Solved

Problems with login page - restricting access to page

Posted on 2009-04-05
17
202 Views
Last Modified: 2013-12-12
Hello. I am trying to create a page where users can login to a restricted page, using their email address and user name to login to a special members area.

I have managed it, so that the users can log in to a members area - but I would also like specific member information only, to be displayed on that page, which related to that member - i.e. defined by the username and password.

My problem is, that although the user can login to the members area using their password and email address, the page they log into, displays the information of the first row of the table - not the information specific to the login details.

I have doen this all through dreamweaver so don't really know how the code works. In the login page I have set email as my username column and password as my password column.

thanks

sorry - I only have 110 points left for this...


<?php require_once('../../Connections/connectionc.php'); ?><?php

//initialize the session

if (!isset($_SESSION)) {

  session_start();

}
 

// ** Logout the current user. **

$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";

if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){

  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);

}
 

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){

  //to fully log out a visitor we need to clear the session varialbles

  $_SESSION['MM_Username'] = NULL;

  $_SESSION['MM_UserGroup'] = NULL;

  $_SESSION['PrevUrl'] = NULL;

  unset($_SESSION['MM_Username']);

  unset($_SESSION['MM_UserGroup']);

  unset($_SESSION['PrevUrl']);

	

  $logoutGoTo = "../index.htm";

  if ($logoutGoTo) {

    header("Location: $logoutGoTo");

    exit;

  }

}

?>

<?php

if (!isset($_SESSION)) {

  session_start();

}

$MM_authorizedUsers = "";

$MM_donotCheckaccess = "true";
 

// *** Restrict Access To Page: Grant or deny access to this page

function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 

  // For security, start by assuming the visitor is NOT authorized. 

  $isValid = False; 
 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 

  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 

  if (!empty($UserName)) { 

    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 

    // Parse the strings into arrays. 

    $arrUsers = Explode(",", $strUsers); 

    $arrGroups = Explode(",", $strGroups); 

    if (in_array($UserName, $arrUsers)) { 

      $isValid = true; 

    } 

    // Or, you may restrict access to only certain users based on their username. 

    if (in_array($UserGroup, $arrGroups)) { 

      $isValid = true; 

    } 

    if (($strUsers == "") && true) { 

      $isValid = true; 

    } 

  } 

  return $isValid; 

}
 

$MM_restrictGoTo = "../sorry.html";

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   

  $MM_qsChar = "?";

  $MM_referrer = $_SERVER['PHP_SELF'];

  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";

  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 

  $MM_referrer .= "?" . $QUERY_STRING;

  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);

  header("Location: ". $MM_restrictGoTo); 

  exit;

}

?>

<?php

mysql_select_db($database_connectionc, $connectionc);

$query_m = "SELECT autonumber, password, email, name FROM chinastudents";

$m = mysql_query($query_m, $connectionc) or die(mysql_error());

$row_m = mysql_fetch_assoc($m);

$totalRows_m = mysql_num_rows($m);

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

Open in new window

0
Comment
Question by:ayounis
  • 9
  • 8
17 Comments
 
LVL 14

Expert Comment

by:EMB01
ID: 24071578
Hey, could you show me the part of the code (or post the whole code) where the variable is echoed so I know which recordset to investigate? Thanks.
0
 

Author Comment

by:ayounis
ID: 24072216
Hi,

Code pasted below.

thanks
<?php require_once('../../Connections/connectionc.php'); ?><?php

//initialize the session

if (!isset($_SESSION)) {

  session_start();

}
 

// ** Logout the current user. **

$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";

if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){

  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);

}
 

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){

  //to fully log out a visitor we need to clear the session varialbles

  $_SESSION['MM_Username'] = NULL;

  $_SESSION['MM_UserGroup'] = NULL;

  $_SESSION['PrevUrl'] = NULL;

  unset($_SESSION['MM_Username']);

  unset($_SESSION['MM_UserGroup']);

  unset($_SESSION['PrevUrl']);

	

  $logoutGoTo = "../index.htm";

  if ($logoutGoTo) {

    header("Location: $logoutGoTo");

    exit;

  }

}

?>

<?php

if (!isset($_SESSION)) {

  session_start();

}

$MM_authorizedUsers = "";

$MM_donotCheckaccess = "true";
 

// *** Restrict Access To Page: Grant or deny access to this page

function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 

  // For security, start by assuming the visitor is NOT authorized. 

