There is a PHPSESSID on both pages. Both ID's are different. Below is the entire code for both pages. I didn't program all this, just taking it over to implement Sessions.
pointerface.php (first page):
<?php session_start();
include('../htconfig/dbConfig.php');
mysql_connect("$hostname","$username","$password");
mysql_select_db("$database")or die("cannot select DB");
$tbl_name="members";
$sql2="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'";
$result2=mysql_query($sql2);
$userlevel=mysql_result($result2,$i,"userlevel");
$_SESSION["userlevel"] = "$userlevel" ;
echo session_id();
echo "<br>";
Print_r ($_SESSION);
// Connect to server and select databse.
mysql_connect("$hostname","$username","$password");
mysql_select_db("$database")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM members WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Purchase Order System</title>
</head>
<?php
include('../htconfig/dbConfig.php');
mysql_connect("$hostname","$username","$password");
mysql_select_db("$database")or die("cannot select DB");
$query=("SELECT * FROM POs ORDER BY id DESC LIMIT 50");
$result=mysql_query($query);
$num=mysql_numrows($result);
?>
<table border="1" cell pacing="1" cellpadding="1" align="center">
<tr>
<td>
<font face="Arial, Helvetica, sans-serif">id</font></td>
<td>
<font face="Arial, Helvetica, sans-serif">Agent</font></td>
<td>
<font face="Arial, Helvetica, sans-serif">DateEntered</font></td>
<td>
<font face="Arial, Helvetica, sans-serif">Shop</font></td>
<td>
<font face="Arial, Helvetica, sans-serif">Category</font></td>
<td>
<font face="Arial, Helvetica, sans-serif">Amount</font></td>
<td>
<font face="Arial, Helvetica, sans-serif">Items</font></td>
<td>
<font face="Arial, Helvetica, sans-serif">ApprovedDeclined</font></td>
<td>
<font face="Arial, Helvetica, Sans-serif">AdminNotes</font></td>
<td>
<font face="Arial, Helvetica, sans-serif">PONumber</font></td>
<td>
<font face="Arial, Helvetica, sans-serif">Notes</font></td>
<td>
<font face="Arial, Helvetica, sans-serif">Vendor</font></td>
<td>
<font face="Arial, Helvetica, sans-serif">OrderNumber</font></td>
<?php
$i=0;
while ($i < $num) {
$f1=mysql_result($result,$i,"id");
$f2=mysql_result($result,$i,"Agent");
$f3=mysql_result($result,$i,"DateEntered");
$f4=mysql_result($result,$i,"Shop");
$f5=mysql_result($result,$i,"Category");
$f6=mysql_result($result,$i,"Amount");
$f7=mysql_result($result,$i,"Items");
$f8=mysql_result($result,$i,"ApprovedDeclined");
$f9=mysql_result($result,$i,"PurchaseDate");
$f10=mysql_result($result,$i,"OrderNumber");
$f11=mysql_result($result,$i,"Notes");
$f12=mysql_result($result,$i,"Vendor");
$f13=mysql_result($result,$i,"POdate");
$f14=mysql_result($result,$i,"Approvedate");
$f15=mysql_result($result,$i,"adminnotes");
?>
<tr>
<td>
<font face="Arial, Helvetica, Sans-serif"><?php echo "<a href='purchaseorder.php?id=$f1' target='_blank'>$f1</a>";
?></font></td>
<td>
<font face="Arial, Helvetica, Sans-serif"><?php echo $f2; ?></font></td>
<td>
<font face="Arial, Helvetica, Sans-serif"><?php echo $f3; ?></font></td>
<td>
<font face="Arial, Helvetica, Sans-serif"><?php echo $f4; ?></font></td>
<td>
<font face="Arial, Helvetica, Sans-serif"><?php echo $f5; ?></font></td>
<td>
<font face="Arial, Helvetica, Sans-serif"><?php echo '$'.$english_format_number = number_format($f6); ?></font></td>
<td>
<font face="Arial, Helvetica, Sans-serif"><?php echo $f7; ?></font></td>
<?php if($f8 == 'Approved'){
