7 Replies Latest reply: Jul 27, 2009 10:29 AM by David_Powers RSS

    How to use a user's loginID on subsequent pages?

    keydongle Community Member

      I'm using the Spry tools from DW CS4 with files written in PHP, and have successfully created a login page that validates the user's ID (which is their email address) and submitted password against a MySQL database that has a user table. The user table also contains fields such as their first/last name, phone, address, city/state/zip, so it isn't just a userID (email address) and their password.

       

      So the problem is this. When the user successfully logs in, they are routed to a "member account" page where I want to display a dynamic table that shows their first/last name, email address, home address, city, state, zip, and phone number so they can view their current settings.

       

      In trying to use the advanced record set tool, I can see where I would do a select on the user table for the various values, but what do I use to select the info for the user that has logged in? I've tried various forms of a session variable (I looked at the code on the login page and found $_SESSION['MM_Username'] and tried that on the member account page), and also tried $_POST['email'] while using a where clause, but it never seems to work right since I keep getting errors.

       

      I decided to back off of using the table for a little bit and just try to display the name of the user that successfully logged in from the previous login page but I can't even seem to do that correctly.

       

      Any ideas of how I can use the email address the user logged in with on the member account page to retrieve data correctly (or even to print Hi John Doe)?  I assume I'll also have to use a similar technique in case they click an "edit my account" link on the member account page to make changes to their current settings (assuming I can display them correctly on the member account page so they know something needs to be changed or not).

       

      thanks in advance,

       

      steve

        • 1. Re: How to use a user's loginID on subsequent pages?
          David_Powers ACP

          Instructions on how to display a user's name after logging in are in the Dreamweaver FAQ.

           

          To use a session variable (or any other variable) in a SQL query in the Advanced Recordset dialog box, you need to use some placeholder text in the query, e.g., col1, col2, etc. You then define the runtime value of col1, col2, etc. in the Variables section of the dialog box by clicking the plus button and adding each variable one at a time.

           

          For example:

          Name: col1

          Type: Text

          Default value: -1

          Runtime value: $_SESSION['MM_Username']

          • 2. Re: How to use a user's loginID on subsequent pages?
            NCxplants Community Member

            Great reply David as always, and I'm having the same problem, but . .

            I've tried everything I can think of:

            When you use DW's Login In User it sets 2 session variables:

                $_SESSION['MM_Username'] = $loginUsername;
                $_SESSION['MM_UserGroup'] = $loginStrGroup;

             

            It then brings up the page that you request:

              $MM_redirectLoginSuccess = "UpdateProfile1.php";
              $MM_redirectLoginFailed = "LoginAgain.php";

             

            However, when you get to that page you don't have the password that the user keyed because they didn't save it in a session variable.

             

            Worse yet DW won't let you modify the the PHP to save the UserID (unique based on Email and Password) in a $_SESSION['MM_UserID].  It generates another "Log In User" if you modify the PHP.

             

            Bottom line is when you get to the Success or Failed page you just know the $_SESSION['MM_Username'], whether it was successful or failed and you know $_SESSION['MM_UserGroup'] (which I may never use).

             

            I even tried to capture it on the login form with:

            <td><input name="password" type="text" maxlength="25" id="trypw" onchange="setpw()"/></td>

            but can't because the Submit takes precedence over the onchange.

             

            I need to know the Password or the UserID but can't get at either.  Help please.

            • 3. Re: How to use a user's loginID on subsequent pages?
              David_Powers ACP

              On the success page, you have $_SESSION['MM_Username']. Use it to create a recordset containing all the details of the person who has just logged in. You can do this with the simple recordset dialog box exactly as explained in the FAQ item I pointed to before.

              • 4. Re: How to use a user's loginID on subsequent pages?
                keydongle Community Member

                Thanks for the reply David. I'll give it a try in the next couple of days and see if it works.

                 

                steve

                • 5. Re: How to use a user's loginID on subsequent pages?
                  keydongle Community Member

                  Thanks for your help David and I finally got it to work. I tried the original instructions you provided and it still wouldn't work although they seemed like they should. That's when I thought that something else must be wrong. After I made several changes, your instructions worked just fine.

