Jump to content

Sessions, Login and Form Update

Popgun

By Popgun
in PHP Coding Help

Recommended Posts

Popgun Member

Popgun

Posted
Posted

Hi all, I am hoping someone can help me out. I've been beating my head against this for a week now.

 

Issue: I cant seem to get sessions to work at all on my primary site, as far as updating a record. My register (insert) and login seem to work, however when it comes to updating a subsequent record via a form POST, I am getting a new user registered, with a new user_ID, but the form values are updating to the first record on the table

 

I've tried everything but nothing worked so I built a stripped down 3 page model using the most basic php to process this workflow. The three page model consists of a register page, a login page, and a form to update. I used 'email' as the session variable in all pages.

 

Result:

Now I'm able to register a user, subsequently login the user, and submit the form. However the form never updates the record in the database.

 

Development Environment:

Dreamweaver CS3 using XAMPP on Vista Home Primium:

Apache 2.2.11

+ MySQL 5.1.30 (Community Server)

+ PHP 5.2.8 + PEAR (Support for PHP 4 has been discontinued)

+ PHP-Switch win32 1.0 (use "php-switch.bat" in the xampp main directory)

+ phpMyAdmin 3.1.1

 

The register page:

 

<?php require_once('Connections/generic.php'); ?><?php session_start(); 
$_SESSION['email'] = $_POST['email']; ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
 $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

 $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

 switch ($theType) {
   case "text":
     $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
     break;    
   case "long":
   case "int":
     $theValue = ($theValue != "") ? intval($theValue) : "NULL";
     break;
   case "double":
     $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
     break;
   case "date":
     $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
     break;
   case "defined":
     $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
     break;
 }
 return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
 $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
 $insertSQL = sprintf("INSERT INTO users (user_ID, password, email, firstname) VALUES (%s, %s, %s, %s)",
                      GetSQLValueString($_POST['email'], "text"),
                      GetSQLValueString($_POST['password'], "text"),
                      GetSQLValueString($_POST['email'], "text"),
                      GetSQLValueString($_POST['firstname'], "text"));

 mysql_select_db($database_connmatrix, $connmatrix);
 $Result1 = mysql_query($insertSQL, $connmatrix) or die(mysql_error());

 $insertGoTo = "testbed2.php";
 if (isset($_SERVER['QUERY_STRING'])) {
   $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
   $insertGoTo .= $_SERVER['QUERY_STRING'];
 }
 header(sprintf("Location: %s", $insertGoTo));
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<p>This is my PHP Registration to Login to Submit Form Testbed</p>
<form action="<?php echo $editFormAction; ?>" id="form1" name="form1" method="POST">
 <label>Login Email
 <input name="email" type="text" id="email" size="25" maxlength="64" />
 </label>
 <p>
   <label>Password
   <input name="password" type="text" id="password" size="25" maxlength="40" />
   </label>
   <label>Type First Name
   <input name="firstname" type="text" id="firstname" size="25" maxlength="40" />
   </label>
 </p>

 <p>
   <input type="submit" name="button" id="button" value="Register" />
 </p>



 <input type="hidden" name="MM_insert" value="form1" />
</form>
<p>  </p>

</body>
</html>

 

As you can see I put a first name field in the page, this was to test if I could also update it subsequently. (answer: no). The registration page then jumps to the login page.

 

The login page:

 

<?php require_once('Connections/generic.php'); ?><?php session_start();
$_SESSION['email'] = $_POST['email']; ?><?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
 $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

 $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

 switch ($theType) {
   case "text":
     $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
     break;    
   case "long":
   case "int":
     $theValue = ($theValue != "") ? intval($theValue) : "NULL";
     break;
   case "double":
     $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
     break;
   case "date":
     $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
     break;
   case "defined":
     $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
     break;
 }
 return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
 session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
 $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['email'])) {
 $loginUsername=$_POST['email'];
 $password=$_POST['password'];
 $MM_fldUserAuthorization = "";
 $MM_redirectLoginSuccess = "testbed3.php";
 $MM_redirectLoginFailed = "testbed2.php";
 $MM_redirecttoReferrer = true;
 mysql_select_db($database_connmatrix, $connmatrix);

 $LoginRS__query=sprintf("SELECT email, password FROM users WHERE email=%s AND password=%s",
   GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
  
 $LoginRS = mysql_query($LoginRS__query, $connmatrix) or die(mysql_error());
 $loginFoundUser = mysql_num_rows($LoginRS);
 if ($loginFoundUser) {
    $loginStrGroup = "";

   //declare two session variables and assign them
   $_SESSION['MM_Username'] = $loginUsername;
   $_SESSION['MM_UserGroup'] = $loginStrGroup;	      

   if (isset($_SESSION['PrevUrl']) && true) {
     $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
   }
   header("Location: " . $MM_redirectLoginSuccess );
 }
 else {
   header("Location: ". $MM_redirectLoginFailed );
 }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<p>This is the Login Page</p>
<form ACTION="<?php echo $loginFormAction; ?>" id="form1" name="form1" method="POST">
 <label>Login
 <input name="email" type="text" id="email" size="25" maxlength="64" />
 </label>
 <p>
   <label>Password
   <input name="password" type="text" id="password" size="25" maxlength="40" />
   </label>
 </p>
 <p>
   <label>Login
   <input type="submit" name="Submit" id="Submit" value="Submit" />
   </label>
 </p>
</form>
<p> </p>
</body>
</html>

 

The login page then jumps to the update form.

 

<?php require_once('Connections/generic.php'); ?><?php session_start();
$_SESSION['email'] = $_POST['email']; ?><?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
 $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

 $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

 switch ($theType) {
   case "text":
     $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
     break;    
   case "long":
   case "int":
     $theValue = ($theValue != "") ? intval($theValue) : "NULL";
     break;
   case "double":
     $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
     break;
   case "date":
     $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
     break;
   case "defined":
     $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
     break;
 }
 return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
 $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
 $updateSQL = sprintf("UPDATE users SET email=%s, firstname=%s, middleinit=%s, lastname=%s WHERE user_ID=%s",
                      GetSQLValueString($_POST['email'], "text"),
                      GetSQLValueString($_POST['firstname'], "text"),
                      GetSQLValueString($_POST['middleinit'], "text"),
                      GetSQLValueString($_POST['lastname'], "text"),
                      GetSQLValueString($_POST['user_ID'], "int"));

 mysql_select_db($database_connmatrix, $connmatrix);
 $Result1 = mysql_query($updateSQL, $connmatrix) or die(mysql_error());

 $updateGoTo = "formsubmitted.php";
 if (isset($_SERVER['QUERY_STRING'])) {
   $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
   $updateGoTo .= $_SERVER['QUERY_STRING'];
 }
 header(sprintf("Location: %s", $updateGoTo));
}

$colname_Recordset1 = "-1";
if (isset($_SESSION['email'])) {
 $colname_Recordset1 = $_SESSION['email'];
}
mysql_select_db($database_connmatrix, $connmatrix);
$query_Recordset1 = sprintf("SELECT user_ID, email, firstname, middleinit, lastname FROM users WHERE email = %s", GetSQLValueString($colname_Recordset1, "text"));
$Recordset1 = mysql_query($query_Recordset1, $connmatrix) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<p>This is a test form, values submitted should update directly to the appropriate record in the Database</p>
<form action="<?php echo $editFormAction; ?>" id="form1" name="form1" method="POST">
 <p>Please Enter the Following:</p>
 <p>
   <label>First Name
   <input type="text" name="firstname" id="firstname" />
   </label>
</p>
 <p>
   <label>Middile Initial
   <input type="text" name="middleinit" id="middleinit" />
   </label>
 </p>
 <p>
   <label>Last Name
   <input type="text" name="lastname" id="lastname" />
   </label>
   <input name="email" type="hidden" id="email" value="<?php echo $_SESSION['email']; ?>" />
   <input name="user_ID" type="hidden" id="user_ID" value="<?php echo $_SESSION['user_ID']; ?>" />
 </p>

 <label>
 <input type="submit" name="submit" id="submit" value="Submit" />
</label>
 <input type="hidden" name="MM_update" value="form1" />
</form>
<p> </p>
</body>
</html>
<?php
mysql_free_result($Recordset1);
?>

 

Which does not update the record.

 

I really cant figure out what Im doing wrong. I have a recordset, and update record functions on the server behaviors, and sessions set up on the bindings. It just wont update or wont update to the right record.

 

And help is appreciated

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/149063-sessions-login-and-form-update/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.