echo '<td bgcolor="#028021">' . $f8 ;
}
elseif($f8 == 'Declined') {
echo '<td bgcolor="ff0000">' . $f8;}
elseif($f8 == 'Under Review') {
echo '<td bgcolor="ffff66">' . $f8;}
else{
echo '<td bdcolor="#ffffff">' . $f8;} ?> </td>
<td>
<font face="Arial, Helvetica, Sans-serif"><?php echo $f15; ?></font></td>
<td>
<font face="Arial, Helvetica, Sans-serif"> <?php echo "$f13-$f1"; ?></font></td>
<td>
<font face="Arial, Helvetica, Sans-serif"><?php echo "<a href='updatenotes.php?id=$f1' target='_blank'>$f11</a>"; ?></font></td>
<td>
<font face="Arial, Helvetica, Sans-serif"><?php echo $f12; ?></font></td>
<td>
<font face="Arial, Helvetica, Sans-serif"><?php echo $f10; ?></font></td>
<td>
<font face="Arial, Helvetica, Sans-serif"><form action="adminnotes.php?id=<?php echo $f1 ?>" method="post" name="form1" target="_blank" id="form1">
<input type="submit" name="Admin" id="Admin" value="Admin" />
</form></font></td>
<td>
<font face="Arial, Helvetica, Sans-serif"><form action="updatepo.php?id=<?php echo $f1 ?>" method="post" name="form1" target="_blank" id="form1">
<input type="submit" name="Edit PO" id="Edit PO" value="Add Ord Num" />
</form></font></td>
<td>
<font face="Arial, Helvetica, Sans-serif"><form action="adminnotestest.php?id=<?php echo $f1 ?>" method="post" name="form1" target="_blank" id="form1">
<input type="submit" name="adminnotestest" id="adminnotetest" value="Test Button" />
</form></font></td>
</tr>
<?php
$i++;}
?>
<body>
<div align="center">
<p><img src="../rxtrans.gif" alt="RX Logo" width="170" height="99" /></p>
<p><strong>Purchase Order System</strong></p>
<p align="left"<form>
<input type="button" value="New PO"
onclick="window.open('newpo.htm')">
</form><input type="button" value="Download CSV"
onclick="window.open('csvrequest.htm',width=250,height=100)">
</form></p>
<form action="search.php" method="POST" target="_blank">
<div align="right">Search for
<input type="text" name="query" />
in
<select name="field" id="field">
<option>id</option>
<option>adminnotes</option>
<option>Agent</option>
<option>DateEntered</option>
<option>entmonth</option>
<option>entyear</option>
<option>Shop</option>
<option>Category</option>
<option>Amount</option>
<option selected="selected">Items</option>
<option>ApprovedDeclined</option>
<option>OrderNumber</option>
<option>Notes</option>
<option>Vendor</option>
</select>
<input type="submit" value="Search" />
</div>
</form>
</div>
</body>
</html>
<?php
}
else {
echo "Wrong Username or Password";
}
?>
adminnotes.php (2nd page):
<?php session_start();
error_reporting(E_ALL);
print_r ($_SESSION);
echo session_id();
if($_SESSION['userlevel']=='Admin'){
?>
<style type="text/css">
<!--
body {
background-color: #FFFF99;
}
.style2 {font-weight: bold}
-->
</style>
<?php
$host="localhost"; // Host name
$username="timw79_poadmin"; // Mysql username
$password="xpress13"; // Mysql password
$db_name="timw79_po"; // Database name
$tbl_name="POs"; // Table name
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
if(isset($_GET['id'])) {
$id = $_GET['id'];
}
else {
echo Error;
}
$query=("SELECT * FROM POs WHERE id = $id LIMIT 1");
$result=mysql_query($query);
$num=mysql_numrows($result);
$i=0;
$f1=mysql_result($result,$i,"id");
$f2=mysql_result($result,$i,"Agent");
$f3=mysql_result($result,$i,"DateEntered");
$f4=mysql_result($result,$i,"Shop");
$f5=mysql_result($result,$i,"Category");
$f6=mysql_result($result,$i,"Amount");
$f7=mysql_result($result,$i,"Items");
$f8=mysql_result($result,$i,"ApprovedDeclined");
