• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 219
  • Last Modified:

Problems with login page - restricting access to page

Hello. I am trying to create a page where users can login to a restricted page, using their email address and user name to login to a special members area.

I have managed it, so that the users can log in to a members area - but I would also like specific member information only, to be displayed on that page, which related to that member - i.e. defined by the username and password.

My problem is, that although the user can login to the members area using their password and email address, the page they log into, displays the information of the first row of the table - not the information specific to the login details.

I have doen this all through dreamweaver so don't really know how the code works. In the login page I have set email as my username column and password as my password column.

thanks

sorry - I only have 110 points left for this...


<?php require_once('../../Connections/connectionc.php'); ?><?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}
 
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
 
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);
	
  $logoutGoTo = "../index.htm";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";
 
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 
 
  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}
 
$MM_restrictGoTo = "../sorry.html";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php
mysql_select_db($database_connectionc, $connectionc);
$query_m = "SELECT autonumber, password, email, name FROM chinastudents";
$m = mysql_query($query_m, $connectionc) or die(mysql_error());
$row_m = mysql_fetch_assoc($m);
$totalRows_m = mysql_num_rows($m);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

Open in new window

0
Adam
Asked:
Adam
  • 9
  • 8
1 Solution
 
EMB01Commented:
Hey, could you show me the part of the code (or post the whole code) where the variable is echoed so I know which recordset to investigate? Thanks.
0
 
AdamTrying to learn phpAuthor Commented:
Hi,

Code pasted below.

thanks
<?php require_once('../../Connections/connectionc.php'); ?><?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}
 
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
 
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);
	
  $logoutGoTo = "../index.htm";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";
 
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 
 
  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}
 
$MM_restrictGoTo = "../sorry.html";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php
mysql_select_db($database_connectionc, $connectionc);
$query_m = "SELECT autonumber, password, email, name FROM chinastudents";
$m = mysql_query($query_m, $connectionc) or die(mysql_error());
$row_m = mysql_fetch_assoc($m);
$totalRows_m = mysql_num_rows($m);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=hz-gb-2312" />
<title>Welcome to the Members Area</title>
<META NAME="Keywords" CONTENT="(-ýû~bùbÁºYf„íY.(-ý:û~MÁºYæ|? ¨ïå(ÙÌ~0ðÄÁºíY.Ùå	MÊL0„D›ÏïåYˆñíÊvÖí.û~¨„ÁºbùbíYvU¨êñ„íþ. ßYì„D™vvFÆ‚, ôèí, ÎÊ)Ë.">
<META NAME="Description" CONTENT="hiwaijiao.com„—è/.©óf`í„f(-ýû~ÁºY. ,QÙ	O(-ýó`Yˆñí, ÕíŒvÖíþ„L0Yì. „ˆþ0¹êš.">
<META NAME="robots" CONTENT="ALL">
<style type="text/css">
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}
body {
	background-color: #FFA466;
	margin-top: 0px;
}
td img {display: block;}td img {display: block;}
td img {display: block;}td img {display: block;}
td img {display: block;}
td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}
td img {display: block;}td img {display: block;}
.style39 {color: #FF6600; font-size: 11px;}
.style50 {
	font-family: SimHei;
	color: #000000;
	font-size: 12px;
}td img {display: block;}td img {display: block;}
.style55 {font-size: 12px; font-family: Arial, Helvetica, sans-serif; }
.style56 {font-family: Arial, Helvetica, sans-serif}
.style57 {font-size: 12px; font-family: SimHei; }td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}
.style61 {
	font-family: SimHei;
	font-size: 16px;
	color: #FF6600;
}
.style62 {
	font-family: SimHei;
	font-size: 14px;
	color: #FF6600;
}
</style>
<script type="text/JavaScript">
<!--
 
 
 
function MM_preloadImages() { //v3.0
  var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
    var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
    if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}
//-->
</script>
</head>
 
