Auto filling form fields based on session login [Archive]

View Full Version : Auto filling form fields based on session login

fastsol

06-03-2010, 12:38 PM

I am trying to auto fill certain fields on a page based on the user that is logged in. I have the SESSION set but have a couple places that look at the SESSION in the page to display a form and welcome message. I want to have the $name and $lname that is in the database display in the form labeled Reviews. I cut some of the insignificant code to make it fit in this post. I have tried multiple things to make this work. If someone could look it over I would greatly appreciate it. I am very new to PHP so please explain in detail.
<?php
session_start();
$_SESSION['name'] = "$name";
?>

<head>

<link href="stylesheets/main.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="scripts/charLeft.js"></script>




<link rel="shortcut icon" href="images/favicon.ico"/>
</head>

<body id="starter">


<script type="text/javascript">var MenuLinkedBy="AllWebMenus [4]",awmMenuName="menu",awmBN="828";awmAltUrl="";</script><script charset="UTF-8" src="scripts/menu.js" type="text/javascript"></script><script type="text/javascript">awmBuildMenu();</script>




<div id="main-wrap"><div id="awmAnchor-menu"></div><div id="header">
<img alt="" height="229" src="images/layout/ame-layout-header-starter.jpg" width="990" />
</div>
<div id="clear2">
</div>

<div id="right-column">
<div id="right-header"><div class="right-content-head">
<div id="login">
<?php
if ($_SESSION['myusername']){
echo "Welcome, ".$_SESSION['myusername']." <a href='http://remotelystartedmn.com/logout.php'>Logout</a><br>";
}
else
{
echo "<h1 class='center'>";
echo "Please Login";
echo "</h1>";
echo "<form name=\"form1\" method=\"post\" action=\"http://remotelystartedmn.com/checklogin.php\">";
echo "<table>";
echo "<tr><td>";
echo "Username:";
echo "</td><td>";
echo "<input name=\"myusername\" type=\"text\" id=\"myusername\"/>";
echo "</td></tr>";
echo "<tr><td>";
echo "Password:";
echo "</td><td>";
echo "<input name=\"mypassword\" type=\"password\" id=\"mypassword\"/>";
echo "</td></tr>";
echo "<tr><td>";
echo "";
echo "</td><td>";
echo "<input name=\"Submit1\" type=\"image\" src=\"http://remotelystartedmn.com/images/submit-btn.png\" value=\"submit\"/>";
echo "</td></tr>";
echo "</table>";
echo "</form>";
echo "Not a member yet! <a href='http://remotelystartedmn.com/register.php'>Register</a>";
}
?>
</div>
<h1>In most case<a name="iDatalink"></a>s extra parts are needed.</h1>
<p>With the advances in today's vehicles many times additional parts
are needed to install a remote starter or alarm.  This may
sound like a problem but with the modules I use it has never been
easier and safer for your vehicle.  I use the iDatalink brand
bypass modules to insure a clean, safe install.</p>
<p class="center">
<img alt="iDatalink Multi Series Module" height="134" src="images/idata-module.png" width="180" id="img2" /></p>
<h1>Benefits of iDatalink Modules:<br/></h1><ul id="idata"><li>Vehicle specific firmware</li>
<li>Updateable Online</li>
<li>No giving up a key for the installation</li>
<li>Safe DATA communication to vehicle</li>
<li>Less wire tapping into vehicle</li>
<li>Faster / Cleaner installations</li></ul>
<h1>To get a FREE quote
<a href="index.html#Quote">click>></a> to go back to our info form.</h1>
</div></div>
<div class="right-content">
<br /><h1>Connect with me!</h1>
<p>
<a href="http://www.facebook.com/?ref=home#!/pages/Remotely-Started-MN/125935220750872?ref=ts" target="_blank">
<img alt="" height="28" src="images/facebook-icon.png" width="25" /></a>   
<a href="http://maps.google.com/maps/place?hl=en&georestrict=input_srcid%3Ab23969e1ae99ea26" target="_blank">
<img alt="" height="23" src="images/google-icon.png" width="24" /></a>   
<a href="http://www.linkedin.com/companies/961137" target="_blank">
<img alt="" height="25" src="images/linkedin-icon.png" width="25" /></a>   
<a href="http://local.yahoo.com/info-64520724-remotely-started-mn-burnsville;_ylt=Apo8dQFF3MX5xprXVa04p.qHNcIF;_ylv=3?csz=Burnsville%2C+MN+55337" target="_blank">
<img alt="" height="23" src="images/yahoo-icon.png" width="40" /></a>   
<a href="http://www.yelp.com/biz/remotely-started-mn-burnsville" target="_blank">
<img alt="" height="24" src="images/yelp-icon.png" width="19" /></a></p>
</div>
</div>

