txapache
-
Posts
21 -
Joined
-
Last visited
Never
Everything posted by txapache
-
Ok, I finished with the new look of the website, Thank you for those honest opinions, hopefully this one is better on the eyes. Again please be brutally honest. You can use any zip code but the test ones that currently have informatiopn in them are 70000, 78217, 10000,. Thanks
-
I agree we did not lke the look either and are currently redoing the look. Our biggest concern was the programming and it appears to be in place. Almost complete with a new modern look, I appreciate the comments and just wanted a second opinion on what we already believed. Thank you.
-
Yes, I tried the simple test provided and received the error: Warning: mail() [function.mail]: "sendmail_from" not set in php.ini or custom "From:" header missing in C:\xampp\htdocs\email_test.php on line 4
-
Ok new to programming and php. Please review this site and give your brutal honest opinion. Use test zip codes 10000 and 70000 for sample listings, other zip codes should say coming soon. Have not fixed contact form yest but need opinion on look, etc. www.freestoragedollars.com.
-
Ok new information, tried the test script but error need from. On to my test, I had the thank you html at the bottom of the email_controller.php and so when I submit form I would get the thankyou screen. I place the following code in the html section: <pre> <strong>DEBUG:</strong> <?php print_r($_POST); ?> </pre> and would get DEBUG array (). So nothing was being posted. I took the HTML part of the email_controller and placed it on its own page changed the header section to header('Location: thankyou.php'); Processed the form again and got a blank email_controller.php page. So for some reason when the form is filled out, none of the information is being ppicked up by the controller. Not sure why I figured the following script would grab the info $firstname = $_POST['firstname']; // required $company = $_POST['company']; //not required $website = $_POST['website']; // not required $email = $_POST['email']; // required $phonenumber = $_POST['phonenumber']; // not required $comments = $_POST['comments']; // required
-
Unless it takes awhile to receive did that and nothing. Get the thank you screen but nothing in my inbox or bulk folder.
-
Not following I see the email_to address but I do not see where you are talking about the "email" stored address? Maybe my eyes are tired
-
I dont ever get the email at all
-
Yes me@mysite was changed, on line 10 I added ")" to close the bracket and took at the @ symbol. At first I was just getting a white page but with those changes it now send me to the thankyou page as if the form was submitted, but I do not get the form in the email. I have checked the spam/junk folder also and nothing. No error messages displayed on page or error log.
-
Second Set of EYes, Hopefully this is it. I put in questions to hosting company with no response yet and now am asking yall (yes Texas), Please glanceat the form and processor and tell me if you see anything wrong. I test the contact form and get the Thank you message but never receive the email. Form: <form action="email_controller.php" method="post" enctype="text/plain" style="margin-top: 25px; margin-left: 20px;"> <table> <tr> <td>Name:</td> <td><input type="text" name="name" size="40" maxlength="100" ONCHANGE="var pattern=/[0-9]/; if(pattern.test(this.value))alert('Please enter a valid name')"></td> </tr><tr> <td>Company Name:</td> <td><input type="text" name="company" size="40" maxlength="100"></td> </tr><tr> <td>Website Address:</td> <td><input type="text" name="website" size="40" maxlength="100"></td> </tr><tr> <td>Email Address:</td> <td><input type="text" name="email" size="40" maxlength="100" ONCHANGE="var pattern=/[\s]/; if(pattern.test(this.value))alert('Please enter a valid email address')"></td> </tr><tr> <td>Phone Number:</td> <td><input type="text" name="phonenumber" size="15" maxlength="15"></td> </tr><tr> <td colspan="2">Comments:</td> </tr><tr> <td colspan="2" background="#d2b48c"><textarea name="comments" cols="50" rows="10"></textarea></td> </table> <input type="image" name="image" value="Submit" src="images/submitbutton.png" width="100" height="35" border="0" alt="Submit!"