Jump to content

Recommended Posts

This is my first post in any forum ever, so be gentle.

 

My project aim is to create a simple CMS so the client can login and edit some of the content that's displayed from the mysql table. Right now, the mysql table data displays, but I cannot get my edit form nor the login to work. Here is my code:

 

login:

 

<form method="post" action="adminconnect.php">

<br><br>

<b>User Name:</b>

<br><input type="text" name="username" size="16">

 

<br><br>

<b>Password:</b>

<br><input type="password" name="password" size="16">

 

<br><br>

<input type="submit" value="Login">

</form>

 

 

 

login authentication:

 

<?php

 

if($username == "xxxxx" && $password == "xxxxxx")

 

{

setcookie("username", $username, time()+1200);

echo "<h2>Administrator Access Approved</h2><hr>";

echo "You can now update the monthly special.";

 

}

 

else

{

setcookie("username", "", time()-3600);

echo "<h2>Access Denied</h2><hr>";

echo "The User Name and Password you entered are incorrect.";

 

}

?>

 

edit:

 

<?php

include "login.php";

 

echo "<h2>Edit Special Offer</h2><hr>";

 

 

if(isset($previous))

{

$query = "SELECT id, specialtitle, specialinfo

FROM special WHERE id < $id ORDER BY id DESC";

$result = mysql_query($query);

check_mysql();

$row = mysql_fetch_row($result);

check_mysql();

if ($row[0] > 0)

{

$id = $row[0];

$specialtitle = $row[1];

$specialinfo = $row[2];

}

}

 

 

elseif (isset($next))

{

$query = "SELECT id, specialtitle, specialinfo

FROM special WHERE id > $id ORDER BY id ASC";

$result = mysql_query($query);

check_mysql();

$row = mysql_fetch_row($result);

check_mysql();

if ($row[0] > 0)

{

$id = $row[0];

$specialtitle = $row[1];

$specialinfo = $row[2];

}

}

 

 

 

elseif (isset($add))

{

$query = "INSERT INTO special (specialtitle, specialinfo)

VALUES ('$specialtitle', '$specialinfo')";

$result = mysql_query($query);

check_mysql();

$id = mysql_insert_id();

$message = "Special Offer Added";

}

 

 

elseif (isset($update))

{

$query = "UPDATE special

SET specialtitle='$specialtitle', specialinfo='$specialinfo'

WHERE id = $id";

$result = mysql_query($query);

check_mysql();

$id = mysql_insert_id();

$message = "Monthly Special Updated";

}

 

 

elseif (isset($delete))

{

$query = "DELETE FROM special WHERE id = $id";

$result = mysql_query($query);

check_mysql();

$specialtitle = "";

$specialinfo = "";

$message = "Special Offer Deleted";

}

$specialtitle = trim($specialtitle);

$specialinfo = trim($specialinfo);

?>

 

 

 

<form method="post" action="editspecial.php">

<p><b>Special Offer</b>

<br><input type="text" name="specialtitle" <?php echo "VALUE=\"$specialtitle\"" ?>> </p>

 

<p><b>Special Info/Description</b>

<br><textarea name="specialinfo" rows="8" cols="70" >

<?php echo $specialinfo ?>

</textarea> </p>

 

<br>

<input type="submit" name="previous" value="<">

<input type="submit" name="next" value=">">

<br><br>

<input type="submit" name="add" value="Add">

<input type="submit" name="update" value="Update">

<input type="submit" name="delete" value="Delete">

<input type="hidden" name="id" <?php echo "VALUE=\"$id\"" ?>>

</form>

<?php

if (isset($message))

{

echo "<br>$message";

}

?>

Link to comment
https://forums.phpfreaks.com/topic/176897-client-loginedit-problem/
Share on other sites

You need to define your $username and $password variables. The same with $previous, $next, $update and $delete.

 

<?php
error_reporting(E_ALL); 
$username = $_POST['username'];
$password = $_POST['password'];

if($username == "xxxxx" && $password == "xxxxxx")
{
	setcookie("username", $username, time()+1200);
	echo "<h2>Administrator Access Approved</h2><hr>";
	echo "You can now update the monthly special.";
} else {
	setcookie("username", "", time()-3600);
	echo "<h2>Access Denied</h2><hr>";
	echo "The User Name and Password you entered are incorrect.";
}
?>

Quick note to the OP, you may have seen tutorials/scripts using the method you have, that appear to work without doing what Coreye has suggested. If a server has register_globals set to true, it automatically makes $username = $_POST['username'], but there alot of potential security issues by having it enabled. I believe in the past register_globals = On was default whereas now it tends to be register_globals = Off.

Okay, so this is the top of the edit page I've been trying to fix but it's still not working quite right. I get some errors, the data shows up in the form, but when I click 'update,' I get a successful return message, but it doesn't update in the database.

