albatross77 Posted October 7, 2009 Share Posted October 7, 2009 This is my first post in any forum ever, so be gentle. My project aim is to create a simple CMS so the client can login and edit some of the content that's displayed from the mysql table. Right now, the mysql table data displays, but I cannot get my edit form nor the login to work. Here is my code: login: <form method="post" action="adminconnect.php"> <br><br> <b>User Name:</b> <br><input type="text" name="username" size="16"> <br><br> <b>Password:</b> <br><input type="password" name="password" size="16"> <br><br> <input type="submit" value="Login"> </form> login authentication: <?php if($username == "xxxxx" && $password == "xxxxxx") { setcookie("username", $username, time()+1200); echo "<h2>Administrator Access Approved</h2><hr>"; echo "You can now update the monthly special."; } else { setcookie("username", "", time()-3600); echo "<h2>Access Denied</h2><hr>"; echo "The User Name and Password you entered are incorrect."; } ?> edit: <?php include "login.php"; echo "<h2>Edit Special Offer</h2><hr>"; if(isset($previous)) { $query = "SELECT id, specialtitle, specialinfo FROM special WHERE id < $id ORDER BY id DESC"; $result = mysql_query($query); check_mysql(); $row = mysql_fetch_row($result); check_mysql(); if ($row[0] > 0) { $id = $row[0]; $specialtitle = $row[1]; $specialinfo = $row[2]; } } elseif (isset($next)) { $query = "SELECT id, specialtitle, specialinfo FROM special WHERE id > $id ORDER BY id ASC"; $result = mysql_query($query); check_mysql(); $row = mysql_fetch_row($result); check_mysql(); if ($row[0] > 0) { $id = $row[0]; $specialtitle = $row[1]; $specialinfo = $row[2]; } } elseif (isset($add)) { $query = "INSERT INTO special (specialtitle, specialinfo) VALUES ('$specialtitle', '$specialinfo')"; $result = mysql_query($query); check_mysql(); $id = mysql_insert_id(); $message = "Special Offer Added"; } elseif (isset($update)) { $query = "UPDATE special SET specialtitle='$specialtitle', specialinfo='$specialinfo' WHERE id = $id"; $result = mysql_query($query); check_mysql(); $id = mysql_insert_id(); $message = "Monthly Special Updated"; } elseif (isset($delete)) { $query = "DELETE FROM special WHERE id = $id"; $result = mysql_query($query); check_mysql(); $specialtitle = ""; $specialinfo = ""; $message = "Special Offer Deleted"; } $specialtitle = trim($specialtitle); $specialinfo = trim($specialinfo); ?> <form method="post" action="editspecial.php"> <p><b>Special Offer</b> <br><input type="text" name="specialtitle" <?php echo "VALUE=\"$specialtitle\"" ?>> </p> <p><b>Special Info/Description</b> <br><textarea name="specialinfo" rows="8" cols="70" > <?php echo $specialinfo ?> </textarea> </p> <br> <input type="submit" name="previous" value="<"> <input type="submit" name="next" value=">"> <br><br> <input type="submit" name="add" value="Add"> <input type="submit" name="update" value="Update"> <input type="submit" name="delete" value="Delete"> <input type="hidden" name="id" <?php echo "VALUE=\"$id\"" ?>> </form> <?php if (isset($message)) { echo "<br>$message"; } ?> Quote Link to comment Share on other sites More sharing options...
Coreye Posted October 8, 2009 Share Posted October 8, 2009 Hi there, When you say it's not working, what's it doing? Are there any errors? Quote Link to comment Share on other sites More sharing options...
albatross77 Posted October 8, 2009 Author Share Posted October 8, 2009 sorry, should have specified. I don't get any errors. The edit form shows up blank, even if I try to click next/previous. The login form returns access denied every time, even if I know the username & password are correct. Quote Link to comment Share on other sites More sharing options...
Coreye Posted October 8, 2009 Share Posted October 8, 2009 You need to define your $username and $password variables. The same with $previous, $next, $update and $delete. <?php error_reporting(E_ALL); $username = $_POST['username']; $password = $_POST['password']; if($username == "xxxxx" && $password == "xxxxxx") { setcookie("username", $username, time()+1200); echo "<h2>Administrator Access Approved</h2><hr>"; echo "You can now update the monthly special."; } else { setcookie("username", "", time()-3600); echo "<h2>Access Denied</h2><hr>"; echo "The User Name and Password you entered are incorrect."; } ?> Quote Link to comment Share on other sites More sharing options...
cags Posted October 8, 2009 Share Posted October 8, 2009 Quick note to the OP, you may have seen tutorials/scripts using the method you have, that appear to work without doing what Coreye has suggested. If a server has register_globals set to true, it automatically makes $username = $_POST['username'], but there alot of potential security issues by having it enabled. I believe in the past register_globals = On was default whereas now it tends to be register_globals = Off. Quote Link to comment Share on other sites More sharing options...
albatross77 Posted October 8, 2009 Author Share Posted October 8, 2009 Awesome. The login page is working now. Should the edit page be corrected the same way? Quote Link to comment Share on other sites More sharing options...
cags Posted October 8, 2009 Share Posted October 8, 2009 More than likely. If you are using a variable such as $username in the script and nowhere in the script can you $username = 'something'. then you probably need to fix it. Quote Link to comment Share on other sites More sharing options...
albatross77 Posted October 8, 2009 Author Share Posted October 8, 2009 Okay, so this is the top of the edit page I've been trying to fix but it's still not working quite right. I get some errors, the data shows up in the form, but when I click 'update,' I get a successful return message, but it doesn't update in the database. These are the errors: Notice: Undefined index: previous in /home/content/p/f/i/pfisher2009/html/editspecial.php on line 15 Notice: Undefined index: next in /home/content/p/f/i/pfisher2009/html/editspecial.php on line 16 Notice: Undefined index: add in /home/content/p/f/i/pfisher2009/html/editspecial.php on line 17 Notice: Undefined index: delete in /home/content/p/f/i/pfisher2009/html/editspecial.php on line 19 Notice: Undefined variable: specialtitle in /home/content/p/f/i/pfisher2009/html/editspecial.php on line 71 Notice: Undefined variable: specialinfo in /home/content/p/f/i/pfisher2009/html/editspecial.php on line 72 Notice: Undefined variable: specialtitle in /home/content/p/f/i/pfisher2009/html/editspecial.php on line 89 Notice: Undefined variable: specialinfo in /home/content/p/f/i/pfisher2009/html/editspecial.php on line 90 This is the code: <?php echo "<h2>Edit Special Offer</h2><hr>"; if (isset($_COOKIE["username"])) { echo "Welcome " . $_COOKIE["username"] . "!<br />"; include "login.php"; } else echo "You need to log in to access this page.<br />"; error_reporting(E_ALL); $previous = $_POST['previous']; $next = $_POST['next']; $add = $_POST['add']; $update = $_POST['update']; $delete = $_POST['delete']; if(isset($previous)) { $query = "SELECT id, specialtitle, specialinfo FROM special WHERE id < $id ORDER BY id DESC"; $result = mysql_query($query); check_mysql(); $row = mysql_fetch_row($result); check_mysql(); if ($row[0] > 0) { $id = $row[0]; $specialtitle = $row[1]; $specialinfo = $row[2]; } } elseif (isset($next)) { $query = "SELECT id, specialtitle, specialinfo FROM special WHERE id > $id ORDER BY id ASC"; $result = mysql_query($query); check_mysql(); $row = mysql_fetch_row($result); check_mysql(); if ($row[0] > 0) { $id = $row[0]; $specialtitle = $row[1]; $specialinfo = $row[2]; } } elseif (isset($add)) { $query = "INSERT INTO special (specialtitle, specialinfo) VALUES ('$specialtitle', '$specialinfo')"; $result = mysql_query($query); check_mysql(); $id = mysql_insert_id(); $message = "Special Offer Added"; } elseif (isset($update)) { $query = "UPDATE special SET specialtitle='$specialtitle', specialinfo='$specialinfo' WHERE id = $id"; $result = mysql_query($query); check_mysql(); $id = mysql_insert_id(); $message = "Monthly Special Updated"; } elseif (isset($delete)) { $query = "DELETE FROM special WHERE id = $id"; $result = mysql_query($query); check_mysql(); $specialtitle = ""; $specialinfo = ""; $message = "Special Offer Deleted"; } $specialtitle = trim($specialtitle); $specialinfo = trim($specialinfo); ?> <form method="post" action="editspecial.php"> <p><b>Special Offer</b> <br><input type="text" name="specialtitle" <?php echo "VALUE=\"$specialtitle\"" ?>> </p> <p><b>Special Info/Description</b> <br><textarea name="specialinfo" rows="8" cols="70" > <?php echo $specialinfo ?> </textarea> </p> <br> <input type="submit" name="previous" value="<"> <input type="submit" name="next" value=">"> <br><br> <input type="submit" name="add" value="Add"> <input type="submit" name="update" value="Update"> <input type="submit" name="delete" value="Delete"> <input type="hidden" name="id" <?php echo "VALUE=\"$id\"" ?>> </form> <?php if (isset($message)) { echo "<br>$message"; } ?> Quote Link to comment Share on other sites More sharing options...
cags Posted October 8, 2009 Share Posted October 8, 2009 Undefined index and Undefined variables aren't errors per se, they are notices. Basically it is telling you that you are trying to use a variable that doesn't exist. Probably 9 out of 10 times this won't matter as it normall occurs when somebody does something along the lines of... echo $_POST['field']; ... obviously if the form hasn't been submitted the $_POST array will be empty, so this throws the Undefined index notice. Which is telling us that you are trying to access an item in $_POST using the key/index of 'field' and that key/index doesn't occur in the array. The simplest fix for this is to use... if(isset($variable)) { // use variable here. } The other notice is the same sort of thing only with a variable. If you use... echo $variable; ...and at no point before that haven't you give $variable a value you'll get Undefined variable. The simplest fix for this one is to declare default values at the top of the page, or using the above method of if(isset($variable)) { } to check the variable has a value before using it. Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted October 8, 2009 Share Posted October 8, 2009 echo $variable; ...and at no point before that haven't you give $variable a value you'll get Undefined variable. The simplest fix for this one is to declare default values at the top of the page, or using the above method of if(isset($variable)) { } to check the variable has a value before using it. actually, thats untrue. Depending on which version of PHP you have, and what you have your error reporting is set to, echoing a variable that has not been defined before will create that variable, with null value, and echo it. so if you do something like <html> <body> <?php echo "something" .$var; ?> </body> </html> the output would be something no notices or anything. EDIT: meant to say, except with the following, you will get a notice ini_set ("display_errors", "1"); error_reporting(E_ALL); at the top of the page. However, do realize that this is system and version dependant Quote Link to comment Share on other sites More sharing options...
cags Posted October 8, 2009 Share Posted October 8, 2009 To my knowdge regardless of the version it will create the variable with a null value. Whether you get the notice on all versions I couldn't say, but it's academic anyway, the OP is getting the notices. Quote Link to comment Share on other sites More sharing options...