<div id="left-column">
<?php
mysql_connect("rsmnproducts.db.5881165.hostedresource.com", "rsmnproducts", "*******") or die(mysql_error());
mysql_select_db("rsmnproducts") or die(mysql_error());

// Get all the data from the "example" table
$result = mysql_query("SELECT * FROM reviews ORDER BY date DESC")
or die(mysql_error());

// keeps getting the next row until there are no more to get
// Print out the contents of each row into a table
echo '<div>';
while($row = mysql_fetch_array( $result )) {
echo '<h1 class=\'neg-marg3\'>';
echo $row['name'], ' ', $row['lname'], '   ', '<span class=\'norm-text\'>','Star Rating:', ' ', '</span>',$row['starrate'];
echo '</h1>', '<span class=\'norm-text\'>';
echo $row['date'];
echo '</span>', '<p class=\'norm-text neg-marg4\'>';
echo '"', $row['comments'], '"';
echo '</p>';
}
echo "</div>";
?>
<div id="leave-comment">
<?php
if ($_SESSION['myusername']){
echo "<form name=\"reviews\" action=\"database.php\" method=\"post\">";
echo "<table cellpadding=\"0\" cellspacing=\"6\" style=\"width: 100%; background-color:#1d1d1d\">";
echo "<tr><th colspan=\"2\">Leave Me A Review</th></tr>";
echo "<tr><td style=\"width: 50%\">First Name: *</td>";
echo "<td>Last Name: *</td></tr>";
echo "<tr><td>";
echo "<input name=\"name\" type=\"text\" value=\"$name\" style=\"width: 200px\" /></td>";
echo "<td><input name=\"lname\" type=\"text\" value=\"$lname\" style=\"width: 200px\" /></td></tr>";
echo "<tr><td colspan=\"2\">";
echo "Review: (700 characters max)*</td>";
echo "</tr><tr>";
echo "<td colspan=\"2\"><textarea name=\"comments\" onblur=\"InputLengthCheck();\"onkeyup=\"InputLengthCheck();\" style=\"width: 531px; height: 100px\" rows=\"1\"></textarea>";
echo "</td></tr>";
echo "<tr><td colspan=\"2\">";
echo "<input readonly=\"readonly\" type=\"text\" name=\"CharsTyped\" size=\"8\"/> characters typed</td>";
echo "</tr><tr>";
echo "<td colspan=\"2\">Star Rating:* <select name=\"starrate\">";
echo "<option></option>";
echo "<option value=\"1\">1</option>";
echo "<option value=\"2\">2</option>";
echo "<option value=\"3\">3</option>";
echo "<option value=\"4\">4</option>";
echo "<option value=\"5\">5</option>";
echo "</select></td>";
echo "</tr><tr>";
echo "<td colspan=\"2\">";
require_once('recaptchalib.php');
$publickey = "6LfnjroSAAAAAKjSZDZnnvB58IZd--47O9I-1WBF "; // you got this from the signup page
echo recaptcha_get_html($publickey);

echo "</td></tr>";
echo "<tr><td colspan=\"2\">";
echo " <input name=\"Submit1\" type=\"image\" src=\"images/submit-btn.png\" value=\"submit\"/>";
echo " <input name=\"Reset1\" type=\"image\" src=\"images/reset-btn.png\" value=\"reset\" />";
echo "  * All Fields Required</td>";
echo "</tr>";
echo "</table>";
echo "</form>";
}
else
{
echo "<h1 class=\"center\">";
echo "Please login to leave me a positive review.<br>If you are not a member yet <a href=\"register.php\">Register</a>";
echo "</h1>";
}
?>
</div>

