phakebrill Posted August 21, 2008 Share Posted August 21, 2008 Hey everyone, When my users login, they are being bounced straight to my die message. This has been working and I have no knowledge of changing it! Also, the password field on the actual form already has text entered into it. The user needs to enter their username and delete the masked text in the password field before being able to type their own password in. Any ideas? <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>SU Meeting System</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" href="mm_travel2.css" type="text/css" /> <script type="text/javascript"> //provides date on top of each page var d=new Date(); var monthname=new Array("January","February","March","April","May","June","July","August","September","October","November","December"); var TODAY = monthname[d.getMonth()] + " " + d.getDate() + ", " + d.getFullYear(); </script> <style type="text/css"> <!-- .style1 {color: #FFFFFF} .style2 {color: #666666; } .style4 {color: #66FF33} a:link { color: #093B6D; } a:visited { color: #093B6D; } --> </style> </head> <body bgcolor="#C0DFFD"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr bgcolor="#3366CC"> <td colspan="2" rowspan="2" bgcolor="#003A6B"><img src="logo.png" alt="sulogo" width="211" height="99" /></td> <td width="85%" height="63" align="center" valign="bottom" bgcolor="#003A6B" class="style1" id="logo">Sunderland University Meeting System</td> <td width="0%" bgcolor="#003A6B"> </td> </tr> <tr bgcolor="#3366CC"> <td height="64" align="center" valign="top" bgcolor="#003A6B" class="style2" id="tagline">Wasting your time since 1979...</td> <td bgcolor="#003A6B"> </td> </tr> <tr> <td colspan="4" bgcolor="#003366"><img src="mm_spacer.gif" alt="" width="1" height="1" border="0" /></td> </tr> <tr bgcolor="#CCFF99"> <td width="4%" bgcolor="#FFFFFF"> </td> <td height="25" colspan="3" bgcolor="#FFFFFF" id="dateformat"><script type="text/javascript"> document.write(TODAY); </script> <a href="index.html"> home</a> | <a href="login.php">login</a> | <a href="calendar_view.php">Meetings</a></td> </tr> <tr> <td colspan="4" bgcolor="#003366"><img src="mm_spacer.gif" alt="" width="1" height="1" border="0" /></td> </tr> <tr> <td> </td> <td colspan="2" valign="top"> <br /> <br /> <table border="0" cellspacing="0" cellpadding="2" width="500"> <tr> <td class="pageName">Meetings</td> </tr> <tr> <td class="bodyText"> <?php // File: calendar_view.php error_reporting(E_ALL ^ E_NOTICE); // Suppresses the piddly little notices that the University PHP server cries about! //The next lines of code ensures that users are referred to this page from the login.php page. //If not, they are re-directed back to login with correct credentials. if (!$_SERVER["HTTP_REFERER"] == "http://osiris.sunderland.ac.uk/~bd77gl/login.php") header("location: login.php"); if ($_POST["Logout"]) header("location: index.html"); if (!isset($_SESSION['Id'])){ die("You are not logged in!<bR><a href=\"login.php\">Click here to login</a>"); } require_once("databaseauth.php"); session_start(); $intId = $_SESSION["Id"]; if ($_POST["Delete"]) deleteMessage($dbLocalhost); if ($_POST["Update"]) updateMessage($dbLocalhost); if ($_POST["Create"]) createMessage($dbLocalhost, $intId); displaymessages($dbLocalhost, $intId); displayCreateNewForm(); // Function: deleteMessage() - Deletes the selected meeting function deleteMessage($dbLocalhost) { $intMessageId = $_POST['intMessageId']; $dbMessageRecords = mysql_query("DELETE FROM messages WHERE Id='$intMessageId'", $dbLocalhost) or die("Problem deleting record: " . mysql_error()); } // Function: updateMessage() - Updates the selected meeting function updateMessage($dbLocalhost) { $arrDate = getdate(); $intHour = $arrDate["hours"]; $intMinute = $arrDate["minutes"]; $intDay = $arrDate["mday"]; $intMonth = $arrDate["mon"]; $intYear = $arrDate["year"]; $intMessageId = $_POST['intMessageId']; $strMessage = $_POST['strMessage']; $dbMessageRecords = mysql_query("UPDATE messages SET Message='$strMessage', Day='$intDay', Month='$intMonth', Year='$intYear', Hour='$intHour', Minute='$intMinute' WHERE Id='$intMessageId'", $dbLocalhost) or die("Problem updating record: " . mysql_error()); } // Function: createMessage() - Create a new meeting function createMessage($dbLocalhost, $intId) { $arrDate = getdate(); $intHour = $arrDate["hours"]; $intMinute = $arrDate["minutes"]; $intDay = $arrDate["mday"]; $intMonth = $arrDate["mon"]; $intYear = $arrDate["year"]; $strMessage = $_POST["strMessage"]; $dbMessageRecords = mysql_query("INSERT INTO messages VALUES ('', '$intId', '$strMessage', '$intDay', '$intMonth', '$intYear', '$intHour', '$intMinute')", $dbLocalhost) or die("Problem writing to table: " . mysql_error()); } // Function: displayMessages() - Displays all the meeting function displaymessages($dbLocalhost, $intId) { $dbMemberRecords = mysql_query("SELECT * FROM members WHERE Id='$intId'", $dbLocalhost) or die("Problem reading table: " . mysql_error()); $arrMemberRecords = mysql_fetch_array($dbMemberRecords); $strForename = $arrMemberRecords["Forename"]; $strSurname = $arrMemberRecords["Surname"]; echo "<h2>Hello $strForename $strSurname!</h2> <h3>Welcome to the pre-Alpha release of the SU Meeting System.</h3>"; echo "<h3>Below you can find all of the meetings taking place over the course of the academic year. This page is updated daily so please remember to check back daily.</h3>"; $dbMessageRecords = mysql_query("SELECT * FROM messages", $dbLocalhost) or die("Problem reading table: " . mysql_error()); while ($arrMessageRecords = mysql_fetch_array($dbMessageRecords)) { $intMessageId = $arrMessageRecords["Id"]; $intmembersId = $arrMessageRecords["members_Id"]; $strMessage = $arrMessageRecords["Message"]; $intDay = $arrMessageRecords["Day"]; $intMonth = $arrMessageRecords["Month"]; $intYear = $arrMessageRecords["Year"]; $intHour = $arrMessageRecords["Hour"]; $intMinute = $arrMessageRecords["Minute"]; $dbMemberRecords = mysql_query("SELECT * FROM members WHERE Id='$intmembersId'", $dbLocalhost) or die("Problem reading table: " . mysql_error()); $arrMemberRecords = mysql_fetch_array($dbMemberRecords); $strForename = $arrMemberRecords["Forename"]; $strSurname = $arrMemberRecords["Surname"]; echo "<form action='" . $_SERVER["PHP_SELF"] . "' method='post'>"; echo "<fieldset id='ExistingMessage'><legend>"; echo "Meeting on $intDay/$intMonth/$intYear at $intHour:$intMinute By: $strForename $strSurname</legend>"; if ($intmembersId == $intId) { echo "<p><input type='submit' name='Delete' value='Delete'/>"; echo "<input type='submit' name='Update' value='Update'/>"; echo "<input type='hidden' name='intMessageId' value='$intMessageId'/></p>"; } echo "<textarea cols='65' name='strMessage'>$strMessage</textarea>"; echo "</fieldset></form>"; } } // Function: displayCreateNewForm() - Creates the new meeting function displayCreateNewForm() { echo "<form action='" . $_SERVER["PHP_SELF"] . "' method='post'>"; echo "<fieldset id='CreateMessage'><legend>Post New Meeting</legend>"; echo "<p>Inlcude meeting type, attendees, location, date and time.</p>"; echo "<p><textarea cols='65' name='strMessage'></textarea></p>"; echo "<p>Remember to contact the administrator using the email link below once you post details of the meeting. This is a temporary measure, thank you for your patience.</p><br>"; echo "<p><input type='submit' name='Create' value='Create'/>"; echo "<input type='submit' name='Logout' value='Logout'/><p>"; echo "</fieldset></form>"; } ?> <p> </p></td> </tr> </table> </td> <td> </td> </tr> <tr> <td> </td> <td width="11%"><span class="bodyText">© 2008 brill <span class="style4"><a href="#" id="rw_email_contact">Contact Me</a> <script type="text/javascript">var _rwObsfuscatedHref0 = "mai";var _rwObsfuscatedHref1 = "lto";var _rwObsfuscatedHref2 = ":j.";var _rwObsfuscatedHref3 = "gil";var _rwObsfuscatedHref4 = "ber";var _rwObsfuscatedHref5 = "t-1";var _rwObsfuscatedHref6 = "@su";var _rwObsfuscatedHref7 = "nde";var _rwObsfuscatedHref8 = "rla";var _rwObsfuscatedHref9 = "nd.";var _rwObsfuscatedHref10 = "ac.";var _rwObsfuscatedHref11 = "uk";var _rwObsfuscatedHref = _rwObsfuscatedHref0+_rwObsfuscatedHref1+_rwObsfuscatedHref2+_rwObsfuscatedHref3+_rwObsfuscatedHref4+_rwObsfuscatedHref5+_rwObsfuscatedHref6+_rwObsfuscatedHref7+_rwObsfuscatedHref8+_rwObsfuscatedHref9+_rwObsfuscatedHref10+_rwObsfuscatedHref11; document.getElementById('rw_email_contact').href = _rwObsfuscatedHref;</script> </span></span></td> <td> </td> <td> </td> </tr> </table> </body> </html> Quote Link to comment Share on other sites More sharing options...
