Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    New Coder
    Join Date
    Jul 2009
    Posts
    68
    Thanks
    1
    Thanked 1 Time in 1 Post

    Help with my login

    I'm making a site so that when a user logs in it displays their username.
    So on the homepage it'll say Welcome "Username"! When the username logs in.
    I'm creating user pages, eg. mysite.com/users/index.php?username=Test
    If I go to the url above but the users username is Hello when that user goes to a different page the Welcome bit on the homepage changes to Welcome Test!

    Is there any way I'd be able to stop that from happening?

    Here's my login script:
    PHP Code:
    <?php
    session_start
    (); 
    require (
    "connect.php");
    if(isset(
    $_SESSION['username'])){
        echo 
    "Welcome <b>$username!</b> | <a href=\"account/index.php?username=$username\">Edit Profile</a> | <a href=\"logout.php\">Logout</a>";
    }else{
    if(!isset(
    $_POST['login'])){
        echo 
    "<a href=\"login.php\">Login</a> | <a href=\"register.php\">Register</a>";
    }else{
        
    $password sha1(mysql_real_escape_string($_POST['password']));
        
    $username mysql_real_escape_string($_POST['username']);

        
    $result mysql_query("SELECT * FROM users WHERE password = '$password' AND username = '$username'");
        
    $resulty mysql_fetch_array($result);
        
        if(
    $resulty['status'] == 3){
            die(
    'You have been banned.');
        }
        
    $num mysql_num_rows($result);
        if(
    $num == 1){
        echo 
    "You're now logged in! You can return to the <a href=\"index.php\">homepage</a>!";
        
    $result mysql_query("SELECT * FROM users WHERE password = '$password' AND username = '$username'");
        
    $UL mysql_fetch_array($result);
        
    $status $UL['status'];
        
    $user $UL['username'];
        
    $id $UL['id'];
        
        
    $_SESSION['status'] = $status;
        
    $_SESSION['username'] = $user;
        
    $_SESSION['id'] = $id;
        }else{
        echo 
    "Not a user or incorrect pass! Please <a href=\"login.php\">login</a> with the correct info!";
        }}}
    ?>

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,549
    Thanks
    8
    Thanked 1,095 Times in 1,086 Posts
    mysite.com/users/index.php?username=Test

    You don't have to send the username with the URL.
    The username is stored in a PHP SESSION variable and it stays
    with the person on all pages until he/she closes their browser.

    Instead, just do this:
    mysite.com/users/index.php

    And read the session variable to see the username:
    PHP Code:
    <?php 
    session_start
    ();
    $username="Guest";
    if(isset(
    $_SESSION['username'])){
    $username=$_SESSION['username'];
    }
    ?>
    <html>
    .
    .
    .
    Welcome <?=$username?> ! <br />
    .
    .
    ... the rest of your site here ... 
    .
    </html>

  • #3
    New Coder
    Join Date
    Jul 2009
    Posts
    68
    Thanks
    1
    Thanked 1 Time in 1 Post
    I'm sending the username with the url because those are the user pages, so if Test goes to another users page, the session changes to the other users page that they are viewing and remains when they go to other pages around the site. I'm trying to stop that from happening.

  • #4
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,549
    Thanks
    8
    Thanked 1,095 Times in 1,086 Posts
    The session does not change. Once a user logs in, it's set the whole time
    that their browser is in session (until they close their browser).
    Your session is not the same as my session.

    Once a person logs in, a session variable is set for THEM ONLY.
    Example, I log in as:
    Username: mlseim
    Password: sesame

    Now, wherever I go on your website, on every page, you look at the session variable.
    At the top of each page you grab the session variable and only display the data that
    is associated with "mlseim" ... from your MySQL database.

    session_start();
    $username="Guest";
    if(isset($_SESSION['username'])){
    $username=$_SESSION['username'];
    }

    $username in this case would be "mlseim".

    If you were to visit the page without logging in,
    $username would be "Guest".

    If you logged in as "skippy",
    $username would be "skippy".

    So, you (your script knows) what user is viewing the page.

    We can BOTH be logged in at the same time, and we only see OUR data.
    You can have 500 people logged-in at the same time, and each person
    only sees the data for them ... not anyone else.