 </div><div id="clear"></div>
<div id="footer-img">

<img alt="" height="69" src="images/layout/ame-layout-footer-main2.jpg" width="990" /><div id="footer-content">
<ul id="footer-menu">
<li><a href="index.php">Home</a></li>
<li><a href="store/index.php">Online Store</a></li>
<li><a href="contact.php">Contact</a></li>
<li>(612) 840-1039 </li>
</ul>
</div>
</div>

</div>

<script type="text/javascript">
var sc_project=5719037;
var sc_invisible=1;
var sc_partition=60;
var sc_click_stat=1;
var sc_security="929a447a";
</script>

<script type="text/javascript"
src="http://www.statcounter.com/counter/counter_xhtml.js"></script><noscript><div
class="statcounter"><a title="myspace profile views counter"
class="statcounter"
href="http://www.statcounter.com/myspace/"><img
class="statcounter"
src="http://c.statcounter.com/5719037/0/929a447a/1/"
alt="myspace profile views counter" /></a></div></noscript>

</body>



</html>

fastsol

06-07-2010, 02:53 PM

Anyone anyone!
I found that I can make it happen if the user inputs the info into a form field upon login, but I don't know how to pull the info from the database instead of them inputting it everytime. The database holds the users name, last name and so on. just like normal they are only asked to type the username and password to login, but I want to pass the other info into the session so I can use it on other pages for them.

Any help would be greatly appreciated!

djr33

06-08-2010, 04:57 AM

I don't really get the whole picture from that post.

$name is not set anywhere at the top of the page, yet you are using it to set $_SESSION['name']. Isn't it empty, so $_SESSION['name'] is also empty then?

Did you mean to call it "myusername" like in the form and in the if? That might be the whole problem.

If you are relying on "register_globals" (a setting in PHP that makes any sent form values directly into regular variables--- $_POST['varname'] becomes $varname automatically), that's a really bad idea and it's a lot better to 1) turn off register globals (it'll cause confusion at some point), and 2) use $_POST['myusername'] instead of immediately $myusername.

So, if you just use $_SESSION['myusername'] = $_POST['myusername'] will that work?

However, you don't want this to occur every page load. You want this to occur only if the form was sent (if they're already logged in, don't display the form, don't reset $_SESSION['myusername']).

<?php
session_start(); //start session, always at the top!
if (isset($_POST['myusername'])) { //the username was submitted from the form
$_SESSION['myusername'] = $_POST['myusername']; //store it
}
///..........

That does NOT do any sort of password verification, which should be done with the database (right?), so that's the next step. To get the basic setup working, though, that should be what you need.

Some general pointers about your code (and to make it a LOT easier to help-- make your code easier to read):
1. Don't echo everything. Leave the PHP code and use HTML directly. You CAN use it within PHP if/else statements, but just do it outside of the ?> .... <?php tags:

<?php
if (1==1) { //begin an if
?>
<html>
<?php
} //end the if
?>
That will GREATLY help the readability of your code and remove the need for all of the annoying escaped quotes.

2. As much as possible, avoid mixing PHP into the HTML. You should have a page that starts with a lot of PHP stuff: start the session, connect to the database, handle any sent forms, and do anything else that is "above" the level of the html. THEN begin your html output and as little as you can, include PHP when it's needed: have everything setup at the top, and then deal with the determined actions below. For example, at the top of your page you can set a variable called $loggedin and use that below. Or, in this case, just use $_SESSION['myusername'], but the point is that you have this all setup and you can use VERY minimal PHP within the rest of the page.

