Clinton Posted September 9, 2007 Share Posted September 9, 2007 When I hit the update button it kicks me out (kills my session) and takes me to the login page instead of pointing out missing items or updating the fields. Any ideas? ??? <? // connect to database include("inc/connect.php"); // include auth and nav include("inc/auth.php"); include("inc/nav.php"); ?> <? $rn=("SELECT * FROM users WHERE username='" . $_SESSION['username']."'"); $rz=mysql_query($rn); while($row=mysql_fetch_array($rz)) { if($row["Status"]=="0"){ echo ("<br>Have a great day! <a href='logout.php'>Close</a>"); }else{ ?> <?php //This code runs if the form has been submitted if (isset($_POST['submit'])) { //This makes sure they did not leave any fields blank if (!$_POST['password'] | !$_POST['password2'] | !$_POST['First'] | !$_POST['MI'] | !$_POST['Last'] | !$_POST['Email'] | !$_POST['Phone'] | !$_POST['CellPhone'] ) { die('You did not complete all of the required fields'); } // this makes sure both passwords entered match if ($_POST['password'] != $_POST['password2']) { die('Your passwords did not match. '); } // now we update the database $insert = "(UPDATE users SET First = '".$_POST['First']."', MI = '".$_POST['MI']."', Last = '".$_POST['Last']."', Email = '".$_POST['Email']."', Phone = '".$_POST['Phone']."', CellPhone = '".$_POST['CellPhone']."', password = '".$_POST['password']."') WHERE username = '" . $_SESSION['username']."')"; $add_member = mysql_query($insert); ?> <h1>Done!</h1> <p>Thank you, you have successfully updated your information.</a>.</p> <?php } else { ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <p> <table border="0"> <tr><td>First Name:</td><td> <input type="text" name="First" maxlength="60" value="<? echo $row['First']; ?>"> </td></tr> <tr><td>Middle Initial:</td><td> <input type="text" name="MI" maxlength="60" value="<? echo $row['MI']; ?>"> </td></tr> <tr><td>Last Name:</td><td> <input type="text" name="Last" maxlength="60" value="<? echo $row['Last']; ?>"> </td></tr> <tr><td>E-mail:</td><td> <input type="text" name="Email" maxlength="100" value="<? echo $row['Email']; ?>"> </td></tr> <tr><td>Home Phone:</td><td> <input type="text" name="Phone" maxlength="60" value="<? echo $row['Phone']; ?>"> </td></tr> <tr><td>Cell Phone:</td><td> <input type="text" name="CellPhone" maxlength="60" value="<? echo $row['CellPhone']; ?>"> </td></tr> <tr><td>Username:</td><td> <? echo $row['username']; ?> </td></tr> <tr><td>Password:</td><td> <input type="password" name="password" maxlength="10" value="<? echo $row['password']; ?>"> </td></tr> <tr><td>Confirm Password:</td><td> <input type="password" name="password2" maxlength="10"> </td></tr> <tr><th colspan=2><input type="submit" name="submit" value="Update"></th></tr> </table> </form> <?php }}} ?> Quote Link to comment Share on other sites More sharing options...
Fadion Posted September 9, 2007 Share Posted September 9, 2007 Dont know if that is causing the problem, but u dont need "(" and ")" in the query. Quote Link to comment Share on other sites More sharing options...
Clinton Posted September 9, 2007 Author Share Posted September 9, 2007 Are you sure because when I took it out I got: Parse error: syntax error, unexpected T_STRING in /home/anderse/public_html/NAIS/8321/options.php on line 43 Quote Link to comment Share on other sites More sharing options...
Clinton Posted September 9, 2007 Author Share Posted September 9, 2007 Somebody, anybody, tell me why? Quote Link to comment Share on other sites More sharing options...
Jessica Posted September 9, 2007 Share Posted September 9, 2007 You need the quotes, not the parenthesis. Quote Link to comment Share on other sites More sharing options...
teng84 Posted September 9, 2007 Share Posted September 9, 2007 try $insert = "UPDATE users SET First = '".$_POST['First']."', MI = '".$_POST['MI']."', Last = '".$_POST['Last']."', Email = '".$_POST['Email']."', Phone = '".$_POST['Phone']."', CellPhone = '".$_POST['CellPhone']."', password = '".$_POST['password']."' WHERE username = '" . $_SESSION['username']."'"; note: its not proper to directly put the post data in your query that code is prone to injection Quote Link to comment Share on other sites More sharing options...
Clinton Posted September 9, 2007 Author Share Posted September 9, 2007 With or without the parenthesis it still works the same, kills the session. It makes no sense because there is nothing that should kill the session. Quote Link to comment Share on other sites More sharing options...
teng84 Posted September 9, 2007 Share Posted September 9, 2007 can you show us where you declare the session and how? Quote Link to comment Share on other sites More sharing options...
Clinton Posted September 9, 2007 Author Share Posted September 9, 2007 I'm using an included. Auth. <? // start session session_start(); // convert username and password from _POST or _SESSION if($_POST){ $_SESSION['username']=$_POST["username"]; $_SESSION['password']=$_POST["password"]; } // query for a user/pass match $result=mysql_query("select * from users where username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'"); // retrieve number of rows resulted $num=mysql_num_rows($result); // print login form and exit if failed. if($num < 1){ echo "<br><br><br><br><br><center><b>Please login:</b><br> <font size='1'>Register <a href='inc/register.php'>Here</a></font><br><br> <form method=POST action=index.php> Username: <input type=text name=\"username\"><br> Password: <input type=password name=\"password\"><br><br> <input type=submit value=Login> </center></form>"; exit; } ?> Quote Link to comment Share on other sites More sharing options...
teng84 Posted September 9, 2007 Share Posted September 9, 2007 try <? session_start(); // convert username and password from _POST or _SESSION if($_POST){ $_SESSION['username']=$_POST["username"]; $_SESSION['password']=$_POST["password"]; } // query for a user/pass match $result=mysql_query("select * from users where username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'"); print_r(mysql_fetch_array($result)); // retrieve number of rows resulted $num=mysql_num_rows($result); // print login form and exit if failed. if($num < 1){ echo "<br><br><br><br><br><center><b>Please login:</b><br> <font size='1'>Register <a href='inc/register.php'>Here</a></font><br><br> <form method='POST' action='index.php'> Username: <input type='text' name='username'><br> Password: <input type='password' name='password'><br><br> <input type='submit' value='Login'> </center> </form>"; exit; } ?> and tell us what you got Quote Link to comment Share on other sites More sharing options...
Clinton Posted September 9, 2007 Author Share Posted September 9, 2007 Same thing happens except this show up at the top of the page now: Array ( [0] => 1 [iD] => 1 [1] => Clinton [First] => Clinton [2] => J [MI] => J [3] => Andersen [Last] => Andersen [4] => [Title] => [5] => binaryblaster@gmail.com => binaryblaster@gmail.com [6] => (801) 555-5555 [Phone] => (801) 555-5555 [7] => (801) 555-5555 [CellPhone] => (801) 555-5555 [8] => clintonandersen [username] => clintonandersen [9] => testing [password] => testing [10] => 2 [status] => 2 ) Quote Link to comment Share on other sites More sharing options...
teng84 Posted September 9, 2007 Share Posted September 9, 2007 ok remove the print_r(mysql_fetch_array($result)); on my sample then if($num < 1){ <-- should be if($num < =1){ or if($num !=0){ then that should work Quote Link to comment Share on other sites More sharing options...
teng84 Posted September 9, 2007 Share Posted September 9, 2007 try <? session_start(); // convert username and password from _POST or _SESSION if($_POST){ $_SESSION['username']=$_POST["username"]; $_SESSION['password']=$_POST["password"]; } // query for a user/pass match $result=mysql_query("select * from users where username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'"); // retrieve number of rows resulted $num=mysql_num_rows($result); // print login form and exit if failed. if($num <= 0){ //you can also try if($num == 0){ echo "<br><br><br><br><br><center><b>Please login:</b><br> <font size='1'>Register <a href='inc/register.php'>Here</a></font><br><br> <form method='POST' action='index.php'> Username: <input type='text' name='username'><br> Password: <input type='password' name='password'><br><br> <input type='submit' value='Login'> </center> </form>"; exit; } ?> Quote Link to comment Share on other sites More sharing options...
