please if u can help me
i have created a log in on dreamweaver and i had created one intranet in one company coz i have on study project to do
i have created emploeys with their datas
and created a log in form on dreamweaver
but the problem is: when i log in as a username :grisel with the pasword :grisel the programs showed me my datas and all the other users datas
i want a restrict acces when i log in as grisel, program show me only grisel datas and not the others users datas
if u got it the problem,please give me an asnwer

you need to filter the sql syntax that you are using, can you post the code here?

prova _db.php :

<?php
# FileName="Connection_php_mysql.htm"
# Type="MYSQL"
# HTTP="true"
$hostname_prova_db = "localhost";
$database_prova_db = "intranet_db";
$username_prova_db = "root";
$password_prova_db = "";
$prova_db = mysql_pconnect($hostname_prova_db, $username_prova_db, $password_prova_db) or trigger_error(mysql_error(),E_USER_ERROR); 
?>

prova.php :
<?php require_once('../Connections/prova_db.php'); ?>
<?php
mysql_select_db($database_prova_db, $prova_db);
$query_rs1 = "SELECT * FROM punonjesit ";
$rs1 = mysql_query($query_rs1, $prova_db) or die(mysql_error());
$row_rs1 = mysql_fetch_assoc($rs1);
$totalRows_rs1 = mysql_num_rows($rs1);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<?php echo $row_rs1['Emri_Depart']; ?>
<p>
  <?php
mysql_free_result($rs1);
?>
</p>
<p><?php echo $row_rs1['Emri_drejtor']; ?></p>
<body>
</body>
</html>

loglog.php :
<?php require_once('../../../Connections/user1_db.php'); ?><?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "Connections/user1.php";
  $MM_redirectLoginFailed = "loglog.php";
  $MM_redirecttoReferrer = true;
  mysql_select_db($database_user1_db, $user1_db);

  $LoginRS__query=sprintf("SELECT username, mbiemri FROM punonjesit WHERE username='%s' AND mbiemri='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 

  $LoginRS = mysql_query($LoginRS__query, $user1_db) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";

    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;      

    if (isset($_SESSION['PrevUrl']) && true) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];  
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?><!DOCTYPE html>
<html lang="en">
<head>
<title>Home</title>
    <meta charset="utf-8">
    <meta name="description" content="Your description">
    <meta name="keywords" content="Your keywords">
    <meta name="author" content="Your name">
    <link rel="stylesheet" href="css/style.css">
    <script src="js/jquery-1.6.4.min.js"></script>
    <script src="js/cufon-yui.js"></script>
    <script src="js/Franklin_Gothic_Medium_400.font.js"></script>
    <script src="js/cufon-replace.js"></script>
    <script src="js/script.js"></script>
<!--[if lt IE 7]>
  <div class='aligncenter'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://storage.ie6countdown.com/assets/100/images/banners/warning_bar_0000_us.jpg"border="0"></a></div>  
    <![endif]-->
    <!--[if lt IE 9]>
    <script src="js/html5.js"></script>
  <link rel="stylesheet" href="css/ie.css"> 
<![endif]-->
</head>
<body>
<div class="bg">
    <!--==============================header=================================-->
    <header>
        <div class="main">
            <h1>&nbsp;</h1>
            <nav>
                <ul class="sf-menu">
                    <li class="current"><a href="index.html">home</a><ul>
                            <li><a href="../../../Home.htm">Historik</a></li>
                            <li><a href="more.html">Struktura Organizative</a></li>
                            <li><a href="Kushtet_e_pergjithshme_te_punes_te_Bankes_se_Shqiperise.pdf">Rregulla Administrative </a></li>
                        </ul>
                  </li>
                    <li><a href="../../../POLITIKA MONETARE.docx">politika monetare </a></li>
                    <li><a href="../../../ISO_14001_TRAINING_ALB.pdf">trajnime</a></li>
                    <li><a href="index-4.html">blog</a></li>
<li></a></li>
                    <li></li>
                </ul>

                <form action="/webroot/intranet_site/intranet_result.php" method="get" name="fmsearch" id="fmsearch">
                <table width="323">
                  <!--DWLayoutTable-->
                  <tr>
                    <th width="40" height="35"><!--DWLayoutEmptyCell-->&nbsp;</th>
<th width="150" valign="top"><!--DWLayoutEmptyCell-->&nbsp;</th>
<th width="52" valign="top"><!--DWLayoutEmptyCell-->&nbsp;</th>
</tr></table>
</form>
 </nav>
            <div class="clear"></div>
          <div class="shadow">
                <div class="main-img"></div>
                <img src="../../../images/banka2.bmp" alt="banka" longdesc="../../../images/banka2.bmp">
                <ul class="links">
                    <li></li>
                    <li></li>
                    <li></li>
                </ul>
          </div>
        </div>
  </header>
    <!--==============================content================================-->
    <section id="content">

</div>
                    </div>
                    <h3>User Login</h3>

<table border="0">
<form method="POST" action="<?php echo $loginFormAction; ?>">
<tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20"></td></tr>
<tr><td>Password</td><td>:</td>
  <td><a href="http://localhost/webroot/intranet_site/Templates/free_extended-package-templates_udwl2lyk39k5pqr9/site/user1.php"></a>
    <input type="password" name="password" size="20"></td></tr>
<tr><td>&nbsp;</td><td>&nbsp;</td>
  <td><a href="http://localhost/webroot/intranet_site/Templates/free_extended-package-templates_udwl2lyk39k5pqr9/site/user1.php">
    <input name="submit" type="submit" value="Login" >
  </a></td>
</tr> 
</form>
</table>