    You won't have a "unique page" for each user.
    You'll have 1 page that displays whatever data it needs to display for
    whatever user is logged in?

    The codingforums page you are now viewing is the same page (script) that I'm viewing.
    In fact, there might be 100 of us viewing the same page right now. But look at the top right corner.
    For you it says, "Welcome, Skippy". For me it says, "Welcome, mlseim".

    We are all using sessions, but they are uniquely assigned to each of us.

    Do you see what I mean?
    Are you talking about something that I'm just not getting? If so, sorry.



    .
    Last edited by mlseim; 09-19-2009 at 11:20 PM.

  • #5
    New Coder
    Join Date
    Jul 2009
    Posts
    68
    Thanks
    1
    Thanked 1 Time in 1 Post
    I see what you're saying however for my site it's not working like that.

    Okay, when the user Hello logs in it displays:
    Code:
    http://wowimages.net/files/ethi0p6s024epdw4mkeo.jpg
    When the user visits http://mysite.co.uk/users/index.php?username=Test then visits index.php, it becomes:
    Code:
    http://wowimages.net/files/23i15eruazlbj1z9xaj0.jpg

  • #6
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,549
    Thanks
    8
    Thanked 1,095 Times in 1,086 Posts
    I think I see it now ...
    You're not using the session variable ... I added line 5 ...

    Try this and see what happens:
    PHP Code:
    <?php 
    session_start
    ();  
    require (
    "connect.php"); 
    if(isset(
    $_SESSION['username'])){
    $username=$_SESSION['username']; 
        echo 
    "Welcome <b>$username!</b> | <a href=\"account/index.php?username=$username\">Edit Profile</a> | <a href=\"logout.php\">Logout</a>"
    }else{ 
    if(!isset(
    $_POST['login'])){ 
        echo 
    "<a href=\"login.php\">Login</a> | <a href=\"register.php\">Register</a>"
    }else{ 
        
    $password sha1(mysql_real_escape_string($_POST['password']));
        
    $username mysql_real_escape_string($_POST['username']); 

        
    $result mysql_query("SELECT * FROM users WHERE password = '$password' AND username = '$username'"); 
        
    $resulty mysql_fetch_array($result); 
         
        if(
    $resulty['status'] == 3){ 
            die(
    'You have been banned.'); 
        } 
        
    $num mysql_num_rows($result); 
        if(
    $num == 1){ 
        echo 
    "You're now logged in! You can return to the <a href=\"index.php\">homepage</a>!"
        
    $result mysql_query("SELECT * FROM users WHERE password = '$password' AND username = '$username'"); 
        
    $UL mysql_fetch_array($result); 
        
    $status $UL['status']; 
        
    $user $UL['username']; 
        
    $id $UL['id']; 
         
        
    $_SESSION['status'] = $status
        
    $_SESSION['username'] = $user
        
    $_SESSION['id'] = $id
        }else{ 
        echo 
    "Not a user or incorrect pass! Please <a href=\"login.php\">login</a> with the correct info!"
        }}} 
    ?>
    Last edited by mlseim; 09-20-2009 at 02:44 AM.

  • #7
    New Coder
    Join Date
    Jul 2009
    Posts
    68
    Thanks
    1
    Thanked 1 Time in 1 Post
    Thanks. I've tested that however the same thing is still happening.

  • #8
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,549
    Thanks
    8
    Thanked 1,095 Times in 1,086 Posts
    Is the script that we've been using on these posts the one that is actually
    showing the problem? Or do you have another script where the "welcome"
    problem is occurring?

    It seems like the script above is only the login script.
    Maybe you have something wrong in a different page (or script).

  • #9
    New Coder
    Join Date
    Jul 2009
    Posts
    68
    Thanks
    1
    Thanked 1 Time in 1 Post
    That is the only login script. I suppose something could be wrong on the users page, but I don't see it.