Clinton Posted September 9, 2007 Author Share Posted September 9, 2007 Got rid of the Array stuff at the top of the page but yea, still kicking me out. I can't remember a time when an UPDATE function gave me such a problem. Quote Link to comment Share on other sites More sharing options...
teng84 Posted September 9, 2007 Share Posted September 9, 2007 can you tell us what are this include("inc/auth.php"); include("inc/nav.php"); and what do you mean kicking you out? Quote Link to comment Share on other sites More sharing options...
Clinton Posted September 9, 2007 Author Share Posted September 9, 2007 I mean that is kills the session. I have to login again to continue. auth was the one we were just working on. nav is the one I have on all my pages that basically contains all my navigation items. Here's nav <? $db=mysql_connect ("localhost", "", "") or die ('I cannot connect to the database because: ' . mysql_error()); mysql_select_db ("anderse_inventory"); $rn=("SELECT Status FROM users WHERE username='" . $_SESSION['username']."'"); $rz=mysql_query($rn); while($row=mysql_fetch_array($rz)) { if($row["Status"]=="0"){ echo ("The Administrator has not yet approved your account. You will be notified when this occurs"); }else{ ?> <html> <head> <META http-equiv="REFRESH" content="60"; url="nav.php"> <SCRIPT TYPE="text/javascript"> <!-- function popup(mylink, windowname) { if (! window.focus)return true; var href; if (typeof(mylink) == 'string') href=mylink; else href=mylink.href; window.open(href, windowname, 'width=600,height=300,scrollbars=yes'); return false; } //--> </SCRIPT> </head> <center> <table border="0" width="100%"> <tr> <? $dbh=mysql_connect ("localhost", "", "") or die ('I cannot connect to the database because: ' . mysql_error()); mysql_select_db ("anderse_inventory"); $rnq=("SELECT First,MI,Last,Status FROM users WHERE username='" . $_SESSION['username']."'"); $rs=mysql_query($rnq); while( $row = mysql_fetch_array($rs)) { echo("<td align=LEFT valign=TOP bgcolor=#000000>"); echo("Welcome, <br>"); echo(" ".$row["First"]); echo(" ".$row["MI"]); echo(". ".$row["Last"]."<br>"); echo("<font size=2><a href='logout.php'>Logout</a>    <a href='options.php'>My Account</a></font>"); } ?> </td><td align=CENTER> <? $ztime = date("H:i d-M-y", strtotime("now + 6 hour")); $ptime = date("H:i d-M-y", strtotime("now -3 hour")); $mtime = date("H:i d-M-y", strtotime("now -2 hour")); $ctime = date("H:i d-M-y", strtotime("now -1 hour")); $atime = date("H:i d-M-y"); ?> <body bgcolor="#3366FF" text="#99FF00" link="#00FF99" vlink="#00FF99" alink="#00FF99"> <font size=4>Salt Lake City Explosive Division (8321)</font><br> <font color=green>3350 Directors Row, Suite 600   Salt Lake City, UT   84104-4585   <br>Office: 801-908-5350   Fax: 866-636-2629<br></font> <font color=green size=4>Pacific Time: </font><? echo $ptime;?> <font color=#FFCC33>   Mountain Time: </font> <? echo $mtime;?> <font color=green>   Central Time: </font> <? echo $ctime;?> <font color=green>   Atlantic Time: </font> <? echo $atime;?> <font color=green>   Zulu Time: </font> <? echo $ztime;?><br> </center> </td> </tr> </table> <style> <!-- .skin0{ position:absolute; width:165px; border:1px solid red; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; font-size:14px; z-index:100; visibility:hidden; } .menuitems{ padding-left:10px; padding-right:10px; } --> </style> <div id="ie5menu" class="skin0" onMouseover="highlightie5(event)" onMouseout="lowlightie5(event)" onClick="jumptoie5(event)" display:none> <div class="menuitems" url="index.php">Home</div> <div class="menuitems" url="keyper.php">Personnel</div> <div class="menuitems" url="calendar.php">Calendar</div> <div class="menuitems" url="inventory.php">Inventory</a></div> <div