Jump to content

Dreamweaver gave me Spaghetti Sessions! Or Felice did?

Popgun

By Popgun
in PHP Coding Help

Recommended Posts

Popgun Member

Popgun

Posted
Posted

Hi all,

 

Still a noob in the neighborhood here was wondering if someone could spot where the session add on by Felice (was reffered to it by CS3 Missing Manual) gave me the speghetti thats not allowing user updates to my DB

 

My registration page is working, the site flow goes:

Registration > Login > Userhomepage > updateformpage1 > updateformpage2 > updateformpage3 > etc.

 

The first 80 lines of login page

 

LOGIN.php

 

<?php require_once('../Connections/connection.php'); ?><?php
// FELIXONE - 2002   SB by Felice Di Stefano - www.felixone.it
if (!session_id()) session_start();
$email = 'email';
$_SESSION['email'] = $email;
session_register('email');

// FELIXONE - 2002   SB by Felice Di Stefano - www.felixone.it
if (!session_id()) session_start();
if (!isset($_SESSION['email']) || $_SESSION['email'] != "email") {
  header ("Location: deniedaccess.php");
}
?><?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
?><?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['email'])) {
  $loginUsername=$_POST['email'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "userhome.php";
  $MM_redirectLoginFailed = "retrivelogin.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_connection, $connection);
  
  $LoginRS__query=sprintf("SELECT email, password FROM USERS WHERE email=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $connection) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;	      

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

 

The first 13 lines of USERHOME page

 

USERHOME.php

 

<?php require_once('../Connections/connection.php'); ?><?php echo $_SESSION['email']; ?><?php
// FELIXONE - 2002   SB by Felice Di Stefano - www.felixone.it
if (!session_id()) session_start();
$email = 'email';
$_SESSION['email'] = $email;
session_register('email');

// FELIXONE - 2002   SB by Felice Di Stefano - www.felixone.it
if (!session_id()) session_start();
if (!isset($_SESSION['email']) || $_SESSION['email'] != "email") {
  header ("Location: deniedaccess.php");
}
?>

 

And finally first 76 lines of the first USERUPDATEFORM1.php

 

<?php require_once('../Connections/connection.php'); ?><?php echo $_SESSION['email']; ?><?php
// FELIXONE - 2002   SB by Felice Di Stefano - www.felixone.it
if (!session_id()) session_start();
$email = 'email';
$_SESSION['email'] = $email;
session_register('email');

// FELIXONE - 2002   SB by Felice Di Stefano - www.felixone.it
if (!session_id()) session_start();
if (!isset($_SESSION['email']) || $_SESSION['email'] != "email") {
  header ("Location: deniedaccess.php");
}
?><?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "formsign")) {
  $updateSQL = sprintf("UPDATE USERS SET email=%s, agree=%s, trials=%s, sign=%s WHERE user_ID=%s",
                       GetSQLValueString($_POST['email'], "text"),
                       GetSQLValueString($_POST['agree'], "text"),
                       GetSQLValueString($_POST['trials'], "text"),
                       GetSQLValueString($_POST['sign'], "text"),
                       GetSQLValueString($_POST['user_ID'], "int"));

  mysql_select_db($database_connection, $connection);
  $Result1 = mysql_query($updateSQL, $connection) or die(mysql_error());

  $updateGoTo = "clams.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));
}

$colname_agree = "-1";
if (isset($_GET['user_ID'])) {
  $colname_agree = $_GET['user_ID'];
}
mysql_select_db($database_connection, $connection);
$query_agree = sprintf("SELECT user_ID, agree, trials, sign, claimes, submitdate FROM USERS WHERE user_ID = %s", GetSQLValueString($colname_agree, "int"));
$agree = mysql_query($query_agree, $connection) or die(mysql_error());
$row_agree = mysql_fetch_assoc($agree);
$totalRows_agree = mysql_num_rows($agree);
?>

 

 

I been fighting with this so long I feel like I should just strip it all out and start over.... :'(

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Believe it or not, php is a programming language and no web development tool is ever going to be as effective at producing specific code that accomplishes exactly what you need it to do than an actual programmer who has learned the programming language he is attempting to use.

 

Due to the fixed structure and limited scope of code that such tools are able to produce, you loose the benefits of the general purpose nature of programming (i.e. writing code that efficiently does only and exactly what you want it to do.) You will end up spending more time learning and working around the restrictions and limitations of such tools than if you just learned the programming language in the first place.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.