<body>
<Div Align="Center">
<table width="772" border="0" cellpadding="1" cellspacing="0" bgcolor="#FF6600">
  <!--DWLayoutTable-->
  <tr>
    <td width="770" height="1"></td>
    </tr>
  <tr>
    <td height="483" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0">
      <!--DWLayoutTable-->
      <tr>
        <td height="14" colspan="2" valign="top"><!--DWLayoutEmptyCell-->&nbsp;</td>
      </tr>
      <tr>
        <td height="361" colspan="2" valign="top" bgcolor="#FFFFFF"><table border="0" cellpadding="0" cellspacing="0" width="779">
          <!-- fwtable fwsrc="welcome member_china.png" fwbase="membersarea.jpg" fwstyle="Dreamweaver" fwdocid = "1986916010" fwnested="1" -->
          <tr>
            <td><table align="left" border="0" cellpadding="0" cellspacing="0" width="779">
                <tr>
                  <td><table align="left" border="0" cellpadding="0" cellspacing="0" width="523">
                      <tr>
                        <td><img name="membersarea_r1_c1" src="images/membersarea_r1_c1.jpg" width="523" height="62" border="0" id="membersarea_r1_c1" alt="" /></td>
                      </tr>
                      <tr>
                        <td><table align="left" border="0" cellpadding="0" cellspacing="0" width="523">
                            <tr>
                              <td><img name="membersarea_r3_c1" src="images/membersarea_r3_c1.jpg" width="71" height="32" border="0" id="membersarea_r3_c1" alt="" /></td>
                              <td><img name="membersarea_r3_c2" src="images/membersarea_r3_c2.jpg" width="452" height="32" border="0" id="membersarea_r3_c2" alt="" /></td>
                            </tr>
                        </table></td>
                      </tr>
                      <tr>
                        <td><img name="membersarea_r4_c1" src="images/membersarea_r4_c1.jpg" width="523" height="31" border="0" id="membersarea_r4_c1" alt="" /></td>
                      </tr>
                  </table></td>
                  <td><table align="left" border="0" cellpadding="0" cellspacing="0" width="256">
                      <tr>
                        <td><table align="left" border="0" cellpadding="0" cellspacing="0" width="256">
                            <tr>
                              <td><img name="membersarea_r1_c4" src="images/membersarea_r1_c4.jpg" width="200" height="32" border="0" id="membersarea_r1_c4" alt="" /></td>
                              <td><a href="<?php echo $logoutAction ?>"><img name="membersarea_r1_c5" src="images/membersarea_r1_c5.jpg" width="56" height="32" border="0" id="membersarea_r1_c5" alt="" /></a></td>
                            </tr>
                        </table></td>
                      </tr>
                      <tr>
                        <td><img name="membersarea_r2_c4" src="images/membersarea_r2_c4.jpg" width="256" height="93" border="0" id="membersarea_r2_c4" alt="" /></td>
                      </tr>
                  </table></td>
                </tr>
            </table></td>
          </tr>
          <tr>
            <td><table width="779" height="236" border="0" align="left" cellpadding="0" cellspacing="0">
              <!--DWLayoutTable-->
                <tr>
                  <td width="384" height="236" valign="top"><blockquote>
                    <p>&nbsp;</p>
                    <p align="left" class="style61">è <span class="style55"><?php echo $row_m['name']; ?></span></p>
                    <p align="left" class="style62">(ÙÌ`ïååY„Tû¹ô¥ßÖìÖ—Tû(ÙÌ`Øïå« </p>
                    <p align="left" class="style62">{~ëPfí</p>
