displaying data depending on logged in user

sander_ESP

hello,

i am trying to set up webpages for separate users. i have made a database called login wich holds the users.
now depending on what user logs in , i want to display certain information from another database calles hallfame.
i came up with the following scripts so far wich i am trying to adapt to make things work the way i want. what it should do is after the user is logged in , store the person_ID of that user in a variable and use that variable in a SELECT statement on the hallfame database.

i came up with this :

$query="SELECT * FROM people where person_ID = ´$personID´";

but this returns an error.

Warning: mysql_numrows(): supplied argument is not a valid MySQL result resource

when i change the statement to SELECT * from people where person_ID = 1 then it does work so i take it i must be doing something wrong with the variable $personID. this variable is defined in config.php like this:

$userID = "Select person_ID from ".$mysql_pretext."_users where username=´$username´";
$personID = mysql_query ($userID);

i hope you guys can help me out with this because its driving me nuts. 😢

index.php :

<?php
session_start();
if (isset ($SESSION['loggedin']) && isset ($SESSION['time']))
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<body>
<a href="login.php">Logout</a>
<?php
require("connect.php");

$result = mysql_query('SHOW tables');

$username="********";
$password="****";
$database="********";

mysql_connect(localhost,$username,$password);

mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM people where person_ID = ´$personID´";
$resultone=mysql_query($query);

$num=mysql_numrows($resultone);

mysql_close();

echo "<b><center>Database Output</center></b><br><br>";

$i=0;
while ($i < $num)
{

$fieldname = mysql_result($resultone,$i,"firstname");
$fieldname2 = mysql_result($resultone,$i,"lastname");
$fieldname3 = mysql_result($resultone,$i,"AKA");
$fieldname4 = mysql_result($resultone,$i,"status");
$fieldname5 = mysql_result($resultone,$i,"nationality");

echo "<b>$fieldname
$fieldname2</b><br>$fieldname3<br>$fieldname5<br>$fieldname6<hr><br>";

$i++;
}

?>
</body>
</html>

<?php
}
else
{
require ("login.php");
}
ob_end_flush();
?>

login.php :

<?php

ob_start();

require ("config.php");

$check_db = "SELECT * FROM ".$mysql_pretext."_users";
if (!mysql_query ($check_db))
{
//if tables doesn't exist,then install the tables
include ("install.php");
}
else
{
if (file_exists ("install.php")) die ("<font color=\"red\">FATAL ERROR. INSTALL.PHP EXISTS! POSSIBLE SECURITY RISK! TERMINATING PROGRAM</font>");
}
session_start();

if (isset ($SESSION['loggedin']) && isset ($SESSION['time']))
{
unset ($SESSION);
session_destroy();
print '<html><head><title>Logout</title><link rel="stylesheet" type="text/css" href="style.css" /></head><body>';
//get the link to return
if ($SERVER['HTTP_REFERER']) $link = $SERVER['HTTP_REFERER'];
else $link = $SERVER['PHP_SELF'];
print '<p align="center">You are logged out. Thank you for using Advanced Login System. A copy can be obtained from <a href="http://www.iqueststudios.com" target="blank">www.iqueststudios.com</a></p><p align="center"><a href="'.$link.'">Continue</a></p>';
die();
}
else if (isset ($POST['login']))
{
print '<link rel="stylesheet" type="text/css" href="style.css" />';
//check if the anti hacking cookie is set or has reached its limit
if (!isset ($COOKIE['tries']) || $COOKIE['tries'] != '0')
{
			$username = strip_tags ($_POST['username']);
	$password = strip_tags ($_POST['password']);
	$rmbpw = $_POST['rmbpw'];
	//if there is need for image validation
	if ($display_bot_image_login)
	{
		$code = $_POST['code'];
		$realcode = $_POST['realcode'];
		//incorrect number
		if (md5($code) != $realcode)
		{
			if (isset ($_COOKIE['tries']))
			{
				//reduce the number of tries
				$tries = $_COOKIE['tries'] - 1;
				print '<p align="center">Invalid validation code.<b>'.$tries.'</b> tries left.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>';
				setcookie ('tries', $tries, time()+900, '/', '', 0);
				die();
			}
			else
			{
				//set the cookie to hold the variable
				print '<p align="center">Invalid validation code.<b>3</b> tries left.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>';
				setcookie ('tries', 3, time()+900, '/', '', 0);
				die();
			}				
		}
		//continue
	}

	$mpassword = md5($password);

	if ($need_to_validate_acct == TRUE) 
	{ 
		$search_login = "SELECT * FROM ".$mysql_pretext."_users WHERE username='$username' AND password='$mpassword' AND validated='1'"; 
	}
	else 
	{
		$search_login = "SELECT * FROM ".$mysql_pretext."_users WHERE username='$username' AND password='$mpassword'";
	}
	$search_login2 = mysql_query ($search_login) or die (mysql_error()) ;
	$search_login3 = mysql_fetch_array ($search_login2);
	$userID = "Select person_ID from  ".$mysql_pretext."_users where username=´$username´";
	$personID = mysql_query ($userID);
	mysql_close();

	if ($search_login3) 
	{
		//valid login!
		if (isset ($rmbpw))
		{
			//set these cookie to remember the user next time he logs in.
			setcookie ('username', $username, time()+1209600, '/', '', 0); 
			setcookie ('password', base64_encode ($password), time()+1209600, '/', '', 0);
		}
		else if(empty ($rmbpw) && isset ($_COOKIE['username']) && isset ($_COOKIE['password']))
		{
			//remove these cookie.
			setcookie ('username', '', time()-60, '/', '', 0); 
			setcookie ('password', '', time()-60, '/', '', 0);
		}
		//start the sessions
		session_start();
		//remove the anti-hacking cookie
		setcookie ('tries', '', time()-60, '/', '', 0);
		$_SESSION['loggedin'] = $_POST['username'];
		$_SESSION['time'] = time();
		header ('Location: ./');
		exit;
	} 
	else 
	{
		//invalid login!
		if (isset ($_COOKIE['tries']))
		{
			//reduce the number of tries
			$tries = $_COOKIE['tries'] - 1;
			print '<p align="center">Invalid username and password combination or non-activated account.<b>'.$tries.'</b> tries left.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>';
			setcookie ('tries', $tries, time()+900, '/', '', 0);
			die();
		}
		else
		{
			//set the cookie to hold the variable
			print '<p align="center">Invalid username and password combination or non-activated account.<b>3</b> tries left.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>';
			setcookie ('tries', 3, time()+900, '/', '', 0);
			die();
		}
	}

}
else 
{
	//block the computer from logging in
	print '<p align="center">You have entered invalid data for 3 times in a row. Please wait 15 minutes to try again.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>';
}
}
//if the user did not click login.
else
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Login - Powered by iQuest Studios Advanced Login System</title>
<link rel="stylesheet" type="text/css" href="style.css" />
<script type="text/javascript">
function popUp(URL) {
day = new Date();
id = day.getTime();
eval("page" + id + " = window.open(URL, '" + id + "', 'toolbar=0,scrollbars=0,location=0,statusbar=1,menubar=0,resizable=0,width=400,height=300,left = 337,top = 159');");
}
</script>
</head>
<body>
<center><img src="logo.jpg" width="400" height="64" alt="Advanced Login System" align="middle" /></center>
<table width="400" border="1" cellspacing="1px" cellpadding="5px" align="center" style="border-style:solid; border-width:2px; border-collapse:collapse;" cellspacing="0px">
<tr bgcolor="#666666" height="25px">
<td><div class="heading">Login</div></td>
</tr>
<tr bgcolor="#CCCCCC" height="150">
<td valign="top">
Welcome to our site.Please login below to access our resources.
<form action="<?php //print $SERVER['PHP_SELF']; ?>" method="post" name="login">
Username:<input type="text" name="username" value="<?php if (isset ($COOKIE['username'])){print $COOKIE['username'];}?>" size="20" /><br />
Password: <input type="password" name="password" value="<?php if (isset ($COOKIE['password'])){print base64_decode ($COOKIE['password']);}?>" size="20" /><br />
<?php
if ($display_bot_image_login)
{
$imgtxt = rand(1000,9999);
print "<input type=\"hidden\" name=\"realcode\" value=\"".md5($imgtxt)."\" />";
print "Enter the number below:<input type=\"text\" name=\"code\" size=\"4\" maxlength=\"4\" /><br /><img src=\"makeimg.php?imgtxt=".base64_encode ($imgtxt)."\" /><br />";
print "<br />";
}
?>
Remember Pass? <input type="checkbox" name="rmbpw" <?php if (isset ($COOKIE['password'])){print "checked=checked";} ?> />
<input type="submit" value="Login" name="login" <?php if ($COOKIE['tries'] <= 0 && isset ($COOKIE['tries'])) {print 'disabled="disabled"'; } ?> />
</form>
<? if ($allow_guest_to_register)
{
?>
<a href="#" onClick="popUp('register.php')">Register | </a>
<? } ?>
<a href="#" onClick="popUp('reset.php')">Forgot Password?</a>
</td>
</tr>
</table>
<hr align="center" width="400px" />
<div align="center">© iQuest Studios 2006</div>
</body>
</html>
<?php
}
ob_end_flush();
?>

cahva

$userID = "Select person_ID from ".$mysql_pretext."_users where username=´$username´";
$personID = mysql_query ($userID);

With that, the $personID is the resource id. With resourceid you can use mysql_fetch_row, mysql_fetch_array, mysql_result etc. to get the actual rows.

Use:

$sql = "Select person_ID from ".$mysql_pretext."_users where username=´$username´ LIMIT 1";
$result = mysql_query($sql);

if (mysql_num_rows($result)==1)
	$personID = mysql_result($result,0);
else
	//user not found. Print error or something

sander_ESP

i tried, it doesnt work either..

for some reason i cant store the username in a variable in login.php and then use it in index.php

i echo´d the $personID and $username in index.php and both are empty