So I am building a login system, but I have run into a problem with my code <?phpinclude("dbsettings.php");mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $username = mysql_real_escape_string($_POST['username']);$password = md5(mysql_real_escape_string($_POST['password'])); $sql="SELECT * FROM `user` WHERE `username`='{$username}' AND `password`='{$password}'";$result=mysql_query($sql); // do the checkif($result){ if(mysql_num_rows($result) == 1) { $_SESSION['username']; $_SESSION['password']; header("location: account.php"); exit(); } else { echo "Wrong username/password."; }}else{ echo "The query is not true.";}?> PHP:
What does it no do, what is the error your getting. <?php include("dbsettings.php"); mysql_connect("$host, "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $sql="SELECT * FROM `user` WHERE `username`='$username' AND `password`='$password'"; $result=mysql_query($sql); // do the check if(mysql_num_rows($result) == 1){ $_SESSION['username']; $_SESSION['password']; header("location: account.php"); }else{ echo "Wrong username/password."; } ?> PHP:
is that how the code is written? if yes, the problem is that the "if($result){ if(mysql_num_rows($result) == 1)..." is commented because it is in one line with " // do the check"
I can log in but when I go back to the login page, if already logged in, want it to redirect to account.php, same goes for register.
Try: <?php if (session_id() != "") ("location: account.php"); include("dbsettings.php"); mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $sql="SELECT * FROM `user` WHERE `username`='{$username}' AND `password`='{$password}'"; $result=mysql_query($sql); // do the check if($result){ if(mysql_num_rows($result) == 1) { $_SESSION['username']; $_SESSION['password']; //you logged in } else { echo "Wrong username/password."; }}else{ echo "The query is not true.";}?> PHP: Remember to destroy the session when the user logs out (if you have a logout button).
Basically now, when a user logs in he/she is redirected to account.php....I am having trouble displaying the users info.... Basucally, I want to say Welcome, $username
store the userid in the session variable and retrieve the information on account.php by getting the id from the session.
salman is right, when you retrieve data from the database, turn them into SESSIONS for what you want to do $_SESSION['user_name'] = $username; $_SESSION['user_id'] = $userid; and so on... If you ever destroy SESSIONS , use two step process, first name them one at a time and undo /end session by name, and then session_destroy so they wont stay logged in or the data in session.
mysql_select_db("$db_name")or die("cannot select DB") Here you have to insert a DB link also as $link=mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name", $link)or die("cannot select DB");