3. Use if(isset($var)) rather than just if ($var). This is a lot clearer and it won't give you weird results like if your $var is set to 0, that'll actually be considered false, etc.

4. Don't use quotes where you don't need them. See (1) above, but also at the beginning you use $_SESSION['name'] = "$name"; -- you don't need quotes around variables-- just use $name. In fact, it's usually a bad idea to put variables in quotes. Just keep them separate: "something".$variable; (that'll be 'somethinghello' if $variable is 'hello').

5. This isn't a huge problem, but it's a personal preference: use single quotes (') rather than double quotes (") because that will avoid the horribly awkward need to escape everything: $var = '<tag thing="value">';. Much easier :)
(Double quotes are completely valid, but they're processed more slowly than single because they also allow variables inside of them. Single quotes allow only direct text: '$hello' is equal to literally $hello, but "$hello" is equal to the value of hello.)

Here's a reworked version of your page to give you some ideas:
Once it's adjusted using this as reference, it'll be easier to figure out what's wrong.

[moved to next post-- it was too long]

djr33

06-08-2010, 04:57 AM

<?php
//here we're going to setup the whole page:

///start the session!
session_start();

///setup a captcha:
require_once('recaptchalib.php');
$publickey = "6LfnjroSAAAAAKjSZDZnnvB58IZd--47O9I-1WBF "; // you got this from the signup page

//connect to a database:
mysql_connect("rsmnproducts.db.5881165.hostedresource.com", "rsmnproducts", "******") or die(mysql_error());
mysql_select_db("rsmnproducts") or die(mysql_error());

//handle form input:
//login:
if (isset($_POST['myusername'])) { //the username was submitted from the form
$_SESSION['myusername'] = $_POST['myusername']; //store it
}

//now everything is streamlined and ready to go below:

?>
<html>
<head>
<link href="stylesheets/main.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="scripts/charLeft.js"></script>



<link rel="shortcut icon" href="images/favicon.ico"/>
</head>

<body id="starter">


<script type="text/javascript">var MenuLinkedBy="AllWebMenus [4]",awmMenuName="menu",awmBN="828";awmAltUrl="";</script><script charset="UTF-8" src="scripts/menu.js" type="text/javascript"></script><script type="text/javascript">awmBuildMenu();</script>




<div id="main-wrap"><div id="awmAnchor-menu"></div><div id="header">
<img alt="" height="229" src="images/layout/ame-layout-header-starter.jpg" width="990" />
</div>
<div id="clear2">
</div>

