what is the correct way of creating a member view page (profile page)

Question

divinity02 6 Posting Whiz in Training

6 Years Ago

hi all

what is the best possible way i can create a members view page (profile page) I am doing ths assignment where i have to create two pages, one is a members view page and a members edit page.

the members view page page(profile page is like when u sign up with a website and when u login, your profile page is what you can see. ths members view page(profile page) is where also will display the user personal information which will be stored in the database.

and

the member edit page will display a populated xhtml form with the user information and to which they should be able to edit their information which will not be the same as re-entering data.

will this codes that I have is enough to give me the required results. This is just the beginning as i have now started it.

<?php
        session_start();

        $dbhost = "localhost"; 
        $dbname = "database"; 
        $dbuser = "username"; 
        $dbpass = "password";

        mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());//this function connects the script to the db server
        mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());//this function chooses which database to use with the script

        session_start();

        mysql_connect($db_host, $db_username, $db_password) or die("MySQL Error: " . mysql_error());
        mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());

?>
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
     ?>

     <h1>Member Area</h1>

     <p'Welcome!!!!!! firstname lastname, you are now a member of theCaribbean Culinary Institue Network (CCIN), Your monthly newsletter will be emailed to."Thanks for logging in! You are <code><?=$_SESSION['Username']?></code> and your email address is <code><?=$_SESSION['EmailAddress']?></code>.</p>

     <?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
    $username = mysql_real_escape_string($_POST['username']);
    $password = md5(mysql_real_escape_string($_POST['password']));

    $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");

    if(mysql_num_rows($checklogin) == 1)
    {
        $row = mysql_fetch_array($checklogin);
        $email = $row['EmailAddress'];

        $_SESSION['Username'] = $username;
        $_SESSION['EmailAddress'] = $email;
        $_SESSION['LoggedIn'] = 1;

        echo "<h1>Success</h1>";
        echo "<p>We are now redirecting you to the member area.</p>";
        echo "<meta http-equiv='refresh' content='=2;index.php' />";
    }
    else
    {
        echo "<h1>Error</h1>";
        echo "<p>Sorry, your account could not be found. Please <a href=\"index.php\">click here to try again</a>.</p>";
    }
}
else
{
    ?>

   <h1>Member Login</h1>

   <p>Thanks for visiting! Please either login below, or <a href="register.php">click here to register</a>.</p>

    <form method="post" action="index.php" name="loginform" id="loginform">
    <fieldset>
        <label for="username">Username:</label><input type="text" name="username" id="username" /><br />
        <label for="password">Password:</label><input type="password" name="password" id="password" /><br />
        <input type="submit" name="login" id="login" value="Login" />
    </fieldset>
    </form>

   <?php
}
?>

php

2 Contributors
3 Replies
541 Views
11 Hours Discussion Span
Latest Post 6 Years Ago Latest Post by rproffitt

rproffitt 2,662 "Nothing to see here."

6 Years Ago

@divinity02. "Best" is achieved by stating what is best. The above fails one of the criteria of user login systems on a very basic item. Since you are asking for best but didn't detail what best is, I think you have changed your question from your first post to something else.

It's an assignment so for this round you are under the gun to get anything that works. My view is that if this is what is being taught today then you see the genesis of why we see so many data breaches today. Folk are being taught an incorrect system and unlearning is harding than learning.

jkon commented: First achieve sufficiency and then ask about “best” +9

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

rproffitt 2,662 "Nothing to see here." Moderator · Answer 1 · 2018-04-21T03:34:23+00:00

I think this must be one of those first times for the person who wrote that code. It breaks a rule about passwords in the database.

In case you didn't hear or read about it, here's your Google -> https://www.google.com/search?q=Never+store+passwords+in+a+database

divinity02 6 Posting Whiz in Training · Answer 2 · 2018-04-21T04:13:56+00:00

sorry about that but beside the password thingy, is that the best way or is it not, having ah hard time figuring this thing out inno.