PHP Forum

**toad78** · 07-10-2009, 07:42 PM

I have two pages. One is 'index.php' which is the login page. The second is the 'menu.php' which loads after a member logs in. My problem is that the correct 'mem_id' of the user that logs in does not display correctly in a link that is on the 'menu.php' page. Can someone tell me where I'm going wrong?

INDEX.PHP:

PHP Code:


			
<?php
if (isset($_POST['pwd'])) { $_POST['pwd'] = sha1($_POST['pwd']); }
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
mysql_select_db($database_user, $user);
$query_getMemberInfo = "SELECT * FROM members";
$getMemberInfo = mysql_query($query_getMemberInfo, $user) or die(mysql_error());
$row_getMemberInfo = mysql_fetch_assoc($getMemberInfo);
$totalRows_getMemberInfo = mysql_num_rows($getMemberInfo);
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['pwd'];
  $MM_fldUserAuthorization = "member_access";
  $MM_redirectLoginSuccess = "menu.php";
  $MM_redirectLoginFailed = "loginfail.php";
  $MM_redirecttoReferrer = true;
  mysql_select_db($database_membership, $membership);
      
  $LoginRS__query=sprintf("SELECT username, pwd, member_access FROM members_info WHERE username=%s AND pwd=%s",
  GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $membership) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
    
    $loginStrGroup  = mysql_result($LoginRS,0,'member_access');
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;          

    if (isset($_SESSION['PrevUrl']) && true) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];    
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

HTML Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<h1><?php echo $row_getMemberInfo['heading']; ?></h1>
<?php
$text = nl2br($row_getMemberInfo['content']);
$after = str_replace("<br />", "</p><p>", $text); ?>
<p><?php echo $after ; ?></p>
<form id="login" name="login" method="POST" action="<?php echo $loginFormAction; ?>">
<label for="textfield">Username:</label>
<br />
<input name="username" type="text" id="username" size="30" maxlength="20" />
</p>
<p>
<label for="textfield">Password:</label><br />
<input name="pwd" type="password" id="pwd" size="30" maxlength="20" />
</p>
<img src="../securimage/securimage_show.php" alt="CAPTCHA Image" name="captcha" id="captcha" /><br />
<a href="#" onclick="document.getElementById('captcha').src = '../securimage/securimage_show.php?' + Math.random(); return false">Reload Image</a><br /><br />
<p style="text-indent: 0px;">Please type in the above image letters and numbers code in the text box below.<br /><span style="font-size: 11px;">(We understand that this may be an inconvenience, but we appreciate your patience.)</span></p>
<input type="text" name="captcha_code" size="10" maxlength="6" /><br />
<br />
<input name="login" type="submit" id="login" value="Log In" />
</form></body>
</html>
<?php
mysql_free_result($getMemberInfo);
?>

MENU.PHP

PHP Code:


			
<?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);
    
  $logoutGoTo = "../index.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "y";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && false) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
mysql_select_db($database_membership, $membership);
$query_getMember = "SELECT mem_id, fname, lname FROM members_info WHERE mem_id = mem_id";
$getMember = mysql_query($query_getMember, $membership) or die(mysql_error());
$row_getMember = mysql_fetch_assoc($getMember);
$totalRows_getMember = mysql_num_rows($getMember);
}
?>

HTML Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<form id="form1" name="form1" method="get" action="">
<h2>what Would you like to do today?</h2>
<p style="text-indent: 0px;">View or Modify your <a href="profile_update.php?mem_id=<?php echo $row_getMember['mem_id']; ?>">Profile</a></p>
<p style="text-indent: 0px;">Download  <a href="newsletters.php">Newsletter(s)</a></p>
<p style="text-indent: 0px;">Download the <a href="roster/roster.pdf" target="_blank">Roster</a><br />
For updates or corrections to the Roster, please contact 
<script language='JavaScript' type='text/javascript'>
<!--
var guymal_enc= ":g&ntc`;$kgojri<rtcgustctFuueue(eik9Usdlcer;Tiurct#46Eittceroihu$8Dctj&I!Ngttg:)g8";
for(guymal_i=0;guymal_i<guymal_enc.length;++guymal_i)
{
document.write(String.fromCharCode(6^guymal_enc.charCodeAt(guymal_i)));
}
//-->
</script></p>
</form>
</body>
</html>
<?php
mysql_free_result($getMember);
?>

Thank you for your time and I appreciate your help!

**skcdesign** · 07-10-2009, 07:59 PM

I have shortly walked in your code!

In menu.php
-------------
$query_getMember = "SELECT mem_id, fname, lname FROM members_info WHERE mem_id = mem_id";

Is not working because you don't have this mem_id='$mem_id' so the mem_id will not a pair!

Hope this will help you!

Greatz from Stephan in Holland!