Jakx

Okay, So it works now i got rid of the extra queries checking for the user in the data base, and i just left the check to determine if the page can be viewed or not , and now it works ! it adds and deletes items normally without giving the " Your login session data is not on record in the database. " message.

Okay, I think I am going to do that and find a new and more up to date Turorial. I seems like this one has a lot of flaws, this is like the 3rd problem i have had to deal with and I'm not even half way done .

Hello, I am having trouble with this custom admin panel. It is pretty simple, it has an admin login page, an index page , and a page where you can Add and Delete invetory items ( <--this one is the one with the problem ) Everything was working okey, I added 2 items, deleted one, and now it gives me this Error everytime i try to add or deleted any items. " Your login session data is not on record in the database. " You can try it out. the URL is http://regismartinez.com/pepe/storeadmin/admin_login.php The credentials are: administrator / asdf1234 Here is the code for admin_login.php (works fine ) <?php session_start(); ob_start(); if (isset($_SESSION["manager"])) { header("location: index.php"); exit(); ob_end_flush(); } ?> <?php // Parse the log in form if the user has filled it out and pressed "Log In" if (isset($_POST["username"]) && isset($_POST["password"])) { $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters // Connect to the MySQL database include "../storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person // ------- MAKE SURE PERSON EXISTS IN DATABASE --------- $existCount = mysql_num_rows($sql); // count the row nums if ($existCount == 1) { // evaluate the count while($row = mysql_fetch_array($sql)){ $id = $row["id"]; } $_SESSION["id"] = $id; $_SESSION["manager"] = $manager; $_SESSION["password"] = $password; header("location: index.php"); exit(); } else { echo 'That information is incorrect, try again <a href="index.php">Click Here</a>'; exit(); } } ?> Here is the code for the index.php (the admin index page) <?php session_start(); if (!isset($_SESSION["manager"])) { header("location: admin_login.php"); exit(); } // Be sure to check that this manager SESSION value is in fact in the database $managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters $password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters // Run mySQL query to be sure that this person is an admin and that their password session var equals the database information // Connect to the MySQL database include "../storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); // query the person // ------- MAKE SURE PERSON EXISTS IN DATABASE --------- $existCount = mysql_num_rows($sql); // count the row nums if ($existCount == 0) { // evaluate the count echo "Your login session data is not on record in the database."; exit(); } ?> And here is the code for the inventory_list.php ( the one with the problem I believe) <?php session_start(); if (!isset($_SESSION["manager"])) { header("location: admin_login.php"); exit(); } // Be sure to check that this manager SESSION value is in fact in the database $managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters $password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters // Run mySQL query to be sure that this person is an admin and that their password session var equals the database information // Connect to the MySQL database include "../storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); // query the person // ------- MAKE SURE PERSON EXISTS IN DATABASE --------- $existCount = mysql_num_rows($sql); // count the row nums if ($existCount == 0) { // evaluate the count echo "Your login session data is not on record in the database."; exit(); } ?> <?php // Script Error Reporting error_reporting(E_ALL); ini_set('display_errors', '1'); ?> <?php // Delete Item Question to Admin, and Delete Product if they choose if (isset($_GET['deleteid'])) { echo 'Do you really want to delete product with ID of ' . $_GET['deleteid'] . '? <a href="inventory_list.php?yesdelete=' . $_GET['deleteid'] . '">Yes</a> | <a href="inventory_list.php">No</a>'; exit(); } if (isset($_GET['yesdelete'])) { // remove item from system and delete its picture // delete from database $id_to_delete = $_GET['yesdelete']; $sql = mysql_query("DELETE FROM products WHERE id='$id_to_delete' LIMIT 1") or die (mysql_error()); // unlink the image from server // Remove The Pic ------------------------------------------- $pictodelete = ("../inventory_images/$id_to_delete.jpg"); if (file_exists($pictodelete)) { unlink($pictodelete); } header("location: inventory_list.php"); exit(); } ?> <?php // Parse the form data and add inventory item to the system if (isset($_POST['product_name'])) { $product_name = mysql_real_escape_string($_POST['product_name']); $price = mysql_real_escape_string($_POST['price']); $category = mysql_real_escape_string($_POST['category']); $subcategory = mysql_real_escape_string($_POST['subcategory']); $details = mysql_real_escape_string($_POST['details']); // See if that product name is an identical match to another product in the system $sql = mysql_query("SELECT id FROM products WHERE product_name='$product_name' LIMIT 1"); $productMatch = mysql_num_rows($sql); // count the output amount if ($productMatch > 0) { echo 'Sorry you tried to place a duplicate "Product Name" into the system, <a href="inventory_list.php">click here</a>'; exit(); } // Add this product into the database now $sql = mysql_query("INSERT INTO products (product_name, price, details, category, subcategory, date_added) VALUES('$product_name','$price','$details','$category','$subcategory',now())") or die (mysql_error()); $pid = mysql_insert_id(); // Place image in the folder $newname = "$pid.jpg"; move_uploaded_file( $_FILES['fileField']['tmp_name'], "../inventory_images/$newname"); header("location: inventory_list.php"); exit(); } ?> <?php // This block grabs the whole list for viewing $product_list = ""; $sql = mysql_query("SELECT * FROM products ORDER BY date_added DESC"); $productCount = mysql_num_rows($sql); // count the output amount if ($productCount > 0) { while($row = mysql_fetch_array($sql)){ $id = $row["id"]; $product_name = $row["product_name"]; $price = $row["price"]; $date_added = strftime("%b %d, %Y", strtotime($row["date_added"])); $product_list .= "Product ID: $id - <strong>$product_name</strong> - $$price - <em>Added $date_added</em> <a href='inventory_edit.php?pid=$id'>edit</a> • <a href='inventory_list.php?deleteid=$id'>delete</a><br />"; } } else { $product_list = "You have no products listed in your store yet"; } ?> This is a tutorial I am trying to follow on youtube. I am new to php , and i do not own this code. However i am stuck with this problem. Thank you in advance for any help you guys can provide me.