Board index   FAQ   Search  
Register  Login
Board index php forum :: Database mySQL & php coding

Session Issue and SQL UDATE Query Error for Logon

Codes here !

Moderators: macek, egami, gesf

Session Issue and SQL UDATE Query Error for Logon

Postby Chadf » Tue Mar 04, 2003 8:39 pm

8O

My apologies for the sloppy code; I'm new to PHP and programming more generally. But I'm having fun anyway. On to my issue....I've sort of begun to grasp the idea behind Sessions and have managed to pass some data between two PHP pages (Globals are off on the server that I'm using). I'm having difficulty, however, when I attempt to get back to the page below.

Here is the script for the "login.php"page:

<?
session_start();
$username = $_POST['username']; //should I move these
$userpassword = $_POST['userpassword'];
$_SESSION['sessionid']=$username; include 'date.inc';

$connection = mysql_connect($host, $user, $password)
or die ("<h3><b>Host Connection Failed</b></h3>");

$db = mysql_select_db($database,$connection)
or die ("<h3><b>Database Connection Failed</b></h3>");

$Check = mysql_query("SELECT * FROM ReviewerInfo where username='".$username."' and password='".$userpassword."'");
if(!$Check)
die(mysql_error());

// was it correct?
$exist = mysql_num_rows($Check);

if($exist > 0)
{
echo "You are now logged in! Click the \"Update\" button below to update your information<br><br>";
$row = mysql_fetch_array($Check);
extract ($row);
echo "<table><form action='loginupdate.php' method='POST'>

<tr> \n
<td>Logon Id:</td>
<td><INPUT TYPE='text' NAME='UserName' Value=$UserName></td> \n
</tr>
<tr>
<td>Password:</td>
<td><INPUT TYPE='password' NAME='userpassword' Value=$userpassword></td>
</tr><tr>
<td>First Name:</td>
<td><INPUT TYPE='text' NAME='firstname' Value=$FirstName></td>
</tr><tr>
<td>Last Name:</td>
<td><INPUT TYPE='text' NAME='lastname' Value=$LastName></td>
</tr><tr>
<td>Email:</td>
<td><INPUT TYPE='text' NAME='email' Value=$Email></td>
</tr>
<td><INPUT TYPE='hidden' NAME='userid' Value=$ReviewerID></td>
</table>";


echo "<form action='loginupdate.php' method='POST'>
<INPUT TYPE='Submit' NAME='back' VALUE='Update Info'>
</form>";


}
else
{
echo "Invalid data...";
}

?>


And Here is the script for the page that updates the information:

<?

session_start();
$_SESSION['sessionid'];
$userpassword = $_POST['userpassword'];
$username = $_SESSION['username'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$userid = $_POST['userid'];
$email = $_POST['email'];

include 'date.inc'; // my connection stuff

$connection = mysql_connect($host, $user, $password)
or die ("<h3><b>Host Connection Failed</b></h3>");

$db = mysql_select_db($database,$connection)
or die ("<h3><b>Database Connection Failed</b></h3>");


$query = mysql_query("UPDATE ReviewerInfo SET username='".$username."', password='".$userpassword."',
firstname='".$firstname."', lastname='".$lastname."', email='".$email."'
WHERE ReviewerInfo.ReviewerID = '".$userid."'");
if(!$query)
die(mysql_error());


echo "Update successful. <br> <form action='login.php' method='POST'>
<INPUT TYPE='Submit' NAME='back' VALUE='BACK'>
</form>";

?>

The problem that I have is that the submit button takes me back to the preceeding page but the $username and $userpassword variables are not recognized. That is, the program defaults to the 'invalid info' warning. Perhaps I'm resetting the values with the two $_POST's at the top? :wink: I know I'm not using the session exactly right and that doing this would probably fix the problem.

Finally, my update query does update, but I'm getting weird results, par for the course I suppose. I think it has something to do with using the $user name as the session ID. In any case, with the $_SESSION AND $_POST as they are in this last script, I am unable to update the username field. I put a name in the box and the query will not update it.

Obviously, I have major validation/security/(lots of other stuff) issues and would like to get this resolved as well once I get this first problem resolved.

I'll thank you in advance. I really appreciate this forum; I've already learned a lot over the course of the past couple of weeks, much do to the posts contained herein. Thanks!!!!
Chadf
New php-forum User
New php-forum User
 
Posts: 5
Joined: Sun Feb 23, 2003 4:18 pm
Location: Location, Location, Location

Postby Redcircle » Wed Mar 05, 2003 12:36 am

ok... for starters you get the session id with the function session_id()

also PHP is CASE SENSITIVE so $UserName and $username are two completely different variables.

Look through your code and make the appropriate changes and let me know how it works.
User avatar
Redcircle
Moderator
Moderator
 
Posts: 830
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA

Thanks, Redcircle

Postby Chadf » Wed Mar 05, 2003 10:44 am

Thanks for the tips! I'll make adjustments and see how they work. Thanks again..

-Chad
Chadf
New php-forum User
New php-forum User
 
Posts: 5
Joined: Sun Feb 23, 2003 4:18 pm
Location: Location, Location, Location

In good working order...Yippee Skippy

Postby Chadf » Thu Mar 06, 2003 3:29 pm

Ok, I made the suggested changes last night and blammo, the sql query works just fine now. Also, I figured out one way to keep the session alive (by embedding hidden text boxes on my page to temporarily hold my data for the next page), which I learned from another thread.

Anyway, now I'm working on learning validation, encryption, etc. in order to make the password process a little more secure. My ultimate goal is to produce an online self-publishing book review db for a local indymedia center, which would allow people to logon and post book reviews of relevant books and then edit or delete previously posted reviews . Any tips/suggestions on architecting this system would be great, but only if you have the time. :D

I'm kicking around ideas on how to automatically post a certain number of reviews at one time, like setting up some kind of date function that looks at today's date and posts everything from the preceeding month, for example. Another consideration is searchability, how to set up searches by date and so forth.

So anyway, your comments were right on the money, RedCircle; I wasn't aware of the case sensitive issue (obviously).

Gracias,

-Chad :mrgreen:
Chadf
New php-forum User
New php-forum User
 
Posts: 5
Joined: Sun Feb 23, 2003 4:18 pm
Location: Location, Location, Location


Return to mySQL & php coding

Who is online

Users browsing this forum: Bing [Bot] and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron