PHP - Login Script - I Need Help Changing The Edit User Details Section

Hi guy's,

I'm having problems adjusting a script to add a level (user rights) function. When i login with a admin or normal user it gives a blank page (not redirecting to home.php). It even does'nt return an echo that user / pass is incorrect. I'm breaking my head over this for day's now. Can you help me out?

Code: [Select]
<?php
session_start();

//Login form (index.php)

include "db_connect.php";
if(!$_POST['submit'])
{
?>

<html>
<head>
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="style.css" />
<![endif]-->
<![if !IE]>
<link rel="stylesheet" type="text/css" href="firefox.css" />
<![endif]>
</head>
<body>
<div id="wrapper">
<div id="header">
<?php include('header.php'); ?>
</div>
<div class="divider">

<strong>Login</strong>
<form method="post" action="index.php">

<div class="formElm">
<label for="username">Klantnummer:</label>
<input id="username" type="text" name="username" maxlength="16">
</div>

<div class="formElm">
<label for="password">Wachtwoord:</label>
<input type="password" name="password" maxlength="16">
</div>

<input type="submit" name="submit" value="Login">
</form>

</div>
<div id="footer"> 
<?php include('footer.php'); ?>
</div>
</div>
</html>

<?php
}
else
{
  $user = protect($_POST['username']);
  $pass = protect($_POST['password']);
  $level = protect($_POST['level']);
 
if($user && $pass && $level)
{
$pass = md5($pass); //compare the encrypted password
$sql1 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='1'"; 
$sql2 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='9'";
$queryN=mysql_query($sql1) or die(mysql_error());
$queryA=mysql_query($sql2) or die(mysql_error());

if(mysql_num_rows($queryN) == 1)
    {
      $resultN = mysql_fetch_assoc($queryN);
  $_SESSION['id'] = $resultN['id'];
      $_SESSION['username'] = $resultN['username'];   
header("location:home.php");     
    }
    elseif(mysql_num_rows($queryA) == 1)
    {
      $resultA = mysql_fetch_assoc($queryA); 
  $_SESSION['id'] = $resultA['id'];
      $_SESSION['username'] = $resultA['username'];  
header("location:home.php"); 
}

else{
echo "Wrong Username or Password";
}
}
}
?>
and the mysql code:

Code: [Select]
CREATE TABLE `user` (
  `id` int(4) unsigned NOT NULL auto_increment,
  `username` varchar(32) NOT NULL,
  `password` varchar(32) NOT NULL,
  `level` int(4) default '1',
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=27 DEFAULT CHARSET=latin1;

i am working on a project in which i am facing a problem.
 my question is that

is it possible to get information/details of a user who is not logged in or who is not registered.

if a user logged in then we can find get details easily. but how can i do this. is it possible. 

Obviously when connecting to php Im not going to show all of my login details;

mysql_connect("details","details","password") or die(mysql_error()); 
mysql_select_db("details") or die(mysql_error());

whats the best way to hide them?
Ive seen some people using an include file with their login details on but say for eg.

<?php
  include('con.php');
?>

Whats to stop  somone looking at www.myweb/con.php and obtaining my details there instead?

Hi all

I need some help with displaying user account details i am currently able to show only the email address and i would like to show the name school name and yeargroup

heres my code for myaccount.php
<?php require_once('Connections/isn_1.php'); ?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "1,2,3,4";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && false) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "login.php?login=false";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>My Account - <?php echo($_SESSION['MM_Username']); ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css">
@import url("style.css");
</style>
</head>
<body class="about">
<!-- Start NavBar -->
<div id="topnavbar">
<dl>
<dt id="home"><a href="index.php">Home</a></dt>
        <dt id="about"><a href="about.php">About</a></dt>
        <dt id="account"><a href="myaccount.php">Account</a></dt>
        <dt id="login"><a href="login.php">Login</a></dt>
        </dl>
    <dl id="rightnavbar">
     <dt id="ISN"><a href="index.php">ISN</a></dt>
    </dl>
</div>
<!-- End NavBar -->
<div id="page-container"> 