  $isValid = False; 
 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 

  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 

  if (!empty($UserName)) { 

    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 

    // Parse the strings into arrays. 

    $arrUsers = Explode(",", $strUsers); 

    $arrGroups = Explode(",", $strGroups); 

    if (in_array($UserName, $arrUsers)) { 

      $isValid = true; 

    } 

    // Or, you may restrict access to only certain users based on their username. 

    if (in_array($UserGroup, $arrGroups)) { 

      $isValid = true; 

    } 

    if (($strUsers == "") && true) { 

      $isValid = true; 

    } 

  } 

  return $isValid; 

}
 

$MM_restrictGoTo = "../sorry.html";

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   

  $MM_qsChar = "?";

  $MM_referrer = $_SERVER['PHP_SELF'];

  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";

  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 

  $MM_referrer .= "?" . $QUERY_STRING;

  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);

  header("Location: ". $MM_restrictGoTo); 

  exit;

}

?>

<?php

mysql_select_db($database_connectionc, $connectionc);

$query_m = "SELECT autonumber, password, email, name FROM chinastudents";

$m = mysql_query($query_m, $connectionc) or die(mysql_error());

$row_m = mysql_fetch_assoc($m);

$totalRows_m = mysql_num_rows($m);

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=hz-gb-2312" />

<title>Welcome to the Members Area</title>

<META NAME="Keywords" CONTENT="(-ýû~bùbÁºYf„íY.(-ý:û~MÁºYæ|? ¨ïå(ÙÌ~0ðÄÁºíY.Ùå	MÊL0„D›ÏïåYˆñíÊvÖí.û~¨„ÁºbùbíYvU¨êñ„íþ. ßYì„D™vvFÆ‚, ôèí, ÎÊ)Ë.">

<META NAME="Description" CONTENT="hiwaijiao.com„—è/.©óf`í„f(-ýû~ÁºY. ,QÙ	O(-ýó`Yˆñí, ÕíŒvÖíþ„L0Yì. „ˆþ0¹êš.">

<META NAME="robots" CONTENT="ALL">

<style type="text/css">
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}

body {

	background-color: #FFA466;

	margin-top: 0px;

}

td img {display: block;}td img {display: block;}

td img {display: block;}td img {display: block;}

td img {display: block;}

td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}

td img {display: block;}td img {display: block;}

.style39 {color: #FF6600; font-size: 11px;}

.style50 {

	font-family: SimHei;

	color: #000000;

	font-size: 12px;

}td img {display: block;}td img {display: block;}

.style55 {font-size: 12px; font-family: Arial, Helvetica, sans-serif; }

.style56 {font-family: Arial, Helvetica, sans-serif}

.style57 {font-size: 12px; font-family: SimHei; }td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}

.style61 {

	font-family: SimHei;

	font-size: 16px;

	color: #FF6600;

}

.style62 {

	font-family: SimHei;

	font-size: 14px;

	color: #FF6600;

}

</style>

<script type="text/JavaScript">

<!--
 
 
 

function MM_preloadImages() { //v3.0

  var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();

    var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)

    if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}

}

//-->

</script>

</head>
 

<body>

<Div Align="Center">

<table width="772" border="0" cellpadding="1" cellspacing="0" bgcolor="#FF6600">

  <!--DWLayoutTable-->

  <tr>

    <td width="770" height="1"></td>

    </tr>

  <tr>

    <td height="483" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0">

      <!--DWLayoutTable-->

      <tr>

        <td height="14" colspan="2" valign="top"><!--DWLayoutEmptyCell-->&nbsp;</td>

      </tr>

      <tr>

        <td height="361" colspan="2" valign="top" bgcolor="#FFFFFF"><table border="0" cellpadding="0" cellspacing="0" width="779">

          <!-- fwtable fwsrc="welcome member_china.png" fwbase="membersarea.jpg" fwstyle="Dreamweaver" fwdocid = "1986916010" fwnested="1" -->