                    <p>&nbsp;</p>
                  </blockquote></td>
                  <td width="395"><img name="membersarea_r5_c3" src="images/membersarea_r5_c3.jpg" width="395" height="236" border="0" id="membersarea_r5_c3" alt="" /></td>
                </tr>
            </table></td>
          </tr>
        </table></td>
        </tr>
      <tr>
        <td width="442" height="275" valign="top" bgcolor="#FFFFFF"><table border="0" cellpadding="0" cellspacing="0" width="441">
          <!-- fwtable fwsrc="memberspage collage.png" fwbase="membersimage.jpg" fwstyle="Dreamweaver" fwdocid = "1056347649" fwnested="0" -->
          <tr>
            <td><img src="images/spacer.gif" alt="" name="undefined_4" width="219" height="1" border="0" id="undefined_4" /></td>
            <td><img src="images/spacer.gif" alt="" name="undefined_4" width="222" height="1" border="0" id="undefined_4" /></td>
            <td><img src="images/spacer.gif" alt="" name="undefined_4" width="1" height="1" border="0" id="undefined_4" /></td>
          </tr>
          <tr>
            <td><a href="HiWaijiao_Video.html" target="_blank"><img name="membersimage_r1_c1" src="images/membersimage_r1_c1.jpg" width="219" height="123" border="0" id="membersimage_r1_c1" alt="" /></a></td>
            <td><a href="Mvideoprofile.php" target="_blank"><img name="membersimage_r1_c2" src="images/membersimage_r1_c2.jpg" width="222" height="123" border="0" id="membersimage_r1_c2" alt="" /></a></td>
            <td><img src="images/spacer.gif" alt="" name="undefined_4" width="1" height="123" border="0" id="undefined_4" /></td>
          </tr>
          <tr>
            <td><a href="The Radio Room.htm" target="_blank"><img name="membersimage_r2_c1" src="images/membersimage_r2_c1.jpg" width="219" height="125" border="0" id="membersimage_r2_c1" alt="" /></a></td>
            <td><a href="HiWaijiaoTV.html" target="_blank"><img name="membersimage_r2_c2" src="images/membersimage_r2_c2.jpg" width="222" height="125" border="0" id="membersimage_r2_c2" alt="" /></a></td>
            <td><img src="images/spacer.gif" alt="" name="undefined_4" width="1" height="125" border="0" id="undefined_4" /></td>
          </tr>
        </table></td>
        <td width="337" valign="top" bgcolor="#FFFFFF"><table width="337" height="276" border="0" cellpadding="0" cellspacing="0">
          <!--DWLayoutTable-->
          <!-- fwtable fwsrc="searchbox.png" fwbase="searchbox.jpg" fwstyle="Dreamweaver" fwdocid = "799730015" fwnested="0" -->
          <tr>
            <td width="10" height="1"><img src="images/spacer.gif" alt="" name="undefined_3" width="10" height="1" border="0" id="undefined_3" /></td>
            <td width="310"><img src="images/spacer.gif" alt="" name="undefined_3" width="310" height="1" border="0" id="undefined_3" /></td>
            <td width="16"><img src="images/spacer.gif" alt="" name="undefined_3" width="16" height="1" border="0" id="undefined_3" /></td>
            <td width="1"><img src="images/spacer.gif" alt="" name="undefined_3" width="1" height="1" border="0" id="undefined_3" /></td>
          </tr>
          <tr>
            <td rowspan="3"><img name="searchbox_r1_c1" src="images/searchbox_r1_c1.jpg" width="10" height="275" border="0" id="searchbox_r1_c1" alt="" /></td>
            <td height="72" colspan="2"><img name="searchbox_r1_c2" src="images/searchbox_r1_c2.jpg" width="326" height="72" border="0" id="searchbox_r1_c2" alt="" /></td>
            <td><img src="images/spacer.gif" alt="" name="undefined_3" width="1" height="72" border="0" id="undefined_3" /></td>
          </tr>
          <tr>
		  
