PHP - Simple User Checking In Php

Below I am checking a user level and if they are  level one they see some of the form, and if level two they see additional options.

What they have already filled out is to show in the text field. Before I was doing the user level check it worked fine. Even now if something is put in a field it saves in the DB but it will not show in the fields on the form.

// Everyone sees
          <tr>
            <td><input name="" type="text" id="" value="<?php echo $row_settings['FieldA']; ?>">
          </tr>
        <tr>
            <td><input name="" type="text" id="" value="<?php echo $row_settings['FieldB']; ?>">
          </tr>
// Check if level two and display if they are.
    <?php }
if (checkUser()) {
?>
        <tr>
            <td><input name="" type="text" id="" value="<?php echo $row_settings['num1']; ?>">
          </tr>
        <tr>
            <td><input name="" type="text" id="" value="<?php echo $row_settings['num2']; ?>">
          </tr>
        <tr>
            <td><input name="" type="text" id="" value="<?php echo $row_settings['num3']; ?>">
          </tr>

     <?php } ?>
// Additional things everyone sees even level one.
        <tr>
            <td><input name="" type="text" id="" value="<?php echo $row_settings['num4']; ?>">
          </tr>
          <tr>

So even <?php echo $row_settings['num4']; ?> will not show/work after the <?php } ?>

Any thoughts? Thanks in advance everyone.

This topic has been moved to Other.

http://www.phpfreaks.com/forums/index.php?topic=318815.0

Set up:
    * XAMPP 1.7.3
    * Apache 2.2.14 (IPv6 enabled) + OpenSSL 0.9.8l
    * MySQL 5.1.41 + PBXT engine
    * PHP 5.3.1
    * phpMyAdmin 3.2.4
    * Perl 5.10.1
    * FileZilla FTP Server 0.9.33
    * Mercury Mail Transport System 4.72

I'm trying to set up a multipage registration script. It's tuff! I've set up some basic scripts to distribute variables into the correct tables from previous forms using a session. But I want the script to check the input from form one is valid before it moves on to form 2.

Here are my scripts:
form 1:

<html>
 <head>
  <title>Register</title>
  <style type="text/css">
   td { vertical-align: top; }
  </style>
 </head>
 <body>
  <form action="form2.php" method="post">
   <table>
    <tr>
     <td><label for="name">Username:</label></td>
     <td><input type="text" name="name" id="name" size="20"
       maxlength="20" value=""/></td>
    </tr><tr>
     <td><label for="password">Password:</label></td>
     <td><input type="password" name="password" id="password" size="20"
       maxlength="20" value=""/></td>
    </tr><tr>    
     <td><label for="first_name">First name:</label></td>
     <td><input type="text" name="first_name" id="first_name" size="20"
       maxlength="20" value=""/></td>
    </tr><tr>
     <td><label for="last_name">Last name:</label></td>
     <td><input type="text" name="last_name" id="last_name" size="20"
       maxlength="20" value=""/></td>
    </tr><tr>
     <td><label for="email">Email:</label></td>
     <td><input type="text" name="email" id="email" size="20" maxlength="50"
       value=""/></td>
    </tr><tr>
     <td><label for="address">Address:</label></td>
     <td><input type="text" name="address" id="address" size="20" maxlength="20"
       value=""/></td>
    </tr><tr>
     <td><label for="city">City/Town:</label></td>
     <td><input type="text" name="city" id="city" size="20" maxlength="20"
       value=""/></td>
    </tr><tr>
 <td><label for="county">County:</label></td>
     <td><input type="text" name="county" id="county" size="20" maxlength="20"
       value=""/></td>
    </tr><tr>
 <td><label for="post">Postcode:</label></td>
     <td><input type="text" name="post" id="post" size="20" maxlength="20"
       value=""/></td>
    </tr><tr>
 <td><label for="home">Home Number:</label></td>
     <td><input type="text" name="home" id="home" size="20" maxlength="20"
       value=""/></td>
    </tr><tr>
 <td><label for="mobile">Mobile:</label></td>
     <td><input type="text" name="mobile" id="mobile" size="20" maxlength="20"
       value=""/></td>
    </tr><tr>
     <td> </td>
     <td><input type="submit" name="submit" value="Sumbit"/></td>
    </tr>
   </table>
  </form>
 </body>
</html>