          <tr>

            <td><table align="left" border="0" cellpadding="0" cellspacing="0" width="779">

                <tr>

                  <td><table align="left" border="0" cellpadding="0" cellspacing="0" width="523">

                      <tr>

                        <td><img name="membersarea_r1_c1" src="images/membersarea_r1_c1.jpg" width="523" height="62" border="0" id="membersarea_r1_c1" alt="" /></td>

                      </tr>

                      <tr>

                        <td><table align="left" border="0" cellpadding="0" cellspacing="0" width="523">

                            <tr>

                              <td><img name="membersarea_r3_c1" src="images/membersarea_r3_c1.jpg" width="71" height="32" border="0" id="membersarea_r3_c1" alt="" /></td>

                              <td><img name="membersarea_r3_c2" src="images/membersarea_r3_c2.jpg" width="452" height="32" border="0" id="membersarea_r3_c2" alt="" /></td>

                            </tr>

                        </table></td>

                      </tr>

                      <tr>

                        <td><img name="membersarea_r4_c1" src="images/membersarea_r4_c1.jpg" width="523" height="31" border="0" id="membersarea_r4_c1" alt="" /></td>

                      </tr>

                  </table></td>

                  <td><table align="left" border="0" cellpadding="0" cellspacing="0" width="256">

                      <tr>

                        <td><table align="left" border="0" cellpadding="0" cellspacing="0" width="256">

                            <tr>

                              <td><img name="membersarea_r1_c4" src="images/membersarea_r1_c4.jpg" width="200" height="32" border="0" id="membersarea_r1_c4" alt="" /></td>

                              <td><a href="<?php echo $logoutAction ?>"><img name="membersarea_r1_c5" src="images/membersarea_r1_c5.jpg" width="56" height="32" border="0" id="membersarea_r1_c5" alt="" /></a></td>

                            </tr>

                        </table></td>

                      </tr>

                      <tr>

                        <td><img name="membersarea_r2_c4" src="images/membersarea_r2_c4.jpg" width="256" height="93" border="0" id="membersarea_r2_c4" alt="" /></td>

                      </tr>

                  </table></td>

                </tr>

            </table></td>

          </tr>

          <tr>

            <td><table width="779" height="236" border="0" align="left" cellpadding="0" cellspacing="0">

              <!--DWLayoutTable-->

                <tr>

                  <td width="384" height="236" valign="top"><blockquote>

                    <p>&nbsp;</p>

                    <p align="left" class="style61">è <span class="style55"><?php echo $row_m['name']; ?></span></p>

                    <p align="left" class="style62">(ÙÌ`ïååY„Tû¹ô¥ßÖìÖ—Tû(ÙÌ`Øïå« </p>

                    <p align="left" class="style62">{~ëPfí</p>

                    <p>&nbsp;</p>

                  </blockquote></td>

                  <td width="395"><img name="membersarea_r5_c3" src="images/membersarea_r5_c3.jpg" width="395" height="236" border="0" id="membersarea_r5_c3" alt="" /></td>

                </tr>

            </table></td>

          </tr>

        </table></td>

        </tr>

      <tr>

        <td width="442" height="275" valign="top" bgcolor="#FFFFFF"><table border="0" cellpadding="0" cellspacing="0" width="441">

          <!-- fwtable fwsrc="memberspage collage.png" fwbase="membersimage.jpg" fwstyle="Dreamweaver" fwdocid = "1056347649" fwnested="0" -->

          <tr>

            <td><img src="images/spacer.gif" alt="" name="undefined_4" width="219" height="1" border="0" id="undefined_4" /></td>

            <td><img src="images/spacer.gif" alt="" name="undefined_4" width="222" height="1" border="0" id="undefined_4" /></td>

            <td><img src="images/spacer.gif" alt="" name="undefined_4" width="1" height="1" border="0" id="undefined_4" /></td>

          </tr>

          <tr>

            <td><a href="HiWaijiao_Video.html" target="_blank"><img name="membersimage_r1_c1" src="images/membersimage_r1_c1.jpg" width="219" height="123" border="0" id="membersimage_r1_c1" alt="" /></a></td>

            <td><a href="Mvideoprofile.php" target="_blank"><img name="membersimage_r1_c2" src="images/membersimage_r1_c2.jpg" width="222" height="123" border="0" id="membersimage_r1_c2" alt="" /></a></td>

