Quote (carteblanche @ Oct 21 2014 03:40am)
that only redirects if they haven't logged in. i meant, i assume the "profile" information you want to show is tied to the user, right? so where's your code that shows the profile info? presumably you fetch it from a DB of some sort first.
i'd be careful about using username. using a surrogate key is often a good idea. what if they want to change their username but keep the rest of their data?
this is the code i use to connect to the profile
Code
<?php
// Connect to the database
require('db.php');
// Set username and password variables for this script
$user = mysql_real_escape_string($_POST["username"]);
$pass = mysql_real_escape_string($_POST["password"]);
// Make sure the username and password match, selecting all the client's
// data from the database if it does. Store the data into $clientdata
$clientdata = mysql_query("SELECT * FROM clients WHERE username='$user' and password='$pass'")
or die (mysql_error());
// Put the $clientdata query into an array we can work with
$data = mysql_fetch_array($clientdata, MYSQL_ASSOC);
// If the username and password matched, we should have one entry in our
// $clientdata array. If not, we should have 0. So, we can use a simple
// if/else statement
if(mysql_num_rows($clientdata) == 1){
// Start a new blank session. This will assign the user's server
// with a session with an idividual ID
session_start();
// With our session started, we can assign variables for a logged
// in user to use until they log out.
$_SESSION['username'] = $user;
$_SESSION['email'] = $data['email'];
$_SESSION['paypal'] = $data['paypal'];
// Then, redirect them to the profile page
header('Location: profile.php');
}else{echo "The username and password don't match. Please go back and try again.
(Or you could redirect them to the login page again.)";}
I manage the clients usernames and password. It's not for everyone to use. The info we neeed to display varies from clients.
try loggin in again and you should see