what php code should i add if i need the custno[id no] to be included when i submit the log-in button?

this code runs, but i really need the code for the custno to be included.
start.php

<?php
session_start();

session_destroy();
?>
<html >
<head>
<title>Login Form </title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></head>
 <font color=black >
<center> <h1>
Login Program
</h1>
<h2>
<br> 

</center>
</h2>
</font> 
<br> <br>

<body>
<center>
<? echo $message; ?>
<form id="form1" name="form1" method="post" action=" main.php ">
<table bgcolor="#999999" border="2">
<tr>

<td><font color=black> <b> User Name: </b> </font> </td> 
</b>
<td><input name="username" type="text" id="username" /></td>
</tr>
<tr>

<td><font color=black> <b> Password : </b> </font> </td>

<td><input name="password" type="password" id="password" /></td>
</tr>
</table>
<br>
<input name="login" type="submit" id="login" value="Login" />
</form>
</body>

</center>
</html>

main.php

<?php
// Use session variable on this page. This function must put on the top of page.
session_start();

////// Logout Section. Delete all session variable.
session_destroy();

$message="";

////// Login Section.
$login=$_POST['login'];
if($login){ // If clicked on Login button.
$username=$_POST['username'];

$password=$_POST['password']; 

// Connect database.
$host="localhost"; // Host name.
$db_user="jinjin";
$db_password="sahromo";
$database="romo_reserve"; // Database name.
mysql_connect($host,$db_user,$db_password);
mysql_select_db($database);

// Check matching of username and password.
$results=mysql_query("select * from admin where username='$username' and password='$password'");
if(mysql_num_rows($results)!='0'){ // If match.
session_register("username");
$_SESSION['username'] = $username;
 // Craete session username.
header("location:indexpw.php"); // Re-direct to main.php
exit;
}else{ // If not match.
$message="--- Incorrect Username or Password ---";
echo " <h2> $message <h2>";
}

} // End Login authorization check.
?>

indexpw.php

<html>
<title>Untitled Document</title>
<style type="text/css">
<!--
.style1 {color: #FFCCFF}
.style3 {
	font-family: Geneva, Arial, Helvetica, sans-serif;
	font-weight: bold;
	color: #000000;
}
-->
</style></head>

<body>
<center>
  <table width="200" border="1" bgcolor="#CCCCCC">
  <tr>
    <td bgcolor="#CCCCCC"><p></p>
      <tr bgcolor="#CCCCCC" bordercolor="#FFFFFF"><p>
        <?php
// You may copy this PHP section to the top of file which needs to access after login.
 session_start(); // Use session variable on this page. This function must put on the top of page.
if(!session_is_registered("username")){ // if session variable "username" does not exist.
 header("location:start.php"); // Re-direct to index.php
 }
?>


<table bgcolor="#FFFFFF" border="2" align="center" bordercolor="#FF0000">
<p><label><span class="style3">Welcome 
    <?php   echo $_SESSION['username'];  ?> 
  ! You are now Logged in. [ <a href="start.php">Logout ] </a></span></label></p>
</p></table></td>
  </tr>
</table>
<table width="728" height="30" border="0" bgcolor="#333333">
  <tr>
    <td><div align="center" class="style1">HOME | ABOUT US |<a href="services.php"> SERVICES </a>| <a href="Registration.php">REGISTER</a> | CONTACT US | <a href="start.php">ADMIN LOG-IN  </a> </div></td>
  </tr>
</table>
</center>
</body>
</html>
Member Avatar for diafol

How on earth can you guess the customer id when he hasn't logged in yet? You can retrieve the customer id from the DB once the user has logged in successfully, but not before.

How on earth can you guess the customer id when he hasn't logged in yet? You can retrieve the customer id from the DB once the user has logged in successfully, but not before.

after the user has log-in, he/she can view its profile. but i don't know what code should i write.

:-/

Member Avatar for diafol

On login, retrieve the user id from the DB, then using a session variable propagate this in all pages. You'll need something like this:

session_start();

at the top of every page

Then on login procedure:

$rs = mysql_query("SELECT user_id, ...other fields... FROM users WHERE username = '$username' AND password = '$password'");

If you get a result, set the id into a session var:

$_SESSION['login_id'] = $row['user_id'];

Use this when the logged in user goes to the profile page:

if(isset($_SESSION['login_id'])){
 $login = $_SESSION['login_id']; 
 $rs = mysql_query("SELECT field1, field2... FROM profiles WHERE user_id = $login");

 ...build page with this data...

}else{
  header('Location: http://www.example.com/index.php');
}

You'll find that you need strict validation and sanitization functions to protect yourself from SQL injections and XSS scripting. But those are the bare bones.

thanks.. ill try that..

you also have the option of using
<input type='hidden' name='cust_id' value='{$customer_id}'>
nd use this to pass the customer id in pages..

using sessions is a better idea .. but i'd prefer the use of cookies ... !!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.