            <td><img src="images/spacer.gif" alt="" name="undefined_4" width="1" height="123" border="0" id="undefined_4" /></td>

          </tr>

          <tr>

            <td><a href="The Radio Room.htm" target="_blank"><img name="membersimage_r2_c1" src="images/membersimage_r2_c1.jpg" width="219" height="125" border="0" id="membersimage_r2_c1" alt="" /></a></td>

            <td><a href="HiWaijiaoTV.html" target="_blank"><img name="membersimage_r2_c2" src="images/membersimage_r2_c2.jpg" width="222" height="125" border="0" id="membersimage_r2_c2" alt="" /></a></td>

            <td><img src="images/spacer.gif" alt="" name="undefined_4" width="1" height="125" border="0" id="undefined_4" /></td>

          </tr>

        </table></td>

        <td width="337" valign="top" bgcolor="#FFFFFF"><table width="337" height="276" border="0" cellpadding="0" cellspacing="0">

          <!--DWLayoutTable-->

          <!-- fwtable fwsrc="searchbox.png" fwbase="searchbox.jpg" fwstyle="Dreamweaver" fwdocid = "799730015" fwnested="0" -->

          <tr>

            <td width="10" height="1"><img src="images/spacer.gif" alt="" name="undefined_3" width="10" height="1" border="0" id="undefined_3" /></td>

            <td width="310"><img src="images/spacer.gif" alt="" name="undefined_3" width="310" height="1" border="0" id="undefined_3" /></td>

            <td width="16"><img src="images/spacer.gif" alt="" name="undefined_3" width="16" height="1" border="0" id="undefined_3" /></td>

            <td width="1"><img src="images/spacer.gif" alt="" name="undefined_3" width="1" height="1" border="0" id="undefined_3" /></td>

          </tr>

          <tr>

            <td rowspan="3"><img name="searchbox_r1_c1" src="images/searchbox_r1_c1.jpg" width="10" height="275" border="0" id="searchbox_r1_c1" alt="" /></td>

            <td height="72" colspan="2"><img name="searchbox_r1_c2" src="images/searchbox_r1_c2.jpg" width="326" height="72" border="0" id="searchbox_r1_c2" alt="" /></td>

            <td><img src="images/spacer.gif" alt="" name="undefined_3" width="1" height="72" border="0" id="undefined_3" /></td>

          </tr>

          <tr>

		  

            <td height="162" valign="top"><form id="form1" name="form1" method="get" action="MemberNewTeacherprofile.php">

              <table width="264" border="0">

                <tr>

                  <td width="96"><span class="style56"><img src="language.jpg" width="96" height="26" /></span></td>

                  <td width="158"><div align="left"><span class="style55">

                    <select name="teachingprovince" class="style56" id="teachingprovince">

                      <option value="">@	ý</option>

                      <option value="Anhui">‰½</option>

                      <option value="Beijing">¬</option>

                      <option value="Fujian">ú</option>

                      <option value="Gansu">ƒ</option>

                      <option value="Guangdong"></option>

                      <option value="Guizhou">5Þ</option>

                      <option value="Hainan">wW</option>

                      <option value="Hebei">³</option>

                      <option value="Heilongjiang">љ_</option>

                      <option value="Henan">³W</option>

                      <option value="Hubei">V</option>

                      <option value="Hunan">VW</option>

                      <option value="Jiangsu">_Ï</option>

                      <option value="Jiangxi">_</option>

                      <option value="Jilin">	—</option>

                      <option value="Liaoning">½</option>

                      <option value="Qinghai">Rw</option>

                      <option value="Shaanxi">U</option>

                      <option value="Shandong">q</option>

                      <option value="Shanghai">
w</option>

                      <option value="Shanxi">q</option>

                      <option value="Sichuan">ÛÝ</option>

                      <option value="Yunnan">‘W</option>

                      <option value="Zhejiang">Y_</option>

                    </select>

                  </span></div></td>

                </tr>

                <tr>

                  <td><span class="style56"><img src="region.jpg" width="96" height="26" /></span></td>

