phpnewbie26 Posted February 10, 2015 Share Posted February 10, 2015 Hi, I am working on a website that users can log into from one page and administrate their users from another. first page is index.php and second is admin.php. on the index page I have a form to login with that calls out to a stand alone .php script called "checklogin.php" here is the code... <?php ob_start(); $host=; // Host name $username=; // Mysql username $password="; // Mysql password $db_name="; // Database name $tbl_name="; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $login and $pass $login=$_POST['login']; $pass=$_POST['pass']; // To protect MySQL injection (more detail about MySQL injection) $login = stripslashes($login); $pass = stripslashes($pass); $login = mysql_real_escape_string($login); $pass = mysql_real_escape_string($pass); $sql="SELECT * FROM Registration WHERE login='$login' and pass='$pass'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $login and $pass, table row must be 1 row if($count==1){ session_register("login"); session_register("pass"); header("location:Admin.php"); } else { echo "<script language='javascript'> alert('Sorry, but you must login to view the members area!') </script> <script> window.location='index.php' </script>"; } ob_end_flush(); ?> my admin page has this script on it as a redirect... <?php session_start(); if(!session_is_registered(login)){ header("admin.php"); } ?> my question is...how can I echo out user specific data with this code onto the admin page in a div? since the code is living outside the admin page, I cant figure out how to do it...any help, thanks! Link to comment Share on other sites More sharing options...
justsomeguy Posted February 10, 2015 Share Posted February 10, 2015 That code is pretty ancient, things like session_register and mysql_query have been out of use for many years now. I would recommend switching your database code to use PDO instead of the mysql extension, and using prepared statements with PDO to protect your database. For the session, you should use the $_SESSION array instead of the various session functions. If you look at the manual pages, notice the red boxes:http://php.net/manual/en/function.mysql-query.phphttp://php.net/manual/en/function.session-register.phpThe page on session_start has some examples, the PHP manual also has an entire section on using the session:http://php.net/manual/en/function.session-start.phphttp://php.net/manual/en/session.examples.basic.phpTo answer your specific question, other pages should get the logged in user ID from the session and be able to use that to look up information for that user in the database. The logged in user ID should tell you which set of users in the database they have access to edit, assuming you store that information in the database. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now