/> <input type="hidden" name="subject" value="Submission"/> <input type="hidden" name="redirect" value="index.php"/> <input type="hidden" name="form_order" value="alpha"/> <input type="hidden" name="form_delivery" value="hourly"/> <input type="hidden" name="form_format" value="html"/> </form> Processor: <?php ini_set("display_errors", "1"); error_reporting(-1); if(isset($_POST['email'])) { // EDIT THE 2 LINES BELOW AS REQUIRED $email_to = 'me@mysite.com'; $email_subject = 'Contact Us'; $email_from = ($_POST['name']; function died($error) { // your error code can go here echo "We are very sorry, but there were error(s) found with the form you submitted. "; echo "These errors appear below.<br /><br />"; echo $error."<br /><br />"; echo "Please go back and fix these errors.<br /><br />"; die(); } // validation expected data exists if(!isset($_POST['name']) || !isset($_POST['company']) || !isset($_POST['website']) || !isset($_POST['email']) || !isset($_POST['phonenumber']) || !isset($_POST['comments'])) { died('We are sorry, but there appears to be a problem with the form you submitted.'); } $firstname = $_POST['firstname']; // required $company = $_POST['company']; //not required $website = $_POST['website']; // not required $email = $_POST['email']; // required $phonenumber = $_POST['phonenumber']; // not required $comments = $_POST['comments']; // required $error_message = ""; $email_exp = "^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$"; if(!eregi($email_exp,$email)) { $error_message .= 'The Email Address you entered does not appear to be valid.<br />'; } $string_exp = "^[a-z .'-]+$"; if(!eregi($string_exp,$name)) { $error_message .= 'The First Name you entered does not appear to be valid.<br />'; } if(strlen($comments) < 2) { $error_message .= 'The Comments you entered do not appear to be valid.<br />'; } if(strlen($error_message) > 0) { died($error_message); } $email_message = "Form details below.\n\n"; function clean_string($string) { $bad = array("content-type","bcc:","to:","cc:","href"); return str_replace($bad,"",$string); } $email_message .= "Name: ".clean_string($name)."\n"; $email_message .= "Company: ".clean_string($company)."\n"; $email_message .= "Website: ".clean_string($website)."\n"; $email_message .= "Email: ".clean_string($email)."\n"; $email_message .= "Telephone: ".clean_string($phonenumber)."\n"; $email_message .= "Comments: ".clean_string($comments)."\n"; // create email headers $headers = 'From: '.$email_from."\r\n". 'Reply-To: '.$email_from."\r\n" . 'X-Mailer: PHP/' . phpversion(); @mail($email_to, $email_subject, $email_message, $headers); header("Location: thankyou.html"); } ?>
-
Do have a form fiel role. Think I figured it out, I needed to add 1st before I can edit. I had manually added agent and did not add role manually so therefore I could not edit. Deleted manual add and use online form to add and it added agent to "agent" SET and "role" SET. Thanks you have been mighty helpful. Just don't understand why all was working on home "localhost" and when I uploaded to server it all went to %^$&. Next, email controller.
-
Chaanged "group" to "agentgroup" and it worked no error message, BUT it did not update the "agentrole" SET nor give me the error message 'Error assigning selected role to agent.'
-
Where would I place the trigger statement at the beginning of the code or where the current error statement is? And if I understand correctly I have to change table column "group" to somethng like "agentgroup".
