login php what to do retrieve data from db next steps put db info in txtbox

Question

0.00/5 (No votes)

See more:

, +

hello
i have my webpage so i can login an account.
i am now sure what i do with the login
i believe make something into a $_SESSION[username] after the correct username and password is entered.
Once you login i would like to go to a page that can pull out that specifics users information from my phpmyadmin database then i wanna have there info in a text box.

Here is what i have can you please help me get futher and show me some next steps.
What do people typically do when you enter the right info for a login.
My tables all have a userid which is primary key for the table so maybe if there is a way to pull that from the db and store it in a session,
I want to be able to retrieve the rest of my information

PHP

<?php
  				if(!isset($_POST['btnSubmit']))
				{
			?>	
					<form method="post" action="index.php">
						<label for="username">Username:</label>
						<input type="text" name="username" />
						<br>
						<label for="password">Password:</label>
						<input type="text" name="password" />
						<br>
						<input type="submit" name="btnSubmit" value="Log In!" />
					</form>
			<?php

$username = $mysqli->escape_string($username);
				    
					 $sql = "SELECT COUNT(*) FROM users WHERE email = '$username'";//username
				      if ($result = $mysqli->query($sql)) 
				      {
				        $row = $result->fetch_array();
				        // if yes, fetch the encrypted password
				        if ($row[0] == 1) 
				        {
				          $sql = "SELECT password FROM users WHERE email = '$username'"; //username
						         
				          if ($result = $mysqli->query($sql)) 
				          {
				            $row = $result->fetch_object();    
				
				            $hash = $row->password;
							
							
							if (crypt($password, $hash) == $hash) 
				            {              
				              echo 'Your login credentials were successfully verified.'; 
							  
							  session_start();
							  $_SESSION['username'] = $username;
							  
							  $queryLogin = "SELECT * FROM users WHERE email = '{$_SESSION["username"]}' ";
							  $myResult = $mysqli->query($queryLogin);
							  $myRow = $myResult->fetch_array();
							  
							  $fname = $row["firstName"];
							  
							  
							  echo "<input type=\"text\" name=\"xyz\" value='<?php echo $fname; ?>' >";
							   
				            /*
							//<input type="text" name="xyz" value=<?php echo $val; 
							//echo "<input type=\"text\" name=\"xyz\" value='$val'>";
							 *<input type="text" name="text1" value="<?php echo $row["usr_password"]; ?>">
							 * 
							 * 
							 * 
							 * 		$id = $_GET['id'];
 								 	$sql="select * from Doctor where DocID='$id'";
									$result=mysql_query($sql);
									$row=mysql_fetch_array($result);
							 * 
							 *   <input type = "text" name = "DocName" value = "<? echo $row['DocName']; ?>" >
							 * */
							 // UPDATE tablename SET columnName $variable etc... WHERE id = $id;
							
							
							/*
							 * $Name=$_POST['unames'];
								$data=mysql_query("SELECT * FROM tbl_sample where Name='$Name'");

								$info=mysql_fetch_array($data);
								while($info=mysql_fetch_array($data)){}
							 */
							} 
				            else 
				            {
				              echo 'You entered an incorrect password.';            
				            }
				          } 
						  else 
				          {
				            echo "ERROR: Could not execute $sql. " . $mysqli->error;
				          }

Posted 21-Oct-14 18:13pm

TheBigBearNow

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Member 11172092 · Accepted Answer · 2014-10-22T01:47:00

XML

Hi,

You have code very nice but as per my opinion there are some points which you can write in better way like you have write retrieve user data query multiple times which is not necessary.

Note: I used mysql_query instead of mysqli_query.. vice versa..

1.  $sql = "SELECT COUNT(*) FROM users WHERE email = '$username'"; This query is ok because you want to verify whether the email is exist or not. But instead of getting count just run the query with LIMIT 1 as I belive the email should be unique.
<pre>
$sql = "SELECT * FROM users WHERE email = '$username' LIMIT 1";
$result = mysql_query($sql) or die(mysql_error());
//now you can simply check the count
if(mysql_num_rows($result)==1) {
// continue next loop
}

Now instead of writing to get the password write to pull all the details with combination of email and password. But, before you make sure you convert the password in the format which you store in the database.

$password = md5($password); //assuing in md5 format which you can change as per database format
$sql = "SELECT * FROM users WHERE email = '$username' AND password = '$password'";
//the above query must return one row only as we have a sinble row with this combination

$result = mysql_query($sql);
if(mysql_num_rows($result)==1){
//before echoing anything first start a session which you did
session_start();
//once you start session you can create session variable and store any details here and so that you can use in other page ..
$row = mysql_fetch_array($result); //or die(mysql_error());
$_SESSION['email'] = $row['email'];
$_SESSSION['uID'] = $row['id']; // this id can be use to fetch any data from the datbaase for the specific user

//now if you want to redirect in other page just include header function
//make sure you don't echo anything before header() function otherwise it will show error
header("location:main.php");//once the login credential verify it will redirect to main.php or any other page...
}

Now, in the other page, at the beginning of the page just include session_start() at the top.

session_start();
//now you can use the user id value stored in the session to fetch the data from the database like below 
$uID = $_SESSION['uID']; //just storing the session uid in variable
$getUserData = "SELECT * FROM users WHERE id = '$uID' LIMIT 1";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($result);

// now the above query fetch data n store in $row, so we can display the user details in form any where you want.

Note: there will more code to check session exist, destroy session .. which you have to check.. ok

I hope this make you a little idea. There are many other clean way like using function or oops so that you can write the code separately but I suggest the code as per your flow.

Thanks!
Robin