            <td height="162" valign="top"><form id="form1" name="form1" method="get" action="MemberNewTeacherprofile.php">
              <table width="264" border="0">
                <tr>
                  <td width="96"><span class="style56"><img src="language.jpg" width="96" height="26" /></span></td>
                  <td width="158"><div align="left"><span class="style55">
                    <select name="teachingprovince" class="style56" id="teachingprovince">
                      <option value="">@	ý</option>
                      <option value="Anhui">‰½</option>
                      <option value="Beijing">¬</option>
                      <option value="Fujian">ú</option>
                      <option value="Gansu">ƒ</option>
                      <option value="Guangdong"></option>
                      <option value="Guizhou">5Þ</option>
                      <option value="Hainan">wW</option>
                      <option value="Hebei">³</option>
                      <option value="Heilongjiang">љ_</option>
                      <option value="Henan">³W</option>
                      <option value="Hubei">V</option>
                      <option value="Hunan">VW</option>
                      <option value="Jiangsu">_Ï</option>
                      <option value="Jiangxi">_</option>
                      <option value="Jilin">	—</option>
                      <option value="Liaoning">½</option>
                      <option value="Qinghai">Rw</option>
                      <option value="Shaanxi">U</option>
                      <option value="Shandong">q</option>
                      <option value="Shanghai">
w</option>
                      <option value="Shanxi">q</option>
                      <option value="Sichuan">ÛÝ</option>
                      <option value="Yunnan">‘W</option>
                      <option value="Zhejiang">Y_</option>
                    </select>
                  </span></div></td>
                </tr>
                <tr>
                  <td><span class="style56"><img src="region.jpg" width="96" height="26" /></span></td>
                  <td><div align="left"><span class="style55">
                    <select name="nativelanguage" class="style56" id="nativelanguage">
                      <option value="" selected="selected">@	í</option>
                      <option value="English">ñí</option>
                      <option value="French">Õí</option>
                      <option value="Spanish">íYí</option>
                      <option value="Portuguese">aYí</option>
                      <option value="German">·í</option>
                      <option value="Arabic">?É/í</option>
                      <option value="Japanese">åí</option>
                      <option value="korean">éí</option>
                      <option value="Italian">')í</option>
                      <option value="Danish">9¦í</option>
                      <option value="Holland">wpí</option>
                      <option value="Polish">âpí</option>
                      <option value="Polish">âpí</option>
                      <option value="Turkish">3ví</option>
                      <option value="Romanian">Wl<ší</option>
                      <option value="Russian">Äí</option>
                      <option value="Azerbaijani">?^܆í</option>
                      <option value="Vietnamese">ŠWí</option>
                      <option value="Indonesia">p¦<ší</option>
                      <option value="Indonesia">p¦<ší</option>
                      <option value="Thai">ðýí</option>
                      <option value="Tagalog">T ÉÏí</option>
                      <option value="Tamil">ðsí</option>
                      <option value="Cambodia">ìÔèí</option>
                      <option value="Nepalese"><Êí</option>
                      <option value="Hindu">p¦í</option>
                      <option value="Bulgarian">Ý )ší</option>
                      <option value="Bengali">_ Éí</option>
                      <option value="Myanmar">8í</option>
                      <option value="Zulu">Ví</option>
                    </select>
                  </span></div></td>
                </tr>
                <tr>
                  <td>&nbsp;</td>
                  <td><div align="left">
                    <p>
                      <input name="Submit" type="submit" class="style56" value=""" />
                    </p>
                    <p><span class="style57">¹ûÛeا"</span> </p>
                  </div></td>
                </tr>
              </table>
                        </form>            </td>
            <td rowspan="2"><img name="searchbox_r2_c3" src="images/searchbox_r2_c3.jpg" width="16" height="203" border="0" id="searchbox_r2_c3" alt="" /></td>
            <td><img src="images/spacer.gif" alt="" name="undefined_3" width="1" height="162" border="0" id="undefined_3" /></td>
          </tr>
          <tr>
            <td height="41"><img name="searchbox_r3_c2" src="images/searchbox_r3_c2.jpg" width="310" height="41" border="0" id="searchbox_r3_c2" alt="" /></td>
            <td><img src="images/spacer.gif" alt="" name="undefined_3" width="1" height="41" border="0" id="undefined_3" /></td>
          </tr>
        </table></td>
      </tr>
      
