[User Authentication]

Hi,

 

I'm useing the following script to force users to authenticate by including the below script, and I keep getting erors in line 9, but I don't see any, may be just lack of experence

 

 

login.php

<?include"vars.php";?>
<?php
 function authenticate() {
  Header("WWW-Authenticate: Basic realm=\"secure login\"");
  echo "Authentication Failed!";
  exit();
 }
 if(!isset($PHP_AUTH_USER)) {h
   authenticate();
   echo "Authorization Failed\n";
   exit;
 } else {
   $checkLogin = "SELECT ID FROM $userTable WHERE
$userField='$PHP_AUTH_USER' AND
$passField='$PHP_AUTH_PW'";
   $db = mysql_pconnect($dbHost, $dbUser, $dbPass);
   mysql_select_db($dbName, $db);
   $result = mysql_query($checkLogin, $db);
   $numrows = mysql_num_rows($result);
   $myrow = mysql_fetch_array($result);
   if ($numrows == 0) {
     authenticate();
   } else {
     setcookie("UserID", $myrow["ID"]);
     $UserID = $myrow["ID"];
   }
 }
?>

 

And here is my vars.php

 

<?
$dbHost = "localhost";
$dbUser = "AdminUser";
$dbPass = "Password";
$dbName = "dbname";
$userTable = "Users";
$userField = "Username";
$passField = "Password";
?>

 

Thanks in advance,

Chris

 

 

[Deleting records]

Now your delete query is not well formed. Do you need the name condition? If so, your need to put an and in between the two tests. But then, where does your $name var come from?

 

$sql = "DELETE FROM venues WHERE id = '$id' name='$name'";

302551[/snapback]

 

 

Thanks,

 

All happy now

[Deleting records]

Suggest you post the current version of your script.

302547[/snapback]

<?

$usr = "username";

$pwd = "password";

$db = "database";

$host = "localhost";

 

//Setup Veribales

$id = $_GET['id'];

$task = $_GET['task'];

 

$cid = mysql_connect($host,$usr,$pwd);

if (!$cid) { echo("ERROR: " . mysql_error() . "\n"); }

 

if ($task=="del") {

$sql = "DELETE FROM venues WHERE id = '$id' name='$name'";

mysql_db_query($db, $sql, $cid);

 

}

 

 

?>

<HTML>

<HEAD>

<TITLE>Manage Links</TITLE>

</HEAD>

<BODY BGCOLOR="#FFFFFF" >

<H1>Edit Links</H1>

<?

 

$sql = " SELECT * FROM venues ";

$retid = mysql_db_query($db, $sql, $cid);

if (!$retid) { echo( mysql_error()); }

else {

echo ("<P><TABLE CELLPADDING=4>\n");

while ($row = mysql_fetch_array($retid)) {

$name = $row['name'];

$id = $row['id'];

 

echo ("<TR>");

echo ("<TD>$name</TD>\n");

echo ("<TD><A HREF=\"manage_edit.php?id=$id\">Edit</A></TD>");

echo ("<TD><A HREF=\"manage.php?id=$id&task=del\">Delete</A></TD>");

echo ("</TR>");

}

echo ("</TABLE>");

}

?>

 

</BODY>

</HTML>

 

[Deleting records]

Your $id is also given to your script via the GET method, not the POST method, so change this line:

 

[!--PHP-Head--][div class=\'phptop\']PHP[/div][div class=\'phpmain\'][!--PHP-EHead--]$id = $_POST[\'id\'];[/span][!--PHP-Foot--][/div][!--PHP-EFoot--]

 

to this:

 

[!--PHP-Head--][div class=\'phptop\']PHP[/div][div class=\'phpmain\'][!--PHP-EHead--]$id = $_POST[\'id\'];[/span][!--PHP-Foot--][/div][!--PHP-EFoot--]

 

And this line:

 

[!--PHP-Head--][div class=\'phptop\']PHP[/div][div class=\'phpmain\'][!--PHP-EHead--]$id = $_POST[\'id\'];[/span][!--PHP-Foot--][/div][!--PHP-EFoot--]

 

appears to be pretty useless.

302543[/snapback]

 

 

OK Done all that and still no joy, what else could be going wrong?

[Deleting records]

Ok, think I got it, try adding this right after your $id and $name init at the beginning of your script:

 

[!--PHP-Head--][div class=\'phptop\']PHP[/div][div class=\'phpmain\'][!--PHP-EHead--]$task = $_GET[\'task\'];[/span][!--PHP-Foot--][/div][!--PHP-EFoot--]

302540[/snapback]

 

Tried that, also suggested by a user on an Australian forum, but still no good also had suggested putting in the id and name in that querry, but not shure how to go about this

[Deleting records]

 

The script below, should from my BASIC knowledge, retrieve the records

stored in the table "venues" display the value "name" along with a link

to modify the record on a separate page (manage_edit.php) or delete the

record and reload this page (manage.php). The problem is that it dose

not delete just reloads. Where have I gone wrong?

 

Thanks,

Chris

 

-----------------------------------------------------------------

<?

$usr = "--username--";

$pwd = "--password--";

$db = "--MySQL_Database--";

$host = "localhost";

 

//Setup Veribales

$id = $_POST['id'];

$name = $_POST['name'];

 

$cid = mysql_connect($host,$usr,$pwd);

if (!$cid) { echo("ERROR: " . mysql_error() . "\n"); }

 

if ($task=="del") {

$sql = "DELETE FROM venues WHERE id = '$id'";

mysql_db_query($db, $sql, $cid);

 

}

 

 

?>

<HTML>

<HEAD>

<TITLE>Manage Links</TITLE>

</HEAD>

<BODY BGCOLOR="#FFFFFF" >

<H1>Edit Links</H1>

<?

 

$sql = " SELECT * FROM venues ";

$retid = mysql_db_query($db, $sql, $cid);

if (!$retid) { echo( mysql_error()); }

else {

echo ("<P><TABLE CELLPADDING=4>\n");

while ($row = mysql_fetch_array($retid)) {

$name = $row['name'];

$id = $row['id'];

 

echo ("<TR>");

echo ("<TD>$name</TD>\n");

echo ("<TD><A HREF=\"manage_edit.php?id=$id

\">Edit</A></TD>");

echo ("<TD><A HREF=\"manage.php?id=$id&task=del

\">Delete</A></TD>");

echo ("</TR>");

}

echo ("</TABLE>");

}

?>

 

</BODY>

</HTML>