<form name="form1" method="post" action="">
  <label></label>
</form>
</body>
</html>

tell me if i have wrong query coz shows me the table with the attributes but dosnt show me the uesers data

I dont understant what's line 58: mysql_select_db($database_user1_db, $user1_db);
there's no variables ..._user1 are they on user1_db.php?

and the right query should be ?

and it goes to "Connections/user1.php"? are the sessions with the correct values on the other page?

ok thats mt worng,user 1 is not variabel.u w right,but i didnt change to prova.db that connect to the other page,here is the my right code,and i wanna know if u can give me an answer how i will get user details display

lolog.php


<?php require_once('../../../Connections/prova_db.php'); ?><?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "Connections/prova.php";
  $MM_redirectLoginFailed = "loglog.php";
  $MM_redirecttoReferrer = true;
  mysql_select_db($database_user1_db, $user1_db);

  $LoginRS__query=sprintf("SELECT username, mbiemri FROM punonjesit WHERE username='%s' AND mbiemri='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 

  $LoginRS = mysql_query($LoginRS__query, $user1_db) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";

    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;      

    if (isset($_SESSION['PrevUrl']) && true) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];  
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?><!DOCTYPE html>
<html lang="en">
<head>
<title>Home</title>
    <meta charset="utf-8">
    <meta name="description" content="Your description">
    <meta name="keywords" content="Your keywords">
    <meta name="author" content="Your name">
    <link rel="stylesheet" href="css/style.css">
    <script src="js/jquery-1.6.4.min.js"></script>
    <script src="js/cufon-yui.js"></script>
    <script src="js/Franklin_Gothic_Medium_400.font.js"></script>
    <script src="js/cufon-replace.js"></script>
    <script src="js/script.js"></script>
<!--[if lt IE 7]>
  <div class='aligncenter'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://storage.ie6countdown.com/assets/100/images/banners/warning_bar_0000_us.jpg"border="0"></a></div>  
    <![endif]-->
    <!--[if lt IE 9]>
    <script src="js/html5.js"></script>
  <link rel="stylesheet" href="css/ie.css"> 
<![endif]-->
</head>
<body>
<div class="bg">
    <!--==============================header=================================-->
    <header>
        <div class="main">
            <h1>&nbsp;</h1>
            <nav>
                <ul class="sf-menu">
                    <li class="current"><a href="index.html">home</a><ul>
                            <li><a href="../../../Home.htm">Historik</a></li>
                            <li><a href="more.html">Struktura Organizative</a></li>
                            <li><a href="Kushtet_e_pergjithshme_te_punes_te_Bankes_se_Shqiperise.pdf">Rregulla Administrative </a></li>
                        </ul>
                  </li>
                    <li><a href="../../../POLITIKA MONETARE.docx">politika monetare </a></li>
                    <li><a href="../../../ISO_14001_TRAINING_ALB.pdf">trajnime</a></li>
                    <li><a href="index-4.html">blog</a></li>
<li></a></li>
                    <li></li>
                </ul>

                <form action="/webroot/intranet_site/intranet_result.php" method="get" name="fmsearch" id="fmsearch">
                <table width="323">
                  <!--DWLayoutTable-->
                  <tr>
                    <th width="40" height="35"><!--DWLayoutEmptyCell-->&nbsp;</th>
<th width="150" valign="top"><!--DWLayoutEmptyCell-->&nbsp;</th>
<th width="52" valign="top"><!--DWLayoutEmptyCell-->&nbsp;</th>
</tr></table>
</form>
 </nav>
            <div class="clear"></div>
          <div class="shadow">
                <div class="main-img"></div>
                <img src="../../../images/banka2.bmp" alt="banka" longdesc="../../../images/banka2.bmp">
                <ul class="links">
                    <li></li>
                    <li></li>
                    <li></li>
                </ul>
          </div>
        </div>
  </header>
    <!--==============================content================================-->
    <section id="content">

</div>
                    </div>
                    <h3>User Login</h3>

<table border="0">
<form method="POST" action="<?php echo $loginFormAction; ?>">
<tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20"></td></tr>
<tr><td>Password</td><td>:</td>
  <td><a href="http://localhost/webroot/intranet_site/Templates/free_extended-package-templates_udwl2lyk39k5pqr9/site/user1.php"></a>
    <input type="password" name="password" size="20"></td></tr>
<tr><td>&nbsp;</td><td>&nbsp;</td>
  <td><a href="http://localhost/webroot/intranet_site/Templates/free_extended-package-templates_udwl2lyk39k5pqr9/site/user1.php">
    <input name="submit" type="submit" value="Login" >
  </a></td>
</tr> 
</form>
</table>

<form name="form1" method="post" action="">
  <label></label>
</form>
</body>
</html>

ok, questions: when you type your username everything is fine? it goes to success page?
after line 26 put this:
echo $LoginRS__query;

what appears?
go to your mysql console or phpmyadmin and paste the query that will appear on the page

Hey, I may be able to help if I understand your question correctly. You want to make it so only the user grisel can see grisel's data and no-one else can see grisel's data?

yes of course,only grisel can see the grisel datas and no only can see grisel datas,thats my question,when i log in as user 1 only user 1 can see his datas

@griseindria - Just select it off SESSIONS then..?

I.e.

<?php

  if(!isset($_SESSION['user_session']))
    exit("You do not have permission to access this page, sorry");

  $query = "SELECT * FROM profile WHERE user_id='{$_SESSION['user_id']}'";
  $res = mysql_query($query);
  if(!mysql_affected_rows() == 1)
    exit("Couldn't find the details");
  while($row = mysql_fetch_array($res))
  {
     // only display the users details
  }
?>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.