Years ago, I tried learning PHP. I learned just enough to get myself into trouble. I’m trying to set up a section on a website now where a user can log in and see a page that has links to PDF files. The links will change for each user.
It seems like I have everything working for the most part, even though I’m sure my code is horrible. I’ll post all my code and then ask my question below.
broker-login.html
<form method="POST" action="broker-login.php">
<table width="200" border="0" align="center" cellpadding="0" cellspacing="5">
<tr>
<td width="200">Username:</td>
<td width="200"> <input type="text" name="username" size="20" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" size="20" /></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Submit" name="login" /></td>
</tr>
</table>
</form>broker-login.php
[php]<?php
//set the level of error reporting
error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);
//convert the field values to simple variables
//add slashes to the username and md5() the password
$user = $_POST[‘username’];
$pass = $_POST[‘password’];
//set the database connection variables
$dbHost = “xxx”;
$dbUser = “xxx”;
$dbPass = “xxx”;
$dbDatabase = “xxx”;
//connet to the database
$db = mysql_connect("$dbHost", “$dbUser”, “$dbPass”) or die (“Error connecting to database.”);
mysql_select_db("$dbDatabase", $db) or die (“Couldn’t select the database.”);
$result=mysql_query(“select * from vendors where username = ‘$user’ AND password = ‘$pass’”, $db);
//check that at least one row was returned
$rowCheck = mysql_num_rows($result);
if($rowCheck > 0){
while($row = mysql_fetch_array($result)){
//start the session and register a variable
session_start();
session_register(‘username’);
//we will redirect the user to another page where we will make sure they’re logged in
header( “Location: http://savannahclassics.com/broker-user.php” );
}
}
else {
//if nothing is returned by the query, unsuccessful login code goes here…
?>
<p>Login failed. Try again.</p>
<form method="POST" action="broker-login.php">
<table width="200" border="0" align="center" cellpadding="0" cellspacing="5">
<tr>
<td width="200">Username:</td>
<td width="200"> <input type="text" name="username" size="20" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" size="20" /></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Submit" name="login" /></td>
</tr>
</table>
</form>
broker-user.php
[php]<?php
//set the level of error reporting
error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);
//start the session
session_start();
//check to make sure the session variable is registered
if(session_is_registered(‘username’)){
//the session variable is registered, the user is allowed to see anything that follows
$username = $_SESSION[‘username’];
?>
<p style="text-transform:capitalize;">Welcome, <?php echo $username; ?></p>
<ul>
<li><a href="<?php echo $username; ?>/pdf/file1.pdf">File 1</a></li>
<li><a href="<?php echo $username; ?>/pdf/file2.pdf">File 2</a></li>
<li><a href="<?php echo $username; ?>/pdf/file3.pdf">File 3</a></li>
<li><a href="<?php echo $username; ?>/pdf/file4.pdf">File 4</a></li>
</ul>
On the final page (broker-user.php) echo $username isn’t outputting anything. Any suggestions?