0

I made a user portal and everything seems to work fine but with only one thing. Whenever I login using a different username and password, the name being displayed in the profile section remains the same even if I am already using different username.

Dashboard <small><?php echo $row_Recordset1['firstname']; ?> <?php echo $row_Recordset1['lastname']; ?> (<?php echo $row_Recordset1['username']; ?>)</small>

Please help. I tried putting it in '$_SESSION' but nothing works.

EDIT: (the full code)

<?php require_once('Connections/Authentication.php'); ?>
 <script type="text/javascript" src="crozlandinc/js/common.js"></script>
<script type="text/javascript" src="crozlandinc/js/drag.js"></script>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

mysql_select_db($database_Authentication, $Authentication);
$query_Recordset1 = "SELECT * FROM login";
$Recordset1 = mysql_query($query_Recordset1, $Authentication) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);

if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<!DOCTYPE html>
<!--[if IE 8]> <html lang="en" class="ie8"> <![endif]-->
<!--[if IE 9]> <html lang="en" class="ie9"> <![endif]-->
<!--[if !IE]><!--> <html lang="en"> <!--<![endif]-->

<!-- BEGIN HEAD -->
<head>
     <meta charset="UTF-8" />
    <meta content="width=device-width, initial-scale=1.0" name="viewport" />
    <meta content="" name="description" />
    <meta content="" name="author" />
     <!--[if IE]>
        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
        <![endif]-->
    <!-- GLOBAL STYLES -->
    <link rel="stylesheet" href="css/bootstrap.css" />
    <link rel="stylesheet" href="assets/css/main.css" />
    <link rel="stylesheet" href="assets/css/theme.css" />
    <link rel="stylesheet" href="assets/css/MoneAdmin.css" />
    <link rel="stylesheet" href="assets/plugins/Font-Awesome/css/font-awesome.css" />
     <!-- PAGE LEVEL STYLES -->
    <!-- END PAGE LEVEL  STYLES -->
     <!-- END PAGE LEVEL STYLES -->
   <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
    <![endif]-->
</head>
    <!-- END HEAD -->

    <!-- BEGIN BODY -->
<body style="background-color:WHITE">
<div class="row">
                    <div class="col-lg-12">
                        <h1 class="page-header">
                            Administrator Dashboard <small><?php echo $row_Recordset1['firstname']; ?> <?php echo $row_Recordset1['lastname']; ?> (<?php echo $row_Recordset1['username']; ?>)</small>
                        </h1>
                        <ol class="breadcrumb">
                            <li class="active">
                                <i class="fa fa-dashboard"></i> Dashboard
                            </li>
                        </ol>
                    </div>
                </div>
                <!-- /.row -->





      <!-- PAGE LEVEL SCRIPTS -->
      <script src="assets/plugins/jquery-2.0.3.min.js"></script>
      <script src="assets/plugins/bootstrap/js/bootstrap.js"></script>
   <script src="assets/js/login.js"></script>
      <!--END PAGE LEVEL SCRIPTS -->
 <script src="assets/plugins/validationengine/js/jquery.validationEngine.js"></script>
    <script src="assets/plugins/validationengine/js/languages/jquery.validationEngine-en.js"></script>
    <script src="assets/plugins/jquery-validation-1.11.1/dist/jquery.validate.min.js"></script>
    <script src="assets/js/validationInit.js"></script>
    <script>
        $(function () { formValidation(); });
        </script>
</body>
    <!-- END BODY -->
</html>
<?php
mysql_free_result($Recordset1);
?>
crozland23
  • 37
  • 8
  • I don't really understand. Is the name thats being displayed inside a session or is it inside $row_Recordset1? – Daniel Nov 26 '15 at 23:12
  • You might also want to add the code where you're checking login details - where does `$row_Recordset1` come from? – andrewsi Nov 26 '15 at 23:14
  • 1
    can you post the full code – lyndact Nov 26 '15 at 23:15
  • 2
    **WARNING**: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Please, do not write your own authentication system when any modern [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with a robust [authentication system](http://laravel.com/docs/security) built-in. – tadman Nov 26 '15 at 23:18
  • I created the code with Dreamweaver. @Stah the name should be inside the Recordset1. – crozland23 Nov 26 '15 at 23:47
  • @andrewsi $row_Recordset1 is a recordset created with Dreameaver. I want to show the details of a specific user whenever he logs in in but if I used different usernames, the details displayed are just the same. – crozland23 Nov 26 '15 at 23:49
  • For you to visually it. Please go to http://crozland.com/admin then try logging in using the following: username 1: nmal6193 password 1: Password || username 2: mod: nmal6193 password 2: Password. Try logging in with both and they will return with the same Name and User Details in the dashboard. – crozland23 Nov 26 '15 at 23:53
  • @lyndact I have posted the full code. – crozland23 Nov 26 '15 at 23:55
  • ok i will will work on answering you – lyndact Nov 26 '15 at 23:57
  • You should have a look at this: http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php – miken32 Nov 27 '15 at 00:12
  • @miken32 i am afraid to use PDO as it is not supported with my hosting. I hope someone could give me a more concrete answer :( – crozland23 Nov 27 '15 at 00:18
  • Then you need to find a new hosting provider. At least move to mysqli. This stuff has been deprecated for 4 years now. – miken32 Nov 27 '15 at 00:20
  • Wow that GetSQLValueString is awful. I thought I had seen the last of that kind of coding. Seriously that's gotta be at least 10 years old. – Phil Nov 27 '15 at 00:25
  • It looks like you are just doing `SELECT * FROM login` getting the first row and printing the name. Of course it is going to show the same thing every time. – Phil Nov 27 '15 at 00:29
  • That's funny. But again I have used the codes automatically given by Dreamweaver. Is there anyway we would at least give it a Fix Trial before changing everything or should I give up already? – crozland23 Nov 27 '15 at 00:32
  • What do you suggest @Phil_1984_ ? – crozland23 Nov 27 '15 at 00:33
  • First I would suggest doing a `var_dump($_SESSION);` in the html to check that the login.php page is actually setting the correct session variables. – Phil Nov 27 '15 at 00:43
  • Actually it sounds like that part must be working if it is passing the authentication part. Why not just add the variables you need to print out in to the session within the login.php file. Then do `echo $_SESSION['first_name'];` in the html. – Phil Nov 27 '15 at 00:48

2 Answers2

0

first you most not use the MySQL because it will be deleted in php-7 and will not using any more

try to edit your code and convert it all to MySQLi its really simple

second i think u most use session_destroy() if u r using unset($_SESSION['name'])

MrB
  • 69
  • 10
  • Its not the case though. whether it will be my first login or not, it would still display the same user information (which is the first item in sql btw). I created it through Dreamweaver so it will be painful to convert everything to mysqli. – crozland23 Nov 27 '15 at 00:12
0

It seems like row_Recordset1 is always populated with the first row from the query result. I think you need to extend your query to select only 1 record, being the record of the logged in user.

// You select all rows here
$query_Recordset1 = "SELECT * FROM login";
$Recordset1 = mysql_query($query_Recordset1, $Authentication) or die(mysql_error());
// You put the first row of the resultset in this recordset,
// no matter which user is logged in
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
Jelmer Keij
  • 1,576
  • 1
  • 19
  • 33