Solved

Problems with login page - restricting access to page

Posted on 2009-04-05
17
204 Views
Last Modified: 2013-12-12
Hello. I am trying to create a page where users can login to a restricted page, using their email address and user name to login to a special members area.

I have managed it, so that the users can log in to a members area - but I would also like specific member information only, to be displayed on that page, which related to that member - i.e. defined by the username and password.

My problem is, that although the user can login to the members area using their password and email address, the page they log into, displays the information of the first row of the table - not the information specific to the login details.

I have doen this all through dreamweaver so don't really know how the code works. In the login page I have set email as my username column and password as my password column.

thanks

sorry - I only have 110 points left for this...


<?php require_once('../../Connections/connectionc.php'); ?><?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}
 
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
 
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);
	
  $logoutGoTo = "../index.htm";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";
 
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 
 
  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}
 
$MM_restrictGoTo = "../sorry.html";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php
mysql_select_db($database_connectionc, $connectionc);
$query_m = "SELECT autonumber, password, email, name FROM chinastudents";
$m = mysql_query($query_m, $connectionc) or die(mysql_error());
$row_m = mysql_fetch_assoc($m);
$totalRows_m = mysql_num_rows($m);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

Open in new window

0
Comment
Question by:ayounis
  • 9
  • 8
17 Comments
 
LVL 14

Expert Comment

by:EMB01
ID: 24071578
Hey, could you show me the part of the code (or post the whole code) where the variable is echoed so I know which recordset to investigate? Thanks.
0
 

Author Comment

by:ayounis
ID: 24072216
Hi,

Code pasted below.

thanks
<?php require_once('../../Connections/connectionc.php'); ?><?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}
 
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
 
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);
	
  $logoutGoTo = "../index.htm";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";
 
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 
 
  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}
 
$MM_restrictGoTo = "../sorry.html";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php
mysql_select_db($database_connectionc, $connectionc);
$query_m = "SELECT autonumber, password, email, name FROM chinastudents";
$m = mysql_query($query_m, $connectionc) or die(mysql_error());
$row_m = mysql_fetch_assoc($m);
$totalRows_m = mysql_num_rows($m);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=hz-gb-2312" />
<title>Welcome to the Members Area</title>
<META NAME="Keywords" CONTENT="(-ýû~bùbÁºYf„íY.(-ý:û~MÁºYæ|? ¨ïå(ÙÌ~0ðÄÁºíY.Ùå	MÊL0„D›ÏïåYˆñíÊvÖí.û~¨„ÁºbùbíYvU¨êñ„íþ. ßYì„D™vvFÆ‚, ôèí, ÎÊ)Ë.">
<META NAME="Description" CONTENT="hiwaijiao.com„—è/.©óf`í„f(-ýû~ÁºY. ,QÙ	O(-ýó`Yˆñí, ÕíŒvÖíþ„L0Yì. „ˆþ0¹êš.">
<META NAME="robots" CONTENT="ALL">
<style type="text/css">
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}
body {
	background-color: #FFA466;
	margin-top: 0px;
}
td img {display: block;}td img {display: block;}
td img {display: block;}td img {display: block;}
td img {display: block;}
td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}
td img {display: block;}td img {display: block;}
.style39 {color: #FF6600; font-size: 11px;}
.style50 {
	font-family: SimHei;
	color: #000000;
	font-size: 12px;
}td img {display: block;}td img {display: block;}
.style55 {font-size: 12px; font-family: Arial, Helvetica, sans-serif; }
.style56 {font-family: Arial, Helvetica, sans-serif}
.style57 {font-size: 12px; font-family: SimHei; }td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}td img {display: block;}
.style61 {
	font-family: SimHei;
	font-size: 16px;
	color: #FF6600;
}
.style62 {
	font-family: SimHei;
	font-size: 14px;
	color: #FF6600;
}
</style>
<script type="text/JavaScript">
<!--
 
 
 
function MM_preloadImages() { //v3.0
  var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
    var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
    if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}
//-->
</script>
</head>
 
