fetch_assoc($m);
$totalRows_m = mysql_num_rows($m);
ASKER
Thanks, and sorry for the delay in replying. I did as you said but got the following rather stranger error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@yahoo.com' at line 1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@yahoo.com' at line 1
ASKER
Ahh..I tried to login in using adam@yahoo.com (name in the database). When I tried with adam@hotmail.com the error message was You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@hotmail.com' at line 1
ASKER
I tried changing name - to email in the line
$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE email = $email";
as we are logging in with the password and the email account but the error message was:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Thanks
$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE email = $email";
as we are logging in with the password and the email account but the error message was:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Thanks
Okay, next we'll check out what's hapenning to the database. Replace your code with the following code and let me know what happens. Review the comments to see what I did. This way, we know what goes wrong, where, when... etc.
mysql_select_db($database_connectionc, $connectionc);
$name = mysql_real_escape_string($_SESSION['MM_Username']); // This line turns the session variable of to a local variable.
echo "The local variable used is: " . $name . "<br />"; // This line echoes the local variable
$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE name = $name"; // This line queries the database for rows in chinastudents where the name field is equal to the username of the current user's session.
echo "The query used is: " . $query_m . "<br />"; // This line echoes the database query
$m = mysql_query($query_m, $connectionc) or die(mysql_error());
$row_m = mysql_fetch_assoc($m);
echo "This is the array returned: <br/ >" . $row_m;
$totalRows_m = mysql_num_rows($m);
ASKER
Thanks.
Just to be clear - to login, the user needs to enter his email and password. It's the email which is supposed to be the username column in the login page. I'll paste the code for the login page below:
Okay the error message was
Just to be clear - to login, the user needs to enter his email and password. It's the email which is supposed to be the username column in the login page. I'll paste the code for the login page below:
Okay the error message was
<?php require_once('../Connections/connectionc.php'); ?><?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['email'])) {
$loginUsername=$_POST['email'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "members/membershome.php";
$MM_redirectLoginFailed = "sorry.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_connectionc, $connectionc);
$LoginRS__query=sprintf("SELECT email, password FROM chinastudents WHERE email='%s' AND password='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $connectionc) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
.....
<form ACTION="<?php echo $loginFormAction; ?>" id="form1" name="form1" method="POST">
<p> </p>
<table width="422" border="0" bordercolor="#FF6600">
<tr>
<td width="103"><div align="left" class="style54">
<div align="right" class="style61">®±</div>
</div></td>
<td width="308"><span class="style52">
<label>
<div align="left" class="style54">
<input name="email" type="text" id="email" size="40" />
</label>
</div></td>
</tr>
<tr>
<td><div align="left" class="style54">
<div align="right" class="style61">Æ</div>
</div></td>
<td><span class="style52">
<label>
<div align="left" class="style54">
<input name="password" type="password" id="password" size="40" />
</label>
</div></td>
</tr>
<tr>
<td><div align="left"><span class="style60"><span class="style55"></span></span></div></td>
<td><span class="style52">
<label>
<div align="left" class="style54">
<input type="submit" name="Submit" value="Ûe" />
</label>
</div></td>
</tr>
</table>
</form></td>
I'm sorry, what was the exact error message?
ASKER
oops. The error message is:
The local variable used is: adamyounis@yahoo.com
The query used is: SELECT autonumber, password, email, name FROM chinastudents WHERE name = adamyounis@yahoo.com
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@yahoo.com' at line 1
The local variable used is: adamyounis@yahoo.com
The query used is: SELECT autonumber, password, email, name FROM chinastudents WHERE name = adamyounis@yahoo.com
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@yahoo.com' at line 1
I think there needs to be apostrophes around the name variable. Use as attached.
mysql_select_db($database_connectionc, $connectionc);
$name = mysql_real_escape_string($_SESSION['MM_Username']); // This line turns the session variable of to a local variable.
echo "The local variable used is: " . $name . "<br />"; // This line echoes the local variable
$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE name = '" . $name . "'"; // This line queries the database for rows in chinastudents where the name field is equal to the username of the current user's session.
echo "The query used is: " . $query_m . "<br />"; // This line echoes the database query
$m = mysql_query($query_m, $connectionc) or die(mysql_error());
$row_m = mysql_fetch_assoc($m);
echo "This is the array returned: <br/ >" . $row_m;
$totalRows_m = mysql_num_rows($m);
ASKER
That seems to allow access to the page, but the error message still appears on top of the page, and none of the other details associated with that username and password are on the page...
Accesses members area but error is still:
The local variable used is: adamyounis@yahoo.com
The query used is: SELECT autonumber, password, email, name FROM chinastudents WHERE name = 'adamyounis@yahoo.com'
This is the array returned:
Accesses members area but error is still:
The local variable used is: adamyounis@yahoo.com
The query used is: SELECT autonumber, password, email, name FROM chinastudents WHERE name = 'adamyounis@yahoo.com'
This is the array returned:
What is in the name field in the chinastudents table? Can you provide a sample of the table like:
autonumber, password, email, name
1, thisismypass, thisismyemail, thisismyname
autonumber, password, email, name
1, thisismypass, thisismyemail, thisismyname
ASKER
The fields are autonumber, password, email, confirmail, name, province, advert, language
To login the user provides email and password.
i,e adamyounis@yahoo.com, experts and the name is adam younis
thanks
adam
To login the user provides email and password.
i,e adamyounis@yahoo.com, experts and the name is adam younis
thanks
adam
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That's it. Many thanks.
It's logging in and showing the correct info. I tested with three seperate accounts.
I've gotten rid of the echo statements.
Many thanks for your patience and perseverance with this. Much appreciated.
Thanks.
It's logging in and showing the correct info. I tested with three seperate accounts.
I've gotten rid of the echo statements.
Many thanks for your patience and perseverance with this. Much appreciated.
Thanks.
Patience and perseverance is what I made of, man! Glad it's working for you. Best of luck.