Re: [PHP] Where to insert a phrase in the right place
Hi, it seems that you set the $_SESSION['greeted'] variable and do not unset it anywhere. If user wants to log-in, and his credentials are OK, you then create session and set this varaible you want. If it isn't OK, you need to unset the variable or/and destroy the session so that the variable won't be set to 1 any more. Then, you need also to have some logout form/page/whatever to destroy the session in case user wants to. And unset the variable accordingly. Hope that helps. J. Mário Gamito wrote: Hi, André Medeiros wrote: ?php session_start(); if(!isset($_SESSION['greeted'])) { echo Welcome; $_SESSION['greeted'] = 1; } ? It doesn't work :( if ($_SESSION['greeted'] == 1) print('Welcome ' . $name); $_SESSION['greeted'] is always equal to 1 as set in the beginning of the file. http://www.telbit.pt/2/login.php Warm Regards -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Where to insert a phrase in the right place
On Mon, April 9, 2007 2:51 pm, Mário Gamito wrote: I'm making this site that was static and now has some dynamic features, so it's a little bit patched :) If you care to visit http://www.telbit.pt/2/login.php you'll notice that the word Welcome is already present, and only should be after the download. Also, the error You didn't fill all fields, please try again. is being displayed on page load. This is my problem and to which i ask you for your help. How can i make the word Welcome appear only after the login ? My code follows my signature. Any help would be appreciated. Warm Regards -- :wq! Mário Gamito -- pa href=recover-password.phpForgot your password ?/a ?php if ($_GET['error']) { It might be better to use: if (isset($_GET['error'])) { // SESSION You have to do: session_start(); before you can use $_SESSION. $field1 = $_SESSION['field1']; $field2 = $_SESSION['field2']; Why did you bother to get $_SESSION data if you're about to throw it away? // GET $field1 = urldecode($_GET['field1']); $field2 = urldecode($_GET['field2']); $_GET is already urldecoded before you ever see it. This is not Perl. :-) So unless you've got something doing an extra extra bogus urlencode() before it SENDS you the GET data, you shouldn't be doing urldecode. [But you get bonus points for trying to do this all neat and proper.] } $email = mysql_escape_string($_REQUEST['email']); $pass = mysql_escape_string($_REQUEST['pass']); Excellent! Some folks would claim you should use POST or GET specifically, but if your application wants to response equally well to either, that's okay too, imho -- Especially in the bad old days when you couldn't style butotns/links to look like links/buttons. :-) include('config.php'); include('adodb/adodb.inc.php'); include is NOT a function, so these parens are not doing what you think they are doing... // connect to MySQL $conn-debug=1; $conn = ADONewConnection('mysql'); $conn-PConnect($host,$user,$password,$database); I wouldn't recommend that a beginner use PConnect, as it is just going to mess you up... // get password from db $rsSel = SELECT name, password FROM subscribers WHERE email = '$email' AND valid = '1'; $rs = $conn-Execute($rsSel); $name= $rs-fields[0]; $password_db = $rs-fields[1]; if ($pass != $password_db) { It is customary to store the password in the DB as a one-way encrypted hash. For example, you could store the http://php.net/md5 of the password, and then compare md5($password) with $password_db The point being that your DB has something like: 4975gb87987hi2uh4rhvvyrt57ty in it, instead of the actual password, so if somebody manages to break into the DB or snag the data from it somehow, they STILL don't have anybody's password. field1=.urlencode($_POST['field1']).field2=.urlencode($_POST['field2']); echo div class=\blocoApresentacao\ There are some lines missing here or something... In addition to urlencoding() the data, you should also call htmlentities on the whole URL before you dump it to the browser. pWrong password, please try again./p /div; exit; } print('Welcome ' . $name); This print() statement is not inside an if(){ } block. It's ALWAYS going to print. unset ($_SESSION['error']); $conn-Close(); ? !-- end .titulo -- /div !-- end #secContent -- /div !-- end #Content e #picContent-- /div /div div id=footer p id=copyrightCopyrightcopy;2006 Telbit - Tecnologias de Informaccedil;atilde;o, Lda./p -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Where to insert a phrase in the right place
Hi, I'm making this site that was static and now has some dynamic features, so it's a little bit patched :) If you care to visit http://www.telbit.pt/2/login.php you'll notice that the word Welcome is already present, and only should be after the download. Also, the error You didn't fill all fields, please try again. is being displayed on page load. This is my problem and to which i ask you for your help. How can i make the word Welcome appear only after the login ? My code follows my signature. Any help would be appreciated. Warm Regards -- :wq! Mário Gamito -- pa href=recover-password.phpForgot your password ?/a ?php if ($_GET['error']) { // SESSION $field1 = $_SESSION['field1']; $field2 = $_SESSION['field2']; // GET $field1 = urldecode($_GET['field1']); $field2 = urldecode($_GET['field2']); } $email = mysql_escape_string($_REQUEST['email']); $pass = mysql_escape_string($_REQUEST['pass']); include('config.php'); include('adodb/adodb.inc.php'); // connect to MySQL $conn-debug=1; $conn = ADONewConnection('mysql'); $conn-PConnect($host,$user,$password,$database); // get password from db $rsSel = SELECT name, password FROM subscribers WHERE email = '$email' AND valid = '1'; $rs = $conn-Execute($rsSel); $name= $rs-fields[0]; $password_db = $rs-fields[1]; if ($pass != $password_db) { field1=.urlencode($_POST['field1']).field2=.urlencode($_POST['field2']); echo div class=\blocoApresentacao\ pWrong password, please try again./p /div; exit; } print('Welcome ' . $name); unset ($_SESSION['error']); $conn-Close(); ? !-- end .titulo -- /div !-- end #secContent -- /div !-- end #Content e #picContent-- /div /div div id=footer p id=copyrightCopyrightcopy;2006 Telbit - Tecnologias de Informaccedil;atilde;o, Lda./p -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Where to insert a phrase in the right place
[snip] How can i make the word Welcome appear only after the login ? [/snip] If you set a cookie upon login you can then check for the existence of the cookie. If the cookie exists do not display 'Welcome'. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Where to insert a phrase in the right place
Hi, Jay Blanchard wrote: [snip] How can i make the word Welcome appear only after the login ? [/snip] If you set a cookie upon login you can then check for the existence of the cookie. If the cookie exists do not display 'Welcome'. I have: session_start(); session_register(email); in the beginning of the file. I've tried: if (isset($_SESSION['email'])) print('Welcome ' . $name); but obviously it prints the Welcome word as the same. Any ideas ? Thanks in advance. Warm Regards -- :wq! Mário Gamito -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Where to insert a phrase in the right place
Hi, André Medeiros wrote: ?php session_start(); if(!isset($_SESSION['greeted'])) { echo Welcome; $_SESSION['greeted'] = 1; } ? It doesn't work :( if ($_SESSION['greeted'] == 1) print('Welcome ' . $name); $_SESSION['greeted'] is always equal to 1 as set in the beginning of the file. http://www.telbit.pt/2/login.php Warm Regards -- :wq! Mário Gamito -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php