<body>
<Div Align="Center">
<table width="772" border="0" cellpadding="1" cellspacing="0" bgcolor="#FF6600">
  <!--DWLayoutTable-->
  <tr>
    <td width="770" height="1"></td>
    </tr>
  <tr>
    <td height="483" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0">
      <!--DWLayoutTable-->
      <tr>
        <td height="14" colspan="2" valign="top"><!--DWLayoutEmptyCell-->&nbsp;</td>
      </tr>
      <tr>
        <td height="361" colspan="2" valign="top" bgcolor="#FFFFFF"><table border="0" cellpadding="0" cellspacing="0" width="779">
          <!-- fwtable fwsrc="welcome member_china.png" fwbase="membersarea.jpg" fwstyle="Dreamweaver" fwdocid = "1986916010" fwnested="1" -->
          <tr>
            <td><table align="left" border="0" cellpadding="0" cellspacing="0" width="779">
                <tr>
                  <td><table align="left" border="0" cellpadding="0" cellspacing="0" width="523">
                      <tr>
                        <td><img name="membersarea_r1_c1" src="images/membersarea_r1_c1.jpg" width="523" height="62" border="0" id="membersarea_r1_c1" alt="" /></td>
                      </tr>
                      <tr>
                        <td><table align="left" border="0" cellpadding="0" cellspacing="0" width="523">
                            <tr>
                              <td><img name="membersarea_r3_c1" src="images/membersarea_r3_c1.jpg" width="71" height="32" border="0" id="membersarea_r3_c1" alt="" /></td>
                              <td><img name="membersarea_r3_c2" src="images/membersarea_r3_c2.jpg" width="452" height="32" border="0" id="membersarea_r3_c2" alt="" /></td>
                            </tr>
                        </table></td>
                      </tr>
                      <tr>
                        <td><img name="membersarea_r4_c1" src="images/membersarea_r4_c1.jpg" width="523" height="31" border="0" id="membersarea_r4_c1" alt="" /></td>
                      </tr>
                  </table></td>
                  <td><table align="left" border="0" cellpadding="0" cellspacing="0" width="256">
                      <tr>
                        <td><table align="left" border="0" cellpadding="0" cellspacing="0" width="256">
                            <tr>
                              <td><img name="membersarea_r1_c4" src="images/membersarea_r1_c4.jpg" width="200" height="32" border="0" id="membersarea_r1_c4" alt="" /></td>
                              <td><a href="<?php echo $logoutAction ?>"><img name="membersarea_r1_c5" src="images/membersarea_r1_c5.jpg" width="56" height="32" border="0" id="membersarea_r1_c5" alt="" /></a></td>
                            </tr>
                        </table></td>
                      </tr>
                      <tr>
                        <td><img name="membersarea_r2_c4" src="images/membersarea_r2_c4.jpg" width="256" height="93" border="0" id="membersarea_r2_c4" alt="" /></td>
                      </tr>
                  </table></td>
                </tr>
            </table></td>
          </tr>
          <tr>
            <td><table width="779" height="236" border="0" align="left" cellpadding="0" cellspacing="0">
              <!--DWLayoutTable-->
                <tr>
                  <td width="384" height="236" valign="top"><blockquote>
                    <p>&nbsp;</p>
                    <p align="left" class="style61">è <span class="style55"><?php echo $row_m['name']; ?></span></p>
                    <p align="left" class="style62">(ÙÌ`ïååY„Tû¹ô¥ßÖìÖ—Tû(ÙÌ`Øïå« </p>
                    <p align="left" class="style62">{~ëPfí</p>
