Moron Posted December 7, 2006 Share Posted December 7, 2006 Never mind! This board is inserting "code" tags where they shouldn't be and I can't post this properly.I'll just go away now. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted December 7, 2006 Share Posted December 7, 2006 The forum software will insert [nobbc][code][/nobbc] tags if it sees a [nobbc][/code] tag without a corresponding [code] tag[/nobbc] which is what happened in your case. Instead of deleting the whole post, you should have fixed the mis-matched tags.One thing I noticed before you deleted the post was that you're using the session_register() function. That function is obsolete and shouldn't be used as it can cause problems.Ken Quote Link to comment Share on other sites More sharing options...
Moron Posted December 7, 2006 Author Share Posted December 7, 2006 Let me try this again. I thought I had thoroughly inspected the tags. Anyway....Okay, I sincerely apologize for bringing this up every other day, but my project is at a total standstill until this gets resolved.A snippet from the first page where employees enter their username [b](empcode)[/b] and password [b](password)[/b], with HTML tags and other formatting removed:[code]<form action="employeeinformationmenu.php" name="leave" method="post" onSubmit="return validateForm(leave);">Employee Number:<input name="empcode" type="text" onSubmit="return validateForm(leave);"/>Password:<input name="password" type="password" / onSubmit="return validateForm(leave);"><?phpsession_register("empcode");session_register("password");?>[/code]This part works great. They enter employee number and password.[b]Page 2[/b]At the top:[code]<?php session_start();$_SESSION['empcode'] = $_POST['empcode'];$_SESSION['middle'] = $_POST['middle'];$_SESSION['firstname'] = $_POST['firstname'];$_SESSION['lastname'] = $_POST['lastname'];$_SESSION['leavehours'] = $_POST['leavehours'];$_SESSION['password'] = $_POST['password'];header('Content-Type: image/jpeg');?>[/code]This works fine, as well. It pulls the info it's supposed to pull. I want to take the username and password already *allegedly* in the session, and send them to the next page using:[code]<form action="paystubresults.php" name="paystubs" method="post"><input type="submit"/ value="Paystubs"></form>[/code][b]Page 3[/b]At the top:[code]<?phpsession_start();$empcode = $_SESSION['empcode'];$middle = $_SESSION['middle'];$firstname = $_SESSION['firstname'];$lastname = $_SESSION['lastname'];$leavehours = $_SESSION['leavehours'];$password = $_SESSION['password'];?><?phpecho '<pre>' . print_r($_SESSION,true) . '</pre>';echo $password;?>[/code]The above echo statements give me:[quote]Array( [empcode] => [password] => 123456789 (changed, was my real SSN) [middle] => [firstname] => [lastname] => [leavehours] => )123456789 (changed, was my real SSN)[/quote]So it carries the password over, but not the employee number (empcode).Anybody? Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted December 7, 2006 Share Posted December 7, 2006 At the begining of page 2 (which I assume is employeeinformationmenu.php), put[code]<?phpecho '<pre>' . print_r($_POST,true) . '</pre>';?>[/code]This will dump what ever data is being sent from the form.Remove the session_register() calls from Page 1Ken Quote Link to comment Share on other sites More sharing options...
craygo Posted December 7, 2006 Share Posted December 7, 2006 As I said in another post. You have a user put in their username and password, you should set the session values when you authenticate them with the database. If your form only has form fields for empcode and password, then all the other session value do not exist because they are not in your form.here is how would register them all on the same pagename it whatever you like. I use md5 hash for my passwords so you can take it out if you like.[code]<?phpsession_start();// connect to you database hereif(isset($_POST['submit'])){$password = md5($_POST['password']);$sql = "SELECT * FROM users WHERE empcode = '".$_POST['empcode']."' AND password = '".$password."'"; $res = mysql_query($sql) or die (mysql_error()); $num_rows = mysql_num_rows($res); $row = mysql_fetch_assoc($res); if($num_rows < 1){ echo "Your Empcode/password is incorrect"; } else { $_SESSION['empcode'] = $row['empcode']; $_SESSION['password'] = $row['password']; $_SESSION['middle'] = $row['middle']; $_SESSION['firstname'] = $row['firstname']; $_SESSION['lastname'] = $row['lastname']; $_SESSION['leavehours'] = $row['leavehours']; }echo '<pre>' . print_r($_SESSION,true) . '</pre>';} else {?><form action="" name="leave" method="post" onSubmit="return validateForm(leave);">Employee Number:<input name="empcode" type="text" onSubmit="return validateForm(leave);"/>Password:<input name="password" type="password" / onSubmit="return validateForm(leave);"><br /><input type=submit name=submit value=Submit /><?php}?>[/code]Ray Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted December 7, 2006 Share Posted December 7, 2006 If page 2 is really employeeinformationmenu.php, I'm wondering why you're changing the content type to a jpeg[code]<?php session_start();$_SESSION['empcode'] = $_POST['empcode'];$_SESSION['middle'] = $_POST['middle'];$_SESSION['firstname'] = $_POST['firstname'];$_SESSION['lastname'] = $_POST['lastname'];$_SESSION['leavehours'] = $_POST['leavehours'];$_SESSION['password'] = $_POST['password'];header('Content-Type: image/jpeg'); // ????>[/code] Quote Link to comment Share on other sites More sharing options...
