Jump to content
Sign in to follow this  
phpnewbie26

How to echo user specific data on landing page after login

Recommended Posts

Hi, I am working on a website that users can log into from one page and administrate their users from another.

first page is index.php and second is admin.php. on the index page I have a form to login with that calls out

to a stand alone .php script called "checklogin.php" here is the code...

 

<?php
ob_start();
$host=; // Host name
$username=; // Mysql username
$password="; // Mysql password
$db_name="; // Database name
$tbl_name="; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $login and $pass
$login=$_POST['login'];
$pass=$_POST['pass'];
// To protect MySQL injection (more detail about MySQL injection)
$login = stripslashes($login);
$pass = stripslashes($pass);
$login = mysql_real_escape_string($login);
$pass = mysql_real_escape_string($pass);
$sql="SELECT * FROM Registration WHERE login='$login' and pass='$pass'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $login and $pass, table row must be 1 row
if($count==1){
session_register("login");
session_register("pass");
header("location:Admin.php");
}
else {
echo "<script language='javascript'>
alert('Sorry, but you must login to view the members area!')
</script>
<script>
window.location='index.php'
</script>";
}
ob_end_flush();
?>
my admin page has this script on it as a redirect...
<?php
session_start();
if(!session_is_registered(login)){
header("admin.php");
}
?>
my question is...how can I echo out user specific data with this code onto the admin page in a div?
since the code is living outside the admin page, I cant figure out how to do it...any help, thanks!

Share this post


Link to post
Share on other sites

That code is pretty ancient, things like session_register and mysql_query have been out of use for many years now. I would recommend switching your database code to use PDO instead of the mysql extension, and using prepared statements with PDO to protect your database. For the session, you should use the $_SESSION array instead of the various session functions. If you look at the manual pages, notice the red boxes:http://php.net/manual/en/function.mysql-query.phphttp://php.net/manual/en/function.session-register.phpThe page on session_start has some examples, the PHP manual also has an entire section on using the session:http://php.net/manual/en/function.session-start.phphttp://php.net/manual/en/session.examples.basic.phpTo answer your specific question, other pages should get the logged in user ID from the session and be able to use that to look up information for that user in the database. The logged in user ID should tell you which set of users in the database they have access to edit, assuming you store that information in the database.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...