                    <p>&nbsp;</p>
                  </blockquote></td>
                  <td width="395"><img name="membersarea_r5_c3" src="images/membersarea_r5_c3.jpg" width="395" height="236" border="0" id="membersarea_r5_c3" alt="" /></td>
                </tr>
            </table></td>
          </tr>
        </table></td>
        </tr>
      <tr>
        <td width="442" height="275" valign="top" bgcolor="#FFFFFF"><table border="0" cellpadding="0" cellspacing="0" width="441">
          <!-- fwtable fwsrc="memberspage collage.png" fwbase="membersimage.jpg" fwstyle="Dreamweaver" fwdocid = "1056347649" fwnested="0" -->
          <tr>
            <td><img src="images/spacer.gif" alt="" name="undefined_4" width="219" height="1" border="0" id="undefined_4" /></td>
            <td><img src="images/spacer.gif" alt="" name="undefined_4" width="222" height="1" border="0" id="undefined_4" /></td>
            <td><img src="images/spacer.gif" alt="" name="undefined_4" width="1" height="1" border="0" id="undefined_4" /></td>
          </tr>
          <tr>
            <td><a href="HiWaijiao_Video.html" target="_blank"><img name="membersimage_r1_c1" src="images/membersimage_r1_c1.jpg" width="219" height="123" border="0" id="membersimage_r1_c1" alt="" /></a></td>
            <td><a href="Mvideoprofile.php" target="_blank"><img name="membersimage_r1_c2" src="images/membersimage_r1_c2.jpg" width="222" height="123" border="0" id="membersimage_r1_c2" alt="" /></a></td>
            <td><img src="images/spacer.gif" alt="" name="undefined_4" width="1" height="123" border="0" id="undefined_4" /></td>
          </tr>
          <tr>
            <td><a href="The Radio Room.htm" target="_blank"><img name="membersimage_r2_c1" src="images/membersimage_r2_c1.jpg" width="219" height="125" border="0" id="membersimage_r2_c1" alt="" /></a></td>
            <td><a href="HiWaijiaoTV.html" target="_blank"><img name="membersimage_r2_c2" src="images/membersimage_r2_c2.jpg" width="222" height="125" border="0" id="membersimage_r2_c2" alt="" /></a></td>
            <td><img src="images/spacer.gif" alt="" name="undefined_4" width="1" height="125" border="0" id="undefined_4" /></td>
          </tr>
        </table></td>
        <td width="337" valign="top" bgcolor="#FFFFFF"><table width="337" height="276" border="0" cellpadding="0" cellspacing="0">
          <!--DWLayoutTable-->
          <!-- fwtable fwsrc="searchbox.png" fwbase="searchbox.jpg" fwstyle="Dreamweaver" fwdocid = "799730015" fwnested="0" -->
          <tr>
            <td width="10" height="1"><img src="images/spacer.gif" alt="" name="undefined_3" width="10" height="1" border="0" id="undefined_3" /></td>
            <td width="310"><img src="images/spacer.gif" alt="" name="undefined_3" width="310" height="1" border="0" id="undefined_3" /></td>
            <td width="16"><img src="images/spacer.gif" alt="" name="undefined_3" width="16" height="1" border="0" id="undefined_3" /></td>
            <td width="1"><img src="images/spacer.gif" alt="" name="undefined_3" width="1" height="1" border="0" id="undefined_3" /></td>
          </tr>
          <tr>
            <td rowspan="3"><img name="searchbox_r1_c1" src="images/searchbox_r1_c1.jpg" width="10" height="275" border="0" id="searchbox_r1_c1" alt="" /></td>
            <td height="72" colspan="2"><img name="searchbox_r1_c2" src="images/searchbox_r1_c2.jpg" width="326" height="72" border="0" id="searchbox_r1_c2" alt="" /></td>
            <td><img src="images/spacer.gif" alt="" name="undefined_3" width="1" height="72" border="0" id="undefined_3" /></td>
          </tr>
          <tr>
		  