<div id="right-column">
<div id="right-header"><div class="right-content-head">
<div id="login">
<?php
if (isset($_SESSION['myusername'])){
?>
Welcome, <?php echo $_SESSION['myusername']; ?> <a href='http://remotelystartedmn.com/logout.php'>Logout</a><br>
<?php
}
else
{
?>
<h1 class='center'>
Please Login
</h1>
<form name="form1" method="post" action="http://remotelystartedmn.com/checklogin.php">
<table>
<tr><td>
Username:
</td><td>
<input name="myusername" type="text" id="myusername"/>
</td></tr>
<tr><td>
Password:
</td><td>
<input name="mypassword" type="password" id="mypassword"/>
</td></tr>
<tr><td>
</td><td>
<input name="Submit1" type="image" src="http://remotelystartedmn.com/images/submit-btn.png" value="submit"/>
</td></tr>
</table>";
</form>";
Not a member yet! <a href='http://remotelystartedmn.com/register.php'>Register</a>";
<?php
}
?>
</div>
<h1>In most case<a name="iDatalink"></a>s extra parts are needed.</h1>
<p>With the advances in today's vehicles many times additional parts
are needed to install a remote starter or alarm.  This may
sound like a problem but with the modules I use it has never been
easier and safer for your vehicle.  I use the iDatalink brand
bypass modules to insure a clean, safe install.</p>
<p class="center">
<img alt="iDatalink Multi Series Module" height="134" src="images/idata-module.png" width="180" id="img2" /></p>
<h1>Benefits of iDatalink Modules:<br/></h1><ul id="idata"><li>Vehicle specific firmware</li>
<li>Updateable Online</li>
<li>No giving up a key for the installation</li>
<li>Safe DATA communication to vehicle</li>
<li>Less wire tapping into vehicle</li>
<li>Faster / Cleaner installations</li></ul>
<h1>To get a FREE quote
<a href="index.html#Quote">click>></a> to go back to our info form.</h1>
</div></div>
<div class="right-content">
<br /><h1>Connect with me!</h1>
<p>
<a href="http://www.facebook.com/?ref=home#!/pages/Remotely-Started-MN/125935220750872?ref=ts" target="_blank">
<img alt="" height="28" src="images/facebook-icon.png" width="25" /></a>   
<a href="http://maps.google.com/maps/place?hl=en&georestrict=input_srcid%3Ab23969e1ae99ea26" target="_blank">
<img alt="" height="23" src="images/google-icon.png" width="24" /></a>   
<a href="http://www.linkedin.com/companies/961137" target="_blank">
<img alt="" height="25" src="images/linkedin-icon.png" width="25" /></a>   
<a href="http://local.yahoo.com/info-64520724-remotely-started-mn-burnsville;_ylt=Apo8dQFF3MX5xprXVa04p.qHNcIF;_ylv=3?csz=Burnsville%2C+MN+55337" target="_blank">
<img alt="" height="23" src="images/yahoo-icon.png" width="40" /></a>   
<a href="http://www.yelp.com/biz/remotely-started-mn-burnsville" target="_blank">
<img alt="" height="24" src="images/yelp-icon.png" width="19" /></a></p>
</div>
</div>

<div id="left-column">
<?php
// Get all the data from the "example" table
$result = mysql_query("SELECT * FROM reviews ORDER BY date DESC")
or die(mysql_error());
// keeps getting the next row until there are no more to get
// Print out the contents of each row into a table
?>
<div>
<?php
while($row = mysql_fetch_array( $result )) {
?>
<h1 class='neg-marg3'>
<?php echo $row['name'] ?> <?php echo $row['lname']; ?>   <span class='norm-text'>Star Rating: </span><?php echo $row['starrate']; ?>
</h1><span class='norm-text'>
<?php echo $row['date']; ?>
</span><p class='norm-text neg-marg4'>
"<?php echo $row['comments']; ?>"
</p>
<?php
}
echo "</div>";
?>
<div id="leave-comment">
<?php
if (isset($_SESSION['myusername'])){
?>
<form name="reviews" action="database.php" method="post">
<table cellpadding="0" cellspacing="6" style="width: 100%; background-color:#1d1d1d">
<tr><th colspan="2">Leave Me A Review</th></tr>
<tr><td style="width: 50%">First Name: *</td>
<td>Last Name: *</td></tr>
<tr><td>
<input name="name" type="text" value="$name" style="width: 200px" /></td>
<td><input name="lname" type="text" value="$lname" style="width: 200px" /></td></tr>
<tr><td colspan="2">
Review: (700 characters max)*</td>
</tr><tr>
<td colspan="2"><textarea name="comments" onblur="InputLengthCheck();"onkeyup="InputLengthCheck();" style="width: 531px; height: 100px" rows="1"></textarea>
</td></tr>
<tr><td colspan="2">
<input readonly="readonly" type="text" name="CharsTyped" size="8"/> characters typed</td>
</tr><tr>
<td colspan="2">Star Rating:* <select name="starrate">
<option></option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
</select></td>
</tr><tr>
<td colspan="2">
<?php echo recaptcha_get_html($publickey); ?>
</td></tr>
<tr><td colspan="2">
 <input name="Submit1" type="image" src="images/submit-btn.png" value="submit"/>
 <input name="Reset1" type="image" src="images/reset-btn.png" value="reset" />
  * All Fields Required</td>
</tr>
</table>
</form>
<?php
}
else
{
?>
<h1 class="center">
Please login to leave me a positive review.<br>If you are not a member yet <a href="register.php">Register</a>;
</h1>
<?php
}
?>
</div>

