dprichard

I have two queries that I will be running at the top of each page on my site once the user is logged in to pull in different information about them and to show the company's information. Would I be better off having these at the top of each page in the code or having them in includes and calling the includes?

Cookies as backup??? Could I get more input on what that is and how that would work?

Login page: <?php session_start(); require_once('../Connections/prbc.php'); if(isset($_POST['login'])){ $username = ''; $password = ''; if (isset ($_POST['username']) && $_POST['username'] != '') $username = $_POST['username']; if(isset ($_POST['password']) && $_POST['password'] != '') $password = $_POST['password']; $username = mysql_real_escape_string( $username ); $password = mysql_real_escape_string( $password ); $db_password = md5($password); mysql_select_db('prbcweb') or die(mysql_error()); $login = mysql_query("SELECT * FROM prbc_user WHERE `user_name` = '$username' AND `user_pass` = '$db_password'"); $row_login = mysql_fetch_array($login); $row_login_total = mysql_num_rows($login); if ($row_login_total == 1) { $_SESSION['MM_Username'] = $row_login['user_name']; $_SESSION['UID'] = $row_login['user_id']; $_SESSION['auth_level'] = $row_login['user_access_level']; echo "<script type=text/javascript>location.href='approver.php'</script>"; } elseif ($row_login_total <> 1) { header("Location: login_2.php"); } } ?> Access Control on Pages: <?php session_start(); if (isset($_SESSION['MM_Username']) && ($_SESSION['auth_level'] <= '5')) { $username = $_SESSION['MM_Username']; } else { echo "<script type=text/javascript>location.href='login_2.php'</script>"; }

Thank you!!! You are the freaking man! Been fighting this one all morning!

I was trying to assign it on the page before. Is that not going to stay from page to page? if ($row_login_total == 1) { $_SESSION['MM_Username'] = $row_login['user_name']; $_SESSION['UID'] = $row_login['user_id']; $_SESSION['auth_level'] = $row_login['user_access_level']; header("Location: approver.php");

Bump.... Anyone?

So, I can't set multiple sessions? Even if I take the other two out and just use this on the next page <?php session_start(); echo $_SESSION['MM_Username']; ?> I am still getting an error: Notice: Undefined index: MM_Username in C:\root\admin\approver.php on line 3

I am trying to set 3 sessions upon login but when I try to echo the session info on the following page it doesn't do anything. Here is my login form and below that is where I am trying to call the session on the following page. Any assistance would be greatly appreciated!!! <?php session_start(); require_once('../Connections/prbc.php'); if(isset($_POST['login'])){ $username = ''; $password = ''; if (isset ($_POST['username']) && $_POST['username'] != '') $username = $_POST['username']; if(isset ($_POST['password']) && $_POST['password'] != '') $password = $_POST['password']; $username = mysql_real_escape_string( $username ); $password = mysql_real_escape_string( $password ); $db_password = md5($password); mysql_select_db('prbcweb') or die(mysql_error()); $login = mysql_query("SELECT * FROM prbc_user WHERE `user_name` = '$username' AND `user_pass` = '$db_password'"); $row_login = mysql_fetch_array($login); $row_login_total = mysql_num_rows($login); if ($row_login_total == 1) { $_SESSION['MM_Username'] = $row_login['user_name']; $_SESSION['UID'] = $row_login['user_id']; $_SESSION['auth_level'] = $row_login['user_access_level']; header("Location: approver.php"); } elseif ($row_login_total <> 1) { header("Location: login_2.php"); } } ?> Second Page <?php session_start(); if(isset($_SESSION['MM_Username'])) {echo $_SESSION['MM_Username']; } ?>

Nevermind found an answer. Read your post again and saw the part about css.

Okay, it works if I change the input type to submit. Is there no way to use an image for the submit button and still do this?

I am trying to modify the login script one of the moderators here pointed me to. It looks like it is working for me but I need it to only run after someone submits the form. I tried adding isset, but when I did it just post back and does perform the query. Here is my php <?php session_start(); require_once('../Connections/prbc.php'); if(isset($_POST['login'])){ $username = ''; $password = ''; if (isset ($_POST['username']) && $_POST['username'] != '') $username = $_POST['username']; if(isset ($_POST['password']) && $_POST['password'] != '') $password = $_POST['password']; $username = mysql_real_escape_string( $username ); $password = mysql_real_escape_string( $password ); $db_password = md5($password); mysql_select_db('prbcweb') or die(mysql_error()); $login = mysql_query("SELECT * FROM prbc_user WHERE `user_name` = '$username' AND `user_pass` = '$db_password'"); $row_login = mysql_fetch_array($login); $row_login_total = mysql_num_rows($login); if ($row_login_total == 1) { $_SESSION['MM_Username'] = $row_login['user_name']; $_SESSION['UID'] = $row_login['user_id']; header("Location: approver.php"); } elseif ($row_login_total <> 1) { header("Location: login_2.php"); } } ?> And here is my form. I am not sure what I am doing wrong. Any assistance would be greatly appreciated. <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" name="login" id="login"> <p>Username: <br> <input name="username" type="text" id="username"> </p> <p>Password:<br> <input name="password" type="password" id="password"> </p> <p> <input type="image" name="submit" src="../images/button_login.gif" width="100" height="26"> </p> </form>