class="menuitems" url="hotels.php">D.B. Hotels</a></div> <div class="menuitems" url="options.php">Edit Personal Info</div> <div class="menuitems" url="admin.php">Admin Area</div> <div class="menuitems" url="logout.php">Logout</div> </div> <script language="JavaScript1.2"> var display_url=0 var ie5=document.all&&document.getElementById var ns6=document.getElementById&&!document.all if (ie5||ns6) var menuobj=document.getElementById("ie5menu") function showmenuie5(e){ var rightedge=ie5? document.body.clientWidth-event.clientX : window.innerWidth-e.clientX var bottomedge=ie5? document.body.clientHeight-event.clientY : window.innerHeight-e.clientY if (rightedge<menuobj.offsetWidth) menuobj.style.left=ie5? document.body.scrollLeft+event.clientX-menuobj.offsetWidth : window.pageXOffset+e.clientX-menuobj.offsetWidth else menuobj.style.left=ie5? document.body.scrollLeft+event.clientX : window.pageXOffset+e.clientX if (bottomedge<menuobj.offsetHeight) menuobj.style.top=ie5? document.body.scrollTop+event.clientY-menuobj.offsetHeight : window.pageYOffset+e.clientY-menuobj.offsetHeight else menuobj.style.top=ie5? document.body.scrollTop+event.clientY : window.pageYOffset+e.clientY menuobj.style.visibility="visible" return false } function hidemenuie5(e){ menuobj.style.visibility="hidden" } function highlightie5(e){ var firingobj=ie5? event.srcElement : e.target if (firingobj.className=="menuitems"||ns6&&firingobj.parentNode.className=="menuitems"){ if (ns6&&firingobj.parentNode.className=="menuitems") firingobj=firingobj.parentNode //up one node firingobj.style.backgroundColor="highlight" firingobj.style.color="yellow" if (display_url==1) window.status=event.srcElement.url } } function lowlightie5(e){ var firingobj=ie5? event.srcElement : e.target if (firingobj.className=="menuitems"||ns6&&firingobj.parentNode.className=="menuitems"){ if (ns6&&firingobj.parentNode.className=="menuitems") firingobj=firingobj.parentNode //up one node firingobj.style.backgroundColor="#3366FF" firingobj.style.color="#99FF00" window.status='' } } function jumptoie5(e){ var firingobj=ie5? event.srcElement : e.target if (firingobj.className=="menuitems"||ns6&&firingobj.parentNode.className=="menuitems"){ if (ns6&&firingobj.parentNode.className=="menuitems") firingobj=firingobj.parentNode if (firingobj.getAttribute("target")) window.open(firingobj.getAttribute("url"),firingobj.getAttribute("target")) else window.location=firingobj.getAttribute("url") } } if (ie5||ns6){ menuobj.style.display='' document.oncontextmenu=showmenuie5 document.onclick=hidemenuie5 } </script> <? }} ?> Quote Link to comment Share on other sites More sharing options...
teng84 Posted September 9, 2007 Share Posted September 9, 2007 do you have a session start in all your page? can you show me where and how you destroy your session? Quote Link to comment Share on other sites More sharing options...
Clinton Posted September 10, 2007 Author Share Posted September 10, 2007 Yes. I have a logout.php page that kills the session. <? // logout.php // you must start session before destroying it session_start(); session_destroy(); echo "You have been successfully logged out. <br><br> You will now be returned to the login page. <META HTTP-EQUIV=\"refresh\" content=\"2; URL=index.php\"> "; ?> Quote Link to comment Share on other sites More sharing options...
teng84 Posted September 10, 2007 Share Posted September 10, 2007 lol ;D ;D ;D ;D session_start(); session_destroy(); <---- you cant have any session value there every session you passed on that page is being destroyed right before you access them session_destroy(); <-- is used when your logging out or something like that Quote Link to comment Share on other sites More sharing options...