$f9=mysql_result($result,$i,"PurchaseDate");
$f10=mysql_result($result,$i,"OrderNumber");
$f11=mysql_result($result,$i,"Notes");
$f12=mysql_result($result,$i,"Vendor");
$f13=mysql_result($result,$i,"POdate");
$f14=mysql_result($result,$i,"Approvedate");
$f15=mysql_result($result,$i,"adminnotes");
?>
<div align="center">
<p><img src="../rxtrans.gif" alt="RX Logo" width="200" height="115"></p>
<p><strong>PO Admin Page</strong></p>
<p><table width="800" border="0" cellpadding="5">
<tr>
<td width="174" height="123"><img src="../rxtrans.gif" width="174" height="101" alt="RXlogo" /></td>
<td colspan="2" valign="top"><div align="right"><span class="style1">PURCHASE ORDER</span></div>
<p align="right"><strong>Entry Date:</strong> <?php echo $f3; ?><br />
<strong>Requestor:</strong> <?php echo $f2; ?><br>
<strong>PO #: </strong>
<?php
echo "$f13-$f1";
?>
<br />
<strong>Vendor:</strong> <?php echo $f12; ?><br />
<strong>Shop:</strong> <?php echo $f4; ?><br />
</p> </td>
</tr>
<tr>
<td height="97" rowspan="2" valign="top"> </td>
<td colspan="2" valign="top"><p><strong>Items:</strong> <?php echo $f7; ?><br />
</p> </td>
</tr>
<tr>
<td colspan="2" valign="top"><strong>PO Notes:</strong> <?php echo $f11; ?></td>
</tr>
<tr>
<td height="579" rowspan="5" valign="top">
<form action="approve.php?id=<?php echo "$id" ?>" method="post" name="form1" target="_blank" id="form1">
<input type="submit" style="background-color:#00CC00;color:#000000" name="Approve PO" id="Approve PO" value="Approve PO" />
<br />
</form>
<form action="underreview.php?id=<?php echo "$id" ?>" method="post" name="form1" target="_blank" id="form1">
<input type="submit" style="background-color:#ff9900;color:#000000" name="Mark for Review" id="Mark for Review" value="Mark for Review" />
<br />
</form>
<form action="decline.php?id=<?php echo "$id" ?>" method="post" name="form1" target="_blank" id="form1">
<p>
<input type="submit" style="background-color:#FF000D;color:#000000" name="Decline PO" id="Decline PO" value="Decline PO" />
</p>
</form>
</p></td>
<td colspan="2" valign="top"><p align="right"><strong>Amount: </strong> <?php echo $f6; ?></p> </td>
</tr>
<tr>
<td colspan="2" valign="top"><p><strong>Admin Notes:</strong></p>
<table width="593" border="1" align="left" cellpadding="5" bordercolor="#FF0000" bgcolor="#FFFFFF">
<tr>
</tr>
<tr>
<th height="45" align="left" valign="top" scope="col">
<br />
<form action="addadminnotes.php?id=<?php echo "$id" ?>" method="POST" target="_blank">
<textarea name="adminnotes" id="adminnotes" cols="100" rows="5"><?php echo $f15 ?></textarea>
<input type="submit" name="Submit" id="Submit" value="Submit Notes" />
</form>
</th>
</tr>
<tr>
</tr>
</table></td>
</tr>
<tr>
<td width="416" valign="bottom"><p><?php if ($f8==Approved){
echo "<img src='../buttons/bittsig.jpg'>";}
else{
echo "Not Yet Approved";
}
?></p> </td>
<td width="207" valign="bottom"><div align="right"><?php echo $f14; ?></div></td>
</tr>
<tr>
<td colspan="2" valign="top"><hr></td>
</tr>
<tr>
<td valign="top"><strong>Approved By</strong></td>
<td valign="top"><div align="right"><strong>Approval Date</strong></div></td>
</tr>
<tr>
<td height="59" colspan="3" align="center" valign="bottom"><div align="center" class="style2">Rental Xpress, LLC PO Box 181140 Corpus Christi, TX 78480 Phone (361) 854-1111 Fax (361) 723-2114</div></td>
</tr>
</table>
</p>
</div>
<?php
}
else{
echo "Acess denied:"; echo "<BR>";
echo "<A HREF='../index.html'>Login</A>";
}
?>