Form 2:

<?php

//let's start the session
session_start();

//now, let's register our session variables
session_register('name');
session_register('password');
session_register('first_name');
session_register('last_name');
session_register('email');
session_register('address');
session_register('city');
session_register('county');
session_register('post');
session_register('home');
session_register('mobile');

//finally, let's store our posted values in the session variables
$_SESSION['name'] = $_POST['name'];
$_SESSION['password'] = $_POST['password'];
$_SESSION['first_name'] = $_POST['first_name'];
$_SESSION['last_name'] = $_POST['last_name'];
$_SESSION['email'] = $_POST['email'];
$_SESSION['address'] = $_POST['address'];
$_SESSION['city'] = $_POST['city'];
$_SESSION['county'] = $_POST['county'];
$_SESSION['post'] = $_POST['post'];
$_SESSION['home'] = $_POST['home'];
$_SESSION['mobile'] = $_POST['mobile'];

?>

<html>
 <head>
  <title>Register</title>
  <style type="text/css">
   td { vertical-align: top; }
  </style>
 </head>
 <body>
  <form action="form3.php" method="post">
   <table>
    <tr>
     <td><label for="bio">Biography:</label></td>
     <td><input type="text" name="bio" id="bio" size="400"
       maxlength="500" value=""/></td>
    </tr><tr>    
     <td> </td>
     <td><input type="submit" name="submit" value="Sumbit"/></td>
    </tr>
   </table>
  </form>
 </body>
</html>



I've also got form3.php and process_forms.php(that's where I mysql_real_escape_string and input the data) but that's probably not relevant. How would I get this to work? Are there any sites I should look at that you'd recommend? Any help appreciated.

Hey guys and gals!

This is my first post here and needing a bit of help with my php code! So here is the deal, i have 3 tables in ms sql 2000 which i will be using on this project.

i have an employee table that has the regular information such as:

TABLE employee( uniqueid, employee_number, lastname, firstname, dob, address, city, state, zip )

TABLE employee_docs( uniqueid, employee_number, doc_type int, date_received, date_issued, date_expired )

TABLE doc_type(uniqueid, description, valid_month)


so basically from the employee_doc table, the doc_type column is an int and will have the description of the document as well as valid month column which will tell you how long the document type is valid until. the Description gives a brief description of what the product is. The uniqueid is used as what ever number is chose from the employee_docs table will represent the document type from table doc_type.

ok so now that i gave a brief explanation of the tables i am working with, I can tell you what i need.

i need a php page that will display:

employee number, lastname, firstname, doc_type, date_received, date_issued, date_expired.

Code: [Select]
select pn.empnum as employeeid, (pn.lastname + ', ' +  pn.firstname)as [Full Name],
dt.description as doc_type,
formatDate(pd.received) as [Date Received],
formatDate(pd.expired)as [Date Expired],
formatDate(pd.issued) as [Date In Service]

from personnel_document pd
left join document_types dt on (dt.uniqueid = pd.doc_type)
left join personnel pn on (pd.empnum = pn.empnum)

where pd.empnum = '$EmpNum'
now, I went ahead and did this for the html part:
 
Code: [Select]
<table border=0>
           
            <tr>
                    <td height=20px weight=1px valign=bottom><span class=underline>DESCRIPTION</span></td>
                            <td height=20px weight=1px valign=bottom><span class=underline>DATE RECEIVED</span></td>
                            <td height=20px weight=1px valign=bottom><span class=underline>LICENSE NUMBER</span></td>
                    <td height=20px weight=1px valign=bottom><span class=underline>DATE IN SERVICE</span></td>
                            <td height=20px weight=1px valign=bottom><span class=underline>DATE EXPIRED</span></td>
                    </tr>
                    <tr>
                    </tr>
                    <tr>
                            <td height=20px valign=bottom><span class=label_text>PHYSICAL EXAM</span></td>
                            <td valign=top><input class=demog_box type=text size=10 name= phexam_dr id=phexam_dr onBlur= 'formatDate(this)' value='<?php echo $phexam_dr;  ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= phexam_ln id=phexam_ln onBlur='formatDate(this)' value='<?php echo $phexam_ln;                              ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= phexam_is id=phexam_is onBlur= 'formatDate(this)' value='<?php echo $phexam_is;                            ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= phexam_ex id=phexam_ex onBlur='formatDate(this)' value='<?php echo $phexam_ex;                             ?>'>&nbsp;</td>
                    </tr>
                    <tr>
                    </tr>
                    <tr>
                            <td height=20px valign=bottom><span class=label_text>PROFESSIONAL LICENSE</span></td>
                            <td valign=top><input class=demog_box type=text size=10 name= prolic_dr id=prolic_dr onBlur='formatDate(this)' value='<?php echo $prolic_dr;                            ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= prolic_ln id=prolic_ln onBlur='formatDate(this)' value='<?php echo $prolic_ln;                            ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= prolic_is id=prolic_is onBlur='formatDate(this)' value='<?php echo $prolic_is;                            ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= prolic_ex id=prolic_ex onBlur='formatDate(this)' value='<?php echo $prolic_ex;                              ?>'>&nbsp;</td>
                    </tr>
                    <tr>
                    </tr>
                    <tr>
                            <td height=20px valign=bottom><span class=label_text>PROFESSIONAL INSURANCE</span></td>
                            <td valign=top><input class=demog_box type=text size=10 name= proins_dr id=proins_dr onBlur='formatDate(this)' value='<?php echo $proins_dr;                            ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= proins_ln id=proins_ln onBlur='formatDate(this)' value='<?php echo $proins_ln;      ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= proins_is id=proins_is onBlur='formatDate(this)' value='<?php echo $proins_is;   ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= proins_ex id=proins_ex onBlur='formatDate(this)' value='<?php echo $proins_ex;   ?>'>&nbsp;</td>
                    </tr>
                    <tr>
                    </tr>
                    <tr>
                            <td height=20px valign=bottom><span class=label_text>DRIVER'S LICENSE</span></td>
                            <td valign=top><input class=demog_box type=text size=10 name=dl_dr id=dl_dr onBlur='formatDate(this)' value='<?php echo $dl_dr; ?>'>&nbsp;
                            </td>
                            <td valign=top><input class=demog_box type=text size=10 name=dl_ln id=dl_ln onBlur='formatDate(this)' value='<?php echo $dl_ln; ?>'>&nbsp;
                            </td>
                            <td valign=top><input class=demog_box type=text size=10 name=dl_is id=dl_is onBlur='formatDate(this)' value='<?php echo $dl_is; ?>'>&nbsp;
                            </td>
                            <td valign=top><input class=demog_box type=text size=10 name=dl_ex id=dl_ex onBlur='formatDate(this)' value='<?php echo $dl_ex; ?>'>&nbsp;
                            </td>
    </tr>
                    <tr>
                    </tr>
                    <tr>

</table>

I am now doing the the sql statement to insert into my db but i am stuck.
i basically want to get the information that the user enters for each field and save it on the employees profile.

$querydoc = "update    personnel_document
                      set empnum = '$EmpNum' , doc_type = ???, date_received = ????, date_expired = ????, date issued = ???
         where empnum = '$EmpNum' ";

The problem is that since each description has a different variable im not sure how to update it.... would I have to create a new update for each description? also I hard coded the name of each description but i believe it is better if i echo the description name from the db as i cant use taht as the doc_type... i am pretty confused, if anyone has a better way of doing this i would really appreciate it!

eventually i also want to make sure that the description is expired to to with the fields I have there and promp the user of something that is expired. Once again, any help given is much appreciated!!!

Hey everyone!!!

It has been years since I have had to opportunity to post on here. I am, however, getting back into development. I am running into an issue and I was looking for some help. 


Here is the code:

$years = array(); //Build the years array, we can only go forward 3 years, backwards 1 year.
$sYear = date(Y, strtotime('-1 years')); //Start Year
$eYear = date(Y, strtotime('+3 years')); //End Year
while($sYear < $eYear){
    array_push($years, $sYear); //Add each year that fits to the array
    $sYear++;
}

//In order for us to make sure we have clean parameters for our jQuery calls later
//We have to make sure that our year variable usage is consistant throughout. 
//If our case, we are passing the full 4 digit year as am INT = $curYear
$curYear = clean($_GET['curYear']);
print "Before anything: curYear = $curYear <br><br><br>";
if($curYear == "" || $curYear == null){
    //No Year set, use current
    print "empty or null<br>";
    exit;
    $curYear = date(Y);
}elseif(!is_numeric($curYear)){
    //Not even a number lol
    print "not number<br>";
    $curYear = date(Y);
}elseif($aSearch = in_array($curYear, $years, true)){
    print "valid year<br>" . $years[$aSearch];
    //It isn't in our array of valid years
    //$curYear = date(Y);
}else{
    //all else failed
    $curYear = date(Y);
    print "Failed all tests.<br>";
}
//Should be a good year for our calendar by this point.
exit;

I am passing the variable curYear in the url: index.php?curMonth=July&curYear=2013

For some reason, it outputs: 

Before anything: curYear = 2013 


Failed all tests.

  printing the $years array gets: 
 

Array ( [0] => 2013 [1] => 2014 [2] => 2015 [3] => 2016 )

I think you get the just of what I am looking for here. Thanks for the help!!    

hi,

i have made a website where people resgister their details of them and products.

they have to enter the following details in form

Name of company

name of the product

company address

email id 

password 

mobile number contact

and 

brief details about their company 

after filling all details user is registered on website.

user can then login with email id and pwd.

now after login ..user will get a page where he can upload the photos of products images and their price, so now my question is that when he finishes uploading (|by clicking on upload button) the product images and price text box ..then on final uploaded webspage it should show all other things which he registerd before (company name , mobile number etc) along with images and price...hence the main question that user does not need to enter mobile and address while uploading images and filling proce ..but on the final page it should show mobile and address along with price and images..as user is not going to enter mobile and address again and again as he will have multiple products to upload.

thanks in advance .

I would appreciate your assistance, there are tons of login scripts and they work just fine. However I need my operators to login and then list their activities for the other operators who are logged in to see and if desired send their clients on the desired activity. I have the login working like a charm and the activities are listed just beautifully. How do I combine the two tables in the MySQL with PHP so the operator Logged in can only make changes to his listing but see the others.

FIRST THE ONE script the member logges in here to the one table in MSQL:
<?php
   session_start();
   
   require_once('config.php');
   
   $errmsg_arr = array();
   
   $errflag = false;
   
   $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
   if(!$link) {
      die('Failed to connect to server: ' . mysql_error());
   }
   
   $db = mysql_select_db(DB_DATABASE);
   if(!$db) {
      die("Unable to select database");
   }
   
   function clean($str) {
      $str = @trim($str);
      if(get_magic_quotes_gpc()) {
         $str = stripslashes($str);
      }
      return mysql_real_escape_string($str);
   }
   
   $login = clean($_POST['login']);
   $password = clean($_POST['password']);
   
   if($login == '') {
      $errmsg_arr[] = 'Login ID missing';
      $errflag = true;
   }
   if($password == '') {
      $errmsg_arr[] = 'Password missing';
      $errflag = true;
   }
   
   if($errflag) {
      $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
      session_write_close();
      header("location: login-form.php");
      exit();
   }
   
   $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
   $result=mysql_query($qry);
   
   if($result) {
      if(mysql_num_rows($result) == 1) {
         session_regenerate_id();
         $member = mysql_fetch_assoc($result);
         $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
         $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
         $_SESSION['SESS_LAST_NAME'] = $member['lastname'];
         session_write_close();
         header("location: member-index.php");
         exit();
      }else {
         header("location: login-failed.php");
         exit();
      }
   }else {
      die("Query failed");
   }
?>

................................................. ................................
Now I need the person who logged in to the table above to be able to make multiple entries to the table below

<?
$ID=$_POST['ID'];
$title=$_POST['title'];
$cost=$_POST['cost'];
$activity=$_POST['activity'];
$ayear=$_POST['aday'];
$aday=$_POST['ayear'];
$seats=$_POST['special'];
$special=$_POST['seats'];
mysql_connect("xxxxxx", "xxx350234427", "========") or die(mysql_error());
mysql_select_db("xxxx") or die(mysql_error());
mysql_query("INSERT INTO `activity` VALUES ('ID','$title', '$cost','$activity', '$aday', '$ayear', '$special', '$seats')");
Print "Your information has been successfully added to the database!"
?>
Click <a href="member-profile.php">HERE</a> to return to the main menu
  <?php      
?>

Actually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after

Hi,

so far I have managed to set up a somewhat basic login website with a mysql database backend.

Once they have logged on they go to a "main menu" page.

What I need to define is that user A sees button A but only that button, etc.

(Then of course that same rule would have to apply if they tried to directly go to the page, but I am guessing I can do that in the same way that I currently do to force a login).

If anyone has any tutorials or sample code I would much appreciate it.

Thanks,

Hi,

I am getting frustrated beyond belief at the moment with trying to get a very simple script to run, I am using PHP 5.3.3 and MySQL 5.1 on a Win2k8 server with IIS7.5. Basically my script is connecting to a local database, running a single select query, returning those rows and building up a string from them.

The problem is that I am receiving complete BS responses from PHP that the access is denied for the user being specified. This is complete rubbish since the user can connect via mysql, sqlyog, ASP.NET MVC without issue but for some bizarre reason it is not working via PHP.

The code for the script is here :

Code: [Select]
<?php

$mysql = mysql_connect('127.0.0.1:3306', 'myuser', 'mypass', 'mydatabase');


if (!$mysql) {
  die(mysql_error());
  $content = "<nobr></nobr>";
} else {
  
  $result = mysql_query('SELECT * FROM tblEventGroup'); 
  $content = "<nobr>";
  
  if ($result) {     
      while($row = mysql_fetch_assoc($result)) {
       $content .= "<span>";
       $content .= $row['GroupName'];
       $content .= "</span>";
       $content .= "<a href=\"../Event/EventSearch?groupid=";
       $content .= $row['GroupId'];
       $content .= "\" target=\"_blank\">Book here</a> ";
      }
  }
  
  mysql_close($mysql);
  $content .= "</nobr>";

}

?>
I cannot for the life of me understand what the problem is, the return error is

Access denied for user 'myuser'@'localhost' (using password: YES)

Hi guys,

I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else.

I have got the system to work up as far as:

1/ The user logs in
2/ Once logged in they are re-directed to their own page using 'theirusername.php'

Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page.

This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working!

Please find below the code I am using:


LOGIN

<?php
session_start();


function dbconnect()
{
    $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error());

}
?>

<?php
if(isset($_SESSION['loggedin']))
{
    header("Location:" . strtolower($username) . ".php");
if(isset($_POST['submit']))
{
   $username = mysql_real_escape_string($_POST['username']);
   $password = mysql_real_escape_string($_POST['password']);
   $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'");
   if(mysql_num_rows($mysql) < 1)
   {
     die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again");
   }   $_SESSION['loggedin'] = "YES";
   $_SESSION['username'] = $username;
 $_SESSION['name']
   header("Location:" . strtolower($username) . ".php");
}
?> 

HEADER ON EACH PHP PAGE

<?php
session_start();
if(!isset($_SESSION['loggedin']))
{
    die(Access to this page is restricted without a valid username and password);
?>

---------------------------------------------------

Am I right in thinking it is something to do with the "loggedin" part?

The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php"

Any help would be greatly appreciated! 

Ta

Hallo everybody, i have the following code. but i get allways this error while the user exist in the database. User not found! what do i do wrong?   thank you very much for your help Rafal

<html>
<head>
<?php
$connection = mysql_connect("db.xyz.com", "username", "password")
or die ("connection fehler");
mysql_select_db("db0123456789")
or die ("database fehler");
$email = $_POST["inp_email"];
$pwd = $_POST["inp_pwd"];
if($email && $pwd)
{
$chkuser = mysql_query("SELECT email FROM gbook WHERE email = '($email)' ");
$chkuserare = mysql_num_rows($chkuser);
echo $email;
echo $pwd;
if ($chkuserare !=0)
{
$chkpwd = mysql_query("SELECT pwd FROM gbook WHERE email = '($email)' ");
$pwddb = mysql_fetch_assoc($chkpwd);
if ($pwd != $pwddb["pwd"])
{
echo "password is wrong!";
}
else
{
echo "login successed";
}
}
else
{
echo "User not found!";
}
}
else
{
echo "Pleas enter your email and password!";
}
mysql_close($connection);
?>
</head>
<body>
<form action="login.php" method="post">
Email <input type="text" name="inp_email"><br>
Password <input type="text" name="inp_pwd"><br>
<input type="submit" name="submit" value="login">
</form>
</body>
</html>

Edited by rafal, 21 September 2014 - 04:33 PM.

