d2jsp
Log InRegister
d2jsp Forums > Off-Topic > Computers & IT > Programming & Development > Changing Content With Php & Html > For Users Logging In
Prev12
Add Reply New Topic New Poll
Member
Posts: 37
Joined: Apr 24 2014
Gold: 0.00
Oct 20 2014 08:43pm
Quote (carteblanche @ Oct 21 2014 03:40am)
that only redirects if they haven't logged in. i meant, i assume the "profile" information you want to show is tied to the user, right? so where's your code that shows the profile info? presumably you fetch it from a DB of some sort first.

i'd be careful about using username. using a surrogate key is often a good idea. what if they want to change their username but keep the rest of their data?


this is the code i use to connect to the profile

Code
<?php

// Connect to the database
require('db.php');

// Set username and password variables for this script
$user = mysql_real_escape_string($_POST["username"]);
$pass = mysql_real_escape_string($_POST["password"]);

// Make sure the username and password match, selecting all the client's
// data from the database if it does. Store the data into $clientdata
$clientdata = mysql_query("SELECT * FROM clients WHERE username='$user' and password='$pass'")
or die (mysql_error());

// Put the $clientdata query into an array we can work with
$data = mysql_fetch_array($clientdata, MYSQL_ASSOC);

// If the username and password matched, we should have one entry in our
// $clientdata array. If not, we should have 0. So, we can use a simple
// if/else statement
if(mysql_num_rows($clientdata) == 1){
// Start a new blank session. This will assign the user's server
// with a session with an idividual ID
session_start();

// With our session started, we can assign variables for a logged
// in user to use until they log out.
$_SESSION['username'] = $user;
$_SESSION['email'] = $data['email'];
$_SESSION['paypal'] = $data['paypal'];

// Then, redirect them to the profile page
header('Location: profile.php');
}else{echo "The username and password don't match. Please go back and try again.
(Or you could redirect them to the login page again.)";}


I manage the clients usernames and password. It's not for everyone to use. The info we neeed to display varies from clients.
try loggin in again and you should see
Member
Posts: 37
Joined: Apr 24 2014
Gold: 0.00
Oct 20 2014 08:45pm
Quote (AkuuZ @ Oct 21 2014 03:41am)
based on their login youll grab their user id, create a session

and with their user id u can fetch all of their info, just make sure the info actually has their user id attached to it in the database

for instance:

user:
id | name | email | phone

invoice
user_id | invoice_num | invoice_path

just a quick example of how many ur db is set up, the invoice_path can go to like a jpg or pdf file inside of a folder.


would it be possible to just use VARCHAR links? minimise on disk space
Member
Posts: 32,925
Joined: Jul 23 2006
Gold: 3,804.50
Oct 20 2014 08:50pm
Quote (Dawsy @ Oct 20 2014 10:45pm)
would it be possible to just use VARCHAR links? minimise on disk space


i think you completely misunderstood what he said.

Quote (Dawsy @ Oct 20 2014 10:43pm)
this is the code i use to connect to the profile

Code
<?php

// Connect to the database
require('db.php');

// Set username and password variables for this script
$user = mysql_real_escape_string($_POST["username"]);
$pass = mysql_real_escape_string($_POST["password"]);

// Make sure the username and password match, selecting all the client's
// data from the database if it does. Store the data into $clientdata
$clientdata = mysql_query("SELECT * FROM clients WHERE username='$user' and password='$pass'")
or die (mysql_error());

// Put the $clientdata query into an array we can work with
$data = mysql_fetch_array($clientdata, MYSQL_ASSOC);

// If the username and password matched, we should have one entry in our
// $clientdata array. If not, we should have 0. So, we can use a simple
// if/else statement
if(mysql_num_rows($clientdata) == 1){
// Start a new blank session. This will assign the user's server
// with a session with an idividual ID
session_start();

// With our session started, we can assign variables for a logged
// in user to use until they log out.
$_SESSION['username'] = $user;
$_SESSION['email'] = $data['email'];
$_SESSION['paypal'] = $data['paypal'];