<div id="header"> 
</div> 
    
<div id="sidebar-a"></div> 

<div id="content"> 
<div class="padding">
  <center>
    <table width="631" border="0">
      <tr>
        <td colspan="2">Personal Details</td>
          </tr>
      <tr>
        <td width="229">&nbsp;</td>
        <td width="648"></td>
          </tr>
      <tr>
        <td>Name</td>
        <td></td>
          </tr>
      <tr>
        <td>Email</td>
        <td><?php echo($_SESSION['MM_Username']); ?></td>
          </tr>
      <tr>
        <td>School Name</td>
        <td></td>
          </tr>
      <tr>
        <td>Year Group</td>
        <td></td>
          </tr>
      <tr>
        <td>DOB</td>
        <td></td>
          </tr>
      <tr>
        <td>&nbsp;</td>
        <td><a href="updateprofile.php">Modify my details</a></td>
          </tr>
        </table>
    <a href="logout.php">Logout?</a>
      </center>
</div> 
</div> 

<div id="footer"> 
<div id="altnav"> 
<a href="index.php">Home</a> - 
<a href="login.php">Login</a> - 
<a href="register.php">Register</a> - 
<a href="about.php">About</a> -
        <a href="terms.php">Terms & Conditions</a>
</div> 
<div id="copyright">&copy; 2011 InterSchoolsNetwork, All Rights Reserved - A <a href="http://jordansmithsolutions.co.uk">Jordan Smith Solutions</a> &amp; <a href="http://www.joecocorp.webs.com/">JoeCo Corp Production</a><br /> 
</div> 
</div> 
</div> 
</body>
</html>
<?php
mysql_free_result($rsUpdateUser);
?>


If you need any other code to help answer it for me then let me no please

Hello everyone.   I have a fully working form that gets data from a user (with $_post array) , and stores it in a database (mysql).   After successfulIy filling the form, I refer him to the "dashboard" page. In this page, i am having trouble to get his details from the database. How should I recognize him as the user that just registered?   should I use a $_post? or maybe a session? could you please give me a clue how to solve this? 

Hi,

I got this code which is meant to display the login details of the person that is logged in, however it just displays the details of the last person in the mysql table.

I have set up some test logins, so if I login as paul1 the details for paul3 are displayed...confused

Anyway, here is the page which displays the details

Code: [Select]
<?php

session_start();

// This checks to make sure the session variable is registered

// WARNING: DO NOT DELETE THE FOLLOWING LINE OF TEXT

if( isset($_SESSION['username']) && isset($_SESSION['sid'])) {

// You are free to edit the following code to suit your requirements
include_once("../../data/server.php");

include_once("../../lib/userdata.php");

// THIS BIT WORKS AND DISPLAYS THE USERNAME

 $data = mysql_query("SELECT * FROM members") 
 or die(mysql_error()); 
 while($info = mysql_fetch_array( $data )) 
 { 
 


include("../../lib/userinfo.php"); 
 
 //////////////////////////////////////////// WARNING: YOU SHOULD NOT EDIT ANYTHING ABOVE THIS LINE ////////////////////////////////////////////////////////
 
 
ECHO <<<PAGE

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>$siteName</title>
<link rel="stylesheet" href="../../userstylesheet.css" type="text/css" />

</head>

<div id="page">
  <img alt="" src="../../images/leftCurve" height="6" width="6" id="left" /> <img alt="" src="../../images/rightCurve.gif" height="6" width="6" id="right" />
  
  <div id="pageName">
    <h1>$siteName</h1>
     </div>
  <div id="pageNav">
    <div id="sectionLinks"> <a href="profile.php?username=$username">My Profile</a> <a href="modify.php?username=$username">Personal Details</a> <a href="message.php?username=$username">Messages</a> <a href="../../logout.php?username=$username">Logout</a></div>
  </div>
  <div id="content">
    <div class="feature">

<h2>Welcome $username </h2>
  

      <p>This is the demonstration home.html template. You are free to edit this or any of the other templates to suit your own needs. </p>
      <p>This is the first page your member will see once they have logged in. </p>
  <p>If you look at the code for this page, you will see that all HTML code is placed between the ***PAGE and PAGE; tags. Please note that the three * should be replaced with the < character. 
  This format must be kept to ensure that the user variables work. Changing this format may result in errors being returned.</p>
  <p>You may call member information using the $ tag and the variable name eg $ firstname without the space, will show the members first name, such as $firstname</p>
      <p>For any information please visit our site http://www.membersitemaker.co.uk. User guides will be added shortly and the forum will soon be full of help. </p>
    </div>
  </div>
  <div id="information">  <a href="#">About Us</a> | <a href="#">Site Map</a> | <a href="#">Privacy Policy</a> | <a href="#">Contact Us</a> | &copy;2011 $siteName </div>
</div>

</body>
</html>
PAGE;

}
//////////////////////////////////////// WARNING: DO NOT DELETE ANYTHING BELOW THIS LINE  //////////////////////////////////////////////////////////

} else {

// This will redirect the user to the login page if the session variables do not exist

header( "Location: ../../../login.html" );
}
?>
And here is the code for userdata.php

Code: [Select]
<?php


// Decode sitename

function decode_variable(&$siteName)
{
    $siteName = urldecode($siteName);
    $siteName = str_replace('%20',' ',$siteName); 
    return $siteName;
} 

decode_variable($siteName);

// Connnect to MySQL database

include_once("../../data/mysql.php");

$mysqlPassword = (base64_decode($mysqlpword));

$db = mysql_connect("$localhost", "$mysqlusername", "$mysqlPassword") or die ("Error connecting to database");

mysql_select_db("$dbname", $db) or die ("An error occured when connecting to database");

// Carry out MySQL query


?>
and userinfo.php

Code: [Select]
<?php

$username = $info['username'];
 $firstname = $info['firstname'];
 $lastname = $info['lastname'];
 $address = $info['address'];
 $town = $info['town'];
 $county = $info['county'];
 $postcode = $info['postcode'];
 $email = $info['email'];



$birth_year = $info['birth_year'];

$country = $info['country'];

$telephone_number = $info['telephone_number'];

$mobile_number = $info['mobile_number'];

$nickname = $info['nickname'];


As always, your help is much appreciated

Paul

I have created a button which when pressed should present the user with their details (whoever is logged in), here is the form code:

<form id="form1" name="form1" method="post" action="getdetails.php">
 
  <input type="submit" name="Get Details" value="Get Details" />
   </label>
   
  </p>
</form>

Here is the getdetails.php file

<?php
 mysql_connect("localhost","root","");
 mysql_select_db("test");
 $username = $_POST['textfield'];
  echo '</br>';
 $query = mysql_query("SELECT * FROM membersdetails WHERE name=`$username` ");

while($result = mysql_fetch_array($query)) {
//display
echo $result['firstname'];
echo $result['surname'];
}
?>

Its not workin at all I have attacthed the error i am getting

Any help please?

Incorrect login attempt 1
        \/
Incorrect login attempt 2
        \/
Incorrect login attempt 3  -->>  ?forgot your login details?

What's the most effecient way of achieving this?
Is it to:
1. create a session for the user who hasn't logged in
2. the user login fails once, session['fail']=1
3. the user login fails twice, session['fail']=2
4. the user login fails for a third time pushing the session['fail'] count to three:
              this triggers an 'if' on the index.php prompting the user to retrieve their details through the "forgot login details system"

However if the session['fail'] count never reaches 3 then this temp session is destroyed and the proper one created allowing the user into the site??

As usual any pointers into the correct direction here would be very much appreciated (and i try to repay by answering other peoples questions [where i can  ])

hi
i had database with field of name,title,post,content

i want to fetch the post and content for a specific user from giving name of that user by form help me to get that

ps just give me idea to how to do that/

Code: [Select]
<form id="form1" name="form1" method="post" action="view.php">
  <label>Name
  <input type="text" name="textfield" />
  </label>
  <p>
    <label>
    <input type="submit" name="Submit" value="Submit" />
    </label>
  </p>
</form>

I am ok with codeing but NOT half-as good as some of your GUYS here.
I'm trying to write a simple sql query based on returning certain values from a table for that user.

I would like to just beable to include this as a page user.info.php and render it on any page as include to return need values .

See My CODE. PLESE HELP ME.
Code: [Select]
<?php 

     @session_start();
 $user = $_SESSION['username'];

// Set cookie
$userid = JRequest::getVar('userid');

$data       = new stdClass();
$model      =& $this->getModel('profile');
$my         = CFactory::getUser();

// Test if userid is 0, check if the user is viewing its own profile.
$db =& JFactory::getDBO();
$user =& JFactory::getUser();
        $userId = $user->id;

// Return with empty data
if($userId == null || $userId == '')
{
//return false;
}

$user =& JFactory::getUser($userId);

if($user->id == null){
//return false;
}

$id = & JFactory::getUser($userId);
$query = 'SELECT user_id, id, format_id, year, name FROM #__muscol_albums WHERE user_id = ' . $id;
//$query = 'SELECT user_id FROM #__muscol_albums WHERE id = ' . $album_id ;
$result = mysql_query($query) or die('Error, No Album Search failed');
list($name, $user_id, $id, $year) = mysql_fetch_array($result);

 
echo $id;
echo $user_id;
echo $year;

 
 
    // preform id return check and redirecto to correct url
    if ($user->get('id') == 0 || $userid == 0 || $userid <> $user->get('id')){
 $url=JURI::root().'index.php?'.$component.'&id='.$id.'&amp;tmpl=component&amp;print=1';
} else {
    $url=JURI::root().'index.php?option=com_community&amp;view=profile&amp;id=1&amp;tmpl=component&amp;print=1'; //redirect      is a function 
 
}

?>

Hi Guys,

I have a list of branches in a database table with the following collumns,

Ter BranchName BranchAddress BranchTel BranchEmail BranchLink
Ter = Terriotory ID

However every time i update a branch using the edit.php code it always sets the Ter as 1 again! Rather than leaving it the same. The actual field is read-only to prevent that from happening.

It then always comes up with the error Duplicate entry '1' for key 1 but thats because there is already a branch with Ter=1

 
include('config.php'); 
if (isset($_GET['Ter']) ) { 
$ter = (int) $_GET['Ter']; 
if (isset($_POST['submitted'])) { 
foreach($_POST AS $key => $value) { $_POST[$key] = mysql_real_escape_string($value); } 
$sql = "UPDATE `ter` SET `Ter` =  `BranchName` =  '{$_POST['BranchName']}' ,  `BranchAddress` =  '{$_POST['BranchAddress']}' ,  `BranchTel` =  '{$_POST['BranchTel']}' , `BranchEmail` =  '{$_POST['BranchEmail']}' , `BranchLink` =  '{$_POST['BranchLink']}'   WHERE `Ter` = '$ter' "; 
mysql_query($sql) or die(mysql_error()); 
echo (mysql_affected_rows()) ? "Edited Branch.<br />" : "Nothing changed. <br />";  
} 
$row = mysql_fetch_array ( mysql_query("SELECT * FROM `ter` WHERE `Ter` = '$ter' ")); 



<form action='' method='POST'> 
<p><b>Territory:</b><br /><input name='Ter' type='text' value='<?= stripslashes($row['Ter']) ?>' size="3" readonly="readonly" />
<p><b>Branch Name:</b><br /><input name='BranchName' type='text' value='<?= stripslashes($row['BranchName']) ?>' size="50" /> 
<p><b>Address:</b><br />
  <textarea name="BranchAddress" cols="40" rows="5"><?= stripslashes($row['BranchAddress']) ?></textarea> 
<p><b>Telephone:</b><br /><input name='BranchTel' type='text' value='<?= stripslashes($row['BranchTel']) ?>' size="15" />
<p><b>Email:</b><br /><input name='BranchEmail' type='text' value='<?= stripslashes($row['BranchEmail']) ?>' size="50" />
<p><b>Link:</b><br /><input name='BranchLink' type='text' value='<?= stripslashes($row['BranchLink']) ?>' size="50" />
<p><input type='submit' value='Save' /><input type='hidden' value='1' name='submitted' /> 
</form> 
<? } ?> 

Any Ideas?
Cheers, S

I would appreciate your assistance, there are tons of login scripts and they work just fine. However I need my operators to login and then list their activities for the other operators who are logged in to see and if desired send their clients on the desired activity. I have the login working like a charm and the activities are listed just beautifully. How do I combine the two tables in the MySQL with PHP so the operator Logged in can only make changes to his listing but see the others.