                   

                  Several things I learned to get this to work correctly.

                   

                  1. The success page needs to have an access restriction placed on it otherwise the session variables don't appear to be available. That's because without restricting access, the session_start() function never executes.

                   

                  2. I added an echo statement after the initial query is constructed to see what the actual query was. At first, I was seeing all the correct select statements but it was listing where col1=-1 rather than the login name that was collected on the login page. As a result, it was returning nothing since colname=-1 has no value in the table.

                   

                  3. I decided to change the session path in php.ini and pointed it to C:/temp/ instead of where it was pointing (which was C:/wamp/tmp). I think that it's possible the path should have read C:/wamp/tmp/ (the trailing / was missing). I restarted all the services for the change to take effect.

                   

                  4. I noticed that when I added the echo statement right after the query statement (mentioned above in item 2) that the record set disappeared from the DW panel although the Restrict Access behavior was still listed in the panel. Didn't realize it, but when inserting any code that was not part of the original record set code DW inserted in the page, it blanks out the recordset name in the panel. Once I removed the echo statement, the behavior reappeared in the panel.

                   

                  5. After I removed the echo statement to see the original record set in the panel again, I decided to remove it and redo the query from scratch. Then I inserted an echo statement again after the query and this time it showed the correct value for col1. This meant it finally had the session variable from the login page and would work correctly so I removed the echo statement to get the behavior to show back up in the panel.

                   

                  6. I edited php.ini again and changed the session path back to c:/wamp/tmp/ and restarted all services. Then I tested the page and it worked correctly.

                   

                  7. I added some code in a div to view the results of the recordset as follows:

                  <?php echo 'Welcome, ' . $row_clientInfo['first_name'] . ' ' . $row_clientInfo['last_name']; ?>

                  It worked correctly.

                   

                  Conclusion:  For sure, your answer to how to solve this problem is correct and was what I needed to do, but after initial testing it still didn't work. I think that it was me pointing the session path to a different place and adding the slash at the end that could have been what allowed your example to finally work. Then again, it could've been removing all the initial recordset query code and redoing it from scratch that could have been the difference. Not sure, but at least it does work.

                   

                  One thing that I encountered was that when I double-clicked the recordset behavior to edit it to bring back less info (only the first and last name instead of a bunch of other stuff) I noticed that it left the old code still in place so that I had duplicated code. I would think that it should've removed the original query code and replaced it with the changed code rather than leaving both in place. Just an observation.

                   

                  thanks again David,

                   

                  Steve

                  • 6. Re: How to use a user's loginID on subsequent pages?
                    NCxplants Community Member

                    I wrote my own but hate not to use DW's built in functions - - at my stage their's are more bulletproof.

                    As I (should have) stated earlier UserName is an email address, which in my application may have several users with different passwords.

                     

                    I have 2 unique keys UserID (auto assigned number) and (UserName, Password)  to access the database and a lot of other profile information.

                     

                    When the user logs on they only pass UserName back, so if I used DW's Login I would need to make the user rekey Password on the success page to access their profile.

                    That's why I wrote my own but would gladly back off if DW would set a session variable for UserID.

                    Thanks again.

                    • 7. Re: How to use a user's loginID on subsequent pages?
                      David_Powers ACP

                      NCxplants wrote:

                       

                      When the user logs on they only pass UserName back, so if I used DW's Login I would need to make the user rekey Password on the success page to access their profile.

                      That's why I wrote my own but would gladly back off if DW would set a session variable for UserID.

                      I don't know how many times I need to repeat this, but all you need to do is use $_SESSION['MM_Username'] on the success page as a filter to create a recordset containing the details of the UserID. As long as the page uses sessions (which it does if you add a Restrict Access to Page server behavior), the session variable will work. Assuming you call the recordset getDetails, all you need to do is add this line after the recordset code:

                      $_SESSION['UserID'] = $row_getDetails['UserID'];