Moron Posted December 7, 2006 Author Share Posted December 7, 2006 [quote author=roopurt18 link=topic=117746.msg480623#msg480623 date=1165513664]If page 2 is really employeeinformationmenu.php, I'm wondering why you're changing the content type to a jpeg[code]<?php session_start();$_SESSION['empcode'] = $_POST['empcode'];$_SESSION['middle'] = $_POST['middle'];$_SESSION['firstname'] = $_POST['firstname'];$_SESSION['lastname'] = $_POST['lastname'];$_SESSION['leavehours'] = $_POST['leavehours'];$_SESSION['password'] = $_POST['password'];header('Content-Type: image/jpeg'); // ????>[/code][/quote]That was for compatibility with the GD (Graphic Draw) Library. Quote Link to comment Share on other sites More sharing options...
Moron Posted December 7, 2006 Author Share Posted December 7, 2006 [quote author=kenrbnsn link=topic=117746.msg480617#msg480617 date=1165512937]At the begining of page 2 (which I assume is employeeinformationmenu.php), put[code]<?phpecho '<pre>' . print_r($_POST,true) . '</pre>';?>[/code]This will dump what ever data is being sent from the form.Remove the session_register() calls from Page 1Ken[/quote]Now maybe we're getting somewhere. This gives me:[quote]Array( [empcode] => 3954 [password] => 123456789 (changed from my real SSN))[/quote]Of course, I knew that they had to be making it as far as Page 2, otherwise the query wouldn't have been working. So how do I pass them on to Page 3 (paystubresults.php) without making the employee enter them again on Page 2 (employeeinformationmenu.php)? Currently, I'm trying...[code]WHERE M2.[EMPNO] = '".$_SESSION['empcode']."' and M2.[MSSNO] = '".$_SESSION['password']."'[/code]...in the query on Page 3 (paystubresults.php). But like the line at the top of the page displays:[code]echo '<pre>' . print_r($_SESSION,true) . '</pre>';[/code]...it's only carrying the password over, not the empcode.I also removed those session_register variables. Quote Link to comment Share on other sites More sharing options...
Moron Posted December 7, 2006 Author Share Posted December 7, 2006 [quote author=craygo link=topic=117746.msg480622#msg480622 date=1165513528]As I said in another post. You have a user put in their username and password, you should set the session values when you authenticate them with the database. If your form only has form fields for empcode and password, then all the other session value do not exist because they are not in your form.[/quote]I understand what you're saying, and thanks, but here's the kicker: for the query on Page 3, I [b]only[/b] need "empcode" and "password" to carry over. Those other session variables were copied and pasted (firstname, lastname, etc...). I could remove them and it wouldn't matter. Quote Link to comment Share on other sites More sharing options...
craygo Posted December 7, 2006 Share Posted December 7, 2006 So only call the $_SESSION['empcode'] and $_SESSION['password'] at the top of the page when needed.[code]$username = $_SESSION['empcode'];$password = $_SESSION['password'];[/code]You do not lose session values just because you don't call them from page to page. Only way to lose them is you over write them on some page along the way.If you set the empcode, password or whatever, it wouldn't matter what page you are on the values are stored. You can be on page 600 and the values will still be there. You really only need the empcode to be stored, everything else can be queried as needed on each page. The password doesn't need to be stored either cause once they authenticate, they are in a session till they leave the site. So there is no need to query the database with the password all you need is the empcode.Ray Quote Link to comment Share on other sites More sharing options...
Moron Posted December 7, 2006 Author Share Posted December 7, 2006 [quote author=craygo link=topic=117746.msg480643#msg480643 date=1165515674]So only call the $_SESSION['empcode'] and $_SESSION['password'] at the top of the page when needed.[code]$username = $_SESSION['empcode'];$password = $_SESSION['password'];[/code]You do not lose session values just because you don't call them from page to page. Only way to lose them is you over write them on some page along the way.If you set the empcode, password or whatever, it wouldn't matter what page you are on the values are stored. You can be on page 600 and the values will still be there. You really only need the empcode to be stored, everything else can be queried as needed on each page. The password doesn't need to be stored either cause once they authenticate, they are in a session till they leave the site. So there is no need to query the database with the password all you need is the empcode.Ray[/quote]THANK YOU, THANK YOU, THANK YOU!!!!!! I removed the empcode from the query and left just password. It worked!!:) Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted December 7, 2006 Share Posted December 7, 2006 So what happens if two users some how pick the same password? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.