Hello, I am new to PHP and don't really know programming except for xhtml and css.
However, I am determined to keep learning php and javascript.
I am having a problem and so I will explain as best I can.
If the code is messed up it is because I really don't know what
I am doing.
There is a client entrance page with a list of the company names.
I set up a mysql schema for each company with individual names,
and different usernames and passwords for each company person to log in as.
This is the table:
create table users (
id int not null auto_increment,
username varchar( 50 ) not null,
password varchar( 100 ) not null,
authority varchar( 10 ) not null default 'user',
primary key(id)
)
When they click on their company name they are taken to their login page
which has the form and logs them in, and will not let them log in unless they enter
the correct name and pw for that db. ( they can't log in to anyone elses company)
This is the php for one of the login pages:
<?php
session_start( );
// if username and password are set and not empty then proceed with the rest of the process
if( isset( $_POST[ 'username' ] ) && isset( $_POST[ 'password' ] ) && $_POST[ 'username' ] != '' && $_POST[ 'password' ] != '' )
{
$username = $_POST['username'];
$password = $_POST['password'];
@ $db = new mysqli( 'localhost', 'root', 'rn2846', 'kdesBarrister' );
if( mysqli_connect_errno( ) )
{
echo"Connection to the database failed. Please try again later." ;
exit;
}
//checks for username and password in db table.
$results = $db->query( "select * from users where username='" . $username . "' and password = '" . $password . "'" );
//greater than zero
if( $results->num_rows > 0 )
{
$_SESSION['username'] = $username;
//redirect
header('Location:barrister.php');
}
else
{
echo 'You must be registered before you may log in.';
}
}
?>
And this is what is in the body of that login page:
<?php
include( 'sessions.php' );
show_statement( );
if (isset($_SESSION['username']))
{
echo '<br />';
echo 'You are now logged in '.$_SESSION['username'].'';
echo '<br /><br />';
}
else
{
echo 'You are not logged in.<br />';
}
?>
<form action="login_barrister.php" method="post">
<p>
Name:
<input type="text" name="username"/>
</p>
<p>
Password:
<input type="password" name="password"/>
</p>
<p>
<input type="submit" value="Log In"/>
</p>
</form>
When they log in they go to a page with company files on it.
Here is the php on that page:
<?php session_start( ); ?>
<?php
if (isset($_SESSION['username']))
{
echo '<p>You are logged in as '.$_SESSION['username'].'</p>';
}
else
{
echo '<p>You are not logged in.</p>';
echo '<p>Only logged in members may visit these pages.</p>';
echo '<p><a href="clients.htm">Return to Client Entrance</a><br /><br /></p>';
}
?>
This is the sessions file:
<?php
function set_statement( $statement )
{
$_SESSION[ 'show_statement' ] = $statement;
}
function show_statement( )
{
if( isset( $_SESSION[ 'show_statement' ] ) && $_SESSION[ 'show_statement' ] != '' )
{
echo '<p id="statement">' . $_SESSION[ 'show_statement' ] . '</p>';
unset( $_SESSION[ 'show_statement' ] );
}
}
?>
The problem is when they log in and have not yet logged out, and they go
back to the main page with the list of companies. They can click onto
another company and it automatically says they are logged in as _____, and lets them
go into the other companies files!!!!
What do I need to do? This is really the extent of my php understanding, ( and I don't undertstand it very well at that ) so I am going to need a lot of explaining?
I appreciate any advice.
Renee