Clinton Posted September 10, 2007 Author Share Posted September 10, 2007 It's not. They actually have to click logout to go to that page. It's not an include or passed from page to page. Quote Link to comment Share on other sites More sharing options...
teng84 Posted September 10, 2007 Share Posted September 10, 2007 can you show the code of that page that logs you out :-\ Quote Link to comment Share on other sites More sharing options...
Clinton Posted September 10, 2007 Author Share Posted September 10, 2007 I did, it's four posts up. Logout.php Quote Link to comment Share on other sites More sharing options...
teng84 Posted September 10, 2007 Share Posted September 10, 2007 no the pages that kicks you out Quote Link to comment Share on other sites More sharing options...
Clinton Posted September 10, 2007 Author Share Posted September 10, 2007 My bad: (This is also the page that's supposed to update the db) <? // connect to database include("inc/connect.php"); // include auth and nav include("inc/auth.php"); include("inc/nav.php"); ?> <? $rn=("SELECT * FROM users WHERE username='" . $_SESSION['username']."'"); $rz=mysql_query($rn); while($row=mysql_fetch_array($rz)) { if($row["Status"]=="0"){ echo ("<br>Have a great day! <a href='logout.php'>Close</a>"); }else{ ?> <?php //This code runs if the form has been submitted if (isset($_POST['submit'])) { //This makes sure they did not leave any fields blank if (!$_POST['password'] | !$_POST['password2'] | !$_POST['First'] | !$_POST['MI'] | !$_POST['Last'] | !$_POST['Email'] | !$_POST['Phone'] | !$_POST['CellPhone'] ) { die('You did not complete all of the required fields'); } // this makes sure both passwords entered match if ($_POST['password'] != $_POST['password2']) { die('Your passwords did not match. '); } // now we update the database $insert = "UPDATE users SET First = '".$_POST['First']."', MI = '".$_POST['MI']."', Last = '".$_POST['Last']."', Email = '".$_POST['Email']."', Phone = '".$_POST['Phone']."', CellPhone = '".$_POST['CellPhone']."', password = '".$_POST['password']."' WHERE username = '" . $_SESSION['username']."'"; $update = mysql_query($insert); ?> <h1>Done!</h1> <p>Thank you, you have successfully updated your information.</a>.</p> <?php } else { ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <p> <table border="0"> <tr><td>First Name:</td><td> <input type="text" name="First" maxlength="60" value="<? echo $row['First']; ?>"> </td></tr> <tr><td>Middle Initial:</td><td> <input type="text" name="MI" maxlength="60" value="<? echo $row['MI']; ?>"> </td></tr> <tr><td>Last Name:</td><td> <input type="text" name="Last" maxlength="60" value="<? echo $row['Last']; ?>"> </td></tr> <tr><td>E-mail:</td><td> <input type="text" name="Email" maxlength="100" value="<? echo $row['Email']; ?>"> </td></tr> <tr><td>Home Phone:</td><td> <input type="text" name="Phone" maxlength="60" value="<? echo $row['Phone']; ?>"> </td></tr> <tr><td>Cell Phone:</td><td> <input type="text" name="CellPhone" maxlength="60" value="<? echo $row['CellPhone']; ?>"> </td></tr> <tr><td>Username:</td><td> <? echo $row['username']; ?> </td></tr> <tr><td>Password:</td><td> <input type="password" name="password" maxlength="10" value="<? echo $row['password']; ?>"> </td></tr> <tr><td>Confirm Password:</td><td> <input type="password" name="password2" maxlength="10"> </td></tr> <tr><th colspan=2><input type="submit" name="submit" value="Update"></th></tr> </table> </form> <?php }}} ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.