-
Can someone please help me and look at these codes and tell me what I am not seeing. I have similar controllers and forms and for some reason this one will not update when I submit the form. I do not see my error and would appreciate a second set of eyes. When I post I get a blank white screen with error message : "Error updating submitted agent!". form: <h1><?php htmlout($pagetitle); ?></h1> <form action='?<?php htmlout($action); ?>' method="post"> <fieldset> <legend>Agent Profile</legend> <div> <label for="group">Agents Group:</label><input type="text" name="group" id="group" value="<?php htmlout($group); ?>"/> </div><div> <label for="company">Company:</label><input type="text" name="company" id="company" value="<?php htmlout($company); ?>"/> </div><div> <label for="address">Address:</label><input type="text" name="address" id="address" value="<?php htmlout($address); ?>"/> </div><div> <label for="city">City:</label><input type="text" name="city" id="city" value="<?php htmlout($city); ?>"/> </div><div> <label for="county">County:</label><input type="text" name="county" id="county" value="<?php htmlout($county); ?>"/> </div><div> <label for="state">State:</label><input type="text" name="state" id="state" value="<?php htmlout($state); ?>"/> </div><div> <label for="zipcode">Zip Code:</label><input type="text" name="zipcode" id="zipcode" value="<?php htmlout($zipcode); ?>"/> </div><div> <label for="phone">Contact Number:</label><input type="text" name="phone" id="phone" value="<?php htmlout($phone); ?>"/> </div><div> <label for="poc">Point of Contact:</label><input type="text" name="poc" id="poc" value="<?php htmlout($poc); ?>"/> </div><div> <label for="email">Email Address:</label><input type="text" name="email" id="email" value="<?php htmlout($email); ?>"/> </div><div> <label for="password">Set Password:</label><input type="text" name="password" id="password" value="<?php htmlout($password); ?>"/> </div><div> <fieldset> <legend>Roles:</legend> <?php for ($i = 0; $i < count($roles); $i++): ?> <div> <label for="role<?php echo $i; ?>"> <input type="checkbox" name="roles[]" id="role<?php echo $i; ?>" value="<?php htmlout($roles[$i]['id']); ?>"<?php if ($roles[$i]['selected']) { echo ' checked="checked"'; } ?>/><?php htmlout($roles[$i]['id']); ?></label>: <?php htmlout($roles[$i]['description']); ?> </div> <?php endfor; ?> </fieldset> Controller for Updating/Editing: <?php if (isset($_POST['action']) and $_POST['action'] == 'Edit') { include 'db_inc.php'; $id = mysqli_real_escape_string($link, $_POST['id']);// Fetch records to update $sql = "SELECT * FROM agent WHERE id='$id'"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error fetching agent details.'; include 'error_html.php'; exit(); } $row = mysqli_fetch_array($result); $pagetitle = 'Edit Agent'; $action = 'editform'; $group = $row['group']; $company = $row['company']; $address = $row['address']; $city = $row['city']; $county = $row['county']; $state = $row['state']; $zipcode = $row['zipcode']; $phone = $row['phone']; $poc = $row['poc']; $email = $row['email']; $password = $row['password']; $id = $row['id']; $button = 'Update Agent'; //Get list of roles assigned to this agent $sql = "SELECT roleid FROM agentrole WHERE agentid = '$id'"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error fetching list of assigned roles.'; include 'error_html.php'; exit(); } $selectedRoles[] = array(); while ($row = mysqli_fetch_array($result)) { $selectedRoles[] = $row['roleid']; } //Build the list of all roles $sql = "SELECT id, description FROM role"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error fetching list of roles.'; include 'error_html.php'; exit(); } while ($row = mysqli_fetch_array($result)) { $roles[] = array( 'id' => $row['id'], 'description' => $row['description'], 'selected' => in_array($row['id'], $selectedRoles)); } include 'agent_form.php'; exit(); } if (isset($_GET['editform'])) { include 'db_inc.php'; $id = mysqli_real_escape_string($link, $_POST['id']); $group = mysqli_real_escape_string($link, $_POST['group']); $company = mysqli_real_escape_string($link, $_POST['company']); $address = mysqli_real_escape_string($link, $_POST['address']); $city = mysqli_real_escape_string($link, $_POST['city']); $county = mysqli_real_escape_string($link, $_POST['county']); $state = mysqli_real_escape_string($link, $_POST['state']); $zipcode = mysqli_real_escape_string($link, $_POST['zipcode']); $phone = mysqli_real_escape_string($link, $_POST['phone']); $poc = mysqli_real_escape_string($link, $_POST['poc']); $email = mysqli_real_escape_string($link, $_POST['email']); $password = mysqli_real_escape_string($link, $_POST['password']); $sql = "UPDATE agent SET group = '$group', company = '$company', address = '$address', city = '$city', county = '$county', state = '$state', zipcode = '$zipcode', phone = '$phone', poc = '$poc', email = '$email', password = '$password' WHERE id = '$id'"; if (!mysqli_query($link, $sql)) { $error = 'Error updating submitted agent.'; include 'error_html.php'; exit(); } if ($_POST['password'] != '') { $password = md5($_POST['password']); $password = mysqli_real_escape_string($link, $password); $sql = "Update agent SET password = '$password' WHERE id = '$id'"; if (!mysqli_query($link, $sql)) { $error = 'Error setting agent password.'; include 'error_html.php'; exit(); } } $sql = "DELETE FROM agentrole WHERE agentid = '$id'"; if (!mysqli_query($link, $sql)) { $error = 'Error removing obsolete agent role entries.'; include 'error_html.php'; exit(); } if (isset($_POST['role'])) { foreach ($_POST['roles'] as $role) { $roleid = mysqli_real_escape_string($link, $role); $sql = "INSERT INTO agentrole SET agentid = '$id', roleid = '$roleid'"; if (!mysqli_query($link, $sql)) { $error = 'Error assigning selected role to agent.'; include 'error_html.php'; exit(); } } } header('Location: admin.html');//redirect browser to admin page } ?>
-
:D :DAdmin Log-in works, I appreciate the help/assistance on this. Not sure what the 2 lines of code truely mean but I did place them. I guess they are the ones given the errors at the top of the page. Atleast that helps me to know where to look to figure it out. Sometimes the page just showes blank? But thats another topic. This one is closed Thanks.
-
Still not connecting but with magicquotes taken out the login processes and I get an error message: Error searching for agent. Apparently the magicquotes was blocking the login, now I feel like I am making progress after a week. Thanks.
-
I checked the error log and nothing was there, Where would I check to see if on or off? I will try without magicquotes?
-
:shrug:Ok, I believe that I fixed the code with just mysqli thruout. Still getting same things though, no error messages, and no admin login just a screen refresh with a blank login form. Again, it is working on my local host. I checked the uploaded database and all is correct same tables with all columns filled out. Thing is on the log-in form even if I leave a box empty i should get error message to fill it in and I don't. Here is all three codes, the controller that processes and calls the login script and access script. Controller: <?php include_once 'magicquotes_inc.php'; require_once 'access.php'; if (!userIsLoggedIn()) { include 'login.php'; exit(); } if (!userHasRole('Editor')) { $error = 'Only Account Editors may access this page.'; include 'accessdenied.php'; exit(); } // Add mover if (isset($_GET['add'])) { $pagetitle = 'New Mover'; $action = 'addform'; $agentgroup = ''; $company = ''; $address = ''; $city = ''; $county = ''; $state = ''; $zipcode = ''; $phone = ''; $poc = ''; $email = ''; $url = ''; $logo = ''; $price_10x10 = ''; $price_10x15 = ''; $price_10x20 = ''; $price_10x30 = ''; $coupon = ''; $box_coupon_1 = ''; $box_coupon_2 = ''; $box_coupon_3= ''; $box_coupon_4 = ''; $box_coupon_5 = ''; $id = ''; $button = 'Add Mover'; //Build the list of coupons $sql = "SELECT id, filename FROM coupon"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error fetching list of coupons.'; include 'error_html.php'; exit(); } while ($row = mysqli_fetch_array($result)) { $coupons[] = array('id' => $row['id'], 'filename' => $row['filename']); } //Build the list of box coupons $sql = "SELECT id, filename FROM boxcoupon"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error fetching list of box coupons.'; include 'error_html.php'; exit(); } while ($row = mysqli_fetch_array($result)) { $boxcoupons[] = array('id' => $row['id'], 'filename' => $row['filename']); } include 'mover_form.php'; exit(); } if (isset($_GET['addform'])) { include 'db_inc.php'; //This is the directory where logos will be saved $target = "images/movers/"; $target = $target . basename($_FILES['logo']['name']); $agentgroup = mysqli_real_escape_string($link, $_POST['agentgroup']); $company = mysqli_real_escape_string($link, $_POST['company']); $address = mysqli_real_escape_string($link, $_POST['address']); $city = mysqli_real_escape_string($link, $_POST['city']); $county = mysqli_real_escape_string($link, $_POST['county']); $state = mysqli_real_escape_string($link, $_POST['state']); $zipcode = mysqli_real_escape_string($link, $_POST['zipcode']); $phone = mysqli_real_escape_string($link, $_POST['phone']); $poc = mysqli_real_escape_string($link, $_POST['poc']); $email = mysqli_real_escape_string($link, $_POST['email']); $url = mysqli_real_escape_string($link, $_POST['url']); $logo = mysqli_real_escape_string($link, $_FILE['logo']['name']); $price_10x10 = mysqli_real_escape_string($link, $_POST['price_10x10']); $price_10x15 = mysqli_real_escape_string($link, $_POST['price_10x15']); $price_10x20 = mysqli_real_escape_string($link, $_POST['price_10x20']); $price_10x30 = mysqli_real_escape_string($link, $_POST['price_10x30']); $coupon = mysqli_real_escape_string($link, $_POST['coupon']); $box_coupon_1 = mysqli_real_escape_string($link, $_POST['box_coupon_1']); $box_coupon_2 = mysqli_real_escape_string($link, $_POST['box_coupon_2']); $box_coupon_3 = mysqli_real_escape_string($link, $_POST['box_coupon_3']); $box_coupon_4 = mysqli_real_escape_string($link, $_POST['box_coupon_4']); $box_coupon_5 = mysqli_real_escape_string($link, $_POST['box_coupon_5']); if ($coupon == '') { $error = 'You must choose a coupon for this storage_unit. Click ‘back’ and try again.'; include 'error_html.php'; exit(); } $sql = "INSERT INTO mover SET agentgroup = '$agentgroup', company = '$company', address = '$address', city = '$city', county = '$county', state = '$state', zipcode = '$zipcode', phone = '$phone', poc = '$poc', email = '$email', url = '$url', logo = '$logo', price_10x10 = '$price_10x10', price_10x15 = '$price_10x15', price_10x20 = '$price_10x20', price_10x30 = '$price_10x30', coupon = '$coupon', box_coupon_1 = '$box_coupon_1', box_coupon_2 = '$box_coupon_2', box_coupon_3 = '$box_coupon_3', box_coupon_4 = '$box_coupon_4', box_coupon_5 = '$box_coupon_5'"; //Writes the logo to the server if(!mover_uploaded_file($_FILES['logo']['tmp_name'], $target)) { //Tells you its ok $error = 'Sorry, there was a problem uploading your file.'; include 'error_html.php'; exit(); } if (!mysqli_query($sql)) { $error = 'Error adding submitted mover.'; include 'error_html.php'; exit(); } header('Location: admin.html'); } // Edit Mover if (isset($_POST['action']) and $_POST['action'] == Edit) { //include 'fsd_db_login.php'; include 'db_inc.php'; $id = mysqli_real_escape_string($link, $_POST['id']);// Fetch records to update $sql = "SELECT id, agentgroup, company, address, city, county, state, zipcode, phone, poc, email, url, logo, price_10x10, price_10x15, price_10x20, price_10x30, coupon, box_coupon_1, box_coupon_2, box_coupon_3, box_coupon_4, box_coupon_5 FROM mover WHERE id='$id'"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error fetching mover details.'; include 'error_html.php'; exit(); } $row = mysqli_fetch_array($result); $pagetitle = 'Edit Mover'; $action = 'editform'; $agentgroup = $row['agentgroup']; $company = $row['company']; $address = $row['address']; $city = $row['city']; $county = $row['county']; $state = $row['state']; $zipcode = $row['zipcode']; $phone = $row['phone']; $poc = $row['poc']; $email = $row['email']; $url = $row['url']; $logo = $row['logo']; $price_10x10 = $row['price_10x10']; $price_10x15 = $row['price_10x15']; $price_10x20 = $row['price_10x20']; $price_10x30 = $row['price_10x30']; $coupon = $row['coupon']; $box_coupon_1 = $row['box_coupon_1']; $box_coupon_2 = $row['box_coupon_2']; $box_coupon_3 = $row['box_coupon_3']; $box_coupon_4 = $row['box_coupon_4']; $box_coupon_5 = $row['box_coupon_5']; $id = $row['id']; $button = 'Update Mover'; //Build the list of coupons $sql = "SELECT id, filename FROM coupon"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error fetching list of coupons.'; include 'error_html.php'; exit(); } while ($row = mysqli_fetch_array($result)) { $coupons[] = array('id' => $row['id'], 'filename' => $row['filename']); } //Build the list of box coupons $sql = "SELECT id, filename FROM boxcoupon"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error fetching list of box coupons.'; include 'error_html.php'; exit(); } while ($row = mysqli_fetch_array($result)) { $boxcoupons[] = array('id' => $row['id'], 'filename' => $row['filename']); } include 'mover_form.php'; exit(); } if (isset($_GET['editform'])) { include 'db_inc.php'; $id = mysqli_real_escape_string($link, $_POST['id']); $agentgroup = mysqli_real_escape_string($link, $_POST['agentgroup']); $company = mysqli_real_escape_string($link, $_POST['company']); $address = mysqli_real_escape_string($link, $_POST['address']); $city = mysqli_real_escape_string($link, $_POST['city']); $county = mysqli_real_escape_string($link, $_POST['county']); $state = mysqli_real_escape_string($link, $_POST['state']); $zipcode = mysqli_real_escape_string($link, $_POST['zipcode']); $phone = mysqli_real_escape_string($link, $_POST['phone']); $poc = mysqli_real_escape_string($link, $_POST['poc']); $email = mysqli_real_escape_string($link, $_POST['email']); $url = mysqli_real_escape_string($link, $_POST['url']); $logo = mysqli_real_escape_string($link, $_POST['logo']); $price_10x10 = mysqli_real_escape_string($link, $_POST['price_10x10']); $price_10x15 = mysqli_real_escape_string($link, $_POST['price_10x15']); $price_10x20 = mysqli_real_escape_string($link, $_POST['price_10x20']); $price_10x30 = mysqli_real_escape_string($link, $_POST['price_10x30']); $coupon = mysqli_real_escape_string($link, $_POST['coupon']); $box_coupon_1 = mysqli_real_escape_string($link, $_POST['box_coupon_1']); $box_coupon_2 = mysqli_real_escape_string($link, $_POST['box_coupon_2']); $box_coupon_3 = mysqli_real_escape_string($link, $_POST['box_coupon_3']); $box_coupon_4 = mysqli_real_escape_string($link, $_POST['box_coupon_4']); $box_coupon_5 = mysqli_real_escape_string($link, $_POST['box_coupon_5']); if ($coupon == '') { $error = 'You must choose a coupon for this storage_unit. Click ‘back’ and try again.'; include 'error_html.php'; exit(); } $sql = "UPDATE mover SET agentgroup = '$agentgroup', company = '$company', address = '$address', city = '$city', county = '$county', state = '$state', zipcode = '$zipcode', phone = '$phone', poc = '$poc', email = '$email', url = '$url', logo = '$logo', price_10x10 = '$price_10x10', price_10x15 = '$price_10x15', price_10x20 = '$price_10x20', price_10x30 = '$price_10x30', coupon = '$coupon', box_coupon_1 = '$box_coupon_1', box_coupon_2 = '$box_coupon_2', box_coupon_3 = '$box_coupon_3', box_coupon_4 = '$box_coupon_4', box_coupon_5 = '$box_coupon_5' WHERE id = '$id'"; if (!mysqli_query($link, $sql)) { $error = 'Error updating submitted mover.' . mysqli_error($link); include 'error_html.php'; exit(); } header('Location: admin.html');//redirect browser to admin page } // Delete mover if (isset($_POST['action']) and $_POST['action'] == 'Delete') { include 'db_inc.php'; $id = mysqli_real_escape_string($link, $_POST['id']); //Delete Mover $sql = "DELETE from mover WHERE id='$id'"; if (!mysqli_query($link, $sql)) { $error = 'Error deleting mover.'; include 'error_html.php'; exit(); } header('Location: admin.html');//redirect browser to admin page exit(); } // Display agent list include 'db_inc.php'; $result = mysqli_query($link, "SELECT * FROM mover WHERE agentgroup like '%$_SESSION[group]%' "); if (!$result) { $error = 'ERROR fetching movers from database!'; include 'error_html.php'; exit(); } while ($row = mysqli_fetch_array($result)) { $movers[] = array('id' => $row['id'], 'company' => $row['company']); } include 'mover_list.php'; ?> Access: <?php function userIsLoggedIn() { if (isset($_POST['action']) and $_POST['action'] == 'login') { if (!isset($_POST['group']) or $_POST['group'] == '' or !isset($_POST['email']) or $_POST['email'] == '' or !isset($_POST['password']) or $_POST['password'] == '') { $GLOBALS['loginError'] = 'Please fill in all fields'; return FALSE; } $password = md5($_POST['password']); if (databaseContainsAgent($_POST['email'], $password, $_POST['group'])) { session_start(); $_SESSION['loggedIn'] = TRUE; $_SESSION['group'] = $_POST['group']; $_SESSION['email'] = $_POST['email']; $_SESSION['password'] = $password; return TRUE; } else { session_start(); unset($_SESSION['loggedIn']); unset($_SESSION['group']); unset($_SESSION['email']); unset($_SESSION['password']); $GLOBALS['loginError'] = 'The specified group, email address, or password was incorrect.'; return FALSE; } } if (isset($_POST['action']) and $_POST['action'] == 'logout') { session_start(); unset($_SESSION['loggedIn']); unset($_SESSION['group']); unset($_SESSION['email']); unset($_SESSION['password']); header('Location: ' . $_POST['goto']); exit(); } session_start(); if (isset($_SESSION['loggedIn'])) { return databaseContainsAgent($_SESSION['group'], $_SESSION['email'], $_SESSION['password']); } } function databaseContainsAgent($group, $email, $password) { include 'db_inc.php'; $group = mysqli_real_escape_string($link, $group); $email = mysqli_real_escape_string($link, $email); $password = mysqli_real_escape_string($link, $password); $sql = "SELECT COUNT(*) FROM agent WHERE email='$email' AND password='$password'"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error searching for agent.'; include 'error_html.php'; exit(); } $row = mysqli_fetch_array($result); if ($row[0] > 0) { return TRUE; } else { return FALSE; } } function userHasRole($role) { include 'db_inc.php'; $group = mysqli_real_escape_string($link, $_SESSION['group']); $email = mysqli_real_escape_string($link, $_SESSION['email']); $role = mysqli_real_escape_string($link, $role); $sql = "SELECT COUNT(*) FROM agent INNER JOIN agentrole ON agent.id = agentid INNER JOIN role ON roleid = role.id WHERE email = '$email' AND role.id='$role'"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error searching for agent roles.'; include 'error_html.php'; exit(); } $row = mysqli_fetch_array($result); if ($row[0] > 0) { return TRUE; } else { return FALSE; } } ?> Login: <?php if (isset($loginError)): ?> <p><?php echo htmlout($loginError); ?></p> <?php endif; ?> <form action="" method="post"> <fieldset> <legend>LogIn</legend> <div> <label for="group">Group:</label><input type="text" name="group" id="group"/> </div><div> <label for="email">Email:</label><input type="text" name="email" id="email"/> </div><div> <label for="password">Password:</label><input type="password" name="password" id="password"/> </div> </fieldset> <div> <input type="hidden" name="action" value="login"/> <input type="submit" value="Log in" style="color: #ffffff; background-color: #008000; "/> </div> </form>
-
I will switch the mysgli to mysql on the code as far as the log-in form, login.php and access.php are includes in the controller.php. Once logged in and verified the controller.php then displays the html admin form. I apologoze, this is my third website and 2nd attempt with php. I'm not a NOOB, i'm a newborn. I do alot of reading and attempts.
