1

I have made simple php files by using which I can validate username and PASSWORD and then only user can log in. I want users to update account only if they log in to account. Without validating ID and password, they can't update their Name and Surname and all... It's very simple program. Here is the table Structure.

enter image description here

It is just a Demo data. I want users to update their accounts only after logging in. Here is the file by which they can see their information by logging in.

    <html>
    <head>
        <title>
            Login
        </title>
    </head>
    <body>
<?php
if(isset($_POST["uname"]) && isset($_POST["pass"]))
{
    $uname=$_POST["uname"];
    $pass=$_POST["pass"];
    mysql_connect("localhost","adarsh","Yeah!");
    mysql_select_db("aadarsh");
    $select = mysql_query("select * from users where username='$uname' AND pass='$pass'");
    $data = mysql_fetch_array($select);
    if($uname==$data['username'] && $pass==$data['pass'])
    {
        echo "<center>";

        echo "Name: ".$data['username']."<br>";
        echo "Last namme: ".$data['lastname']."<br>";
        echo "<img src=".$data['image']."><br>";
        echo "</center>";
    }
    else
    {
        echo "<script>alert('Nope!!!');</script>";
    }
}
?>
    <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
        <input type="text" name="uname">
        <input type="pass" name="pass">
        <input type="submit" name="submit" value="Login!">
    </form>
</html>

The code is working fine and They can see their data by entering username and password. If they will enter wrong Username and password, they will just see alert box.

I just want users to update their data after logging in. Without login, they can't update their data.

But i have no idea how to do it. Once I tried by validating username and password and then redirecting to new page where they can update their account using header location but that doesn't work. I didn't get any variables on the other page.

Help me solving this....

Adarsh Sojitra
  • 2,059
  • 1
  • 27
  • 50

5 Answers5

2

Try this

<html>
    <head>
        <title>
            Login
        </title>
    </head>
    <body>
        <?php
            session_start();
            if(isset($_POST["submit"]))
            {
                $uname=$_POST["uname"];
                $pass=$_POST["pass"];
                if(empty($uname) && empty($pass))
                {
                    echo "<script>alert('Empty');</script>";
                }
                else
                {
                    mysql_connect("localhost","adarsh","Yeah!","aadarsh");

                    $select = mysql_query("select * from users where username='$uname' AND pass='$pass'");
                    $data = mysql_fetch_array($select);

                    $count = count($data);
                    if(empty($count) || $count > 1)
                    {
                        echo "<script>alert('Invalid Login');</script>";
                    }
                    else
                    {
                        $image = $data['image'];
                        $lname = $data['lastname'];
                        $username = $data['username'];

                        $_SESSION["lastname"] = $lname;
                        $_SESSION["username"] = $username;

                        echo "Name: ".'$username'."<br>";
                        echo "Last namme:".'$lname'."<br>";
                        echo "<img src='$image'><br>";

                        if(isset($_SESSION))
                        {
                            redirect('new_page.php');
                        }
                        else
                        {
                            echo "<script>alert('Something Went Wrong');</script>";
                        }

                    }

                }

            }
        ?>
        <form method="post" action="#">
            <input type="text" name="uname">
            <input type="pass" name="pass">
            <input type="submit" name="submit" value="Login!">
        </form>
    </body>
</html>

and in new_page.php

<?php
    session_start();

    if(isset($_SESSION["username"]))
    {
        //show update form
    }
    else
    {
        //redirect to login page
        redirect('login.php');
    }

Includes

  1. Using Session
  2. Optimize Query
  3. Validate all fields

and take a look at this too

  1. How can I prevent SQL-injection in PHP?
  2. MySQL extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used.
Community
  • 1
  • 1
Abdulla Nilam
  • 36,589
  • 17
  • 64
  • 85
0

So, after logging in, instead of simply displaying the users details, display a form allowing the user to update their details, something like this (incomplete code just to give you an outline):

if($uname==$data['username'] && $pass==$data['pass'])
{
    echo '<form method="" action ="">';

    echo '<input value="'.$data['username'].'" />';
    echo '<input value="'.$data['lastname'].'" />';
    echo '<input type="submit" />';
    echo "</form>";
}
foxbeefly
  • 510
  • 3
  • 13
0

If you want to pass variables from one page to another, once the user is logged in, you should use Session variables.

Javi Ps
  • 308
  • 4
  • 10
0

Thanks to all to answer on my question. Finally with the help of you guys, I solved every errors and Program is working fine!
I did this with the help of 2 files... Here are they,

updatedata.php (This file contains only html stuff... .html will also work)

    <html>
    <head>
        <title>
            Login
        </title>
    </head>
    <body>
    <form method="post" action="updateaccount.php">
        Username : <input type="text" name="uname"><br>
        Password :<input type="password" name="pass"><br>
        New Information:<br><br>
        New Name : <input type="text" name="newname"></input>
        <input type="submit" name="submit" value="Update!">
    </form>
</html>

updateaccount.php (hehe, Don't get confused in file names...)

    <?php 
$con=mysql_connect("localhost","adarsh","Password"); 
mysql_select_db("aadarsh",$con);
if(isset($_POST["uname"]) && isset($_POST["pass"]))
{   
    $uname=$_POST["uname"];
    $pass=$_POST["pass"];
}
    $sql="select * from users where username='$uname' AND pass='$pass'";
    $select = mysql_query($sql);
    $data = mysql_fetch_array($select);
    $username=$_POST["newname"];
if(isset($_POST['submit']))
{
    if($uname==$data['username'] && $pass==$data['pass'])
    {
        $user_id= $data['id'];
        if(isset($_POST['newname']))
        {
            $update = mysql_query("UPDATE users SET username = '$username' WHERE id = $user_id");       
            if($update)
            {
                echo "<script>alert('updated!');</script>";
                header("location:http://www.example.com");
            }
            else
            {
                echo mysql_error();
            }
        }
    }
    else
    {
        echo "<script>alert('Nope!!!');</script>";
    }
}
?>

Thanks to all of you again.... :)

Adarsh Sojitra
  • 2,059
  • 1
  • 27
  • 50
0

Some considerations about your code:

mysql_connect is deprecated, you should use mysqli_connect.

http://php.net/manual/en/book.mysqli.php

You can use empty() instead of isset(). empty() will return true if the variable is an empty string, false, array(), NULL, “0?, 0, and an unset variable. With !empty you can:

    if (!empty($_POST["uname"]) && !empty($_POST["pass"])){
          $uname = .........
    }

Can't use echo and header("location:http....") in the same loop. If you send to another page, the message will not be displayed.

After a header("location:http....") you must exit(); otherwise, the code will follow the normal flow.

You check if ($update). If you click the submit button, $update always be true, so this check is not necessary.

Hope that helps.

Javi Ps
  • 308
  • 4
  • 10