            <td height="162" valign="top"><form id="form1" name="form1" method="get" action="MemberNewTeacherprofile.php">
              <table width="264" border="0">
                <tr>
                  <td width="96"><span class="style56"><img src="language.jpg" width="96" height="26" /></span></td>
                  <td width="158"><div align="left"><span class="style55">
                    <select name="teachingprovince" class="style56" id="teachingprovince">
                      <option value="">@	ý</option>
                      <option value="Anhui">‰½</option>
                      <option value="Beijing">¬</option>
                      <option value="Fujian">ú</option>
                      <option value="Gansu">ƒ</option>
                      <option value="Guangdong"></option>
                      <option value="Guizhou">5Þ</option>
                      <option value="Hainan">wW</option>
                      <option value="Hebei">³</option>
                      <option value="Heilongjiang">љ_</option>
                      <option value="Henan">³W</option>
                      <option value="Hubei">V</option>
                      <option value="Hunan">VW</option>
                      <option value="Jiangsu">_Ï</option>
                      <option value="Jiangxi">_</option>
                      <option value="Jilin">	—</option>
                      <option value="Liaoning">½</option>
                      <option value="Qinghai">Rw</option>
                      <option value="Shaanxi">U</option>
                      <option value="Shandong">q</option>
                      <option value="Shanghai">
w</option>
                      <option value="Shanxi">q</option>
                      <option value="Sichuan">ÛÝ</option>
                      <option value="Yunnan">‘W</option>
                      <option value="Zhejiang">Y_</option>
                    </select>
                  </span></div></td>
                </tr>
                <tr>
                  <td><span class="style56"><img src="region.jpg" width="96" height="26" /></span></td>
                  <td><div align="left"><span class="style55">
                    <select name="nativelanguage" class="style56" id="nativelanguage">
                      <option value="" selected="selected">@	í</option>
                      <option value="English">ñí</option>
                      <option value="French">Õí</option>
                      <option value="Spanish">íYí</option>
                      <option value="Portuguese">aYí</option>
                      <option value="German">·í</option>
                      <option value="Arabic">?É/í</option>
                      <option value="Japanese">åí</option>
                      <option value="korean">éí</option>
                      <option value="Italian">')í</option>
                      <option value="Danish">9¦í</option>
                      <option value="Holland">wpí</option>
                      <option value="Polish">âpí</option>
                      <option value="Polish">âpí</option>
                      <option value="Turkish">3ví</option>
                      <option value="Romanian">Wl<ší</option>
                      <option value="Russian">Äí</option>
                      <option value="Azerbaijani">?^܆í</option>
                      <option value="Vietnamese">ŠWí</option>
                      <option value="Indonesia">p¦<ší</option>
                      <option value="Indonesia">p¦<ší</option>
                      <option value="Thai">ðýí</option>
                      <option value="Tagalog">T ÉÏí</option>
                      <option value="Tamil">ðsí</option>
                      <option value="Cambodia">ìÔèí</option>
                      <option value="Nepalese"><Êí</option>
                      <option value="Hindu">p¦í</option>
                      <option value="Bulgarian">Ý )ší</option>
                      <option value="Bengali">_ Éí</option>
                      <option value="Myanmar">8í</option>
                      <option value="Zulu">Ví</option>
                    </select>
                  </span></div></td>
                </tr>
                <tr>
                  <td>&nbsp;</td>
                  <td><div align="left">
                    <p>
                      <input name="Submit" type="submit" class="style56" value=""" />
                    </p>
                    <p><span class="style57">¹ûÛeا"</span> </p>
                  </div></td>
                </tr>
              </table>
                        </form>            </td>
            <td rowspan="2"><img name="searchbox_r2_c3" src="images/searchbox_r2_c3.jpg" width="16" height="203" border="0" id="searchbox_r2_c3" alt="" /></td>
            <td><img src="images/spacer.gif" alt="" name="undefined_3" width="1" height="162" border="0" id="undefined_3" /></td>
          </tr>
          <tr>
            <td height="41"><img name="searchbox_r3_c2" src="images/searchbox_r3_c2.jpg" width="310" height="41" border="0" id="searchbox_r3_c2" alt="" /></td>
            <td><img src="images/spacer.gif" alt="" name="undefined_3" width="1" height="41" border="0" id="undefined_3" /></td>
          </tr>
        </table></td>
      </tr>
      