revraz Posted August 21, 2008 Share Posted August 21, 2008 You need to have session_start() at the top of your code, before output to the browser. Quote Link to comment Share on other sites More sharing options...
phakebrill Posted August 21, 2008 Author Share Posted August 21, 2008 But then I'm already logged in... Quote Link to comment Share on other sites More sharing options...
revraz Posted August 21, 2008 Share Posted August 21, 2008 session_start() has nothing to do with logging you in, it is what allows sessions to work on the page. Quote Link to comment Share on other sites More sharing options...
phakebrill Posted August 21, 2008 Author Share Posted August 21, 2008 Well this is weird... I moved it so that it was the first line of code in my PHP tags immediately after my error_reporting suppression code. When I did that, I didn't even need to login. I was able to click on the target page without providing credentials. Sorry, I'm not great with PHP. Quote Link to comment Share on other sites More sharing options...
revraz Posted August 21, 2008 Share Posted August 21, 2008 Then $_SESSION['Id'] is set. Did you close your browser and re-open it to try it? Quote Link to comment Share on other sites More sharing options...
akitchin Posted August 21, 2008 Share Posted August 21, 2008 session_start() needs to be at the top of the file, before any output whatsoever. in addition, this clause is faulty: if (!$_SERVER["HTTP_REFERER"] == "http://osiris.sunderland.ac.uk/~bd77gl/login.php") header("location: login.php"); it will check if (NOT $_SERVER['HTTP_REFERER']) is equal to that string. you should change it to: if ($_SERVER["HTTP_REFERER"] != "http://osiris.sunderland.ac.uk/~bd77gl/login.php") header("location: login.php"); regardless, the positioning of session_start() is the biggest issue. Quote Link to comment Share on other sites More sharing options...
revraz Posted August 21, 2008 Share Posted August 21, 2008 Also, that header won't work since it's after output to the browser as well. Quote Link to comment Share on other sites More sharing options...
phakebrill Posted August 21, 2008 Author Share Posted August 21, 2008 Actually I didn't. That has worked a treat now -- thankyou! Really sorry. This is my first foray into the land of PHP - programming even! Any ideas on why the password field already has data in it? Thanks for the other pointer akitchen! Much appreciated... revraz - which header are you referring to? Quote Link to comment Share on other sites More sharing options...
phakebrill Posted August 21, 2008 Author Share Posted August 21, 2008 Something else has started to happen? I don't know if this is something I've just noticed or is a result of the changes I've been making, but if I click twice on the target page - the page I'm trying to log into, I can bypass security. Closed the browser this time too... ??? Quote Link to comment Share on other sites More sharing options...
phakebrill Posted August 21, 2008 Author Share Posted August 21, 2008 Actually, that is working now - really sorry guys. I think things must be slowing up when copying the new files over to the server. I'm just desperate to get this done. Still don't know why the password field already has text in it though... I might be barking up the wrong tree but is this something a trim command would help address? Quote Link to comment Share on other sites More sharing options...
