[RESOLVED] Login Script

Edwin_Okli

<?php
$con = mysql_connect('localhost','root') or die(mysql_error());
mysql_select_db('good',$con) or die(mysql_error());

session_start();

//setting variables
$user = $_POST['user'];
$pass = $_POST['pass'];
$id = mysql_query("SELECT id FROM users WHERE user='$user'");

if(isset($_POST['submit'])){
	$res = mysql_query("SELECT * FROM users WHERE user='$user' AND pass='$pass'");
		if(mysql_num_rows($res) > 0){
			$mem = mysql_fetch_assoc($res);
			$_SESSION['uid'] = $id;
			echo "You have succesfully logged in as *insert username here*!";
		} else {
			echo "The supplied credentials were invalid!";
		}
} elseif(isset($_SESSION['uid'])){
	echo "You are already logged in as *insert username here*!";	
}

?>

First things first, correct any of my mistakes if you can. But what I really need to know is how to select the username of the user who has just logged in based on the session id.

CREATE TABLE IF NOT EXISTS `users` (
  `id` int(3) NOT NULL AUTO_INCREMENT,
  `user` varchar(40) NOT NULL,
  `pass` varchar(20) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

Any advice is good.
Thanks, Edwin =]

NogDog

This line is wrong, I believe:

$_SESSION['uid'] = $id;

It should be:

$_SESSION['uid'] = $mem['id'];

At that point the user name would be in $mem['user'], which you could use in the success message you echo, and possibly also save in $_SESSION so that it's available on other pages when you want it.

Edwin_Okli

Yay!! Thank you.. I'm getting a few error messages but only before the form is posted.
Is there any way to stop these error messages appearing?

NogDog

Edwin Okli;10939385 wrote:
Yay!! Thank you.. I'm getting a few error messages but only before the form is posted.
Is there any way to stop these error messages appearing?

To quote an old joke:

Pateint: Doctor, it hurts when I do this.
Doctor: Don't do that.

It is possible to suppress error message in a number of ways (in most cases). The best way, though, is to address all those messages to eliminate the root cause so that they are not generated in the first place.

If you have the form and the form-handler in the same file, I'm guessing you're seeing some undefined variable warnings. In that case, you should wrap the form-handling code in an if() condition block which only processes the form data if the applicable $POST field(s) are set. You can use the [man]isset/man function to check for it:

if(isset($_POST['some_form_field_name']))
{
   // do stuff with the form submission here...
}

Edwin_Okli

Ohh I see... I should just define the variables inside

if(isset($_POST['submit']){
}

Cool, will do.

bradgrafelman

Don't forget to mark this thread resolved (using the link on the Thread Tools menu above) if it is.