FIRST THE ONE script the member logges in here to the one table in MSQL:
<?php
   session_start();
   
   require_once('config.php');
   
   $errmsg_arr = array();
   
   $errflag = false;
   
   $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
   if(!$link) {
      die('Failed to connect to server: ' . mysql_error());
   }
   
   $db = mysql_select_db(DB_DATABASE);
   if(!$db) {
      die("Unable to select database");
   }
   
   function clean($str) {
      $str = @trim($str);
      if(get_magic_quotes_gpc()) {
         $str = stripslashes($str);
      }
      return mysql_real_escape_string($str);
   }
   
   $login = clean($_POST['login']);
   $password = clean($_POST['password']);
   
   if($login == '') {
      $errmsg_arr[] = 'Login ID missing';
      $errflag = true;
   }
   if($password == '') {
      $errmsg_arr[] = 'Password missing';
      $errflag = true;
   }
   
   if($errflag) {
      $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
      session_write_close();
      header("location: login-form.php");
      exit();
   }
   
   $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
   $result=mysql_query($qry);
   
   if($result) {
      if(mysql_num_rows($result) == 1) {
         session_regenerate_id();
         $member = mysql_fetch_assoc($result);
         $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
         $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
         $_SESSION['SESS_LAST_NAME'] = $member['lastname'];
         session_write_close();
         header("location: member-index.php");
         exit();
      }else {
         header("location: login-failed.php");
         exit();
      }
   }else {
      die("Query failed");
   }
?>

................................................. ................................
Now I need the person who logged in to the table above to be able to make multiple entries to the table below

<?
$ID=$_POST['ID'];
$title=$_POST['title'];
$cost=$_POST['cost'];
$activity=$_POST['activity'];
$ayear=$_POST['aday'];
$aday=$_POST['ayear'];
$seats=$_POST['special'];
$special=$_POST['seats'];
mysql_connect("xxxxxx", "xxx350234427", "========") or die(mysql_error());
mysql_select_db("xxxx") or die(mysql_error());
mysql_query("INSERT INTO `activity` VALUES ('ID','$title', '$cost','$activity', '$aday', '$ayear', '$special', '$seats')");
Print "Your information has been successfully added to the database!"
?>
Click <a href="member-profile.php">HERE</a> to return to the main menu
  <?php      
?>

Hi guys,

Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!"

Any suggestion and help would be appreciated.
Thanks.

login.php

<?php 

//Assigned varibale $error_msg as empty

//$error_msg = "";

session_start();

$error_msg = "";

if (isset($_POST['submit'])) {

if ($a_username = "admin" && $a_password = "123") 

{

//Define $_POST from form text feilds

$username = $_POST['username'];

$password = $_POST['password'];

//Add some stripslashes

$username = stripslashes($username);

$password = stripslashes($password);

//Check if usernmae and password is good, if it is it will start session

if ($username == $a_username && $password == $a_password)

{

session_start();

$_SESSION['session_logged'] = 'true';

$_SESSION['session_username'] = $username;

//Redirect to admin page

header("Location: admin_area.php");

}

}

$username = (isset($_POST['username'])) ? $_POST['username'] : ''; 

$password = (isset($_POST['password'])) ? $_POST['password'] : ''; 

if($username && $password) {

$connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!");

mysql_select_db("friendsdb") or die ("Couldn't find the DB");

$query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'");

$numrows = mysql_num_rows($query);

if ($numrows != 0){

while ($row = mysql_fetch_array($query)) {

$dbusername = $row['username'];

$dbpassword = $row['password'];

}

//Check to see if they are match!

if ($username == $dbusername && md5($password) == $dbpassword) {

header ("Location: user_area.php");

$_SESSION['username'] = $username;

}

else

$error_msg = "Incorrect password!";

//code of login

}else

$error_msg = "That user does not exist!";

//echo $numrows;

}

else

$error_msg = "Please enter a username and password!";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Page</title>
</head>

<body>
<br />
<?php

require "header.php";
?><br />
<div align="center">
<table width="200" border="1">

<?php

// If $error_msg not equal to emtpy then display error message

if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?>

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<!--form action="login_a.php" method="post"-->

Username: <input type="text" name="username" /><br /><br />

Password: <input type="password" name="password"  /><br /><br />

<input type="submit" name = "submit" value="Log in"  />
</form> <p> </p>

Register a <a href="register.php">New User</a>
</table>
</div>
</body>
</html>

when i submit it, the only field that updates is the email field.

