Good morning.
I am trying to add a support section to my website. First, make a login page that will check a database to make sure the user exists and password is correct and that the user has been approved. Then take the user to the next page where he/she will see his/her account information displayed, and at that page be able to add a problem summary and problem description. And those two new records will be added to the database.
It is kind of working and kind of not.
Here is the login page code. The problem: no matter who one logs in as, the page validates that user and gives the link to go on to the next page.
<?php
if (!isset($_POST['submit'])) {
// form not submitted
?>
<br>
<table width="80%" border="0" cellspacing="0" cellpadding="0">
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<tr>
<td class="font_main">Username:</td><td><INPUT name="username" SIZE=20></td></tr>
<td class="font_main">Password:</td><td><INPUT name="password" SIZE=20></td></tr>
<tr height=10><td> </td></tr>
<tr><td></td><td><INPUT TYPE=SUBMIT name="submit" VALUE="LOGIN"></td></tr>
</FORM>
</table>
<?php
}
else {
// form submitted
// set server access variables
$host = "host";
$login = "admin";
$pass = "password";
$db = "db";
// open connection to db
$connection = mysql_connect($host, $login, $pass) or die ("Unable to connect!");
// select database
mysql_select_db($db) or die ("Unable to select database!");
// assign variables to the form input
// check to make sure it's all there
// escape input values for greater safety
$username = empty($_POST['username']) ? die ("ERROR: Enter a username") : mysql_escape_string($_POST['username']);
$password = empty($_POST['password']) ? die ("ERROR: Enter a password") : mysql_escape_string($_POST['password']);
// create query
$query = "SELECT * FROM username WHERE username='$username' AND password='$password' AND approved='1'";
// execute query
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
// redirect if true
if ($result)
echo '<p>Authorized. <a href="service_form.php">Click for form</a>';
else
echo '<p>Try again...';
// close connection
mysql_close($connection);
}
?>
The next page, the "service" page, I want to display the user information of the user who just logged in and be able to add a problem summary and problem description.
My code is obviously incomplete, but here it is. How to query the database to display the info I want for only the user who logged in?
<?php
if (!isset($_POST['submit'])) {
// form not submitted
?>
<br>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
Summary of problem/question:<br> <INPUT name="summary" SIZE=30><br>
Description of problem or question: <TEXTAREA name="description" COLS=40 ROWS=6></TEXTAREA><p>
<INPUT TYPE=SUBMIT name="submit" VALUE="SUBMIT"><INPUT type=reset value="RESET">
</FORM>
<?php
}
else {
// form submitted
// set server access variables
$host = "host";
$login = "admin";
$pass = "password";
$db = "db";
// open connection
$connection = mysql_connect($host, $login, $pass) or die ("Unable to connect!");
// select database
mysql_select_db($db) or die ("Unable to select database!");
// get form input
// check to make sure it's all there
// escape input values for greater safety
$summary = empty($_POST['summary']) ? die ("ERROR: Enter a summary") : mysql_escape_string($_POST['summary']);
$description = empty($_POST['description']) ? die ("ERROR: Enter a description") : mysql_escape_string($_POST['description']);
// create query
$query = "INSERT INTO username (summary, description) VALUES
('$summary', '$description')";
// execute query
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
// mail to me
mail ('richard.keightley@panoramtech.com', $summary , $description);
// close connection
mysql_close($connection);
}
?>
I realize this is a lot of work / help I am asking for. Although I would love free advice, I am willing to pay $$ for help.
Thank you.
Richard