      
      
      
      <tr>
        <td height="83" colspan="2" valign="top" bgcolor="#FFFFFF"><p align="center" class="style39"><span class="style50">Tûì - øsþ¥ - M#ð - QÙ0þ  - {U</span></p>
          <p align="center" class="style39">(-ý¥×ÁºY„bùbíˆþ.(–a—Ì/ùYf̹ý„:@Yf.<br />
            íYì(hý0Yf-  Öì(ÎϬ,
w,ñ3,Þ,™/,¥,Þý	ˆþ. </p>
          <p align="center" class="style39">ñívÖí„f`fXïå(hý0~0íY.  ~MÁºíY, fèí,  ÎÊ)Ë</p></td>
      </tr>
      <tr>
        <td height="20" colspan="2" valign="top" bgcolor="#FFFFFF"><img src="footer777_20_hiwaijiao.jpg" width="777" height="20" /></td>
      </tr>
    </table></td>
  </tr>
</table>
</Div>
</body>
</html>
<?php
mysql_free_result($m);
?>

Open in new window

0
 
LVL 14

Expert Comment

by:EMB01
ID: 24072426
So your member information recordset must me "m." Try changing the code starting at line 75 to what I've attached. Notice, I've added a new local variable and the "WHERE" clause to the SQL statement. Please also review the comments of the code snippet attached. Let me know how this works for you.
mysql_select_db($database_connectionc, $connectionc);
$name = $_SESSION['MM_Username']; // This line turns the session variable of to a local variable.
$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE name = $name"; // This line queries the database for rows in chinastudents where the name field is equal to the username of the current user's session.
$m = mysql_query($query_m, $connectionc) or die(mysql_error());
$row_m = mysql_fetch_assoc($m);
$totalRows_m = mysql_num_rows($m);

Open in new window

0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 

Author Comment

by:ayounis
ID: 24091805
Thanks, and sorry for the delay in replying. I did as you said but got the following rather stranger error message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@yahoo.com' at line 1
0
 

Author Comment

by:ayounis
ID: 24091858
Ahh..I tried to login in using adam@yahoo.com (name in the database). When I tried with adam@hotmail.com the error message was You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@hotmail.com' at line 1
0
 

Author Comment

by:ayounis
ID: 24091924
I tried changing name - to email in the line

$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE email = $email";

as we are logging in with the password and the email account but the error message was:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Thanks
0
 
LVL 14

Expert Comment

by:EMB01
ID: 24092093
Okay, next we'll check out what's hapenning to the database. Replace your code with the following code and let me know what happens. Review the comments to see what I did. This way, we know what goes wrong, where, when... etc.
mysql_select_db($database_connectionc, $connectionc);
$name = mysql_real_escape_string($_SESSION['MM_Username']); // This line turns the session variable of to a local variable.
echo "The local variable used is: " . $name . "<br />"; // This line echoes the local variable
$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE name = $name"; // This line queries the database for rows in chinastudents where the name field is equal to the username of the current user's session.
echo "The query used is: " . $query_m . "<br />"; // This line echoes the database query
$m = mysql_query($query_m, $connectionc) or die(mysql_error());
$row_m = mysql_fetch_assoc($m);
echo "This is the array returned: <br/ >" . $row_m;
$totalRows_m = mysql_num_rows($m);

Open in new window

0
 

Author Comment

by:ayounis
ID: 24092259
Thanks.

Just to be clear - to login, the user needs to enter his email and password. It's the email which is supposed to be the username column in the login page. I'll paste the code for the login page below:


Okay the error message was
<?php require_once('../Connections/connectionc.php'); ?><?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}
 
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
 
if (isset($_POST['email'])) {
  $loginUsername=$_POST['email'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "members/membershome.php";
  $MM_redirectLoginFailed = "sorry.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_connectionc, $connectionc);
  
  $LoginRS__query=sprintf("SELECT email, password FROM chinastudents WHERE email='%s' AND password='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
   
  $LoginRS = mysql_query($LoginRS__query, $connectionc) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;	      
 
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 
.....
 
 
  <form ACTION="<?php echo $loginFormAction; ?>" id="form1" name="form1" method="POST">
                      <p>&nbsp;</p>
                      <table width="422" border="0" bordercolor="#FF6600">
                        <tr>
                          <td width="103"><div align="left" class="style54">
                            <div align="right" class="style61">®±</div>
                          </div></td>
                          <td width="308"><span class="style52">
                              <label>
                              <div align="left" class="style54">
                                <input name="email" type="text" id="email" size="40" />
                                </label>
                            </div></td>
                        </tr>
                        <tr>
                          <td><div align="left" class="style54">
                            <div align="right" class="style61">Æ</div>
                          </div></td>
                          <td><span class="style52">
                              <label>
                              <div align="left" class="style54">
                                <input name="password" type="password" id="password" size="40" />
                                </label>
                            </div></td>
                        </tr>
                        <tr>
                          <td><div align="left"><span class="style60"><span class="style55"></span></span></div></td>
                          <td><span class="style52">
                              <label>
                              <div align="left" class="style54">
                                <input type="submit" name="Submit" value="Ûe" />
                                </label>
                            </div></td>
                        </tr>
                      </table>
                    </form></td>