      
      
      
      <tr>
        <td height="83" colspan="2" valign="top" bgcolor="#FFFFFF"><p align="center" class="style39"><span class="style50">Tûì - øsþ¥ - M#ð - QÙ0þ  - {U</span></p>
          <p align="center" class="style39">(-ý¥×ÁºY„bùbíˆþ.(–a—Ì/ùYf̹ý„:@Yf.<br />
            íYì(hý0Yf-  Öì(ÎϬ,
w,ñ3,Þ,™/,¥,Þý	ˆþ. </p>
          <p align="center" class="style39">ñívÖí„f`fXïå(hý0~0íY.  ~MÁºíY, fèí,  ÎÊ)Ë</p></td>
      </tr>
      <tr>
        <td height="20" colspan="2" valign="top" bgcolor="#FFFFFF"><img src="footer777_20_hiwaijiao.jpg" width="777" height="20" /></td>
      </tr>
    </table></td>
  </tr>
</table>
</Div>
</body>
</html>
<?php
mysql_free_result($m);
?>

Open in new window

0
 
EMB01Commented:
So your member information recordset must me "m." Try changing the code starting at line 75 to what I've attached. Notice, I've added a new local variable and the "WHERE" clause to the SQL statement. Please also review the comments of the code snippet attached. Let me know how this works for you.
mysql_select_db($database_connectionc, $connectionc);
$name = $_SESSION['MM_Username']; // This line turns the session variable of to a local variable.
$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE name = $name"; // This line queries the database for rows in chinastudents where the name field is equal to the username of the current user's session.
$m = mysql_query($query_m, $connectionc) or die(mysql_error());
$row_m = mysql_fetch_assoc($m);
$totalRows_m = mysql_num_rows($m);

Open in new window

0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
AdamTrying to learn phpAuthor Commented:
Thanks, and sorry for the delay in replying. I did as you said but got the following rather stranger error message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@yahoo.com' at line 1
0
 
AdamTrying to learn phpAuthor Commented:
Ahh..I tried to login in using adam@yahoo.com (name in the database). When I tried with adam@hotmail.com the error message was You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@hotmail.com' at line 1
0
 
AdamTrying to learn phpAuthor Commented:
I tried changing name - to email in the line

$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE email = $email";

as we are logging in with the password and the email account but the error message was:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Thanks
0
 
EMB01Commented:
Okay, next we'll check out what's hapenning to the database. Replace your code with the following code and let me know what happens. Review the comments to see what I did. This way, we know what goes wrong, where, when... etc.
mysql_select_db($database_connectionc, $connectionc);
$name = mysql_real_escape_string($_SESSION['MM_Username']); // This line turns the session variable of to a local variable.
echo "The local variable used is: " . $name . "<br />"; // This line echoes the local variable
$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE name = $name"; // This line queries the database for rows in chinastudents where the name field is equal to the username of the current user's session.
echo "The query used is: " . $query_m . "<br />"; // This line echoes the database query
$m = mysql_query($query_m, $connectionc) or die(mysql_error());
$row_m = mysql_fetch_assoc($m);
echo "This is the array returned: <br/ >" . $row_m;
$totalRows_m = mysql_num_rows($m);

Open in new window

0
 
AdamTrying to learn phpAuthor Commented:
Thanks.

Just to be clear - to login, the user needs to enter his email and password. It's the email which is supposed to be the username column in the login page. I'll paste the code for the login page below:


Okay the error message was
<?php require_once('../Connections/connectionc.php'); ?><?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}
 
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
 
if (isset($_POST['email'])) {
  $loginUsername=$_POST['email'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "members/membershome.php";
  $MM_redirectLoginFailed = "sorry.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_connectionc, $connectionc);
  
  $LoginRS__query=sprintf("SELECT email, password FROM chinastudents WHERE email='%s' AND password='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
   
  $LoginRS = mysql_query($LoginRS__query, $connectionc) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;	      
 
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 
.....
 