 

These are the errors:

 

Notice: Undefined index: previous in /home/content/p/f/i/pfisher2009/html/editspecial.php on line 15

 

Notice: Undefined index: next in /home/content/p/f/i/pfisher2009/html/editspecial.php on line 16

 

Notice: Undefined index: add in /home/content/p/f/i/pfisher2009/html/editspecial.php on line 17

 

Notice: Undefined index: delete in /home/content/p/f/i/pfisher2009/html/editspecial.php on line 19

 

Notice: Undefined variable: specialtitle in /home/content/p/f/i/pfisher2009/html/editspecial.php on line 71

 

Notice: Undefined variable: specialinfo in /home/content/p/f/i/pfisher2009/html/editspecial.php on line 72

 

Notice: Undefined variable: specialtitle in /home/content/p/f/i/pfisher2009/html/editspecial.php on line 89

 

Notice: Undefined variable: specialinfo in /home/content/p/f/i/pfisher2009/html/editspecial.php on line 90

 

This is the code:

 

<?php

echo "<h2>Edit Special Offer</h2><hr>";

if (isset($_COOKIE["username"]))
{
echo "Welcome " . $_COOKIE["username"] . "!<br />";
include "login.php";
}
else
  echo "You need to log in to access this page.<br />";


error_reporting(E_ALL);
$previous = $_POST['previous'];
$next = $_POST['next'];
$add = $_POST['add'];
$update = $_POST['update'];
$delete = $_POST['delete'];


if(isset($previous))
{
$query = "SELECT id, specialtitle, specialinfo
FROM special WHERE id < $id ORDER BY id DESC";
$result = mysql_query($query);
check_mysql();
$row = mysql_fetch_row($result);
check_mysql();
if ($row[0] > 0)
{
$id = $row[0];
$specialtitle = $row[1];
$specialinfo = $row[2];
}
}


elseif (isset($next))
{
$query = "SELECT id, specialtitle, specialinfo
FROM special WHERE id > $id ORDER BY id ASC";
$result = mysql_query($query);
check_mysql();
$row = mysql_fetch_row($result);
check_mysql();
if ($row[0] > 0)
{
$id = $row[0];
$specialtitle = $row[1];
$specialinfo = $row[2];
}
}



elseif (isset($add))
{
$query = "INSERT INTO special (specialtitle, specialinfo)
VALUES ('$specialtitle', '$specialinfo')";
$result = mysql_query($query);
check_mysql();
$id = mysql_insert_id();
$message = "Special Offer Added";
}


elseif (isset($update))
{
$query = "UPDATE special
SET specialtitle='$specialtitle', specialinfo='$specialinfo'
WHERE id = $id";
$result = mysql_query($query);
check_mysql();
$id = mysql_insert_id();
$message = "Monthly Special Updated";
}


elseif (isset($delete))
{
$query = "DELETE FROM special WHERE id = $id";
$result = mysql_query($query);
check_mysql();
$specialtitle = "";
$specialinfo = "";
$message = "Special Offer Deleted";
}
$specialtitle = trim($specialtitle);
$specialinfo = trim($specialinfo);
?>



<form method="post" action="editspecial.php">
<p><b>Special Offer</b>
<br><input type="text" name="specialtitle" <?php echo "VALUE=\"$specialtitle\"" ?>> </p>

<p><b>Special Info/Description</b>
<br><textarea name="specialinfo" rows="8" cols="70" >
<?php echo $specialinfo ?>
</textarea> </p>

<br>
<input type="submit" name="previous" value="<">
<input type="submit" name="next" value=">">
<br><br>
<input type="submit" name="add" value="Add">
<input type="submit" name="update" value="Update">
<input type="submit" name="delete" value="Delete">
<input type="hidden" name="id" <?php echo "VALUE=\"$id\"" ?>>
</form>
<?php
if (isset($message))
{
echo "<br>$message";
}
?>

Undefined index and Undefined variables aren't errors per se, they are notices. Basically it is telling you that you are trying to use a variable that doesn't exist. Probably 9 out of 10 times this won't matter as it normall occurs when somebody does something along the lines of...

 

echo $_POST['field'];

 

... obviously if the form hasn't been submitted the $_POST array will be empty, so this throws the Undefined index notice. Which is telling us that you are trying to access an item in $_POST using the key/index of 'field' and that key/index doesn't occur in the array. The simplest fix for this is to use...

 

if(isset($variable)) { 
   // use variable here.
}

 

The other notice is the same sort of thing only with a variable. If you use...

 

echo $variable;

 

...and at no point before that haven't you give $variable a value you'll get Undefined variable. The simplest fix for this one is to declare default values at the top of the page, or using the above method of if(isset($variable)) { } to check the variable has a value before using it.