Sorry Posted this in the wrong forum before I have an insert and want to redirect them back to a different page upon successful insertion. What is the best way to redirect if the insert is successful? if(isset($_POST['add_folder'])) { $_SESSION['folder_doc_cat'] = $_POST["folder_doc_cat"]; $folder_name = mysql_real_escape_string($_POST["folder_name"]); $folder_description = mysql_real_escape_string($_POST["folder_description"]); $folder_creator = mysql_real_escape_string($_POST["folder_creator"]); $folder_status = mysql_real_escape_string($_POST["folder_status"]); $folder_order = mysql_real_escape_string($_POST["folder_order"]); $folder_doc_cat = mysql_real_escape_string($_POST["folder_doc_cat"]); mysql_query("INSERT INTO folders (folder_name, folder_description, folder_creator, folder_status, folder_order, folder_doc_cat) VALUES('$folder_name', '$folder_description', '$folder_creator', '$folder_status', '$folder_order', '$folder_doc_cat')") or die(mysql_error()); }

Is this going to be okay for avoiding SQL Injection Attacks? Thanks for any info! if(isset($_POST['add_folder'])) { $folder_name = mysql_real_escape_string($_POST["folder_name"]); $folder_description = mysql_real_escape_string($_POST["folder_description"]); $folder_creator = mysql_real_escape_string($_POST["folder_creator"]); $folder_status = mysql_real_escape_string($_POST["folder_status"]); $folder_order = mysql_real_escape_string($_POST["folder_order"]); $folder_doc_cat = mysql_real_escape_string($_POST["folder_doc_cat"]); mysql_query("INSERT INTO folders (folder_name, folder_description, folder_creator, folder_status, folder_order, folder_doc_cat) VALUES('$folder_name', '$folder_description', '$folder_creator', '$folder_status', '$folder_order', '$folder_doc_cat')") or die(mysql_error()); $record_success = "Success"; }

Can I use mysql_real_escape_string and do something like this to avoid SQL Injection attacks? if(isset($_POST['submit'])) { mysql_query("INSERT INTO folders (folder_name, folder_description, folder_creator, folder_status, folder_order, folder_doc_cat) VALUES(%$, %$, %$, %$, %$, %$)", mysql_real_escape_string($_POST["folder_name"]), mysql_real_escape_string($_POST["folder_description"]), mysql_real_escape_string($_POST["folder_creator"]), mysql_real_escape_string($_POST["folder_status"]), mysql_real_escape_string($_POST["folder_order"]), mysql_real_escape_string($_POST["folder_doc_cat"])); }

Okay, so I named the form submit and then it tried to do the insert and it works great!!! What do I need to do to make sure the insert isn't subject to SQL injection attacks? if(isset($_POST['submit'])) { mysql_query("INSERT INTO folders (folder_name, folder_description, folder_creator, folder_status, folder_order, folder_doc_cat) VALUES('$_POST[folder_name]', '$_POST[folder_description]', '$_POST[folder_creator]', '$_POST[folder_status]', '$_POST[folder_order]', '$_POST[folder_doc_cat]')") or die(mysql_error()); }

is the submit on this line the form name or does it just go off of the submit button. If I have multiple forms on the page how do I specify which one it is using?

Okay, I am trying to stop using Macromedia as my crutch and you guys have been a big help. I need some assistance with submitting a form. I have a form on my page and need to do an insert. I have the action posting it back to the same page I am on versus sending it to an insert page. The problem I am having is it trys to do the insert as soon as I pull up the page instead of waiting till the form is submitted. I believe I need to do something with isset, but can't really find a tutorial that goes over it really well. mysql_query("INSERT INTO folders (folder_name, folder_description, folder_creator, folder_status, folder_order, folder_doc_cat) VALUES('$_POST[folder_name]', '$_POST[folder_description]', '$_POST[folder_creator]', '$_POST[folder_status]', '$_POST[folder_order]', '$_POST[folder_doc_cat]')") or die(mysql_error()); Any help would be greatly appreciated.

I have a query that is based on a session variable. If I echo out the session variable, it works fine, but if I use it in a query it doesn't work. Can you use a variable in a query like this? $username = $_SESSION['MM_Username']; $user = mysql_query("SELECT emp_id, emp_fname, emp_lname, emp_auth_level FROM employee WHERE emp_username = $username"); $row_user = mysql_fetch_array($user);

Awesome, thank you!!!!!

