Login Page PHP Urget/problem

Question

SQLpower 0 Light Poster

12 Years Ago

Basically I need some serious help on this one, last one. I am really confused.
How can I get my yearofbirth, month of birth and day of birth from my login page, with only having Username/Password as login??

Just basically, creating a

$_SESSION = ['age'] = The age of the user( after getting the ifnromation from $yearofbirth, $monthofbrith, $dayofbrtih from the database;

calculating it from the current year???I am so confused...Thanks :(

So i have a form.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<?php


include('functions.php');
write_head("Login Page", "newCSS");

?>
<body>

<div id    ="body"    >
<div id    ='sidebar' > <form method='post' action='login.php'>
<label for = 'username'> Username:</label>
<input name='username' id='username'/><br/>  
<label for = 'password'>Password:</label>
<input name='password' id='password'/><br/>
<input type='submit'  value='Log in' /></form>
<!--end of login page -->
</div>

</body>
</html>

<?php
//prevent sql injesctions
session_start();
error_reporting (E_ALL ^ E_NOTICE);
// for error handling
ini_set('session.bug_compat_42',0);
ini_set('session.bug_compat_warn',0);

$uname 	= $_POST["username"];
$pword 	= $_POST["password"];
$ybirth = $_POST["yearofbirth"];
$num_rows = 0;
$errorMessage = "";
$uname  = htmlspecialchars($uname);
$pword  = htmlspecialchars($pword);
$ybirth = htmlspecialchars($ybirth);




if(!ctype_alnum($uname))
{
    echo "ERROR: Input contains characters other than letters and numbers.";
}



$conn = mysql_connect("localhost", "root", "") or die("cannot connect"); 
mysql_select_db("") or die (mysql_error());





$sql = ("SELECT * FROM sc_users WHERE username = '$uname' and password = '$pword' and yearofbirth='$ybirth'");
$result = mysql_query ($sql);



if($result) 
{
}
else 
{
$errorMessage = "Error logging on";
}



 
 if(mysql_num_rows($result)==0)
{
    echo "ERROR - No mactching rows from the database!<br/>";
}
else
{
	$sql_check = "SELECT * FROM sc_users WHERE (username = '$uname' and password='$pword' AND isadmin= 1)";
	$sql_result = mysql_query($sql_check) or die(mysql_error());
	
	if(mysql_num_rows($sql_result)==0)
	{	
		$_SESSION['gatekeeper'] = $_POST["username"];
		$_SESSION['agez'] = $_POST["yearofbirth"];
		header("Location: mainpage.php");
	}
	else
	{
	$_SESSION['gatekeeper'] = $_POST["username"];
	$_SESSION['admin']      = $_POST["username"];
	$_SESSION['agez'] = $_POST["yearofbirth"];
		header("Location: newfilm.php");
	}
	

   
    // Redirect to the main menu
    
	$errorMessage = "logged on";
	
}
 mysql_close($conn);

?>

php

Edited 12 Years Ago by SQLpower because: n/a

2 Contributors
1 Reply
309 Views
14 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by simplypixie

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

simplypixie 123 Posting Pro in Training · Answer 1 · 2012-03-09T13:14:03+00:00

You can't get it from your login page - you need to retrieve it from the database once they have logged in correctly. Everything in your code is relying on the user inputting their year of birth in the login form and posting it through.