 

echo $variable;

 

...and at no point before that haven't you give $variable a value you'll get Undefined variable. The simplest fix for this one is to declare default values at the top of the page, or using the above method of if(isset($variable)) { } to check the variable has a value before using it.

 

actually, thats untrue. Depending on which version of PHP you have, and what you have your error reporting is set to, echoing a variable that has not been defined before will create that variable, with null value, and echo it. so if you do something like

<html>
<body>
<?php
echo "something" .$var;
?>
</body>
</html>

 

the output would be

something

 

no notices or anything.

EDIT:

meant to say, except with the following, you will get a notice

ini_set ("display_errors", "1");
error_reporting(E_ALL);

 

at the top of the page.

 

However, do realize that this is system and version dependant

I'm not getting any notices or errors, but it's not returning the values from the database. I tried declaring the variables at the top like cags said, but had the same result or with errors.

 

<?php

echo "<h2>Edit Special Offer</h2><hr>";

if (isset($_COOKIE["username"]))
{
echo "Welcome " . $_COOKIE["username"] . "!<br />";
include "login.php";
}
else
  echo "You need to log in to access this page.<br />";


if(isset($previous))
{
$query = "SELECT id, specialtitle, specialinfo
FROM special WHERE id < $id ORDER BY id DESC";
$result = mysql_query($query);
check_mysql();
$row = mysql_fetch_row($result);
check_mysql();
if ($row[0] > 0)
{
$id = $row[0];
$specialtitle = $row[1];
$specialinfo = $row[2];
}
}


elseif (isset($next))
{
$query = "SELECT id, specialtitle, specialinfo
FROM special WHERE id > $id ORDER BY id ASC";
$result = mysql_query($query);
check_mysql();
$row = mysql_fetch_row($result);
check_mysql();
if ($row[0] > 0)
{
$id = $row[0];
$specialtitle = $row[1];
$specialinfo = $row[2];
}
}



elseif (isset($add))
{
$query = "INSERT INTO special (specialtitle, specialinfo)
VALUES ('$specialtitle', '$specialinfo')";
$result = mysql_query($query);
check_mysql();
$id = mysql_insert_id();
$message = "Special Offer Added";
}


elseif (isset($update))
{
$query = "UPDATE special
SET specialtitle='$specialtitle', specialinfo='$specialinfo'
WHERE id = $id";
$result = mysql_query($query);
check_mysql();
$id = mysql_insert_id();
$message = "Monthly Special Updated";
}


elseif (isset($delete))
{
$query = "DELETE FROM special WHERE id = $id";
$result = mysql_query($query);
check_mysql();
$specialtitle = "";
$specialinfo = "";
$message = "Special Offer Deleted";
}
$specialtitle = trim($specialtitle);
$specialinfo = trim($specialinfo);
?>



<form method="post" action="editspecial.php">
<p><b>Special Offer</b>
<br><input type="text" name="specialtitle" <?php echo "VALUE=\"$specialtitle\"" ?>> </p>

<p><b>Special Info/Description</b>
<br><textarea name="specialinfo" rows="8" cols="70" >
<?php echo $specialinfo ?>
</textarea> </p>

<br>
<input type="submit" name="previous" value="<">
<input type="submit" name="next" value=">">
<br><br>
<input type="submit" name="add" value="Add">
<input type="submit" name="update" value="Update">
<input type="submit" name="delete" value="Delete">
<input type="hidden" name="id" <?php echo "VALUE=\"$id\"" ?>>
</form>
<?php
if (isset($message))
{
echo "<br>$message";
}
?>

 

where do you get the value for ID? I would suggest splitting up your different types of queries (inserts, deletes, updates, selects, etc.) into different pages

 

also, where are next, previous, etc. ever set. you are testing if they are set without ever setting them, so nothing happens...

The value for ID is stored in the MySQL table. It's the primary key.

 

And I thought I can declare a variable without adding a value to it? Or is that not the same as setting it?

 

I'm still amateur, so apologies in advance for my ignorance. This script started out as a class project; I've been trying to make it actually useful on a live site. Thank you rockstars for your help so far though!

what do you mean declare a variable? that has different meanings in different langauges. like do you mean you tried to do

$var1;
$var2;

? similar to something you would do in C++/C or Java? (among other languages of course)

 

declaring and setting ARE two different things, but a variable that is defined doesn't have to be set to any value. A definition of a variable basically just creates it for the program to use. However, in PHP, the act of assigning a value to a variable that hasn't been defined yet will define the variable for use, and assign it a value. They are two different actions.

 

but regardless, you really need to think about a better way to accomplish what you are doing. you have like 6 different submit buttons in 1 form (forms should only have 1 submit button) You should really just have a link to edit certain entries, and when you click that link, you go to the update page. it will be much easier to change how stuff updates if you have your different sql functions (insert, update, etc) on different pages, rather than mashing everything into one page.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.