Open in new window

0
 
LVL 14

Expert Comment

by:EMB01
ID: 24092536
I'm sorry, what was the exact error message?
0
 

Author Comment

by:ayounis
ID: 24100806
oops. The error message is:

The local variable used is: adamyounis@yahoo.com
The query used is: SELECT autonumber, password, email, name FROM chinastudents WHERE name = adamyounis@yahoo.com
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@yahoo.com' at line 1
0
 
LVL 14

Expert Comment

by:EMB01
ID: 24101068
I think there needs to be apostrophes around the name variable. Use as attached.
mysql_select_db($database_connectionc, $connectionc);
$name = mysql_real_escape_string($_SESSION['MM_Username']); // This line turns the session variable of to a local variable.
echo "The local variable used is: " . $name . "<br />"; // This line echoes the local variable
$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE name = '" . $name . "'"; // This line queries the database for rows in chinastudents where the name field is equal to the username of the current user's session.
echo "The query used is: " . $query_m . "<br />"; // This line echoes the database query
$m = mysql_query($query_m, $connectionc) or die(mysql_error());
$row_m = mysql_fetch_assoc($m);
echo "This is the array returned: <br/ >" . $row_m;
$totalRows_m = mysql_num_rows($m);

Open in new window

0
 

Author Comment

by:ayounis
ID: 24101504
That seems to allow access to the page, but the error message still appears on top of the page, and none of the other details associated with that username and password are on the page...

Accesses members area but error is still:

The local variable used is: adamyounis@yahoo.com
The query used is: SELECT autonumber, password, email, name FROM chinastudents WHERE name = 'adamyounis@yahoo.com'
This is the array returned:
0
 
LVL 14

Expert Comment

by:EMB01
ID: 24101696
What is in the name field in the chinastudents table? Can you provide a sample of the table like:
autonumber, password, email, name
1, thisismypass, thisismyemail, thisismyname
0
 

Author Comment

by:ayounis
ID: 24101800
The fields are autonumber, password, email, confirmail, name, province, advert, language

To login the user provides email and password.

i,e adamyounis@yahoo.com, experts and the name is adam younis

thanks

adam
0
 
LVL 14

Accepted Solution

by:
EMB01 earned 110 total points
ID: 24101828
Okay, well then let's change it to this:
mysql_select_db($database_connectionc, $connectionc);
$email = mysql_real_escape_string($_SESSION['MM_Username']); // This line turns the session variable of to a local variable.
echo "The local variable used is: " . $name . "<br />"; // This line echoes the local variable
$query_m = "SELECT autonumber, password, email, name FROM chinastudents WHERE email = '" . $email . "'"; // This line queries the database for rows in chinastudents where the email field is equal to the local email variable.
echo "The query used is: " . $query_m . "<br />"; // This line echoes the database query
$m = mysql_query($query_m, $connectionc) or die(mysql_error());
$row_m = mysql_fetch_assoc($m);
echo "This is the array returned: <br/ >" . $row_m;
$totalRows_m = mysql_num_rows($m);

Open in new window

0
 

Author Closing Comment

by:ayounis
ID: 31566749
That's it. Many thanks.
It's logging in and showing the correct info. I tested with three seperate accounts.
I've gotten rid of the echo statements.
Many thanks for your patience and perseverance with this. Much appreciated.
Thanks.
0
 
LVL 14

Expert Comment

by:EMB01
ID: 24102055
Patience and perseverance is what I made of, man! Glad it's working for you. Best of luck.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
Building a website can seem like a daunting task to the uninitiated but it really only requires knowledge of two basic languages: HTML and CSS.
In this tutorial viewers will learn how to embed Flash content in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <object> tag to embed Flash content.: To specify that the object is Flash content, d…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now