displaying customer data after login

trustedruss

I've got some php experience, but I mostly download and modify scripts. What I'm working on is a database where the clients login and then can view a list of names they have uploaded to our server as well as viewing their shopping cart history. I've got a login script, but I can't seem to figure out how to have the data that displays match their login information. I know how to display data from a table, but I can't figure out how to add the piece so that only the data that was uploaded by this particular person is displayed when they login. Ideally, I could find a complete script that contains the login, shopping cart, and data but so far, I haven't found anything like that.

The basic idea is that my clients upload their logo, their picture, and an excel spreadsheet containing a list of their customers. We run a marketing company and we market to their customers on their behalf. They are charged for the service either on an upfront basis or monthly. I am trying to write a script where they can register as a new user, login, upload their logo, spreadsheet, and picture, and go to the shopping cart (I plan to use paypal for this) and then they would be able to go to their customer list and view the status of each of their customers. I know this is a lot to ask. All I'm hoping for here is for some helpful souls to point me in the right direction. I'm a hard worker and a good student.

jkurrle

To personalize each login, requires that you maintain some sort of server record, probably via database of each user. PHP can support a number of databases, but has built in support for MySQL right off the bat. Chances are, your ISP has a MySQL database login already for you.

As far as how it works, your user logs in, which you check the login/password against the database. If it matches, you set a global variable to logged in, a second to what the user name is. You then check the database to see what files they have uploaded, then you serve up the files that the database says is theirs.

That's the basic methodology. The things you are going to want to look at are as follows:

1) MySQL basics - one of my earlier posts here has an extensive primer on how to interface with MySQL. If you do a search on the posts, it will likely come up.
2) Global variables - I covered some of the basics in a post here as well, but it may be a little harder to find.
3) Securing your login against MySQL injection attacks - there are numerous posts here on that subject.
4) uploading files - I imagine there are posts here, but if you google "PHP uploading" I think you find the information a little faster.

I'm not sure about the spreadsheet thing. Do you want them to download the spreadsheet they previously uploaded, or are you looking to convert their uploaded spreadsheet into database data that can be reloaded onto their page for them? The first would be far easier to do than the second, unless you are having them upload the spreadsheet in a CSV format.

Best of luck.

trustedruss

I appreciate you giving me your feedback. I have been working with PHP and mySQL for a while and I've used navicat and phprunner very successfully as well as modifying other peoples code somewhat to suit my needs.

I've downloaded and installed this script http://www.altele.com.au/PHP-Login

It's working fine and I can login and it says welcome "name of person logged in"

what I don't know how to do is have it show only that person's data. the file upload script I can find, Securing your login against MySQL injection attacks, like you said, I can find that info too. By any chance, can you look at this code and give me your thought if i can just easily modify this code or if there's another set of code you recommend instead of this?

Thanks Much.

jkurrle

Well, a number of the files are protected, so I cannot see entirely what's going on. There should be a global variable that's set that identifies the person. Look for a $_GLOBAL[] variable in your code. If not, check to see if a cookie is being set. One way or the other is how most scripts monitor if someone is logged in.

The key to keeping track of what belongs to whom is the members table that is used by the program. Each person has a unique id code, which is the member_id field. I would assume that the login field would be unique as well, as you don't want two different people with the same login id.

From there, you can create a second table that is uniquely tied to the first table. Use a member_id field that correlates to the member_id field in the members table. You can call it a member_files table and use a structure something like this:

1) file_id - autoincrementing primary key
2) member_id - links to the member_id in the members table
3) file_type - varchar - tells you if it's an image or a spreadsheet.
4) file_name - name of the uploaded file.

from there, you can query the linked tables together and get a combined result. Example:

SELECT firstname,lastname,file_type,file_name from members,member_files
WHERE members.member_id=member_files.member_id
AND member_id="6";

Does this make sense?

trustedruss

Okay, wow. I found the perfect login solution. Now I'm working on a captcha solution and I see that Microsoft just came out with something I really like.

Here's the link to the login script
http://www.evolt.org/node/60384
and here's the microsoft script
http://research.microsoft.com/asirra/installation.aspx
I'm trying to figure out what microsoft is talking about here. I've got it close but it's not quite working. Here's how I merged the two register.php and microsofts data but I can't get it to work right. can you see what I missed?

you can see the live version at www.soundmethodmarketing.com/main.php.

here's the code I merged together.
<?
/**
Register.php

Displays the registration form if the user needs to sign-up,
or lets the user know, if he's already logged in, that he
can't register another name.

Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
Last Updated: August 19, 2004
*/
include("include/session.php");
?>

<html>
<title>Registration Page</title>
<body>

<?
/
The user is already logged in, not allowed to register.
/
if($session->logged_in){
echo "<h1>Registered</h1>";
echo "<p>We're sorry <b>$session->username</b>, but you've already registered. "
."<a href=\"main.php\">Main</a>.</p>";
}
/
The user has submitted the registration form and the
results have been processed.
/
else if(isset($SESSION['regsuccess'])){
/ Registration was successful /
if($SESSION['regsuccess']){
echo "<h1>Registered!</h1>";
echo "<p>Thank you <b>".$SESSION['reguname']."</b>, your information has been added to the database, "
."you may now <a href=\"main.php\">log in</a>.</p>";
}
/ Registration failed /
else{
echo "<h1>Registration Failed</h1>";
echo "<p>We're sorry, but an error has occurred and your registration for the username <b>".$SESSION['reguname']."</b>, "
."could not be completed.<br>Please try again at a later time.</p>";
}
unset($SESSION['regsuccess']);
unset($SESSION['reguname']);
}
/**
The user has not filled out the registration form yet.
Below is the page with the sign-up form, the names
of the input fields are important and should not
be changed.
/
else{
?>

<h1>Register</h1>
<html>
<title></title>
<script type="text/javascript">

function HumanCheckComplete(isHuman)
{
if (isHuman)
{
formElt = document.getElementById("mainForm");
formElt.submit();
}
else
{
alert("Please correctly identify the cats.");
return false;
}
}

</script>
</head>

<body>
<h3>
Hey humans, sign up today for an account at Sound Method Marketing LLC!
</h3>

<p>
  <?

if($form->num_errors > 0){
echo "<td><font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font></td>";
}
?>
<form action="process.php" method="POST">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td><td><? echo $form->error("user"); ?></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td></tr>
<tr><td>Email:</td><td><input type="text" name="email" maxlength="50" value="<? echo $form->value("email"); ?>"></td><td><? echo $form->error("email"); ?></td></tr>
<tr><td colspan="2" align="right">
<input type="hidden" name="subjoin" value="1">
<input type="button" value="Join!" onClick="javascript:Asirra_CheckIfHuman(HumanCheckComplete)"></td></tr>

<?
}
?>
<br><script type="text/javascript" src="//challenge.asirra.com/js/AsirraClientSide.js"></script>
<script type="text/javascript">
// You can control where the big version of the photos appear by
// changing this to top, bottom, left, or right
asirraState.SetEnlargedPosition("bottom");

		// You can control the aspect ratio of the box by changing this constant
		asirraState.SetCellsPerRow(6);
	</script>
	<br>
</form>

</body>
</html>