 </div><div id="clear"></div>
<div id="footer-img">

<img alt="" height="69" src="images/layout/ame-layout-footer-main2.jpg" width="990" /><div id="footer-content">
<ul id="footer-menu">
<li><a href="index.php">Home</a></li>
<li><a href="store/index.php">Online Store</a></li>
<li><a href="contact.php">Contact</a></li>
<li>(612) 840-1039 </li>
</ul>
</div>
</div>

</div>

<script type="text/javascript">
var sc_project=5719037;
var sc_invisible=1;
var sc_partition=60;
var sc_click_stat=1;
var sc_security="929a447a";
</script>

<script type="text/javascript"
src="http://www.statcounter.com/counter/counter_xhtml.js"></script><noscript><div
class="statcounter"><a title="myspace profile views counter"
class="statcounter"
href="http://www.statcounter.com/myspace/"><img
class="statcounter"
src="http://c.statcounter.com/5719037/0/929a447a/1/"
alt="myspace profile views counter" /></a></div></noscript>

</body>



</html>

fastsol

06-08-2010, 01:03 PM

Cool, thanks for the response. I actually learned a lot there about how to mix php and html, that will make things easier to build! I guess I'm still not sure how to proceed in my original issue. I will provide my check login page to see if that is where the issue lies. Unless I'm not understanding, from what I know the only variable the SESSION has is the username and password cause they are POSTED in the login form.

I have uploaded the code you provided me and is live at http://remotelystartedmn.com/reviews.php

Use this temporary login info to see what the page does - username=username and password=password.
The other info stored in the database for that username is name=James, lname=Erdmann. I want those two items listed already in the review form once they login. As you will see when you initially login all it says is $name and $lname.

Hopefully that makes it more clear as to what I am trying to achieve.Below is my checklogin.php page. This is the page that verifies the username and password for login and sets up the session. I am sure there are things wrong with this and I think this is really where the issues lies. Thanks again, JD

<?php
$host="rsmnproducts.db.******"; // Host name
$username="****"; // Mysql username
$password="****"; // Mysql password
$db_name="rsmnproducts"; // Database name
$tbl_name="rslog"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$mypassword = md5($mypassword);
$name = $_POST['name'];
$lname = $_POST['lname'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
session_register("name");
session_register("lname");
$_SESSION['myusername'] = $myusername;
$_SESSION['name'] = $name;
$_SESSION['lname'] = $lname;
$ref = $_SERVER['HTTP_REFERER'];
header( 'refresh: 0; url='.$ref);
}
else {
echo "Wrong Username or Password";
}

?>

djr33

06-08-2010, 06:34 PM

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$mypassword = md5($mypassword);
$name = $_POST['name'];
$lname = $_POST['lname'];
This part doesn't make sense. You are doing this EVERY time the page loads. You should only do this if (isset($_POST['myusername'])) (and the other variables, maybe, but if that is sent, then the rest should be also).

I believe you said this worked once then didn't keep you logged in: that's why-- every time you load the page it's looking for the form to be sent and if not, it won't validate.

The method using $count is creative, but it's an odd way to do it: assuming that if you get a result the information the user sent is correct. I actually can't think of any reason this would be wrong, but the usual way to do it is to do: SELECT * FROM .... WHERE password, etc. (and * means 'everything'), then use the info from that: mysql_fetch_array($result), $result['username'], etc.
Actually, using $count might be fine (even easier), but it just seems unusual and it's hard to predict if that's entirely secure.

fastsol

06-09-2010, 12:05 AM

IIIIIIIIIIIIII GOOOOOOOOOOOOOTT IIIIIIIIIIIIIIITTTT, thanks for all the help and after a ton more messing around I finally figured it out. If any one else ever needs help in this feel free to contact me and I'll let you know what I did.