i am building a system where a user have to login to view certain accessible pages empLogin.php is where the form is <form id="form1" method="post" action="empLoginInsert.php"> <div class="text"> <p>ID <input type="text" name="empID" id="empID" /></p> <p>Password <input type="password" name="empPass" id="empPass" /></p> <p> <label> <input type="submit" name="button" id="button" value="Submit" /> </label> </p> </form> PHP: empLoginInsert.php is where i put the if-else statement <?php ob_start(); $con = mysql_connect("localhost","root",""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("payroll", $con); $id=$_POST['empID']; $pass=$_POST['empPass']; // To protect MySQL injection (more detail about MySQL injection) $id = stripslashes($id); $pass = stripslashes($pass); $id = mysql_real_escape_string($id); $pass = mysql_real_escape_string($pass); $sql="SELECT * FROM emplogin WHERE empID='$id' and empPass='$pass'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION["empID"]; $_SESSION["empPass"]; header("location: empHome.php"); } else { header("Location: empLoginError.php"); } ob_end_flush(); ?> PHP: my database's table fields include empID, empPass & empName. empID is not auto increment since the admin is allowed to add the ID number. i want to display some thing like "Welcome [name]!". Can anyone help me? Thanx in advance
You could run a query to get the result? if(isset($_SESSION['empID'])) { $s=mysql_query("SELECT empName FROM emplogin WHERE `empID` = '{$_SESSION['empID']}'"); $r=mysql_fetch_array($s); $name = $r['empName']; echo"Hello $name!"; } PHP: Or if you want to be resourceful; when you login store the empName in a session also; $sql="SELECT * FROM emplogin WHERE empID='$id' and empPass='$pass'"; $result=mysql_query($sql);// Mysql_num_row is counting table row $count=mysql_num_rows($result); $row=mysql_fetch_array($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){// Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION["empID"]; $_SESSION["empPass"]; $_SESSION['empName'] = $row['name']; PHP:
did you add session_start(); at the very first line of every file where you need to use it? you need to add session_start(); at the beginning of empHome.php and empLoginInsert.php and this part: $_SESSION["empID"]= $row['empID']; $_SESSION["empPass"]= $row['empPass']; // why? I suggest to don't save the password in the session $_SESSION["empName"] = $row['name']; // put the right name of the table field for the name of your user PHP:
i put the session_start(); at the top of the <html> tag for both empHome.php & empLoginInsert.php i have modified these parts as well $_SESSION["empID"] = $row['empID']; $_SESSION["empPass"] = $row['empPass']; $_SESSION['empName'] = $row['empName']; PHP: and in empHome.php i have tried to include this code but it displays nothing <?php echo $_SESSION['empName']; ?> PHP: do i have to connect to the database for empHome.php as well?
hm actually I was seeing that you are using empID as username, isn't it? try echo $_SESSION["empID"]; you should post here more info about your database structure
yes, the ID is the username Database name: payroll Table payroll: includes all of the employee's info (tell me if u need this too but i think this is irrelevant) Table emplogin: empID, empPass, empName Table adminlogin: adminID, adminPass, adminName the focus now is emplogin table
hm could you make a print of $sql variable for debug? just add after: $sql="SELECT * FROM emplogin WHERE empID='$id' and empPass='$pass'"; echo $sql; die(""); // this is only to show the content of $sql then you should see something like this: SELECT * FROM emplogin WHERE empID='username' and empPass='password'
@silviuks: yes i did put <?php session_start(); ?> at the top of the pages @max2010: yes, i got that kind of output
maybe login or password don't match, or you have more than 1 row with same login and password try if($count>0){ ... ... ...
hmmm i didn't put a lot of data in the database only 2 rows where should i put the if statement? empHome?
this: if($count>0){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION["empID"] = $row['empID']; $_SESSION["empPass"] = $row['empPass']; // I suggest to don't store this $_SESSION['empName'] = $row['empName']; header("location: empHome.php"); exit(); // to be sure the script ends after redirecting } else { header("Location: empLoginError.php"); exit(); } PHP:
it's still the same i'm posting the whole coding empLogin.php <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>Employee Login</title> <meta name="description" content="" /> <meta name="keywords" content="" /> <link href="style.css" rel="stylesheet" type="text/css" /> <link rel="shortcut icon" href="images/favicon.ico" /> </head> <body> <div id="middleimage"> <div id="topimage"> <div id="header"> <div id="logo"> <h1><a href="#">Payroll System</a></h1> <p>Blah blah blah<a href="http://www.highimpact-seo.co.uk/"></a></p> </div> <!-- end of logo area--> <div id="menu"> <div class="menubg"><div id="button1text"><a href="index.php">Home</a></div></div> <div class="menubg"> <div id="button2text"> <div align="left"><a href="adminLogin.php"> Admin</a></div> </div></div> <div class="menubg"> <div id="button3text"><a href="empLogin.php">Employee</a></div></div> <div class="menubg"><div id="button4text"><a href="contactUs.php">Contact Us</a></div></div> </div> </div> <!-- end of header --> <div id="page_content"> <div id="main_content"> <div class="paragraph"> <h2>Employee Login</h2> <form id="form1" method="post" action="empLoginInsert.php"> <div class="text"> <p>ID <input type="text" name="empID" id="empID" /> </p> <p>Password <input type="password" name="empPass" id="empPass" /> </p> <p> <label> <input type="submit" name="button" id="button" value="Submit" /> </label> </p> </form> </div> </div> <div class="paragraph"> <h2> </h2> <div class="text"> <p> </p> </div> </div> </div> <!-- end of content --> <div id="rightbar"> <h2>Log In</h2> <p><a href="adminLogin.php">Admin</a></p> <p><a href="empLogin.php">Employee</a></p> </div> <!-- end of sidebar --> <div class="cleaner"></div> </div> <!-- end of page --> </div> </div> <div id="footerimage"> <div id="footer"> <p>Copyright &copy; 2010 YourCompany Name. Design by High Impact <a href="http://www.highimpact-seo.co.uk/">SEO Services</a>.</p> </div> </div> <!-- end of footer --> <div style="text-align: center; font-size: 0.75em;">Design downloaded from <a href="http://www.freewebtemplates.com/">free website templates</a>.</div></body> </html> HTML: empLoginInsert.php <?php session_start(); ?> <?php ob_start(); $con = mysql_connect("localhost","root",""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("payroll", $con); $id=$_POST['empID']; $pass=$_POST['empPass']; // To protect MySQL injection (more detail about MySQL injection) $id = stripslashes($id); $pass = stripslashes($pass); $id = mysql_real_escape_string($id); $pass = mysql_real_escape_string($pass); $sql="SELECT * FROM emplogin WHERE empID='$id' and empPass='$pass'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count>0){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION["empID"] = $row['empID']; $_SESSION["empPass"] = $row['empPass']; $_SESSION['empName'] = $row['empName']; header("Location: empHome.php"); exit(); } else { header("Location: empLoginError.php"); exit(); } ob_end_flush(); ?> PHP: empHome.php <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>Home Employee</title> <meta name="description" content="" /> <meta name="keywords" content="" /> <link href="style.css" rel="stylesheet" type="text/css" /> <link rel="shortcut icon" href="images/favicon.ico" /> </head> <body> <div id="middleimage"> <div id="topimage"> <div id="header"> <div id="logo"> <h1><a href="#">Payroll System</a></h1> <p>Blah blah blah<a href="http://www.highimpact-seo.co.uk/"></a></p> </div> <!-- end of logo area--> <div id="menu"> <div class="menubg"><div id="button1text"><a href="index.php">Home</a></div></div> <div class="menubg"> <div id="button2text"><a href="adminLogin.php">Admin</a></div></div> <div class="menubg"> <div id="button3text"><a href="empLogin.php">Employee</a></div></div> <div class="menubg"><div id="button4text"><a href="contactUs.php">Contact Us</a></div></div> </div> </div> <!-- end of header --> <div id="page_content"> <div id="main_content"> <div class="paragraph"> <h2>Welcome </h2> </div> <p>Welcome, <?php echo $_SESSION['empName']; ?></p> <div class="paragraph"> <div class="text"></div> </div> </div> <!-- end of content --> <div id="rightbar"> <h2>Employee</h2> <p>Welcome, Employee!</p> <form id="form2" method="post" action="logout.php"> <p> <label> <input type="submit" name="button2" id="button2" value="Log Out" /> </label> </p> </form> </div> <!-- end of sidebar --> <div class="cleaner"></div> </div> <!-- end of page --> </div> </div> <div id="footerimage"> <div id="footer"> <p>Copyright &copy; 2010 YourCompany Name. Design by High Impact <a href="http://www.highimpact-seo.co.uk/">SEO Services</a>.</p> </div> </div> <!-- end of footer --> <div style="text-align: center; font-size: 0.75em;">Design downloaded from <a href="http://www.freewebtemplates.com/">free website templates</a>.</div></body> </html> HTML:
missing: $row=mysql_fetch_array($result); you can put inside the if statement, after if($count>0){ $row=mysql_fetch_array($result); ... ...
<!doctype html> <html lang="en"> <head> <meta charset="utf-8" /> <title>GraphixXx me : Login Page</title> <script src="formvalidation.js" type="text/javascript"></script> <style> body { background: #1.jpg; font-family: ff-dagny-web-pro, ff-dagny-web-pro, Helvetica, ff-dagny-web-pro, proxima-nova, Arial, sans-serif; } #container { text-align: left; background: "1.jpg"; } #conditions { color:#000; padding:40px 0; font-size:18px; } #conditions h1 { padding: 8px 0; color: #333; font-size: 32px; font-weight: bold; text-shadow: #fff 2px 2px 1px; } #conditions h2{ color: #111; font-size: 24px; padding-top:10px; padding-bottom:10px; } a { color: #ff0; text-decoration: none; } a:hover { color: #0ff; text-decoration: none; cursor: pointer; } p { font-size:14px; } .hidden { display: none; } #blacktop { height:95px; background:black; } #logotop { position:absolute; top:15px; text-align:left; margin:auto; } /*--------------------------------------- Footer ---------------------------------------*/ #footer { display: block; text-align: center; background:#000; color:#fff; } #footer #copyright { text-align: center; padding: 32px 16px 16px 16px; font-size: 14px; color: #000; } #footer #copyright img{ padding-bottom: 20px; } #footer #copyright a { text-decoration: underline; color:#fff; } </style> <style> p1 { position:absolute; left:100px; top:110px; z-index:-1; } </style> </head> <script type="text/javascript"> <!-- var image1=new Image() image1.src="a1.jpg" var image2=new Image() image2.src="b1.jpg" var image3=new Image() image3.src="c1.jpg" //--> </script> <body background="1.jpg"> <p1> <img src="a1.jpg" name="slide" width="500" height="600" border="2" /> <script> <!-- //variable that will increment through the images var step=1 function slideit(){ //if browser does not support the image object, exit. if (!document.images) return document.images.slide.src=eval("image"+step+".src") if (step<3) step++ else step=1 //call function "slideit()" every 2.5 seconds setTimeout("slideit()",2500) } slideit() //--> </script> </p1> <div id="blacktop" background="1.jpg"></div> <div id="container"> <div id="logotop"> <a href=".\Enter.html"><img alt="GraphixXx me" src="small logo.jpg" /></a> <span class="hidden">GraphixXx me</span> </div> <div id="conditions"> <div align="right"> <h1><u>A New Way to Express Your CV</u></h1> <legend align="left">For existing users: </legend> <font color="black"><b> <frame align="right" border="4"> <br> <form method="post" action="logincheck.php" align="right" onload="document.registration.email.focus();"> Email <input type="text" name="email" maxlength="20" size="20"> <br> Password <input type="password" name="password" maxlength="20" size="20"> <br><br> <input type="submit" name="submit" value="Submit"> </form></b><br> If you are not a registered member,you can<font color="blue"> <b>sign up</b></font> below. </frame><br><br><br> <form name='registration' method="post" action="newmember.php" align="right" onsubmit="return formValidation();" > First Name <input type="text" name="fname" maxlength="20" size="20"> <br> Last Name <input type="text" name="lname" maxlength="20" size="20"> <br> Email <input type="text" name="email" maxlength="50" size="20"> <br> Username <input type="text" name="username" maxlength="20" size="20"> <br> Password <input type="password" name="password" maxlength="20" size="20"> <br><br> <input type="submit" name="submit" value="Create Profile"> </form> </font> </div> <br><br><br><br> </div> <div id ="footer" class="clear"> <div > <img alt="GraphixXx me" src="small logo.jpg" /> <p> <a href ="/aboutus">about us</a> | <a href ="mailto:">contact</a> | <a href ="http://twitter.com/vijaysekhu">twitter</a> | <a href ="https://www.facebook.com/vijaysekhu">facebook</a> | <a href ="terms.html">terms</a> </p> <p> © GraphixXx me</p></div> </footer> </div> </body> </html>
<?php session_start(); ?> <?php $host="localhost"; // Host name $username="scorpion"; // Mysql username $password="1234"; // Mysql password $db_name="cv_member"; // Database name $tbl_name="login"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myemail=$_POST['email']; $mypassword=$_POST['password']; // To protect MySQL injection (more detail about MySQL injection) $myemail = stripslashes($myemail); $mypassword = stripslashes($mypassword); $myemail = mysql_real_escape_string($myemail); $mypassword = mysql_real_escape_string($mypassword); $encrypted_mypassword = md5($mypassword); $sql="SELECT * FROM $tbl_name WHERE email='$myemail' and password='$encrypted_mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myemail and $mypassword, table row must be 1 row if($count==1){ $row=mysql_fetch_array($result); // Register $myemail, $mypassword and redirect to file "success.php" $_SESSION["myemail"] = $row['myemail']; $_SESSION["mypassword"] = $row['mypassword']; $_SESSION["firstname"] = $row['firstname']; header("location:success.php"); } else { header("Location: loginfail.php"); } ob_end_flush(); ?>
<?php session_start(); ?> <?php session_start(); if(isset($_SESSION['myemail'])) { $s=mysql_query("SELECT firstname FROM login WHERE `myemail` = '{$_SESSION['myemail']}'"); $r=mysql_fetch_array($s); $name = $r['firstname']; echo"Hello $name!"; }