/    Sign up×
Community /Pin to ProfileBookmark

sessions/change data in database

I’m working on a simple script that calls information from the database. I had it so a user could “login” by calling the correct username and password from the database. Now I’m trying to use Sessions with it and would like to have the user to be able to edit a field in the database, such as their password.

Here’s what I have:

[code=php]<?php
session_start();

$db=mysql_connect(“localhost”,”username”,”password”);
mysql_select_db(“databasename”, $db);

//necessary?
/*

//check to see if sessions are set if not set them
if(!isset($_SESSION[‘username’]) or !isset($_SESSION[‘password’])){
if(!empty($_POST[‘username’]) or !empty($_POST[‘password’])){
$_SESSION[‘username’] = $_POST[‘username’];
$_SESSION[‘password’] = $_POST[‘password’];
}
else{
echo’You left the username or password field blank.’;
}
}
*/

echo ‘<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01//EN” “http://www.w3.org/TR/html4/strict.dtd”>’;
echo “<head><title> {$title} </title>”;

echo ‘<style type=”text/css”>

#forms { position:absolute;top:75px;left:200px;align:right;padding-bottom:5px;}
#text { position:absolute; top:75px; left:125px; align:left;}
.text2 { padding-top:8px;}
.forms2 { padding-bottom:6px;}
#login {position:absolute;top:100px;left:75%;}
.nav{position:absolute; top:75px; left:10%; right:10%; width:80%;background-color:#0099FF;text-align:right;a}
.input{width:100px;} </style>
</head><body>’;

$logout = ‘<a href=”logout.php”>Logout</a>’;

echo ‘<div class=”nav”><a href=”index.php”>Home</a> |’, $logout , ‘ | <a href=”register.php”>Register</a> | <a href=”links.php”>Links</a> | <a href=”faq.php”>FAQ</a></div>’;

//Check to see if username has been entered
if(empty($_POST[‘username’]) or empty($_POST[‘password’])){
echo ‘You need to enter your correct username and password.’;
}
else{
$_SESSION[‘username’] = $_POST[‘username’];
$_SESSION[‘password’] = $_POST[‘password’];
}

//Query the database for the username and password combination
$query = “SELECT User, Password FROM user WHERE User = ‘$_POST[username]’ AND Password = ‘$_POST[password]'”;
$result = mysql_query($query);

$row = mysql_fetch_array($result, MYSQL_NUM);
if($row)
{
echo “Welcome ” . $_SESSION[‘username’] . “, you have logged in.”;

echo “<div id=”login”><form action=”index.php” method=”post”>
Edit Password:<br>
Confirm Password: <input type=”text” name=”password” cols=”60″ class=”input”><br>
New Password: <input type=”password” name=”newpass” cols=”60″ class=”input”><br>
<input type=”submit”></form></div>”;

$password = $_POST[‘password’];
$new_pass = $_POST[‘newpass’];

echo $_SESSION[‘username’] .” and “. $_SESSION[‘password’];

}

else
{
echo “<div id=”login”><form action=”index.php” method=”post”>
Login:<br>
Username: <input type=”text” name=”username” cols=”60″ class=”input”><br>
Password: <input type=”password” name=”password” cols=”60″ class=”input”><br>
<input type=”submit”></form></div>”;

echo “Wrong username or password. Please try again.”;
}

$query = “Update user SET Password = ‘$new_pass’ WHERE User = ‘$username’ AND Password = ‘$password'”;
$result $db->query($query);
$query = “SELECT * FROM user”;
$result = $db->Query($query);
while ($row = $result->fetchRow(DB_FETCHMODE_ASSOC))
{
echo ‘Password Changed.’;
}

?>[/code]

I realize there’s some unnecessary data, but I’m basically just looking for the basics of what I need to be able to use the sessions to 1) travel from page to page with the user remaining “logged in” and so they can interact with the database and change their password (and other info.)

Thanks,
Daniel.

to post a comment
PHP

2 Comments(s)

Copy linkTweet thisAlerts:
@BleedauthorDec 05.2006 — Anyone?
Copy linkTweet thisAlerts:
@ShrineDesignsDec 05.2006 — here's and old login script i made a while back[code=php]<?php
define('INIT', 1);
$root = './';
include($root . 'global.php');

if(array_key_exists('register', $_GET)
{
// output register form
}
else if(array_key_exists('logout', $_GET)
{
// do logout
}
else
{
if($_POST && (isset($_POST['login_username']) && isset($_POST['login_password'])))
{
$usr = $_POST['login_username'];
$pwd = sha160($_POST['login_password']);
$result = $db->query("SELECT user_id FROM " .TBL_USERS. " WHERE username LIKE '$usr' AND password = '$pwd'");

if(!$result || !$db->num_rows($result))
{
// output login form
}
else
{
// success
}
}
else
{
// output login form
}
}
?>[/code]
begin a session at the beginning of each page.

have something like $_SESSION['key'] = sha1(username . password); then validate $_SESSION['key'] if the 'key' is invalid kill the session, example:[code=php]<?php
// init db...
session_start();

$result = mysql_query("SELECT * FROM users WHERE username = '" .$_SESSION['username']. "' LIMIT 1");

if(!$result)
{
$_SESSION = array();
session_destroy();
}
else
{
$data = mysql_fetch_array($result, MYSQL_ASSOC);

if(sha1($data['username'] . $data['password']) != $_SESSION['key'])
{
$_SESSION = array();
$data = array();
session_destroy();
}
}
?>[/code]
×

Success!

Help @Bleed spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 12.1,
social: @webDeveloperHQ,
});

legal: ({
terms: of use,
privacy: policy
analytics: Fullres
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: Anonymous,
tipped: article
amount: 1000 SATS,

tipper: @aldoushuxley,
tipped: article
amount: 1000 SATS,

tipper: Anonymous,
tipped: article
amount: 1000 SATS,
)...