Basic Members Page + Profile Pages

[blt4424]

I'm trying to set up a very simple (WIP) members page that you can click registered users to see their profile page that will display basic information.

 

I'm having trouble with the sessions and retrieving this info from my database. I'm very new to this so it's all pretty amateur.

 

I've been looking at this code for several hours trying to fix things but I start to make some progress, then change stuff, and go backwards. I had a members page that displayed the registered users in my database, but after a while of altering to try to get the profiles to work, I messed it up :mad:. I have basic login and register pages.

 

I need some seperate eyes to take a look. Any help is so much appreciated. Thanks!

 

 

members.php

<?php
session_start();
require 'mysql-connect.php';
$auser=$_SESSION['user'];


if(isset($auser)){
$Members = mysql_query("SELECT * FROM user WHERE username='$username'") or die(mysql_error());
$numRowsMembers = mysql_num_rows($Members);

?>

<table border="1">

<?php
for($count = 1; $count <= $numRowsMembers; $count++)
{
    $name = mysql_fetch_array($Members);
    ?>
    
    <tr>
    <?php
    echo '<td><a href="member_profile.php?username=' . $name['username'] . '">' . $name['username'] . '</a></td>';
}
}
   ?>

    </tr>
</table>

 

 

member_profile.php

<?php
session_start();
require 'mysql-connect.php';
$auser=$_SESSION['user'];

if(isset($auser)){

$username = $_GET['username'];
$user = mysql_query("SELECT * FROM user WHERE username = '$username'");
echo $user;
$user=mysql_fetch_assoc($user);


echo "<h1>User Info</h1>";

echo "<b>Username:".$user['username']."<br>";

echo "<br>";
  echo '<form name="backlistfrm" method="post" action="members.php">';
echo '<input type="submit" value="Back to The List">';
echo '</form>';
echo "<br>";
}
?>

 

 

my login handler

<?php
include 'mysql-connect.php';

$username = $_POST['user'];
$password = $_POST['pass'];
$query1 = mysql_query("SELECT * FROM user WHERE username='$username'");
$result = mysql_num_rows($query1);
if($result == 0)
{
echo '<h1>Error!</h1>The username you specified does not exist!';
}
else
{

$checkuser = mysql_query("SELECT * FROM user WHERE username='$username'");

                        $row = mysql_fetch_array($checkuser);
                                                        $password2 = $row['password'];
                                                        //$status = $row['status'];
                                if ($password == $password2)
                                        {
                                 echo "Hi $username.";
							 include("index.php"); 
                                        }
                                else
                                        {
                                        echo '<h1>Error!</h1>The username and password combination you entered does not match the ones we have in the database.';
                                        }

}
?>

 

mysql-connect.php

<?php

$host = "localhost";
    $username = "root";
    $password = "";
    $database = "ug54";
    $link = mysql_connect($host, $username, $password);//Connects to database with host, username, and password
    $select = mysql_select_db($database);
?>

 

and my simple database

CREATE TABLE IF NOT EXISTS `user` (
  `id` int(4) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(32) NOT NULL,
  `password` varchar(32) NOT NULL,
  `firstname` varchar(20) NOT NULL,
  `lastname` varchar(20) NOT NULL,
  `email` varchar(30) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=7 ;

--
-- Dumping data for table `user`
--

INSERT INTO `user` (`id`, `username`, `password`, `firstname`, `lastname`, `email`) VALUES
(1, '', '', '', '', '0'),
(2, 'abc', '123', '', '', '0'),
(3, 'a', 'b', 'c', 'd', '0'),
(4, 'hfg', 'rgfdg', 'gdfg', 'dfgdf', '0'),
(5, '999', '999', '999', '999', '999');

[blt4424]

Resolved, nevermind!

[lewisstevens1]

What was wrong tho?