Hallo everybody, the user is in the table, but i get error (user not found!).   thank you very much for your help Rafal

<!DOCTYPE html>
<html>
<head>
<title>index</title>
<meta http-EQUIV="CONTENT-LANGUAGE" content="en">
<?php
SESSION_START();
include("abc.php");
$link2 = mysqli_connect("$hoster", "$nameuser", "$password", "$basedata")
or die ("connection error" . mysqli_error($link2));
$email = $_POST["inp_email"];
$pwd = $_POST["inp_pwd"];
if($email && $pwd)
{
$chkuser = mysqli_query("SELECT email FROM $table2 WHERE email = '$email' ");
$chkuserare = mysqli_num_rows($chkuser);
if ($chkuserare !=0)
{
$chkpwd = mysqli_query("SELECT pwd FROM $table2 WHERE email = '$email'");
$pwddb = mysqli_fetch_assoc($chkpwd);
if (md5($pwd) != $pwddb["pwd"])
{
echo "Password is wrong!";
}
else
{
$_SESSION['username'] = $email;
header ('Location:list.php');
}
}
else
{
echo "user not found!";
}
}
else
{
echo "enter your Email and Password!";
}
mysqli_close($link2);
?>
</head>
<body style="font-family: arial;margin: 10; padding: 0" bgcolor="silver">
<font color="black">
<br>
<form action="index.php" method="post">
<b>Login</b><br><br>
<table width="100%">
<tr><td>
Email:<br><input type="text" name="inp_email" style="width:98%; padding: 4px;"><br>
Password:<br><input type="password" name="inp_pwd" style="width:98%; padding: 4px;"><br>
<br>
<input type="submit" name="submit" value="Login" style="width:100%; padding: 4px;">
</td></tr>
</table>
</form>
</font>
</body>
</html>

Hello, i've got some shop script which has 2 payment modules which i'd like to use for something else, the payment modules only work if the user is logged in though, i tried to make them standalone scripts but that didn't work out too well.

So now i decided to go another way and just let everyone have the same session so everyone will be using the same username&password automatically.

the index file looks like this:
Code: [Select]
<?php
include('./inc/config.php');
include('./inc/functions.php');
include('./lang/'.$language.'.lng');
$id = addslashes($_REQUEST["id"]);
$user = addslashes($_REQUEST["username"]);
$pass = addslashes($_REQUEST["password"]);
$language = strtolower($language);
if(empty($id)) $id =1;
$file = mysql_query('SELECT * FROM navi_'.$language.' WHERE id="'.$id.'"');
if(mysql_num_rows($file)>0)
$file = mysql_fetch_array($file);
else
$file = mysql_fetch_array(mysql_query('SELECT * FROM navi_'.$language.' WHERE id="404"'));

if(!empty($user) AND !empty($pass))
{$query = mysql_query('SELECT * FROM users WHERE username="'.$user.'" AND pass="'.md6($pass).'"');
if(mysql_num_rows($query) == 1) {$_SESSION[$session_prefix."user"] = ucfirst($user); echo'<meta http-equiv="refresh" content="0; url=index.php?id=8">';}
else $error = 'Username oder Passwort ist falsch.';}

include('./designe/'.$designe.'/head.tpl');
include('./designe/'.$designe.'/navi.php');
include('./designe/'.$designe.'/middle.tpl');

if(file_exists('./pages/'.$file["file"]))
{echo'<h1>'.ucfirst($file["title"]).'</h1>';
include('./pages/'.$file["file"]);}
if(!empty($error)) echo '<font color="red">'.$error.'</font>'; 

include('./designe/'.$designe.'/foot.tpl');
?>

Now i tried alot of things including adding:
Code: [Select]
session_start();
$_SESSION["username"] = "peter";
$_SESSION["user"] = "peter";
$_SESSION["id"] = "1";
$_SESSION["pass"] = "peter";
$_SESSION["password"] = "peter";
or
Code: [Select]
$id = "1";
$user = "peter";
$username = "peter";
$pass = "peter";
$password = "peter";
also a combination of both, nothing works, but i don't understand why ? Any help is appreciated.

/Edit, i tried adding it to the paymentmodule .php aswell, but no luck.

$characterIDs = explode(',', $_POST['characterIDList']);

After the explode I want to take all those values and do a select statement in a database table for any of the values that match any of the values inside that variable variable. Not sure how to do this since there is no limit to how may there could be.