UserEdit.php file

<?
/**
 * UserEdit.php
 *
 * This page is for users to edit their account information
 * such as their password, email address, etc. Their
 * usernames can not be edited. When changing their
 * password, they must first confirm their current password.
 *
 */
include("include/session.php");
?>

<html>
<title>Edit Your Details</title>
<link rel="stylesheet" type="text/css" href="../assets/css/styles.css" />
<link rel="stylesheet" type="text/css" href="../assets/css/forms.css" />
<link rel="stylesheet" type="text/css" href="../assets/css/layout.css" />
<link rel="stylesheet" type="text/css" href="../assets/css/style.css" />
<style>
#form6 input{
margin:0;
width:250px;
border:1px solid #ddd;
padding:3px 5px 3px 25px;
}


input{
font:100% Trebuchet MS, Arial, Helvetica, Sans-Serif;
line-height:160%;
color:#FFF;
}
#form6 input{background:#000;
}
</style>
<body>

<?
/**
 * User has submitted form without errors and user's
 * account has been edited successfully.
 */
if(isset($_SESSION['useredit'])){
   unset($_SESSION['useredit']);
   
   echo "<h1>User Account Edit Success!</h1>";
   echo "<p><b>$session->username</b>, your account has been successfully updated. "
       ."<a href=\"index.php\">Main</a>.</p>";
}
else{
?>

<?
/**
 * If user is not logged in, then do not display anything.
 * If user is logged in, then display the form to edit
 * account information, with the current email address
 * already in the field.
 */
if($session->logged_in){
?>

<h2>User Account Edit : <? echo $session->firstname; ?></h2>
<?
if($form->num_errors > 0){
   echo "<td><font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font></td>";
}
?>
<form id="form6" action="process.php" method="POST">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr>
<td>Email:</td>
<td><input type="text" name="email" maxlength="50" value="
<?
if($form->value("email") == ""){
   echo $session->userinfo['email'];
}else{
   echo $form->value("email");
}
?>">
</td>
<td><? echo $form->error("email"); ?></td>
</tr>
<tr>
<td>Phone:</td>
<td><input type="text" name="tel" maxlength="50" value="
<?
if($form->value("tel") == ""){
   echo $session->userinfo['tel'];
}else{
   echo $form->value("tel");
}
?>">
</td>
<td><? echo $form->error("tel"); ?></td>
</tr>
<tr>
<td>Address:</td>
<td>
<input type="text" name="address" maxlength="50" value="
<?
if($form->value("address") == ""){
   echo $session->userinfo['address'];
}else{
   echo $form->value("address");
}
?>" style="height: 138px">
</td>
<td><? echo $form->error("address"); ?></td>
</tr>
<tr>
<td>Company:</td>
<td><input type="text" name="company" maxlength="50" value="
<?
if($form->value("company") == ""){
   echo $session->userinfo['company'];
}else{
   echo $form->value("company");
}
?>">
</td>
<td><? echo $form->error("company"); ?></td>
</tr>
<tr><td colspan="2" align="right">
<input type="hidden" name="subedit" value="1">
<input type="submit" value="Edit Account"></td></tr>
<tr><td colspan="2" align="left"></td></tr>
</table>
</form>

<?
}
}

?>

</body>
</html>


sends to session.php
   /**
    * editAccount - Attempts to edit the user's account information
    * including the password, which it first makes sure is correct
    * if entered, if so and the new password is in the right
    * format, the change is made. All other fields are changed
    * automatically.
    */
   function editAccount($subcurpass, $subnewpass, $subemail, $subtel, $subaddress, $subcompany){
      global $database, $form;  //The database and form object