// Then, redirect them to the profile page
header('Location: profile.php');
}else{echo "The username and password don't match. Please go back and try again.
            (Or you could redirect them to the login page again.)";}


I manage the clients usernames and password. It's not for everyone to use. The info we neeed to display varies from clients.
try loggin in again and you should see


is that the only profile data you're trying to show? username, email, paypal? just push that data into your controls.

btw, that looks like a really shitty login. you should go with duck's suggestion.
Member
Posts: 37
Joined: Apr 24 2014
Gold: 0.00
Oct 20 2014 08:52pm
Quote (carteblanche @ Oct 21 2014 03:50am)
i think you completely misunderstood what he said.



is that the only profile data you're trying to show? username, email, paypal? just push that data into your controls.

btw, that looks like a really shitty login. you should go with duck's suggestion.


I've literally just followed something online, I ain't an expert.

That's the only profile data im trying to show yeah but the content inside it will change for each user.

https://www.dropbox.com/s/ivlhrzqyuhtwpqw/Screenshot%202014-10-21%2003.53.25.png?dl=0 all this content will change for each user.

This post was edited by Dawsy on Oct 20 2014 08:55pm
Member
Posts: 32,925
Joined: Jul 23 2006
Gold: 3,804.50
Oct 20 2014 09:00pm
i suggest hiring someone to do this stuff for you. i wouldn't want my clients looking at it. and for whatever reason, it takes forever to load.

Member
Posts: 13,425
Joined: Sep 29 2007
Gold: 0.00
Warn: 20%
Oct 20 2014 09:54pm
I would stop right now and switch to SQL PDO before you get to far ahead. mysql_real_escape_string() is incredibly broken and won't protect you in many cases.

For instance:

Code
$id = mysql_real_escape_string("41; drop table payments") //returns 41; Drop table payments
$clientdata = mysql_query("SELECT * FROM payments WHERE id=$id")


Although you run the function ti doesn't actually filter bad SQL out of the input.

If you use the new mysqli_* functions you can quickly change over to parametrized sequences although I prefer PDO over mysqli.
Member
Posts: 37
Joined: Apr 24 2014
Gold: 0.00
Oct 21 2014 08:33am
Quote (carteblanche @ Oct 21 2014 04:00am)
i suggest hiring someone to do this stuff for you. i wouldn't want my clients looking at it. and for whatever reason, it takes forever to load.

http://oi58.tinypic.com/2an9s0.jpg


I wonder why it comes up like that on yours? What res you using?
Member
Posts: 37
Joined: Apr 24 2014
Gold: 0.00
Oct 22 2014 06:43pm
I've sorted the issue with it changing with their ID in the address bar, now what I need to do is somehow manage to change the content for each id/login

it will only be links as per image below.

https://www.dropbox.com/s/2u0p0cf2jziijvw/Screenshot%202014-10-23%2001.33.41.png

it must be something very basic to code but can't find guidance online anywhere. 20fg to whoever helps!
Member
Posts: 32,925
Joined: Jul 23 2006
Gold: 3,804.50
Oct 22 2014 07:48pm
i'm sure there's a better way to do it, but i'm not a php expert so i would just use echo

btw, none of your drop box links work.
Member
Posts: 13,425
Joined: Sep 29 2007
Gold: 0.00
Warn: 20%
Oct 22 2014 07:50pm
Quote (carteblanche @ Oct 22 2014 09:48pm)
i'm sure there's a better way to do it, but i'm not a php expert so i would just use echo

btw, none of your drop box links work.


He contacted me via pm. I explained a few ways to do this. He wants to change the project links for the user that logs in.

I told him the best way was to create a projects table which holds, username, projectname, date, links.

This way you can select all projects belonging to a username (doesn't matter their place in the table) and just split() the links into an array and echo them into the page. You could even sort the link via the date/time they were added if you wanted.

Also told him he should be using an auto incrementing unique identifier for each user because using usernames as unique identifiers is meh.

This post was edited by AbDuCt on Oct 22 2014 07:52pm
Go Back To Programming & Development Topic List
Prev12
Add Reply New Topic New Poll