This is the code that I have to check if the user's login is correct. Once they login it should take them to the profilepage.php. That code should echo everything the user enters, however, it echoes everyone's info in the database who's every signed up. How do I have it return for only the user who has logged in.
//Login.php
<?php
#connect to db
$db = mysqli_connect("local","root","","");
if (mysqli_connect_errno())
exit("Error - could not connect to MySQL");
$username = $_POST['uname'];
$password = $_POST['mypass'];
$username = mysqli_real_escape_string($db,$username);
$password = mysqli_real_escape_string($db,$password);
$constructed_query = "SELECT * FROM `SignUp` WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($db, $constructed_query);
$num_rows = mysqli_num_rows($result);
if ($num_rows == 0) {
print ("Your username or password is invalid. Please go back and re-enter your information");
} //else {
//echo "Welcome back, $username, to XCompany Book Reviews.";
//}
session_start();
$_SESSION["username"] = $username;
$_SESSION["password"] = $password;
header("Location: /profilepage.php");
?>
//Profilepage.php
<?php include 'header.php'
#connect to db
$db = mysqli_connect("local","root","","");
if (mysqli_connect_errno())
exit("Error - could not connect to MySQL");
$username = $_SESSION["username"];
$constructed_query = "SELECT * FROM `SignUp` WHERE username = '$username'";
?>
<?php
while ($row = $result->fetch_array()) { ?>
Username: <?php echo $row["username"] ?> <br />
Email: <?php echo $row["email"] ?> <br />
First Name: <?php echo $row["first_name"] ?> <br />
Last Name: <?php echo $row["last_name"] ?> <br />
Gender: <?php echo $row["gender"] ?> <br />
<?php } ?>
Aucun commentaire:
Enregistrer un commentaire