                  <td><div align="left"><span class="style55">

                    <select name="nativelanguage" class="style56" id="nativelanguage">

                      <option value="" selected="selected">@	í</option>

                      <option value="English">ñí</option>

                      <option value="French">Õí</option>

                      <option value="Spanish">íYí</option>

                      <option value="Portuguese">aYí</option>

                      <option value="German">·í</option>

                      <option value="Arabic">?É/í</option>

                      <option value="Japanese">åí</option>

                      <option value="korean">éí</option>

                      <option value="Italian">')í</option>

                      <option value="Danish">9¦í</option>

                      <option value="Holland">wpí</option>

                      <option value="Polish">âpí</option>

                      <option value="Polish">âpí</option>

                      <option value="Turkish">3ví</option>

                      <option value="Romanian">Wl<ší</option>

                      <option value="Russian">Äí</option>

                      <option value="Azerbaijani">?^܆í</option>

                      <option value="Vietnamese">ŠWí</option>

                      <option value="Indonesia">p¦<ší</option>

                      <option value="Indonesia">p¦<ší</option>

                      <option value="Thai">ðýí</option>

                      <option value="Tagalog">T ÉÏí</option>

                      <option value="Tamil">ðsí</option>

                      <option value="Cambodia">ìÔèí</option>

                      <option value="Nepalese"><Êí</option>

                      <option value="Hindu">p¦í</option>

                      <option value="Bulgarian">Ý )ší</option>

                      <option value="Bengali">_ Éí</option>

                      <option value="Myanmar">8í</option>

                      <option value="Zulu">Ví</option>

                    </select>

                  </span></div></td>

                </tr>

                <tr>

                  <td>&nbsp;</td>

                  <td><div align="left">

                    <p>

                      <input name="Submit" type="submit" class="style56" value=""" />

                    </p>

                    <p><span class="style57">¹ûÛeا"</span> </p>

                  </div></td>

                </tr>

              </table>

                        </form>            </td>

            <td rowspan="2"><img name="searchbox_r2_c3" src="images/searchbox_r2_c3.jpg" width="16" height="203" border="0" id="searchbox_r2_c3" alt="" /></td>

            <td><img src="images/spacer.gif" alt="" name="undefined_3" width="1" height="162" border="0" id="undefined_3" /></td>

          </tr>

          <tr>

            <td height="41"><img name="searchbox_r3_c2" src="images/searchbox_r3_c2.jpg" width="310" height="41" border="0" id="searchbox_r3_c2" alt="" /></td>

            <td><img src="images/spacer.gif" alt="" name="undefined_3" width="1" height="41" border="0" id="undefined_3" /></td>

          </tr>

        </table></td>

      </tr>

      

      

      

      

      <tr>

        <td height="83" colspan="2" valign="top" bgcolor="#FFFFFF"><p align="center" class="style39"><span class="style50">Tûì - øsþ¥ - M#ð - QÙ0þ  - {U</span></p>

          <p align="center" class="style39">(-ý¥×ÁºY„bùbíˆþ.(–a—Ì/ùYf̹ý„:@Yf.<br />

            íYì(hý0Yf-  Öì(ÎϬ,
w,ñ3,Þ,™/,¥,Þý	ˆþ. </p>

          <p align="center" class="style39">ñívÖí„f`fXïå(hý0~0íY.  ~MÁºíY, fèí,  ÎÊ)Ë</p></td>

      </tr>

      <tr>

        <td height="20" colspan="2" valign="top" bgcolor="#FFFFFF"><img src="footer777_20_hiwaijiao.jpg" width="777" height="20" /></td>

      </tr>

    </table></td>

  </tr>

</table>

</Div>

</body>

</html>

<?php

mysql_free_result($m);

?>

Open in new window

0
 
LVL 14

Expert Comment

by:EMB01
ID: 24072426
So your member information recordset must me "m." Try changing the code starting at line 75 to what I've attached. Notice, I've added a new local variable and the "WHERE" clause to the SQL statement. Please also review the comments of the code snippet attached. Let me know how this works for you.
mysql_select_db($database_connectionc, $connectionc);

$name = $_SESSION['MM_Username']; // This line turns the session variable of to a local variable.

$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE name = $name"; // This line queries the database for rows in chinastudents where the name field is equal to the username of the current user's session.