 
  <form ACTION="<?php echo $loginFormAction; ?>" id="form1" name="form1" method="POST">
                      <p>&nbsp;</p>
                      <table width="422" border="0" bordercolor="#FF6600">
                        <tr>
                          <td width="103"><div align="left" class="style54">
                            <div align="right" class="style61">®±</div>
                          </div></td>
                          <td width="308"><span class="style52">
                              <label>
                              <div align="left" class="style54">
                                <input name="email" type="text" id="email" size="40" />
                                </label>
                            </div></td>
                        </tr>
                        <tr>
                          <td><div align="left" class="style54">
                            <div align="right" class="style61">Æ</div>
                          </div></td>
                          <td><span class="style52">
                              <label>
                              <div align="left" class="style54">
                                <input name="password" type="password" id="password" size="40" />
                                </label>
                            </div></td>
                        </tr>
                        <tr>
                          <td><div align="left"><span class="style60"><span class="style55"></span></span></div></td>
                          <td><span class="style52">
                              <label>
                              <div align="left" class="style54">
                                <input type="submit" name="Submit" value="Ûe" />
                                </label>
                            </div></td>
                        </tr>
                      </table>
                    </form></td>

Open in new window

0
 
EMB01Commented:
I'm sorry, what was the exact error message?
0
 
AdamTrying to learn phpAuthor Commented:
oops. The error message is:

The local variable used is: adamyounis@yahoo.com
The query used is: SELECT autonumber, password, email, name FROM chinastudents WHERE name = adamyounis@yahoo.com
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@yahoo.com' at line 1
0
 
EMB01Commented:
I think there needs to be apostrophes around the name variable. Use as attached.
mysql_select_db($database_connectionc, $connectionc);
$name = mysql_real_escape_string($_SESSION['MM_Username']); // This line turns the session variable of to a local variable.
echo "The local variable used is: " . $name . "<br />"; // This line echoes the local variable
$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE name = '" . $name . "'"; // This line queries the database for rows in chinastudents where the name field is equal to the username of the current user's session.
echo "The query used is: " . $query_m . "<br />"; // This line echoes the database query
$m = mysql_query($query_m, $connectionc) or die(mysql_error());
$row_m = mysql_fetch_assoc($m);
echo "This is the array returned: <br/ >" . $row_m;
$totalRows_m = mysql_num_rows($m);

Open in new window

0
 
AdamTrying to learn phpAuthor Commented:
That seems to allow access to the page, but the error message still appears on top of the page, and none of the other details associated with that username and password are on the page...

Accesses members area but error is still:

The local variable used is: adamyounis@yahoo.com
The query used is: SELECT autonumber, password, email, name FROM chinastudents WHERE name = 'adamyounis@yahoo.com'
This is the array returned:
0
 
EMB01Commented:
What is in the name field in the chinastudents table? Can you provide a sample of the table like:
autonumber, password, email, name
1, thisismypass, thisismyemail, thisismyname
0
 
AdamTrying to learn phpAuthor Commented:
The fields are autonumber, password, email, confirmail, name, province, advert, language

To login the user provides email and password.

i,e adamyounis@yahoo.com, experts and the name is adam younis

thanks

adam
0
 
EMB01Commented:
Okay, well then let's change it to this:
mysql_select_db($database_connectionc, $connectionc);
$email = mysql_real_escape_string($_SESSION['MM_Username']); // This line turns the session variable of to a local variable.
echo "The local variable used is: " . $name . "<br />"; // This line echoes the local variable
$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE email = '" . $email . "'"; // This line queries the database for rows in chinastudents where the email field is equal to the local email variable.
echo "The query used is: " . $query_m . "<br />"; // This line echoes the database query
$m = mysql_query($query_m, $connectionc) or die(mysql_error());
$row_m = mysql_fetch_assoc($m);
echo "This is the array returned: <br/ >" . $row_m;
$totalRows_m = mysql_num_rows($m);

Open in new window

0
 
AdamTrying to learn phpAuthor Commented:
That's it. Many thanks.
It's logging in and showing the correct info. I tested with three seperate accounts.
I've gotten rid of the echo statements.
Many thanks for your patience and perseverance with this. Much appreciated.
Thanks.
0
 
EMB01Commented:
Patience and perseverance is what I made of, man! Glad it's working for you. Best of luck.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 9
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now