    PHP Code:
    <?php
    session_start
    ();
    require (
    "../connect.php");
    require (
    "../functions.php");
    include(
    "../template/userheader.php");
    ?>
    <link rel="stylesheet" type="text/css" href="../template/styles/style.css">
    <?php
    $username 
    mysql_real_escape_string($_GET['username']);
    $result mysql_query("SELECT * from users WHERE username='$username'");
    while(
    $row mysql_fetch_array$result )){
        echo 
    "<img id=\"userimage\" align=\"left\" src=\"../images/";
        echo 
    $row['image'];
        echo 
    "\" width=\"126px\" height=\"168px\">";
        echo 
    "<div id=\"username\">";
        echo 
    $row['username'];
        echo 
    "</div><br/>Name: ";
        if(empty(
    $row['name'])){
        echo 
    "<i>Private</i>";
        }
        echo 
    $row['name'];
        echo 
    "<br/>Gender: ";
        echo 
    $row['gender'];
        echo 
    "<br/>Country: ";
        if(empty(
    $row['country'])){
        echo 
    "<i>Private</i>";
        }
        echo 
    $row['country'];
        echo 
    "<br/>";
        if (
    $row['display'] ==Yes) {
            echo 
    "Date of Birth: <i>Private</i>";}
            if (
    $row['display'] !=Yes) {
        echo 
    "Date of Birth: ";
        echo 
    $row['day'];
        echo 
    "-";
        echo 
    $row['month'];
        echo 
    "-";
        echo 
    $row['year'];
        }
        echo 
    "<br/>Website: ";
        if(empty(
    $row['website'])){
        echo 
    "<i>This user does not have a website.</i>";
        }
        echo 
    "<a href=\"";
        echo 
    $row['website'];
        echo 
    "\">";
        echo 
    $row['website'];
        echo 
    "</a><br/>";
        echo 
    "MSN: ";
        echo 
    $row['msn'];
        if(empty(
    $row['msn'])){
        echo 
    "<i>This user does not have msn.</i>";
        }
        echo 
    "<br/>Yahoo: ";
        echo 
    $row['yahoo'];
        if(empty(
    $row['yahoo'])){
        echo 
    "<i>This user does not have yahoo.</i>";
        }
        echo 
    "<br/>AIM: ";
        echo 
    $row['aim'];
        if(empty(
    $row['aim'])){
        echo 
    "<i>This user does not have AIM.</i>";
        }
        echo 
    "<br/><br/><h3>About Me</h3>";
        echo 
    $row['aboutme'];
        echo 
    "<br/><br/><h3>Beliefs</h3>";
        echo 
    $row['beliefs'];
        echo 
    "<br/><br/><h3>Interests</h3>";
        echo 
    $row['interests'];
        echo 
    "<br/><br/><br/><br/><br/><br/><br/>";
        }
    include(
    "../template/userfooter.php");
    ?>

  • #10
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,549
    Thanks
    8
    Thanked 1,095 Times in 1,086 Posts
    This is what I was talking about ...

    $username = mysql_real_escape_string($_GET['username']);

    You should be getting the $username from the SESSION, not from the URL.

    if(isset($_SESSION['username'])){
    $username=$_SESSION['username'];
    }


    You don't want anyone to be able to put their username in the URL (see post #1)
    YOUR QUOTE "Is there any way I'd be able to stop that from happening?"
    ANSWER: yes, you can stop that from happening ... don't look for any usernames in the URL. period.

    Once a person logs in, you don't have to use the URL at all for the username,
    in fact, you don't want to use the URL with the username in it.
    The script already knows their name: $_SESSION['username']; (they already logged-in).

    Script with change:
    PHP Code:
    <?php 
    session_start
    (); 
    require (
    "../connect.php"); 
    require (
    "../functions.php"); 

    if(isset(
    $_SESSION['username'])){ 
    $username=$_SESSION['username']; 


