help with php msql query over two pages

wazza1970

Hello

i,m trying to work out how i can use my login page and carry the username information over two pages from the login.php to the login_submit.php
and then to members.php. i have tried using cookies and sessions but i can not get the members page to show there details from the database code as follows any help would be great i have been suck for awhile now.

login_submit.php

<?php

/*** begin our session ***/
session_start();
if(!isset($_SESSION['user_id']))
{
    $message = 'You must be logged in to access this page';
}

$phpro_username=$_REQUEST['phpro_username'];
/*** check if the users is already logged in ***/
if(isset( $_SESSION['user_id'] ))
{
    $message = 'Users is already logged in';
}
/*** check that both the username, password have been submitted ***/
if(!isset( $_POST['phpro_username'], $_POST['phpro_password']))
{
    $message = 'Please enter a valid username and password';
}
/*** check the username is the correct length ***/
elseif (strlen( $_POST['phpro_username']) > 20 || strlen($_POST['phpro_username']) < 4)
{
    $message = 'Incorrect Length for Username';
}
/*** check the password is the correct length ***/
elseif (strlen( $_POST['phpro_password']) > 20 || strlen($_POST['phpro_password']) < 4)
{
    $message = 'Incorrect Length for Password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['phpro_username']) != true)
{
    /*** if there is no match ***/
    $message = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['phpro_password']) != true)
{
        /*** if there is no match ***/
        $message = "Password must be alpha numeric";
}
else
{
    /*** if we are here the data is valid and we can insert it into database ***/
    $phpro_username = filter_var($_POST['phpro_username'], FILTER_SANITIZE_STRING);
    $phpro_password = filter_var($_POST['phpro_password'], FILTER_SANITIZE_STRING);

/*** now we can encrypt the password ***/
$phpro_password = sha1( $phpro_password );

/*** connect to database ***/
/*** mysql hostname ***/
$mysql_hostname = 'localhost';

/*** mysql username ***/
$mysql_username = 'username';

/*** mysql password ***/
$mysql_password = 'password';

/*** database name ***/
$mysql_dbname = 'database name';

try
{
    $dbh = new PDO("mysql:host=$mysql_hostname;dbname=$mysql_dbname", $mysql_username, $mysql_password);
    /*** $message = a message saying we have connected ***/

    /*** set the error mode to excptions ***/
    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    /*** prepare the select statement ***/
    $stmt = $dbh->prepare("SELECT phpro_user_id, phpro_username, phpro_password FROM phpro_users 
                WHERE phpro_username = :phpro_username AND phpro_password = :phpro_password");

    /*** bind the parameters ***/
    $stmt->bindParam(':phpro_username', $phpro_username, PDO::PARAM_STR);
    $stmt->bindParam(':phpro_password', $phpro_password, PDO::PARAM_STR, 40);

    /*** execute the prepared statement ***/
    $stmt->execute();

    /*** check for a result ***/
    $user_id = $stmt->fetchColumn();

    /*** if we have no result then fail boat ***/
    if($user_id == false)
    {
            $message = 'Login Failed';
    }
    /*** if we do have a result, all is well ***/
    else
    {
            /*** set the session user_id variable ***/
            $_SESSION['user_id'] = $user_id;

            /*** tell the user we are logged in ***/
            $message = 'You are now logged in';
    }


}
catch(Exception $e)
{
    /*** if we are here, something has gone wrong with the database ***/
    $message = 'We are unable to process your request. Please try again later"';
}
}


?>

<html>
<head>
<title>PHPRO Login</title>
</head>
<body>
<p><?php echo $message; 
echo'<a href="members.php">My acount</a>';?>

</body>
</html>


members.php

<html>
<head>
<title>Members Only Page</title>
</head>
<body>
<h2><?php echo $message; ?></h2>
</body>
</html>
<a href="test.php">Click here</a>
<a href="login.php?status=loggedout" class="item">Log Out</a>

<?PHP


require_once"connect.php" ;

$phpro_username=$_REQUEST['phpro_username'];

$result= mysqli_query($con, "SELECT * FROM phpro_users WHERE phpro_username='$_POST[phpro_username]'  ");
 echo"<table border='1'>
<tr>
<th>User Name</th>

</tr>";

  while ($row = mysqli_fetch_array($result))
 {
 echo'<form method="post" action="update.php">' ;

 echo "<tr>" ;
 echo "<td>" . $row['phpro_username'] . "</td>" ;
 echo "<td>" ;
echo "Id: <input type=\"text\" name=\"id\" value=\"{$row['phpro_user_id']}\" /> " ;
 echo "&nbsp;&nbsp; New Password:&nbsp;&nbsp;<input type='text' value=\"{$row['phpro_password']}\" name=\"password\"/>" ;
 echo "&nbsp;&nbsp;State:<input type=\"text\" name=\"state\" value=\"{$row['state']}\" /><br />" ;
 echo "&nbsp;&nbspPost Code:<input type=\"text\" name=\"Post_code\" value=\"{$row['Post_code']}\" />";
echo" <center>Description:<br><textarea name=\"description\" rows=\"15\" cols=\"90\">".$row['description']."</textarea></center>\n";
// Note that we are building our src string using the filename from the database
	                    echo "<img src=\"images/" . $row['filename'] . "\" alt=\"\" / width=\"90\" height=\"90\">' </a><br />";
echo"<a href=\"test/test3.php\">Up load Your Photo</a>" ;
 echo "<br />" ;

 }
 echo'<input type="submit" value="UpDate Your Account"></form>';
echo'<a href="logout.php?status=loggedout">Log Out</a>';


 ?>
</body>
</html>

any help would be great thanks heaps.

Weedpacket

If you're talking about sessions, I see nothing in members.php that mentions sessions at all. You have to tell a script to use sessions if you want it to use sessions.

wazza1970

hi yes i have session start() at the top of the page i just forgot to copy it . it is like this

session_start();

if(!isset($_SESSION['user_id']))
{

this is on top of the member.php
$message = 'You must be logged in to access this page';
}