By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,457 Members | 1,334 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,457 IT Pros & Developers. It's quick & easy.

passing a value

ddtpmyra
100+
P: 333
I have log-in form before showing all the data. I got this script in one of the internet site. The problem Im having now is capturing the username and pass it to my query line. But the password has check log-in first so no one can go directly on the result page. Here's How it work.

Log-in Form
[PHP]<form name="form1" method="post" action="checklogin.php">

<strong>Username</strong>
<input name="myusername" type="text" id="myusername">

<strong>Password</strong
<input name="mypassword" type="password" id="mypassword">

<input type="submit" name="Submit" value="Reviewer Login"></td>
[/PHP]

check login
[PHP]
<?php
ob_start();
//dbase connection......


// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' and user_level=1";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
//<form name="form1" method="post" action="approvals2_reviewer.php">
//<input type="hidden" name="$username" value="$username">
header("location:approvals2_reviewer.php"); // how can i add the $myusername value here?
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>[/PHP]

my question is.... how can i still pass my $myusername value from log-in page to check_login.php to final page with my query result. I hope I write this clearly let me know if you have more information.

Thanks,
DM
Nov 3 '08 #1
Share this Question
Share on Google+
3 Replies


Atli
Expert 5K+
P: 5,058
Why don't you just use a session variable?

You would simply have to add the session_start at the top of the page and use the $_SESSION array to set the variable.

I see that you use the session_register function there, so I'm guessing you were already trying this?

The problem is that the session_register function is old and deprecated, and it only works if you have register_globals enabled, which it isn't by default. In fact, it will be removed completely in PHP6.

Check out this article to see how you should use sessions in PHP4.1 and above.
Nov 3 '08 #2

ddtpmyra
100+
P: 333
I did re-construct my login php into this to make it simple :) my thanks to Atli
[PHP]<?php
session_start();

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
include 'library/config.php';
include 'connect.php';

$userId = $_POST['txtUserId'];
$password = $_POST['txtPassword'];

// check if the user id and password combination exist in database
$sql = "SELECT * FROM members WHERE username='$userId' and password='$password' and user_level=1";



$result = mysql_query($sql) or die('Query failed. ' . mysql_error());

if (mysql_num_rows($result) == 1) {
// the user id and password match,
// set the session
$_SESSION['db_is_logged_in'] = true;

// after login we move to the main page
session_register("txtUserId");
session_register("txtPassword");
header('Location: main.php');
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
}

include 'library/closedb.php';
}
?>[/PHP]

and re-direct to may main page using session_start();
[PHP]<?php

session_start();
// is the one accessing this page logged in or not?
if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) {
// not logged in, move to login page
header('Location: login.php');
exit;
}

?>
<html>
<head>
<title>Main User Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<p>This is the main application page. You are free to play around here since you
are an autenthicated user :-) </p>
<p>&nbsp;</p>
<p><a href="logout.php">Logout</a> </p>
</body>
</html>[/PHP]

but still having trouble of capturing the value of the userid and password on the log in page. How can I do that? The reason doing this is for my next query for the data to display.
Nov 4 '08 #3

Atli
Expert 5K+
P: 5,058
You mean you want to pass the username and password from the first script over to the second one?

If so, simply add them to the session as well, like you did with the "db_is_logged_in" variable.

This is what lines 25 and 26 would have done on older versions of PHP. Simply replace them with the proper way to store session data and they will be available in the second script.
Nov 5 '08 #4

Post your reply

Sign in to post your reply or Sign up for a free account.