    // If you happen to be looking for the username in the URL inside the "userheader.php" script,
    // you'll also have to use the $_SESSION instead of $_GET in that script (which we can't see).
    include("../template/userheader.php");
    ?> 
    <link rel="stylesheet" type="text/css" href="../template/styles/style.css"> 
    <?php 
    // $username = mysql_real_escape_string($_GET['username']); ... comment-out this line, not used.
    $result mysql_query("SELECT * from users WHERE username='$username'"); 
    while(
    $row mysql_fetch_array$result )){ 
        echo 
    "<img id=\"userimage\" align=\"left\" src=\"../images/"
        echo 
    $row['image']; 
        echo 
    "\" width=\"126px\" height=\"168px\">"
        echo 
    "<div id=\"username\">"
        echo 
    $row['username']; 
        echo 
    "</div><br/>Name: "
        if(empty(
    $row['name'])){ 
        echo 
    "<i>Private</i>"
        } 
        echo 
    $row['name']; 
        echo 
    "<br/>Gender: "
        echo 
    $row['gender']; 
        echo 
    "<br/>Country: "
        if(empty(
    $row['country'])){ 
        echo 
    "<i>Private</i>"
        } 
        echo 
    $row['country']; 
        echo 
    "<br/>"
        if (
    $row['display'] ==Yes) { 
            echo 
    "Date of Birth: <i>Private</i>";} 
            if (
    $row['display'] !=Yes) { 
        echo 
    "Date of Birth: "
        echo 
    $row['day']; 
        echo 
    "-"
        echo 
    $row['month']; 
        echo 
    "-"
        echo 
    $row['year']; 
        } 
        echo 
    "<br/>Website: "
        if(empty(
    $row['website'])){ 
        echo 
    "<i>This user does not have a website.</i>"
        } 
        echo 
    "<a href=\""
        echo 
    $row['website']; 
        echo 
    "\">"
        echo 
    $row['website']; 
        echo 
    "</a><br/>"
        echo 
    "MSN: "
        echo 
    $row['msn']; 
        if(empty(
    $row['msn'])){ 
        echo 
    "<i>This user does not have msn.</i>"
        } 
        echo 
    "<br/>Yahoo: "
        echo 
    $row['yahoo']; 
        if(empty(
    $row['yahoo'])){ 
        echo 
    "<i>This user does not have yahoo.</i>"
        } 
        echo 
    "<br/>AIM: "
        echo 
    $row['aim']; 
        if(empty(
    $row['aim'])){ 
        echo 
    "<i>This user does not have AIM.</i>"
        } 
        echo 
    "<br/><br/><h3>About Me</h3>"
        echo 
    $row['aboutme']; 
        echo 
    "<br/><br/><h3>Beliefs</h3>"
        echo 
    $row['beliefs']; 
        echo 
    "<br/><br/><h3>Interests</h3>"
        echo 
    $row['interests']; 
        echo 
    "<br/><br/><br/><br/><br/><br/><br/>"
        } 
    include(
    "../template/userfooter.php"); 
    ?>
    Last edited by mlseim; 09-21-2009 at 01:49 AM.

  • #11
    New Coder
    Join Date
    Jul 2009
    Posts
    68
    Thanks
    1
    Thanked 1 Time in 1 Post
    Ahhh, thanks. I get it now. That's resolved my issue of the users account page however on the actual user pages, if I don't use
    $username = mysql_real_escape_string($_GET['username']);
    it'll just return the current logged in users page instead other peoples. So I still get the issue I had before.

  • #12
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,549
    Thanks
    8
    Thanked 1,095 Times in 1,086 Posts
    What does that "actual user pages" script look like,
    and why do they need to see "other peoples"?
    Isn't seeing their own page the whole point of logging in?

  • #13
    New Coder
    Join Date
    Jun 2009
    Location
    Manipal
    Posts
    45
    Thanks
    2
    Thanked 3 Times in 3 Posts
    I think he wants to make a site like social networking site where people could view other people's profiles but not edit them where as they could view and edit their own profile .

    Is this what you want to achieve ?

    If this is the case , then I suggest using get for other people's profiles .
    Set the get only when you want to view someone else's profile ..

  • #14
    New Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    27
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Take a look at my site: http://bndsns.100webspace.net and look how I can show the Currently Logged in User once they login.

    If you goto: http://bndsns.100webspace.net\displaymembers.php and click on one of thier names it will take you to profile.php where the selected members information is displayed and still shows you as the person logged in.

    If you like this I can explain everything to you in private.

  • #15
    New Coder
    Join Date
    Jul 2009
    Posts
    68
    Thanks
    1
    Thanked 1 Time in 1 Post
    Like kar2905 said, I would like to make it so people can see other peoples profiles but not edit them. When I use get though and the user Hello logs in it displays:
    http://wowimages.net/files/ethi0p6s024epdw4mkeo.jpg

    When the user visits http://mysite.co.uk/users/index.php?username=Test then visits index.php, it becomes:

    http://wowimages.net/files/23i15eruazlbj1z9xaj0.jpg

    The user script is the one I posted above.


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •