I'm having trouble with a login script I'm working on. Only on the first 'secret' page you can display info selected from the database because I used $HTTP_POST_VARS to get the info.
I'm trying to figure out how I can have other protected pages where i can select rows from the database based on who logged in, but I can't use $HTTP_POST_VARS for that because there wouldnt be an immediate form to post the info into.
Here's some of my login.php file. This line would work, because it's immediately after the user submits their info in the form:
SELECT id, f_name, l_name FROM auth_users WHERE username = '$HTTP_POST_VARS[username]' AND password = password('$HTTP_POST_VARS[password]')
... so that $HTTP_POST_VARS comes from the form, but on other pages, there wont be a form, so i can't use that.
How can i keep those values going through the rest of my page?
Here's some more of my code of login.php:
//connect to the server and select database
$conn = mysql_pconnect("localhost", "user", "pass") or die(mysql_error());
mysql_select_db("database",$conn) or die(mysql_error());
//create and issue the query
$sql = "SELECT id, f_name, l_name FROM auth_users WHERE username = '$HTTP_POST_VARS[username]' AND password = password('$HTTP_POST_VARS[password]')";
$result = mysql_query($sql,$conn) or die(mysql_error());
//get the number of rows in a result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {
//if authorized, get the values of f_name l_name id
$f_name = mysql_result($result, 0, 'f_name');
$l_name = mysql_result($result, 0, 'l_name');
$id = mysql_result($result, 0, 'id');
//prepare message for printing
$msg = "Thank you for logging in, $f_name $l_name.<br><br>";
