Junior Spellweaver
- Joined
- Aug 14, 2008
- Messages
- 146
- Reaction score
- 12
echo"You have " + $ucoins " U-Coin(s)";
echo "You have " . $ucoins . " U-Coin(s).";
echo $i['name'];
<?php
mysql_connect('','','');
mysql_select_db('','');
$yourquery = mysql_query("SELECT columnname FROM tablename WHERE id = '$_SESSION[user_id]'");
while ($row = mysql_fetch_assoc($yourquery){
echo $row['columnname']; //This will output the data UCoins just make a sentence to it as in , You have 1 UCoins.. There is a way simpler way to write this I just chose this
}
?>
The biggest problem I'm having is formatting it, and getting the users username. The user would have to be logged in. How would I check what account the user logged in with?
<?php
if(isset($_SESSION['id'])){
echo "<meta http-equiv=refresh content=\"0\" />";
}else{
if(isset($_POST['login'])) {
$u = mysql_real_escape_string(stripslashes($_POST['username']));
$p = mysql_real_escape_string(stripslashes($_POST['password']));
$s = mysql_query("SELECT * FROM `accounts` WHERE `name`='".$u."'") or die(mysql_error());
$i = mysql_fetch_array($s);
if($i['password'] == hash('sha512',$p.$i['salt']) || sha1($p) == $i['password']){
$userz = mysql_query("SELECT * FROM `accounts` WHERE `name`='".$i['name']."' AND `password`='".$i['password']."'") or die(mysql_error());
$auser = mysql_fetch_array($userz);
$_SESSION['id'] = $auser['id'];
$_SESSION['name'] = $auser['name'];
$gmammt = $gmlevel - 1;
if($auser['gm'] > $gmammt){
$_SESSION['gm'] = $auser['gm'];
}
} else {
$return = "Invalid username or password.";
}
}
echo "
<div class=\"regtext\">
<form method=\"post\" action=''>
<table border=\"0\" width=\"155\">
<tr>
<td>
Username:
<input type=\"text\" name=\"username\" maxlength=\"12\" />
</td>
</tr>
<tr>
<td>
Password:
<input type=\"password\" name=\"password\" maxlength=\"12\" />
</td>
</tr>
<tr>
<td align='center'>
<input type=\"submit\" style=\"width:48%;\" name=\"login\" value=\"Login\" />
".$return."
</td>
</tr>
</table>
</form>
</div>";
}
?>
Alright, the mysql_query and query_row I understand how to use. For session variables, I will post my login script.
PHP:<?php if(isset($_SESSION['id'])){ echo "<meta http-equiv=refresh content=\"0\" />"; }else{ if(isset($_POST['login'])) { $u = mysql_real_escape_string(stripslashes($_POST['username'])); $p = mysql_real_escape_string(stripslashes($_POST['password'])); $s = mysql_query("SELECT * FROM `accounts` WHERE `name`='".$u."'") or die(mysql_error()); $i = mysql_fetch_array($s); if($i['password'] == hash('sha512',$p.$i['salt']) || sha1($p) == $i['password']){ $userz = mysql_query("SELECT * FROM `accounts` WHERE `name`='".$i['name']."' AND `password`='".$i['password']."'") or die(mysql_error()); $auser = mysql_fetch_array($userz); $_SESSION['id'] = $auser['id']; $_SESSION['name'] = $auser['name']; $gmammt = $gmlevel - 1; if($auser['gm'] > $gmammt){ $_SESSION['gm'] = $auser['gm']; } } else { $return = "Invalid username or password."; } } echo " <div class=\"regtext\"> <form method=\"post\" action=''> <table border=\"0\" width=\"155\"> <tr> <td> Username: <input type=\"text\" name=\"username\" maxlength=\"12\" /> </td> </tr> <tr> <td> Password: <input type=\"password\" name=\"password\" maxlength=\"12\" /> </td> </tr> <tr> <td align='center'> <input type=\"submit\" style=\"width:48%;\" name=\"login\" value=\"Login\" /> ".$return." </td> </tr> </table> </form> </div>"; } ?>
function userCheck($username, $password) {
return $query = mysql_num_rows(mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'"));
}
why can't we use meta refresh? isn't that the most basic stuff and easy?Number one rule: Do not use meta refresh. Use "header(location: filename.php);".
I'm not quite sure at how others work around with their login script but I, instead of what you're doing (getting the information out of the database, match it with the information posted and then parse the rest of the script), match the posted information directly with the database, using mysql_num_rows.
Something like this:
PHP:function userCheck($username, $password) { return $query = mysql_num_rows(mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'")); }
If 1, success. If 0, denial. Simple, effective..
I believe far more effective than your way of doing things. You see, your first query is completely unrequired. Why check only for the username? If, upon registration, you already check if there's already a username with that name and if there is you won't allow them to register, why not automatically check, on login, if there's a match between a username/password combination? You're wasting perfomance.
Also, when you're fetching your user data, on the SELECT query you need to specify what you want to retrieve from the table. I see you were trying to fetch your username's level, but you didn't select it. I'm sure there's a better way of doing what you want, perfomance wise, but start by trying to fetch the username+password+gmlevel first and then working around it.
Also, instead of "$auser", why not "$aUser" ? It's pretty tough to read what you wrote up there
Good luck mate!
(Anyone feel free to correct me please.. If I said anything wrong, I'd like to know it.)
I'll quote what timebomb posted in another thread -why can't we use meta refresh? isn't that the most basic stuff and easy?
timebomb said:3) I explained this recently in another thread, but that thread got deleted for some reason unbeknownst to me... you should not be using meta refresh to refresh pages. You should use header('Location:You must be registered to see links'). The only reason you wouldn't be able to use this is if you already sent out content before sending out headers. In that case, it shows bad application design. If you have no other choice, meta refresh does usually work, although it is incorrect HTML if it is anywhere outside of the head tag.
$ucoins = mysql_query("SELECT votingpoints FROM accounts WHERE `name`='".$_SESSION['name']."' LIMIT 1");
// Best thing to do is limit it to 1 when using fetch row. The session is set in your login.
$data = mysql_fetch_row($ucoins);
//This pulls out any requested data from a single row in the database.
echo "You have " + $data[0] " U-Coin(s)";
// Since you set votingpoints in the query [0] is the votingpoints data.