Okay, I changed it to this: <?php mysql_connect("localhost", "username", "password") or die("Could not connect to the database. Please contact a site administrator for assistance!"); echo "Connected to the database"; ?> And now I am getting this: Could not connect to the database. Please contact a site administrator for assistance!PHP Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'ttracker'@'localhost' (using password: YES) in C:\DATA\ttracker.dsolutionsgroup.com\htdocs\Connections\time_tracker_connection.php on line 2 Is there a way to suppress the PHP Warning part of the connection error?

Kewl info. So if I use session_start it has to be the first thing on the page on the first thing in an include and the first include on the page? Also, if the user is going to be going to pages that I don't use the session on in between pages that I do use the session on do I need to still put the session_start at the top of the other pages to keep the session going?

I am setting up a connection to a mysql database. I am trying to display a custom error message if something goes wrong with the connection instead of say something like this. PHP Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'ttracker'@'localhost' (using password: YES) in C:\DATA\ttracker.dsolutionsgroup.com\htdocs\Connections\time_tracker_connection.php on line 2 PHP Warning: mysql_error(): supplied argument is not a valid MySQL-Link resource in C:\DATA\ttracker.dsolutionsgroup.com\htdocs\Connections\time_tracker_connection.php on line 2 I purposely put in the wrong password here to see what came up. This is my code and I was trying to figure out how to say something more normal sounding than displaying the typical error messages if there is a problem with the connection. <?php mysql_connect("localhost", "username", "password") or die(mysql_error("Could not connect to the database. Please contact a site administrator for assistance!")); echo "Connected to the database"; ?> Any assistance would be greatly appreciated.

Okay, I am taking the advice of a moderator and going to stop using Dreamweaver as a crutch for writing PHP apps. I have some questions about sessions and have been reading through some online tutorials, but have some questions that may seem simple stupid about sessions, but would appreciate some input. Do you have to put this at the top of each page on the site when using sessions to keep the sessions going from page to page or do you just put it on a page when you are starting a session or pulling info back from a session? <?php session_start(); ?>

Yes, but the issue I am having is this. Say I have three books Book ID: 1 Book Name: First Book Book Sort Order: 1 Book ID: 2 Book Name: Second Book Book Sort Order: 2 Book ID: 3 Book Name: Third Book Book Sort Order: 3 I pull them up on the page ORDER BY Sort Order. I want to give the user the ability to click on the up arrow and move book three up above book 2. The way I am doing it now is by subtracting one from the sort order and refreshing the page. The problem I am running into is that it takes two clicks to move up the bottom item or move down the top item because when I click on the up arrow it makes the Book Sort Order for book 3 a 2 which makes it equal to book 2. Sorry, I am just learning to work with real PHP and not Macromedia PHP so I am not sure if I am explaining it that well or how to get around this issue. Thanks in advance for any help!

Here is my insert: if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "add_folder")) { $folder_doc_cat = $_POST['folder_doc_cat']; session_register("folder_doc_cat"); $insertSQL = sprintf("INSERT INTO folders (folder_name, folder_creator, folder_status, folder_order, folder_description, folder_doc_cat) VALUES (%s, %s, %s, %s, %s, %s)", GetSQLValueString($_POST['folder_name'], "text"), GetSQLValueString($_POST['folder_creator'], "int"), GetSQLValueString($_POST['folder_status'], "int"), GetSQLValueString($_POST['folder_order'], "int"), GetSQLValueString($_POST['folder_description'], "int"), GetSQLValueString($_POST['folder_doc_cat'], "int")); mysql_select_db($database_ttracker, $ttracker); $Result1 = mysql_query($insertSQL, $ttracker) or die(mysql_error()); $insertGoTo = "documents_folders.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } And here is my query on the page that it post to after the insert: $colname_folders = "-1"; if (isset($_POST['doc_cat_id'])) { $colname_folders = $_POST['doc_cat_id']; } $colname2_folders = "-1"; if (isset($_SESSION['folder_doc_cat'])) { $colname2_folders = $_SESSION['folder_doc_cat']; } mysql_select_db($database_ttracker, $ttracker); $query_folders = sprintf("SELECT * FROM folders_main WHERE folder_doc_cat = %s OR folder_doc_cat = %s ORDER BY folder_order ASC", GetSQLValueString($colname_folders, "int"),GetSQLValueString($colname2_folders, "int")); $folders = mysql_query($query_folders, $ttracker) or die(mysql_error()); $row_folders = mysql_fetch_assoc($folders); $totalRows_folders = mysql_num_rows($folders); It is PHP 5 and Register Globals is off.