Jump to content


Photo

Problem with user login / sessions? - Please help!


  • Please log in to reply
2 replies to this topic

#1 melissal

melissal
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 26 April 2006 - 07:29 AM

I just built a site with a login system...got it out of a book and edited it slightly to make it work...The problem that I just found, is that when you log in, you can change postings...Something is happening so that when you click to change a posting, then click on the Account button to see your account info, it switches to another person's info...depending on what page you click on before going to your Account page, the account info will be different...Any ideas on how to fix this?

Thanks!

#2 Yesideez

Yesideez
  • Members
  • PipPipPip
  • Advanced Member
  • 2,334 posts
  • LocationDevon, UK

Posted 26 April 2006 - 07:46 AM

Please post the offending script here and surround it with the CODE tags to help keep it readable.
Not a pro just an enthusiast :)

if (empty($coffee)) {$coffee=new coffee();}

Please surround any code using the CODE tags - I rarely look at anything without them

#3 melissal

melissal
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 26 April 2006 - 08:18 AM

It doesn't start messing up until i get to the product_edit.php page....Thanks.

<?php 
    include('require.php');
    include('include/HTML_header.php');
?>

<table id="table_main" class="table_main">
    <tr>
        <td colspan="4">
            <?php include('include/header.php'); ?>
        </td>
    </tr>
    <tr>
        <td id="table_left" width="150px" align="left">
            <?php category_list_by_price(); ?><br />
            <?php category_list(); ?><br />
            <?php searchform(); ?>
        </td>
        <td width="20px"> </td>
        <td id="table_content" width="560px" align="left">

        
        
<!-----------------------------------THE CONTENT GOES BELOW THIS LINE----------------------------------->
<?php 

//if($_SESSION['user_id']=='user_id'){

// This page edits a product.
// This page is accessed through view_products.php.

// Check for a valid product ID, through GET or POST.
if ( (isset($_GET['product_id'])) && (is_numeric($_GET['product_id'])) ) { // Accessed through view_products.php
    $product_id = $_GET['product_id'];
} elseif ( (isset($_POST['product_id'])) && (is_numeric($_POST['product_id'])) ) { // Form has been submitted.
    $product_id = $_POST['product_id'];
} else { // No valid ID, kill the script.
    echo '<div class="titletext">Page Error 37</div>
    <p class="error">This page has been accessed in error.</p><p><br /><br /></p>';
    //include ('./includes/footer.html'); 
    echo "</td></tr></table>";
    include('include/loginfooter2.php'); 
    exit();
}

require_once ('../mysql_connect.php'); // Connect to the db.

// Check if the form has been submitted.
if (isset($_POST['submitted'])) {

    $errors = array(); // Initialize error array.
    
    // Check for a product title.
    if (empty($_POST['product_title'])) {
        $errors[] = 'You forgot to enter a product title.';
    } else {
        $product_title = escape_data($_POST['product_title']);
    }
    
    // Check for a description.
    if (empty($_POST['product_description'])) {
        $errors[] = 'You forgot to enter a description.';
    } else {
        $product_description = escape_data($_POST['product_description']);
    }
    

    if (empty($errors)) { // If everything's OK.
    
        //  Test for unique email address.
        $query = "SELECT product_title,product_id FROM products WHERE product_id='$product_id'";
        $result = mysql_query($query);
        if (mysql_num_rows($result) != 0) {

            // Make the query.
            $query = "UPDATE products SET product_title='$product_title', product_description='$product_description', product_user_id='$user_id', product_category_id='$category_id', product_price_id='$price_id' WHERE product_id=$product_id";
            $result = @mysql_query ($query); // Run the query.
            if (mysql_affected_rows() == 1) { // If it ran OK.
            
