I'm new at creating login scripts with php and MySQL and was hoping for some help. I've already gotten the basics down for actually checking that the entered information is correct and I've gotten the sessions to work correctly. However, I'm having trouble getting the user's info to pull from his/her row and displaying on the membership page. Do I need to do another query and add a while loop within this page to collect the information? Here are the scripts:
login.php
$p_num = "";
$pwd = "";
$errors = "";
$num_rows = 0;
$user_id = "";
$user_name = "";
$password = "";
$image = "";
$user_email = "";
$program = "";
if($_SERVER["REQUEST_METHOD"] == "POST"){
include("database.php");
$p_num = $_POST["username"];
$pwd = $_POST["password"];
$query = "SELECT * FROM $user_table WHERE user_id = '$p_num' AND password = '$pwd'";
$result = mysqli_query($connect, $query);
$num_rows = mysqli_num_rows($result);
if($result){
echo "There is/are " .$num_rows ." set(s) in the database with this info.<br>";
if($num_rows > 0){
session_start();
$_SESSION["login"] = 1;
header("Location: ../pages/instructor.php");
}
else{
echo "Unable to login";
}
}
}
instructor.php
<!DOCTYPE html>
<?php
include("../php/login.php");
include("../php/database.php");
?>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title></title>
<link href="../css/style.css" rel="stylesheet/less" type="text/css">
<script src="../js/jquery.2.0.3.js"></script>
<script src="../js/script.js"></script>
<script src="../js/less-1.7.4.min.js"></script>
</head>
<body>
<div id="page">
<header>
<div id="logo" class="logo_bg"></div>
<div id="fsi_logo" class="logo_bg"></div>
</header>
<div id="main">
<?php
session_start();
if(isset($_SESSION["login"])){
echo "Hello";
}
?>
<div id="bleg">
<h1><a href="../pages/create_scenario.html">BUILD SCENARIO</a></h1>
<h1><a href="#">SEARCH SCENARIOS</a></h1>
<h1><a href="#">VIEW SCENARIOS</a></h1>
</div>
</div>
<footer>Copyright© 2014 FlightSafety International</footer>
</div>
</body>
</html>
database.php
$db = "spartan";
$host = "localhost";
$user = "root";
$password = "";
$connect = mysqli_connect($host, $user, $password) or die(mysqli_error($connect));
$user_table = "users";
$user_info = "user_info";
$create_db_spartan = "CREATE DATABASE IF NOT EXISTS $db";
$create_table_users = "CREATE TABLE IF NOT EXISTS $user_table(user_id VARCHAR(10) NOT NULL, user_name VARCHAR(100), password VARCHAR(16), PRIMARY KEY(user_id))";
$create_table_users_info = "CREATE TABLE IF NOT EXISTS $user_info(user_id VARCHAR(10) NOT NULL, user_name VARCHAR(100), email VARCHAR(50), program VARCHAR(4), PRIMARY KEY(user_name))";
mysqli_query($connect, $create_db_spartan) or die(mysqli_error($connect));
mysqli_select_db($connect, $db) or die(mysqli_error($connect));
mysqli_query($connect, $create_table_users) or die(mysqli_error($connect));
mysqli_query($connect, $create_table_users_info) or die(mysqli_error($connect));
Just as an FYI, I am not concerned with SQL Injection at this point in time, this isn't something that's been released and it's on an internal network. Thanks in advance.