akitchin Posted August 21, 2008 Share Posted August 21, 2008 i can't see the password input in your code - is that on another page? for the record, you should never be pre- or re-populating password fields under any circumstances anyhow. Quote Link to comment Share on other sites More sharing options...
phakebrill Posted August 21, 2008 Author Share Posted August 21, 2008 I haven't knowingly done it... ??? This is my login.php page <?php //login.php error_reporting(E_ALL ^ E_NOTICE); // Suppresses the piddly little notices that the University PHP server cries about! require_once("databaseauth.php"); if ($_POST["submit"]) { $strEmail = $_POST["strEmail"]; $strPassword = md5($_POST["strPassword"]); $dbMemberRecords = mysql_query("SELECT * FROM members WHERE Email='$strEmail' AND Password='$strPassword'", $dbLocalhost) or die("Problem reading table: " . mysql_error()); $intMemberCount = mysql_num_rows($dbMemberRecords); if ($intMemberCount > 0) { $arrMemberRecords = mysql_fetch_array($dbMemberRecords); session_start(); $_SESSION["Id"] = $arrMemberRecords["Id"]; header("location: calendar_view.php"); } else echo "<p>Incorrect username and/or password.</p>"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>SU Meeting System</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" href="mm_travel2.css" type="text/css" /> <script type="text/javascript"> //Provides date on top of each page var d=new Date(); var monthname=new Array("January","February","March","April","May","June","July","August","September","October","November","December"); var TODAY = monthname[d.getMonth()] + " " + d.getDate() + ", " + d.getFullYear(); </script> <style type="text/css"> <!-- .style1 {color: #FFFFFF} .style2 {color: #666666; } .style4 {color: #66FF33} a:link { color: #093B6D; } a:visited { color: #093B6D; } --> </style> </head> <body bgcolor="#C0DFFD"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr bgcolor="#3366CC"> <td colspan="2" rowspan="2" bgcolor="#003A6B"><img src="logo.png" alt="sulogo" width="211" height="99" /></td> <td width="85%" height="63" align="center" valign="bottom" bgcolor="#003A6B" class="style1" id="logo">Sunderland University Meeting System</td> <td width="0%" bgcolor="#003A6B"> </td> </tr> <tr bgcolor="#3366CC"> <td height="64" align="center" valign="top" bgcolor="#003A6B" class="style2" id="tagline">Wasting your time since 1979...</td> <td bgcolor="#003A6B"> </td> </tr> <tr> <td colspan="4" bgcolor="#003366"><img src="mm_spacer.gif" alt="" width="1" height="1" border="0" /></td> </tr> <tr bgcolor="#CCFF99"> <td width="4%" bgcolor="#FFFFFF"> </td> <td height="25" colspan="3" bgcolor="#FFFFFF" id="dateformat"><script type="text/javascript"> document.write(TODAY); </script> <a href="index.html">home</a> | <a href="login.php">login</a> | <a href="calendar_view.php">meetings</a></td> </tr> <tr> <td colspan="4" bgcolor="#003366"><img src="mm_spacer.gif" alt="" width="1" height="1" border="0" /></td> </tr> <tr> <td> </td> <td colspan="2" valign="top"> <br> <br> <table border="0" cellspacing="0" cellpadding="2" width="500"> <tr> <td class="pageName">login</td> </tr> <tr> <td class="bodyText"><p>Welcome to the Sunderland University staff meeting login. In order to gain access to the SU Meeting System you will need to use the login form below. Please use your email address and password. If you have any problems please contact me using the link below.</p> <p>Thank you.</p> <form action='<?php echo $_SERVER["PHP_SELF"] ?>' method='post'> <p><label for="strEmail">Email: </label> <input type='text' name='strEmail' value='<?php echo $_POST["strEmail"] ?>' id='strEmail'/></p> <p><label for="strPassword">Password: </label> <input type='password' name='strPassword' value='<?php echo md5($_POST["strPassword"]) ?>' id='strPassword'/> </p> <p><input type='submit' name='submit'/></p> </form> <p> </p></td> </tr> </table> </td> <td> </td> </tr> <tr> <td> </td> <td width="11%"><span class="bodyText">© 2008 brill <span class="style4"><a href="#" id="rw_email_contact">Contact Me</a> <!