$m = mysql_query($query_m, $connectionc) or die(mysql_error());

$row_m = mysql_fetch_assoc($m);

$totalRows_m = mysql_num_rows($m);

Open in new window

0
 

Author Comment

by:ayounis
ID: 24091805
Thanks, and sorry for the delay in replying. I did as you said but got the following rather stranger error message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@yahoo.com' at line 1
0
 

Author Comment

by:ayounis
ID: 24091858
Ahh..I tried to login in using adam@yahoo.com (name in the database). When I tried with adam@hotmail.com the error message was You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@hotmail.com' at line 1
0
 

Author Comment

by:ayounis
ID: 24091924
I tried changing name - to email in the line

$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE email = $email";

as we are logging in with the password and the email account but the error message was:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Thanks
0
 
LVL 14

Expert Comment

by:EMB01
ID: 24092093
Okay, next we'll check out what's hapenning to the database. Replace your code with the following code and let me know what happens. Review the comments to see what I did. This way, we know what goes wrong, where, when... etc.
mysql_select_db($database_connectionc, $connectionc);

$name = mysql_real_escape_string($_SESSION['MM_Username']); // This line turns the session variable of to a local variable.

echo "The local variable used is: " . $name . "<br />"; // This line echoes the local variable

$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE name = $name"; // This line queries the database for rows in chinastudents where the name field is equal to the username of the current user's session.

echo "The query used is: " . $query_m . "<br />"; // This line echoes the database query

$m = mysql_query($query_m, $connectionc) or die(mysql_error());

$row_m = mysql_fetch_assoc($m);

echo "This is the array returned: <br/ >" . $row_m;

$totalRows_m = mysql_num_rows($m);

Open in new window

0
 

Author Comment

by:ayounis
ID: 24092259
Thanks.

Just to be clear - to login, the user needs to enter his email and password. It's the email which is supposed to be the username column in the login page. I'll paste the code for the login page below:


Okay the error message was
<?php require_once('../Connections/connectionc.php'); ?><?php

// *** Validate request to login to this site.

if (!isset($_SESSION)) {

  session_start();

}
 

$loginFormAction = $_SERVER['PHP_SELF'];

if (isset($_GET['accesscheck'])) {

  $_SESSION['PrevUrl'] = $_GET['accesscheck'];

}
 

if (isset($_POST['email'])) {

  $loginUsername=$_POST['email'];

  $password=$_POST['password'];

  $MM_fldUserAuthorization = "";

  $MM_redirectLoginSuccess = "members/membershome.php";

  $MM_redirectLoginFailed = "sorry.php";

  $MM_redirecttoReferrer = false;

  mysql_select_db($database_connectionc, $connectionc);

  

  $LoginRS__query=sprintf("SELECT email, password FROM chinastudents WHERE email='%s' AND password='%s'",

    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 

   

  $LoginRS = mysql_query($LoginRS__query, $connectionc) or die(mysql_error());

  $loginFoundUser = mysql_num_rows($LoginRS);

  if ($loginFoundUser) {

     $loginStrGroup = "";

    

    //declare two session variables and assign them

    $_SESSION['MM_Username'] = $loginUsername;

    $_SESSION['MM_UserGroup'] = $loginStrGroup;	      
 

    if (isset($_SESSION['PrevUrl']) && false) {

      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	

    }

    header("Location: " . $MM_redirectLoginSuccess );

  }

  else {

    header("Location: ". $MM_redirectLoginFailed );

  }

}

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
 

.....
 
 

  <form ACTION="<?php echo $loginFormAction; ?>" id="form1" name="form1" method="POST">

                      <p>&nbsp;</p>

                      <table width="422" border="0" bordercolor="#FF6600">

                        <tr>

                          <td width="103"><div align="left" class="style54">

                            <div align="right" class="style61">®±</div>

                          </div></td>

                          <td width="308"><span class="style52">

                              <label>

                              <div align="left" class="style54">

                                <input name="email" type="text" id="email" size="40" />

                                </label>

                            </div></td>

                        </tr>

                        <tr>

                          <td><div align="left" class="style54">

                            <div align="right" class="style61">Æ</div>

                          </div></td>

                          <td><span class="style52">

                              <label>

                              <div align="left" class="style54">

                                <input name="password" type="password" id="password" size="40" />

                                </label>

                            </div></td>

                        </tr>

                        <tr>

                          <td><div align="left"><span class="style60"><span class="style55"></span></span></div></td>

