0

I have two PHP page, one is called homepage.php and another one is homescreen.php.It's basically a login method page which requires the user enter its unique passcode on homepage.php and the page will check the database for authentication. Once the passcode is correct, the data of the user will show on homescreen.php, but now I am stuck on how to do the checking and display the data once the submit button is clicked. Can anyone help me?

here is my homepage.php coding:

<form class="myform" action="homepage.php" method="post">

        <label><b></b></label>
        <input name="BCARD_UID" type="password" class="inputvalues" placeholder="Card UID"required/><br>
        <input name="login" type="submit" id="login_btn" value="Login"/><br>
        </form>

        <?php

        if(isset($_POST['login']))
        {
            $BCARD_UID=$_POST['BCARD_UID'];

            $query = "select * from branch_info WHERE BCARD_UID ='$BCARD_UID'";

            $query_run = mysqli_query($con,$query);
            if(mysqli_num_rows($query_run)>0)
            {
                //valid
                $_SESSION['BCARD_UID']=$BCARD_UID;
                header ('location:home.php');
            }
            else
            {
                //invalid
                echo '<script type="text/javascript">alert("Invalid Credentials")</script>';
            }
        }

    ?>

and here is my homescreen.php coding:

<?php
session_start();
require 'dbconfig/config01.php';
?>

---------------------------------------

    <div id="main-wrapper">
    <center>
    <h2>Welcome 
    <?php echo $_SESSION['CUS_NAME']?>!
    </h2>

    <h3>Your Birthday is: 
    <?php echo $_SESSION['CUS_DOB']?> 
    </h3>

    <h3>Your Balance: 
    <?php echo $_SESSION['CUS_MONEY']?> 
    </h3>

    <h3>Accumulated Points: 
    <?php echo $_SESSION['CARD_UID']?> pts
    </h3>
louis
  • 57
  • 7
  • 1) You're vulnerable to SQL injection, see: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php. 2) don't use the session to save these details, the session size is limited, instead store the logged in user's ID and fetch the details when the page loads. – Geoffrey Feb 28 '18 at 08:46

2 Answers2

0

If you were to add if (isset($_SESSION['BCARD_UID'])) { ... } around your code in homescreen.php, you get quite far. Add to that the suggestion of Exprator

In your homepage.php be careful regarding SQL injection: 

$query = "select * from branch_info WHERE BCARD_UID ='$BCARD_UID'";

This is time for the standard "Bobby Tables" reference

PrinsEdje80
  • 494
  • 4
  • 8
0

Try to put this part in your homescreen.php

if(isset($_POST['login']))
    {
        $BCARD_UID=$_POST['BCARD_UID'];

        $query = "select * from branch_info WHERE BCARD_UID ='$BCARD_UID'";

        $query_run = mysqli_query($con,$query);
        if(mysqli_num_rows($query_run)>0)
        {
            //valid
            $_SESSION['BCARD_UID']=$BCARD_UID;
            header ('location:home.php');
        }
        else
        {
            //invalid
            echo '<script type="text/javascript">alert("Invalid Credentials")</script>';
        }
    }
Stefan Tanevski
  • 322
  • 3
  • 8