-- Javascript Email obfuscator with the help of RapidWeaver on Mac OSX --> <script type="text/javascript">var _rwObsfuscatedHref0 = "mai";var _rwObsfuscatedHref1 = "lto";var _rwObsfuscatedHref2 = ":j.";var _rwObsfuscatedHref3 = "gil";var _rwObsfuscatedHref4 = "ber";var _rwObsfuscatedHref5 = "t-1";var _rwObsfuscatedHref6 = "@su";var _rwObsfuscatedHref7 = "nde";var _rwObsfuscatedHref8 = "rla";var _rwObsfuscatedHref9 = "nd.";var _rwObsfuscatedHref10 = "ac.";var _rwObsfuscatedHref11 = "uk";var _rwObsfuscatedHref = _rwObsfuscatedHref0+_rwObsfuscatedHref1+_rwObsfuscatedHref2+_rwObsfuscatedHref3+_rwObsfuscatedHref4+_rwObsfuscatedHref5+_rwObsfuscatedHref6+_rwObsfuscatedHref7+_rwObsfuscatedHref8+_rwObsfuscatedHref9+_rwObsfuscatedHref10+_rwObsfuscatedHref11; document.getElementById('rw_email_contact').href = _rwObsfuscatedHref;</script> </span></span></td> <td> </td> <td> </td> </tr> </table> <div id="footer"> <p class="bodyText"> </p> </div> </body> </html> Quote Link to comment Share on other sites More sharing options...
akitchin Posted August 21, 2008 Share Posted August 21, 2008 on this line: <input type='password' name='strPassword' value='<?php echo md5($_POST["strPassword"]) ?>' id='strPassword'/> drop the value attribute altogether. this will stop any population from happening. Quote Link to comment Share on other sites More sharing options...
phakebrill Posted August 21, 2008 Author Share Posted August 21, 2008 That little one has been bugging me for a while now. I thought that value attribute had to remain! Thank you so much! One final question... When a user logs in to the system, and they logout, the user can click back on to the target page (meetings page) and it prompts them to login again. I would expect this. However, if the user clicks on the target page again, they are logged back in again without entering any credentials. Closing the browser stops them from being able to do this. I'm not so bothered about this since the users will normally log in on their own machines anyway but it would be nice to understand why it is happening. If you can shed any light on it that would be great - no worries if not. You've helped me a great deal and I sincerely appreciate it! Quote Link to comment Share on other sites More sharing options...
revraz Posted August 21, 2008 Share Posted August 21, 2008 We would have to see your logout code to see why. Quote Link to comment Share on other sites More sharing options...
phakebrill Posted August 21, 2008 Author Share Posted August 21, 2008 OK, this is it. I don't have a seperate page. It's on the main target page the user sees after they log in. This is the same as the first batch of code I showed earlier. Since it's changed a bit since then, I'll paste it below. Thanks again guys. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>SU Meeting System</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" href="mm_travel2.css" type="text/css" /> <script type="text/javascript"> //Provides date on top of each page var d=new Date(); var monthname=new Array("January","February","March","April","May","June","July","August","September","October","November","December"); var TODAY = monthname[d.getMonth()] + " " + d.getDate() + ", " + d.getFullYear(); </script> <style type="text/css"> <!-- .style1 {color: #FFFFFF} .style2 {color: #666666; } .style4 {color: #66FF33} a:link { color: #093B6D; } a:visited { color: #093B6D; } --> </style> </head> <body bgcolor="#C0DFFD"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr bgcolor="#3366CC"> <td colspan="2" rowspan="2" bgcolor="#003A6B"><img src="logo.png" alt="sulogo" width="211" height="99" /></td> <td width="85%" height="63" align="center" valign="bottom" bgcolor="#003A6B" class="style1" id="logo">Sunderland University Meeting System</td> <td width="0%" bgcolor="#003A6B"> </td> </tr> <tr bgcolor="#3366CC"> <td height="64" align="center" valign="top" bgcolor="#003A6B" class="style2" id="tagline">Wasting your time since 1979...