Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Yahoo Ansers' Question: http://answers.yahoo.com/question/answer?qid=20130620074829AAJvlEe
- // Variable to hold the message we want displayed.
- $message = '';
- // Check and see if the $_COOKIE['username'] exists
- If(isset($_COOKIE['username'])) {
- // I'm assuming that the 'connect.php' file, automatically connects to your database.
- // So you should NOT include it untill you need it. If the user doesn't poccess the
- // the username cookie, then there is no need for the MySQL connection.
- // Also, with include(), if php doesn't find the file to include, it simply shows
- // an error message, but continues on anyways. In this case, it will cause some more
- // errors and the process of the site will break. By using require_once(), it forces
- // php to stop if it cannot locate the file. The '_once', part ensures that the file
- // is only included one, so if the file is already loaded, it won't load it again.
- // Not really needed here, but when you start nesting the includes, then it will be
- // a good thing.
- // Goto: http://www.php.net/manual/en/language.control-structures.php and look more
- // at the include, include_once, require and require_once differences. There is
- // definitely times to use each of them, knowing those differences is what will make
- // you better.
- require_once('connect.php');
- // You must always assume that all user input is a possible security threat and
- // you must treat it as so. The cookie is stored on the user's computer, where the
- // user has access to it. This means that we must protect it from SQL Injection
- // (Google it for more info).
- $username = mysql_real_escape_string( $_COOKIE['username'] );
- // Statement to determine if username is legit.
- // The { } are simply for readability and are optional. PHP Removes them when it
- // replaces the variable value.
- $sql = "SELECT user_id FROM users WHERE username='{$username}' LIMIT 1";
- $result = mysql_query($sql);
- // Check to make sure statement and query are good.
- if( !$result ){
- // Query mis-formed, Connection failed or an internal error with MySQL.
- // Display error, but you could easily change it to log the error and tell
- // the user a default error message.
- $message .= 'Internal Error: ' . mysql_error();
- }else if( mysql_num_rows($result) === 0){
- // The query was successful, but did not match any rows in the database.
- // In this case it means that the username is not in the database.
- // I would suggest a message stating that they need to login again.
- $message .= 'Welcome, Guest!<br />'; // As they do not have a valid username.
- }else{
- // Username Exists in database. Not sure if you want you want with the userid.
- // If you need this information on other pages, I would strongly suggest not
- // storing it in a COOKIE, but rather a SESSION ( http://php.net/manual/en/book.session.php
- // && http://www.tizag.com/phpT/phpsessions.php );
- $row = mysql_fetch_assoc($result);
- $user_id = $row['user_id'];
- // Option 2: $user_id = mysql_fetch_object($result)->user_id;
- // First one is probably more your style right now, just wanted to show you options.
- // Welcome Message.
- $message .= 'Welcome . ' . $username . '!<br /><br />';
- $message .= 'Your <a href="profile.php?id=' . $user_id . '">Profile Page</a> awaits.';
- }
- } else {
- // Default message, if $_COOKIE['username'] not set.
- $message .= "Welcome, Guest! <br/>";
- }
- ?>
- <html>
- <head>
- <title>Home</title>
- <style type="text/css">
- /***
- Although there is nothing wrong with putting it all on one line; It does make it easier to read this way.
- ***/
- a:link {
- color: blue;
- text-decoration: none;
- }
- a:visited {
- color: purple;
- text-decoration: none;}
- a:hover {
- color: black;
- text-decoration: none;
- }
- h3 {
- text-align: center;
- }
- </style>
- </head>
- <body>
- <!-- Note: center elements are deprecated. -->
- <h3>Home</h3>
- <hr />
- <br />
- <br />
- <?php echo $message; ?>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement