pre-populate form

wkilc

Hi all,

I am a newbie, but thanks to some help on this lovely forum I recently switched from .htaccess to sessions for my member authentication. This is my login script:

<?php

session_set_cookie_params (0, '/', '.domain.org');

session_start();

MySQL_connect("localhost", 'domain', 'password'); MySQL_select_db("members");

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {

$userId   = $_POST['txtUserId'];
$password = $_POST['txtPassword'];

// check if the user id and password combination exist in database
$sql = "SELECT user_id
        FROM members
        WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";

$result = mysql_query($sql) or die('Query failed. ' . mysql_error());

if (mysql_num_rows($result) == 1) {
    // the user id and password match,
    // set the session
    $_SESSION['logged_in'] = true;

    // after login we move to the main page
if ($_GET['redir']) {
header('Location: '.$_GET['redir']); 
}   else  {
        header('Location: welcome.php'); 
    exit;
    }
} else { 
    $errorMessage = 'Sorry, not a valid  combination - please see below'; 
} 
}
?>

And it suddenly occured to me that if I stored more than just a username and password in the members database perhaps I could use it to pre-populate the many forms on my site with names, address, phone, etc, etc.

After searching the forum for insight, this is what I've got so on the form page:

<? MySQL_connect("localhost", 'domain', 'password'); MySQL_select_db("members");   ?> 

<? $query = "select members.user_id from user where user_id = '$userId' AND user_password = PASSWORD('$password')";
$result = mysql_query($result);
$row = mysql_fetch_array($row); 
?>

<form name="Simple" method="post" action="/cgi-bin/form.pl" onsubmit="return formCheck(this);">

<input type=text name=first_name value="<?php print($row['first_name']);?>"> 
...etc
</form>

Of course, this isn't working:
Error: mysql_fetch_array(): supplied argument is not a valid MySQL result resource

I don't know PHP very well, but I think this is barely in the ballpark. What I'm not really clear on is if the session cookie created by the login script even "remembers" the actual UserId at all, or if it simply "knows" that it is logged in for the remainder of the session.

Thanks for reading!

~Wayne

kender

<? $query = "select members.user_id from user where user_id = '$userId' AND user_password = PASSWORD('$password')"; 
$result = mysql_query($query); 
$row = mysql_fetch_array($result);  

?>

how bout that from a quick look

wkilc

Hello,

Thank you... but that gives me the same error. :bemused:

~Wayne

mrhappiness

$result = mysql_query($query) or die('<hr />'.$query.'<hr />'.mysql_error().'<hr />');

wkilc

:o
Thanks!

Okay... now I see my problem... I was calling a table by the wrong name... so now I've got:

<? $query = "select members.user_id from members where user_id = '$userId' AND user_password = PASSWORD('$password')"; 
$result = mysql_query($query) or die('<hr />'.$query.'<hr />'.mysql_error().'<hr />'); 
$row = mysql_fetch_array($result);  

?> 

<form name="Simple" method="post" action="/cgi-bin/form.pl" onsubmit="return formCheck(this);">

<input type=text name=first_name value="<?php print($row['user_id']);?>">

...etc

</form>

There are only two values in the database right now, the user_id and password...
just to test it, I'm trying to have it fill in the user_id in the text field. No errors anymore, but the text field is still blank.

If it helps, but sql database looks like this:

CREATE TABLE members (
user_id VARCHAR(10) NOT NULL,
user_password CHAR(32) NOT NULL,

PRIMARY KEY (user_id)
);

INSERT INTO members (user_id, user_password) VALUES ('john123', PASSWORD('mypassword'));

Thanks again,

~Wayne

wkilc

Is the problem that the "user_id" is not logged by the session cookie?

~Wayne