     /* New password entered */
      if($subnewpass){
         /* Current Password error checking */
         $field = "curpass";  //Use field name for current password
         if(!$subcurpass){
            $form->setError($field, "* Current Password not entered");
         }
         else{
            /* Check if password too short or is not alphanumeric */
            $subcurpass = stripslashes($subcurpass);
            if(strlen($subcurpass) < 4 ||
               !eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))){
               $form->setError($field, "* Current Password incorrect");
            }
            /* Password entered is incorrect */
            if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){
               $form->setError($field, "* Current Password incorrect");
            }
         }
         
         /* New Password error checking */
         $field = "newpass";  //Use field name for new password
         /* Spruce up password and check length*/
         $subpass = stripslashes($subnewpass);
         if(strlen($subnewpass) < 4){
            $form->setError($field, "* New Password too short");
         }
         /* Check if password is not alphanumeric */
         else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){
                     $form->setError($field, "* New Password not alphanumeric");
         }
      }
      /* Change password attempted */
      else if($subcurpass){
         /* New Password error reporting */
         $field = "newpass";  //Use field name for new password
         $form->setError($field, "* New Password not entered");
      }
      
      /* Email error checking */
      $field = "email";  //Use field name for email
      if($subemail && strlen($subemail = trim($subemail)) > 0){
         /* Check if valid email address */
         $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
                 ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
                 ."\.([a-z]{2,}){1}$";
         if(!eregi($regex,$subemail)){
            $form->setError($field, "* Email invalid");
         }
         $subemail = stripslashes($subemail);
      }
      
      /* Errors exist, have user correct them */
      if($form->num_errors > 0){
         return false;  //Errors with form
      }
      
      /* Update password since there were no errors */
      if($subcurpass && $subnewpass){
         $database->updateUserField($this->username,"password",md5($subnewpass));
      }
      
      /* Change Email */
      if($subemail){
         $database->updateUserField($this->username,"email",$subemail);
      }
      /* Change Email */
      if($subtel){
         $database->updateUserField($this->username,"tel",$subtel);
      }
      /* Change Email */
      if($subaddress){
         $database->updateUserField($this->username,"address",$subaddress);
      }
      /* Change Email */
      if($subcompany){
         $database->updateUserField($this->username,"company",$subcompany);
      }
      
      /* Success! */
      return true;
   }


sends to database.php
   /**
    * updateUserField - Updates a field, specified by the field
    * parameter, in the user's row of the database.
    */
   function updateUserField($username, $field, $value){
      $q = "UPDATE ".TBL_USERS." SET ".$field." = '$value' WHERE username = '$username'";
      return mysql_query($q, $this->connection);
   }


think thats all you should need?

Hallo everybody, the user is in the table, but i get error (user not found!).   thank you very much for your help Rafal

<!DOCTYPE html>
<html>
<head>
<title>index</title>
<meta http-EQUIV="CONTENT-LANGUAGE" content="en">
<?php
SESSION_START();
include("abc.php");
$link2 = mysqli_connect("$hoster", "$nameuser", "$password", "$basedata")
or die ("connection error" . mysqli_error($link2));
$email = $_POST["inp_email"];
$pwd = $_POST["inp_pwd"];
if($email && $pwd)
{
$chkuser = mysqli_query("SELECT email FROM $table2 WHERE email = '$email' ");
$chkuserare = mysqli_num_rows($chkuser);
if ($chkuserare !=0)
{
$chkpwd = mysqli_query("SELECT pwd FROM $table2 WHERE email = '$email'");
$pwddb = mysqli_fetch_assoc($chkpwd);
if (md5($pwd) != $pwddb["pwd"])
{
echo "Password is wrong!";
}
else
{
$_SESSION['username'] = $email;
header ('Location:list.php');
}
}
else
{
echo "user not found!";
}
}
else
{
echo "enter your Email and Password!";
}
mysqli_close($link2);
?>
</head>
<body style="font-family: arial;margin: 10; padding: 0" bgcolor="silver">
<font color="black">
<br>
<form action="index.php" method="post">
<b>Login</b><br><br>
<table width="100%">
<tr><td>
Email:<br><input type="text" name="inp_email" style="width:98%; padding: 4px;"><br>
Password:<br><input type="password" name="inp_pwd" style="width:98%; padding: 4px;"><br>
<br>
<input type="submit" name="submit" value="Login" style="width:100%; padding: 4px;">
</td></tr>
</table>
</form>
</font>
</body>
</html>