0

I have a login page whose data is getting stored in database with table name "users". I want to use the inputuser from "users" that I have stored to be shown on all the php files I have created and connected to the same database.

I want to use the value of "users" only which I have used to login the database, so that I can know who is logged in. I am pasting the login page and one another php page for example.

login.php

   <?php

$inputuser = $_POST["user"];
$inputpass = $_POST["pass"];

$user = "root";
$password = "";
$database = "ABCD";

$connect = mysql_connect("localhost", $user, $password);   // Variable that Initializes connection to database
@mysql_select_db($database) or die("Database not found");

$query = "SELECT * FROM `users` WHERE `user` = '$inputuser'";
$querypass = "SELECT * FROM `users` WHERE `pass` = '$inputpass'";

echo $password;

$result = mysql_query($query) or die(mysql_error());
$resultpass = mysql_query($querypass) or die( mysql_error());

$row = mysql_fetch_array($result);
$rowpass = mysql_fetch_array($resultpass);

$serveruser = $row["user"];
$serverpass = $rowpass["pass"];

 if ($serveruser && $serverpass){
 if(!$result){
    //header('Location: fail.html');
    die("Username Name or Password is invalid");
}

echo "<br><center>Database Output</b> </center><br><br> ";
mysql_close();

echo $inputpass;
echo $serverpass;

if($inputpass == $serverpass){
    header('Location: home.php');
} 
}else {
        header('Location: fail.html');
        echo "Sorry, bad Login";
}


?>

sample.php

<?php

$taken = "false";
$database = "ABCD";
$password = "";
$username = "root";

// Connect to database
$con = mysql_connect('localhost', $username, $password) or die("Unable to connect database");
@mysql_select_db($database, $con) or die("Unable to connect");

 $paper_title =  mysql_real_escape_string($_GET['id']); 
$query = "SELECT * FROM paper WHERE ptitle = '$paper_title'"; 
$result = mysql_query($query);
$row = mysql_fetch_array($result);
mysql_close();
?>
<div align = "center">
<form method="post" action="updatedata.php" />

 <table>

 <tr>
<td>Title: </td> 
<td><input type="text" name="ptitle" value="<?php echo "$row[ptitle]" ?>">          </td>
</tr>






 </table>
 <input type ="submit" value ="Update this Information">
 </form>
</div>
  • **WARNING**: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. In this short example you have a number of dangerous [SQL injection vulnerabilities](http://bobby-tables.com/) coming from a reckless lack of [proper escaping](http://bobby-tables.com/php). Please, do not write your own authentication system when any modern [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with a robust [authentication system](http://laravel.com/docs/security) built-in. – tadman Jun 19 '15 at 17:44
  • 1
    If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) [statements](http://php.net/manual/en/pdo.prepared-statements.php) instead, and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Jun 19 '15 at 17:46
  • Sorry to say, but I didn't get anything from above comment. Be simple and specific please. I am 2 days old in this programming. –  Jun 19 '15 at 17:46
  • To store user informations sessions are used you find some informations regarding sessions [here](http://php.net/manual/de/intro.session.php). – berkyl Jun 19 '15 at 18:03
  • You find further explanations regarding @tadman's warning [here](http://stackoverflow.com/questions/22893245/creating-a-secure-login-script-in-php-and-mysql) – berkyl Jun 19 '15 at 18:11
  • @newcomer There's nothing wrong with just getting started. I provide that advisory as a warning that you're going down the wrong path, that you'll be wasting a lot of time re-inventing the wheel using obsolete interfaces if you don't change course. If you're committed to learning PHP as an application development platform, have a look at the various frameworks out there and find one that suits your style and needs. That will set you in the right direction, give you concrete examples to work from when solving problems like you're describing here, and then you can focus on being productive. – tadman Jun 19 '15 at 18:20

1 Answers1

0
    <?php

    $inputuser = $_POST["user"];
    $inputpass = $_POST["pass"];

    $user = "root";
    $password = "";
    $database = "ABCD";

    $connect = mysql_connect("localhost", $user, $password);   // Variable that Initializes connection to database
    @mysql_select_db($database) or die("Database not found");

    $query = "SELECT * FROM `users` WHERE `user` = '$inputuser'";
    $querypass = "SELECT * FROM `users` WHERE `pass` = '$inputpass'";

    echo $password;

    $result = mysql_query($query) or die(mysql_error());
    $resultpass = mysql_query($querypass) or die( mysql_error());

    $row = mysql_fetch_array($result);
    $rowpass = mysql_fetch_array($resultpass);

    $serveruser = $row["user"];
    $serverpass = $rowpass["pass"];

     if ($serveruser && $serverpass){
     if(!$result){
        //header('Location: fail.html');
        die("Username Name or Password is invalid");
    }

    echo "<br><center>Database Output</b> </center><br><br> ";
    mysql_close();

    echo $inputpass;
    echo $serverpass;

    if($inputpass == $serverpass){
          session_start();
          $_SESSION["user"] = $row["user"];
          header('Location: home.php');
    } 
    }else {
            header('Location: fail.html');
            echo "Sorry, bad Login";
    }
?>

// And you'll may use in all pages. When logout, close the session.

Attention: Change mysql_ to mysqli_

phsaires
  • 2,188
  • 1
  • 14
  • 11