</td> <td bgcolor="#003A6B"> </td> </tr> <tr> <td colspan="4" bgcolor="#003366"><img src="mm_spacer.gif" alt="" width="1" height="1" border="0" /></td> </tr> <tr bgcolor="#CCFF99"> <td width="4%" bgcolor="#FFFFFF"> </td> <td height="25" colspan="3" bgcolor="#FFFFFF" id="dateformat"><script type="text/javascript"> document.write(TODAY); </script> <a href="index.html"> home</a> | <a href="login.php">login</a> | <a href="calendar_view.php">meetings</a></td> </tr> <tr> <td colspan="4" bgcolor="#003366"><img src="mm_spacer.gif" alt="" width="1" height="1" border="0" /></td> </tr> <tr> <td> </td> <td colspan="2" valign="top"> <br /> <br /> <table border="0" cellspacing="0" cellpadding="2" width="500"> <tr> <td class="pageName">meetings</td> </tr> <tr> <td class="bodyText"> <?php // File: calendar_view.php error_reporting(E_ALL ^ E_NOTICE); // Suppresses the piddly little notices that the University PHP server cries about! session_start(); //The next few lines of code ensures that users are referred to this page from the login.php page. //If not, they are re-directed back to login with correct credentials. if ($_SERVER["HTTP_REFERER"] != "http://osiris.sunderland.ac.uk/~bd77gl/login.php") header("location: login.php"); if ($_POST["Logout"]) header("location: index.html"); if (!isset($_SESSION['Id'])){ die("You are not logged in!<br><a href=\"login.php\">Click here to login</a>"); } require_once("databaseauth.php"); $intId = $_SESSION["Id"]; if ($_POST["Delete"]) deleteMessage($dbLocalhost); if ($_POST["Update"]) updateMessage($dbLocalhost); if ($_POST["Create"]) createMessage($dbLocalhost, $intId); displaymessages($dbLocalhost, $intId); displayCreateNewForm(); // Function: deleteMessage() - Deletes the selected meeting function deleteMessage($dbLocalhost) { $intMessageId = $_POST['intMessageId']; $dbMessageRecords = mysql_query("DELETE FROM messages WHERE Id='$intMessageId'", $dbLocalhost) or die("Problem deleting record: " . mysql_error()); } // Function: updateMessage() - Updates the selected meeting function updateMessage($dbLocalhost) { $arrDate = getdate(); $intHour = $arrDate["hours"]; $intMinute = $arrDate["minutes"]; $intDay = $arrDate["mday"]; $intMonth = $arrDate["mon"]; $intYear = $arrDate["year"]; $intMessageId = $_POST['intMessageId']; $strMessage = $_POST['strMessage']; $dbMessageRecords = mysql_query("UPDATE messages SET Message='$strMessage', Day='$intDay', Month='$intMonth', Year='$intYear', Hour='$intHour', Minute='$intMinute' WHERE Id='$intMessageId'", $dbLocalhost) or die("Problem updating record: " . mysql_error()); } // Function: createMessage() - Create a new meeting function createMessage($dbLocalhost, $intId) { $arrDate = getdate(); $intHour = $arrDate["hours"]; $intMinute = $arrDate["minutes"]; $intDay = $arrDate["mday"]; $intMonth = $arrDate["mon"]; $intYear = $arrDate["year"]; $strMessage = $_POST["strMessage"]; $dbMessageRecords = mysql_query("INSERT INTO messages VALUES ('', '$intId', '$strMessage', '$intDay', '$intMonth', '$intYear', '$intHour', '$intMinute')", $dbLocalhost) or die("Problem writing to table: " . mysql_error()); } // Function: displayMessages() - Displays all the meeting function displaymessages($dbLocalhost, $intId) { $dbMemberRecords = mysql_query("SELECT * FROM members WHERE Id='$intId'", $dbLocalhost) or die("Problem reading table: " . mysql_error()); $arrMemberRecords = mysql_fetch_array($dbMemberRecords); $strForename = $arrMemberRecords["Forename"]; $strSurname = $arrMemberRecords["Surname"]; echo "<h2>Hello $strForename $strSurname!</h2> <h3>Welcome to the pre-Alpha release of the SU Meeting System.</h3>"; echo "<h3>Below you can find all of the meetings taking place over the course of the academic year. This page is updated daily so please remember to check back daily.