-
Thanks for the response, I should have mentioned. When I try and log-in to the live admin I fill out the log-in form and hit submit and the form goes blank rather than to the add edit form. On my local host it sends me to the add edit admin area where I can change prices, add other companies ect. I realize that there is mysql and mysqli both in the same code but it does in fact access the db. Smae with the live version there is the public area that access the database and returns results, but for the admin so that I can give others access to add and edit it will not process. I do not get any error messages and I checked the error log on the server and ther is nothing there.
-
I have been at this for a week and have posted on another forum with no luck. I have built a website with admin controls and everything worked on my localhost(home), thinking I was ready to launch uploaded to clients host server and went to test and now I cant log in to the admin area to add or edit the database. Again login and access scripts worked great on home system but not uploaded. I have been back and forth thru the scripts and cannot for the life of me figure it out. Please help i have searched books, google, and post and i know its probrably something crazy. the way it works is from admin it should access the controller which directs to login.php and access.php and then displays my add edit form. here is the codes: Login form: <?php if (isset($loginError)): ?> <p><?php echo htmlout($loginError); ?></p> <?php endif; ?> <form action="" method="post"> <fieldset> <legend>LogIn</legend> <div> <label for="group">Group:</label><input type="text" name="group" id="group"/> </div><div> <label for="email">Email:</label><input type="text" name="email" id="email"/> </div><div> <label for="password">Password:</label><input type="password" name="password" id="password"/> </div> </fieldset> <div> <input type="hidden" name="action" value="login"/> <input type="submit" value="Log in" style="color: #ffffff; background-color: #008000; "/> </div> </form> Access.php <?php function userIsLoggedIn() { if (isset($_POST['action']) and $_POST['action'] == 'login') { if (!isset($_POST['group']) or $_POST['group'] == '' or !isset($_POST['email']) or $_POST['email'] == '' or !isset($_POST['password']) or $_POST['password'] == '') { $GLOBALS['loginError'] = 'Please fill in all fields'; return FALSE; } $password = md5($_POST['password']); if (databaseContainsAgent($_POST['email'], $password, $_POST['group'])) { session_start(); $_SESSION['loggedIn'] = TRUE; $_SESSION['email'] = $_POST['email']; $_SESSION['password'] = $password; $_SESSION['group'] = $_POST['group']; return TRUE; } else { session_start(); unset($_SESSION['loggedIn']); unset($_SESSION['email']); unset($_SESSION['password']); unset($_SESSION['group']); $GLOBALS['loginError'] = 'The specified email address, group or password was incorrect.'; return FALSE; } } if (isset($_POST['action']) and $_POST['action'] == 'logout') { session_start(); unset($_SESSION['loggedIn']); unset($_SESSION['email']); unset($_SESSION['password']); unset($_SESSION['group']); header('Location: ' . $_POST['goto']); exit(); } session_start(); if (isset($_SESSION['loggedIn'])) { return databaseContainsAgent($_SESSION['email'], $_SESSION['password'], $_SESSION['group']); } } function databaseContainsAgent($email, $password) { include 'fsd_db_login.php'; include 'db_inc.php'; $email = mysql_real_escape_string($email); $password = mysql_real_escape_string($password); $sql = "SELECT COUNT(*) FROM agent WHERE email='$email' AND password='$password'"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error searching for agent.'; include 'error_html.php'; exit(); } $row = mysqli_fetch_array($result); if ($row[0] > 0) { return TRUE; } else { return FALSE; } } function userHasRole($role) { include 'fsd_db_login.php'; include 'db_inc.php'; $email = mysql_real_escape_string($_SESSION['email']); $group = mysql_real_escape_string($_SESSION['group']); $role = mysql_real_escape_string($role); $sql = "SELECT COUNT(*) FROM agent INNER JOIN agentrole ON agent.id = agentid INNER JOIN role ON roleid = role.id WHERE email = '$email' AND role.id='$role'"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error searching for agent roles.'; include 'error_html.php'; exit(); } $row = mysqli_fetch_array($result); if ($row[0] > 0) { return TRUE; } else { return FALSE; } } ?>