                // Print a message.
                echo '<div class="titletext">Edit a Product</div>
                <p>The product has been edited.</p><p><br /><br /></p>';    
                            
            } else { // If it did not run OK.
                echo '<div class="titletext">System Error</div>
                <p class="error">You must make a change to the information in order to submit.</p>'; // Public message.
                //echo '<p>' . mysql_error() . '<br /><br />Query: ' . $query . '</p>'; // Debugging message.
                //include ('./includes/footer.html'); 
                echo "</td></tr></table>";
    include('include/loginfooter2.php'); 
    exit();
            }
                
        } else { // Already registered.
            echo '<div class="titletext">Error!</div>
            <p class="error">An error has occured...Please try again later.</p>';
        }
    } else { // Report the errors.
    
        echo '<div class="titletext">Error!</div>';
        foreach ($errors as $msg) { // Print each error.
            echo " - $msg<br />\n";
        }
        echo '</p><p>Please try again.</p><p><br /></p>';
        
    } // End of if (empty($errors)) IF.

} // End of submit conditional.

// Always show the form.

// Retrieve the product's information.

$query = "SELECT products.product_title,products.product_description,products.product_user_id,products.product_category_id,products.product_price_id,products.product_price,users.user_id,users.first_name,users.last_name, category.category_id,category.category_name,price.price_id,price.price_name FROM products,users,category,price WHERE products.product_id=$product_id AND products.product_user_id=users.user_id AND products.product_category_id=category.category_id AND products.product_price_id=price.price_id";        
$result = @mysql_query ($query); // Run the query.

if (mysql_num_rows($result) == 1) { // Valid product ID, show the form.

    // Get the product's information.
    $row = mysql_fetch_array ($result, MYSQL_NUM);
    
    // Create the form.
    echo '<div class="titletext">Edit a Product</div><br />
<form action="product_edit.php" method="post">
<table>
    <tr>
        <td width="120">Product Title:</td>
        <td width="200"><input type="text" name="product_title" size="30" value="' . $row[0] . '" /></td>        
    </tr>
    <tr>
        <td>Description:</td>
        <td><textarea name="product_description" cols="25" rows="5">' . $row[1] . '</textarea></td>
    </tr>

    <tr>
        <td>User:</td>
        <td><select name="user_id">';
        $query = "SELECT user_id,first_name,last_name,email FROM users ORDER BY first_name ASC";
        $result = mysql_query($query,$connect);
        for($i=0;$i<mysql_num_rows($result);$i++){
            list($user_id,$first_name,$last_name,$email)=mysql_fetch_row($result);
            echo "<option value='$user_id'>$first_name   $last_name</option>";
        }
        echo '</select></td>
    </tr>
    <tr>
        <td>Category:</td>
        <td><select name="category_id">';
        $query = "SELECT category_id,category_name FROM category ORDER BY category_name ASC";
        $result = mysql_query($query,$connect);
        for($i=0;$i<mysql_num_rows($result);$i++){
            list($category_id,$category_name)=mysql_fetch_row($result);
            echo "<option value='$category_id'>$category_name</option>";
        }
        echo '</select></td>
    </tr>
    <tr>
        <td>Price:</td>
        <td><select name="price_id">';
        $query = "SELECT price_id,price_name FROM price ORDER BY price_name ASC";
        $result = mysql_query($query,$connect);
        for($i=0;$i<mysql_num_rows($result);$i++){
            list($price_id,$price_name)=mysql_fetch_row($result);
            echo "<option value='$price_id'>$price_name</option>";
        }
        echo '</select></td>
    </tr>
    <tr>
        <td>Price:</td>
        <td><input type="text" name="product_price" size="30" maxlength="30" value="' . $row[5] . '" /></td>
    </tr>

    <tr>
        <td><input type="submit" name="submit" value="Submit" /></td>
    </tr>
</table>
<input type="hidden" name="submitted" value="TRUE" />
<input type="hidden" name="product_id" value="' . $product_id . '" />
</form>';

} else { // Not a valid product ID.
    echo '<div class="titletext">Page Error 181</div>
    <p class="error">This page has been accessed in error.</p><p><br /><br /></p>';
}


/*}else{
    echo "You are not authorized to view this page.";
}
*/
?>


<!-----------------------------------THE CONTENT GOES ABOVE THIS LINE----------------------------------->
                </td>
        <td width="20px"> </td>
    </tr>
</table>

<?php include('include/loginfooter2.php'); ?>





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users