</h3>"; $dbMessageRecords = mysql_query("SELECT * FROM messages", $dbLocalhost) or die("Problem reading table: " . mysql_error()); while ($arrMessageRecords = mysql_fetch_array($dbMessageRecords)) { $intMessageId = $arrMessageRecords["Id"]; $intmembersId = $arrMessageRecords["members_Id"]; $strMessage = $arrMessageRecords["Message"]; $intDay = $arrMessageRecords["Day"]; $intMonth = $arrMessageRecords["Month"]; $intYear = $arrMessageRecords["Year"]; $intHour = $arrMessageRecords["Hour"]; $intMinute = $arrMessageRecords["Minute"]; $dbMemberRecords = mysql_query("SELECT * FROM members WHERE Id='$intmembersId'", $dbLocalhost) or die("Problem reading table: " . mysql_error()); $arrMemberRecords = mysql_fetch_array($dbMemberRecords); $strForename = $arrMemberRecords["Forename"]; $strSurname = $arrMemberRecords["Surname"]; echo "<form action='" . $_SERVER["PHP_SELF"] . "' method='post'>"; echo "<fieldset id='ExistingMessage'><legend>"; echo "Meeting on $intDay/$intMonth/$intYear at $intHour:$intMinute By: $strForename $strSurname</legend>"; if ($intmembersId == $intId) { echo "<p><input type='submit' name='Delete' value='Delete'/>"; echo "<input type='submit' name='Update' value='Update'/>"; echo "<input type='hidden' name='intMessageId' value='$intMessageId'/></p>"; } echo "<textarea cols='65' name='strMessage'>$strMessage</textarea>"; echo "</fieldset></form>"; } } // Function: displayCreateNewForm() - Creates the new meeting function displayCreateNewForm() { echo "<form action='" . $_SERVER["PHP_SELF"] . "' method='post'>"; echo "<fieldset id='CreateMessage'><legend>Post New Meeting</legend>"; echo "<p>Inlcude meeting type, attendees, location, date and time.</p>"; echo "<p><textarea cols='65' name='strMessage'></textarea></p>"; echo "<p>Remember to contact the administrator using the email link below once you post details of the meeting. This is a temporary measure, thank you for your patience.</p><br>"; echo "<p><input type='submit' name='Create' value='Create'/>"; echo "<input type='submit' name='Logout' value='Logout'/><p>"; echo "</fieldset></form>"; } ?> <p> </p></td> </tr> </table> </td> <td> </td> </tr> <tr> <td> </td> <td width="11%"><span class="bodyText">© 2008 brill <span class="style4"><a href="#" id="rw_email_contact">Contact Me</a> <!-- Javascript Email obfuscator with the help of RapidWeaver on Mac OSX --> <script type="text/javascript">var _rwObsfuscatedHref0 = "mai";var _rwObsfuscatedHref1 = "lto";var _rwObsfuscatedHref2 = ":j.";var _rwObsfuscatedHref3 = "gil";var _rwObsfuscatedHref4 = "ber";var _rwObsfuscatedHref5 = "t-1";var _rwObsfuscatedHref6 = "@su";var _rwObsfuscatedHref7 = "nde";var _rwObsfuscatedHref8 = "rla";var _rwObsfuscatedHref9 = "nd.";var _rwObsfuscatedHref10 = "ac.";var _rwObsfuscatedHref11 = "uk";var _rwObsfuscatedHref = _rwObsfuscatedHref0+_rwObsfuscatedHref1+_rwObsfuscatedHref2+_rwObsfuscatedHref3+_rwObsfuscatedHref4+_rwObsfuscatedHref5+_rwObsfuscatedHref6+_rwObsfuscatedHref7+_rwObsfuscatedHref8+_rwObsfuscatedHref9+_rwObsfuscatedHref10+_rwObsfuscatedHref11; document.getElementById('rw_email_contact').href = _rwObsfuscatedHref;</script> </span></span></td> <td> </td> <td> </td> </tr> </table> </body> </html> Quote Link to comment Share on other sites More sharing options...
revraz Posted August 21, 2008 Share Posted August 21, 2008 You still don't have session_start() at the top of the page. Make the logout routine a seperate page, then after the logout, direct them away from your secured page. Don't try to do everything on one page, it turns into a mess. Quote Link to comment Share on other sites More sharing options...
phakebrill Posted August 21, 2008 Author Share Posted August 21, 2008 Have corrected that. Thanks for the advice to break things down. I'm very grateful to all who have given me assistance this evening (evening in England anyway!) Thanks once more. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.