                          <td><span class="style52">

                              <label>

                              <div align="left" class="style54">

                                <input type="submit" name="Submit" value="Ûe" />

                                </label>

                            </div></td>

                        </tr>

                      </table>

                    </form></td>

Open in new window

0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 14

Expert Comment

by:EMB01
ID: 24092536
I'm sorry, what was the exact error message?
0
 

Author Comment

by:ayounis
ID: 24100806
oops. The error message is:

The local variable used is: adamyounis@yahoo.com
The query used is: SELECT autonumber, password, email, name FROM chinastudents WHERE name = adamyounis@yahoo.com
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@yahoo.com' at line 1
0
 
LVL 14

Expert Comment

by:EMB01
ID: 24101068
I think there needs to be apostrophes around the name variable. Use as attached.
mysql_select_db($database_connectionc, $connectionc);

$name = mysql_real_escape_string($_SESSION['MM_Username']); // This line turns the session variable of to a local variable.

echo "The local variable used is: " . $name . "<br />"; // This line echoes the local variable

$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE name = '" . $name . "'"; // This line queries the database for rows in chinastudents where the name field is equal to the username of the current user's session.

echo "The query used is: " . $query_m . "<br />"; // This line echoes the database query

$m = mysql_query($query_m, $connectionc) or die(mysql_error());

$row_m = mysql_fetch_assoc($m);

echo "This is the array returned: <br/ >" . $row_m;

$totalRows_m = mysql_num_rows($m);

Open in new window

0
 

Author Comment

by:ayounis
ID: 24101504
That seems to allow access to the page, but the error message still appears on top of the page, and none of the other details associated with that username and password are on the page...

Accesses members area but error is still:

The local variable used is: adamyounis@yahoo.com
The query used is: SELECT autonumber, password, email, name FROM chinastudents WHERE name = 'adamyounis@yahoo.com'
This is the array returned:
0
 
LVL 14

Expert Comment

by:EMB01
ID: 24101696
What is in the name field in the chinastudents table? Can you provide a sample of the table like:
autonumber, password, email, name
1, thisismypass, thisismyemail, thisismyname
0
 

Author Comment

by:ayounis
ID: 24101800
The fields are autonumber, password, email, confirmail, name, province, advert, language

To login the user provides email and password.

i,e adamyounis@yahoo.com, experts and the name is adam younis

thanks

adam
0
 
LVL 14

Accepted Solution

by:
EMB01 earned 110 total points
ID: 24101828
Okay, well then let's change it to this:
mysql_select_db($database_connectionc, $connectionc);

$email = mysql_real_escape_string($_SESSION['MM_Username']); // This line turns the session variable of to a local variable.

echo "The local variable used is: " . $name . "<br />"; // This line echoes the local variable

$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE email = '" . $email . "'"; // This line queries the database for rows in chinastudents where the email field is equal to the local email variable.

echo "The query used is: " . $query_m . "<br />"; // This line echoes the database query

$m = mysql_query($query_m, $connectionc) or die(mysql_error());

$row_m = mysql_fetch_assoc($m);

echo "This is the array returned: <br/ >" . $row_m;

$totalRows_m = mysql_num_rows($m);

Open in new window

0
 

Author Closing Comment

by:ayounis
ID: 31566749
That's it. Many thanks.
It's logging in and showing the correct info. I tested with three seperate accounts.
I've gotten rid of the echo statements.
Many thanks for your patience and perseverance with this. Much appreciated.
Thanks.
0
 
LVL 14

Expert Comment

by:EMB01
ID: 24102055
Patience and perseverance is what I made of, man! Glad it's working for you. Best of luck.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Building a website can seem like a daunting task to the uninitiated but it really only requires knowledge of two basic languages: HTML and CSS.
In this tutorial viewers will learn how to style transparent/translucent elements using alpha transparency in CSS Start with a normal styled element, such as a div.: Define its "background-color" property as "rgba (255, 255, 255, .5): The numbers in…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now