albatross77 Posted October 8, 2009 Author Share Posted October 8, 2009 I'm not getting any notices or errors, but it's not returning the values from the database. I tried declaring the variables at the top like cags said, but had the same result or with errors. <?php echo "<h2>Edit Special Offer</h2><hr>"; if (isset($_COOKIE["username"])) { echo "Welcome " . $_COOKIE["username"] . "!<br />"; include "login.php"; } else echo "You need to log in to access this page.<br />"; if(isset($previous)) { $query = "SELECT id, specialtitle, specialinfo FROM special WHERE id < $id ORDER BY id DESC"; $result = mysql_query($query); check_mysql(); $row = mysql_fetch_row($result); check_mysql(); if ($row[0] > 0) { $id = $row[0]; $specialtitle = $row[1]; $specialinfo = $row[2]; } } elseif (isset($next)) { $query = "SELECT id, specialtitle, specialinfo FROM special WHERE id > $id ORDER BY id ASC"; $result = mysql_query($query); check_mysql(); $row = mysql_fetch_row($result); check_mysql(); if ($row[0] > 0) { $id = $row[0]; $specialtitle = $row[1]; $specialinfo = $row[2]; } } elseif (isset($add)) { $query = "INSERT INTO special (specialtitle, specialinfo) VALUES ('$specialtitle', '$specialinfo')"; $result = mysql_query($query); check_mysql(); $id = mysql_insert_id(); $message = "Special Offer Added"; } elseif (isset($update)) { $query = "UPDATE special SET specialtitle='$specialtitle', specialinfo='$specialinfo' WHERE id = $id"; $result = mysql_query($query); check_mysql(); $id = mysql_insert_id(); $message = "Monthly Special Updated"; } elseif (isset($delete)) { $query = "DELETE FROM special WHERE id = $id"; $result = mysql_query($query); check_mysql(); $specialtitle = ""; $specialinfo = ""; $message = "Special Offer Deleted"; } $specialtitle = trim($specialtitle); $specialinfo = trim($specialinfo); ?> <form method="post" action="editspecial.php"> <p><b>Special Offer</b> <br><input type="text" name="specialtitle" <?php echo "VALUE=\"$specialtitle\"" ?>> </p> <p><b>Special Info/Description</b> <br><textarea name="specialinfo" rows="8" cols="70" > <?php echo $specialinfo ?> </textarea> </p> <br> <input type="submit" name="previous" value="<"> <input type="submit" name="next" value=">"> <br><br> <input type="submit" name="add" value="Add"> <input type="submit" name="update" value="Update"> <input type="submit" name="delete" value="Delete"> <input type="hidden" name="id" <?php echo "VALUE=\"$id\"" ?>> </form> <?php if (isset($message)) { echo "<br>$message"; } ?> Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted October 8, 2009 Share Posted October 8, 2009 where do you get the value for ID? I would suggest splitting up your different types of queries (inserts, deletes, updates, selects, etc.) into different pages also, where are next, previous, etc. ever set. you are testing if they are set without ever setting them, so nothing happens... Quote Link to comment Share on other sites More sharing options...
cags Posted October 8, 2009 Share Posted October 8, 2009 And what exactly does the function check_mysql(); do? I've tried looking it up, but it doesn't appear to be an official function. Quote Link to comment Share on other sites More sharing options...
albatross77 Posted October 8, 2009 Author Share Posted October 8, 2009 The value for ID is stored in the MySQL table. It's the primary key. And I thought I can declare a variable without adding a value to it? Or is that not the same as setting it? I'm still amateur, so apologies in advance for my ignorance. This script started out as a class project; I've been trying to make it actually useful on a live site. Thank you rockstars for your help so far though! Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted October 8, 2009 Share Posted October 8, 2009 what do you mean declare a variable? that has different meanings in different langauges. like do you mean you tried to do $var1; $var2; ? similar to something you would do in C++/C or Java? (among other languages of course) declaring and setting ARE two different things, but a variable that is defined doesn't have to be set to any value. A definition of a variable basically just creates it for the program to use. However, in PHP, the act of assigning a value to a variable that hasn't been defined yet will define the variable for use, and assign it a value. They are two different actions. but regardless, you really need to think about a better way to accomplish what you are doing. you have like 6 different submit buttons in 1 form (forms should only have 1 submit button) You should really just have a link to edit certain entries, and when you click that link, you go to the update page. it will be much easier to change how stuff updates if you have your different sql functions (insert, update, etc) on different pages, rather than mashing everything into one page. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.