I tried to use session to pass the username and password from login.php to choice.php, and then to display.php.
--------------login.php---------------
<?php
session_start();
header("Cache-control: private");
?>
<html>
<head>
<title>User Authentication</title>
</head>
<body>
<form METHOD = "POST" ACTION = "choice.php">
<p><strong>Username:</strong><br>
<INPUT TYPE = "text" NAME = "username" SIZE = 30></p>
<p><strong>Password:</strong><br>
<INPUT TYPE = "text" NAME = "password" SIZE = 15></p>
<p><INPUT TYPE = "submit" NAME = "submit" VALUE = "Submit"></p>
</form>
</body>
</html>
----------------choice.php-------------------
//access to master_name table and pull out the firstname & lastname for the option block.
<?php
session_start();
header("Cache-control: private");
if(($_POST['username'] == " ") || ($_POST['password'] == " "))
{
header("Location: login.php");
exit;
}
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
$db_name = "addressbook";
$table_name = "master_name";
$connection = @mysql_connect("localhost", $_POST['username'], $_POST['password'])
or die(mysql_error());
$db = @mysql_select_db($db_name, $connection)
or die(mysql_error());
$sql = "SELECT id, f_name, l_name, date_added, date_modified
FROM $table_name ORDER BY id";
$result = @mysql_query($sql, $connection)
or die(mysql_error());
$num = @mysql_num_rows($result);
if($num < 1)
{
$display_block = "<p><strong>Sorry! No result.</strong></p>";
}
else
{
while($row = mysql_fetch_array($result))
{
$id = $row['id'];
$f_name = stripslashes($row['f_name']);
$l_name = stripslashes($row['l_name']);
$option_block .= "<option value = \"$id\">$l_name, $f_name</option>";
}
//create the entire form block
$display_block = "<form method = \"POST\" action = \"display.php\">
<p><strong>Teacher Name: </strong>
<select name = \"id\">$option_block</select>
<input type = \"submit\" name=\"submit\" value=\"Search\"></p>
</form>";
}
?>
<html>
<head>
<title>Search by Teacher Name</title>
</head>
<body>
<p>Select a name from the list below to search by teacher name</p>
<?php
echo "$display_block";
?>
</body>
</html>
---------------display.php------------------
//to display all the user info depend on the option chose from choice.php script
<?php
session_start();
header("Cache-control: private");
echo "user SESSION: ";
echo $_SESSION['username'];
echo "<br/>\n";
echo "password SESSION: ";
echo $_SESSION['password'];
if(($_SESSION['username'] == " ") || ($_SESSION['password'] == " "))
{
header("Location: login.php");
exit;
}
//get the connection to the database
$connection = @mysql_connect("localhost", $_SESSION['username'], $_SESSION['password'])
or die(mysql_error());
//hold the name of the database
$db_name = "addressbook";
//hold the name of the table
$table_name = "master_name";
$db = @mysql_select_db($db_name, $connection)
or die(mysql_error());
$sql = "SELECT id, f_name, l_name, date_added, date_modified
FROM $table_name ORDER BY id";
$result = @mysql_query($sql, $connection)
or die(mysql_error());
//hold records of the table in row array
while($row = mysql_fetch_array($result))
{
$id = $row['id'];
$f_name = stripslashes($row['f_name']);
$l_name = stripslashes($row['l_name']);
$date_added = $row['date_added'];
$date_modified = $row['date_modified'];
$display_block .= "<p><strong>$f_name $l_name</strong> ID is $id. Date added is $date_added
and date modified is $date_modified</p>";
}
?>
<html>
<head>
<title>Master Name Search</title>
</head>
<body>
<h1>Search by master name:</h1>
<?php
echo "$display_block";
?>
</body>
</html>
My problem is that the $SESSION['username'] and $SESSION['password'] doesn't get pass to display.php script (They do pass along to choice.php script though). I tried to output them but they are blank?!?
I receive:
Notice: Undefined index: username in d:\easyphp1-7\www\display.php on line 7
Notice: Undefined index: password in d:\easyphp1-7\www\display.php on line 10
What did I miss to make it work? And feel free to make any comments on my coding style.
Thanks for your help,
