How to echo user specific data on landing page after login

[phpnewbie26]

Hi, I am working on a website that users can log into from one page and administrate their users from another.

first page is index.php and second is admin.php. on the index page I have a form to login with that calls out

to a stand alone .php script called "checklogin.php" here is the code...

 

<?php

ob_start();

$host=; // Host name

$username=; // Mysql username

$password="; // Mysql password

$db_name="; // Database name

$tbl_name="; // Table name

// Connect to server and select databse.

mysql_connect("$host", "$username", "$password")or die("cannot connect");

mysql_select_db("$db_name")or die("cannot select DB");

// Define $login and $pass

$login=$_POST['login'];

$pass=$_POST['pass'];

// To protect MySQL injection (more detail about MySQL injection)

$login = stripslashes($login);

$pass = stripslashes($pass);

$login = mysql_real_escape_string($login);

$pass = mysql_real_escape_string($pass);

$sql="SELECT * FROM Registration WHERE login='$login' and pass='$pass'";

$result=mysql_query($sql);

// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

// If result matched $login and $pass, table row must be 1 row

if($count==1){

session_register("login");

session_register("pass");

header("location:Admin.php");

}

else {

echo "<script language='javascript'>

alert('Sorry, but you must login to view the members area!')

</script>

<script>

window.location='index.php'

</script>";

}

ob_end_flush();

?>

my admin page has this script on it as a redirect...

<?php

session_start();

if(!session_is_registered(login)){

header("admin.php");

}

?>

my question is...how can I echo out user specific data with this code onto the admin page in a div?

since the code is living outside the admin page, I cant figure out how to do it...any help, thanks!

[justsomeguy]

That code is pretty ancient, things like session_register and mysql_query have been out of use for many years now. I would recommend switching your database code to use PDO instead of the mysql extension, and using prepared statements with PDO to protect your database. For the session, you should use the $_SESSION array instead of the various session functions. If you look at the manual pages, notice the red boxes:http://php.net/manual/en/function.mysql-query.phphttp://php.net/manual/en/function.session-register.phpThe page on session_start has some examples, the PHP manual also has an entire section on using the session:http://php.net/manual/en/function.session-start.phphttp://php.net/manual/en/session.examples.basic.phpTo answer your specific question, other pages should get the logged in user ID from the session and be able to use that to look up information for that user in the database. The logged in user ID should tell you which set of users in the database they have access to edit, assuming you store that information in the database.