Jump to content

Problem with user login / sessions? - Please help!


melissal

Recommended Posts

I just built a site with a login system...got it out of a book and edited it slightly to make it work...The problem that I just found, is that when you log in, you can change postings...Something is happening so that when you click to change a posting, then click on the Account button to see your account info, it switches to another person's info...depending on what page you click on before going to your Account page, the account info will be different...Any ideas on how to fix this?

Thanks!
Link to comment
Share on other sites

It doesn't start messing up until i get to the product_edit.php page....Thanks.

[code]
<?php
    include('require.php');
    include('include/HTML_header.php');
?>

<table id="table_main" class="table_main">
    <tr>
        <td colspan="4">
            <?php include('include/header.php'); ?>
        </td>
    </tr>
    <tr>
        <td id="table_left" width="150px" align="left">
            <?php category_list_by_price(); ?><br />
            <?php category_list(); ?><br />
            <?php searchform(); ?>
        </td>
        <td width="20px"> </td>
        <td id="table_content" width="560px" align="left">

        
        
<!-----------------------------------THE CONTENT GOES BELOW THIS LINE----------------------------------->
<?php

//if($_SESSION['user_id']=='user_id'){

// This page edits a product.
// This page is accessed through view_products.php.

// Check for a valid product ID, through GET or POST.
if ( (isset($_GET['product_id'])) && (is_numeric($_GET['product_id'])) ) { // Accessed through view_products.php
    $product_id = $_GET['product_id'];
} elseif ( (isset($_POST['product_id'])) && (is_numeric($_POST['product_id'])) ) { // Form has been submitted.
    $product_id = $_POST['product_id'];
} else { // No valid ID, kill the script.
    echo '<div class="titletext">Page Error 37</div>
    <p class="error">This page has been accessed in error.</p><p><br /><br /></p>';
    //include ('./includes/footer.html');
    echo "</td></tr></table>";
    include('include/loginfooter2.php');
    exit();
}

require_once ('../mysql_connect.php'); // Connect to the db.

// Check if the form has been submitted.
if (isset($_POST['submitted'])) {

    $errors = array(); // Initialize error array.
    
    // Check for a product title.
    if (empty($_POST['product_title'])) {
        $errors[] = 'You forgot to enter a product title.';
    } else {
        $product_title = escape_data($_POST['product_title']);
    }
    
    // Check for a description.
    if (empty($_POST['product_description'])) {
        $errors[] = 'You forgot to enter a description.';
    } else {
        $product_description = escape_data($_POST['product_description']);
    }
    

    if (empty($errors)) { // If everything's OK.
    
        //  Test for unique email address.
        $query = "SELECT product_title,product_id FROM products WHERE product_id='$product_id'";
        $result = mysql_query($query);
        if (mysql_num_rows($result) != 0) {

            // Make the query.
            $query = "UPDATE products SET product_title='$product_title', product_description='$product_description', product_user_id='$user_id', product_category_id='$category_id', product_price_id='$price_id' WHERE product_id=$product_id";
            $result = @mysql_query ($query); // Run the query.
            if (mysql_affected_rows() == 1) { // If it ran OK.
            
                // Print a message.
                echo '<div class="titletext">Edit a Product</div>
                <p>The product has been edited.</p><p><br /><br /></p>';    
                            
            } else { // If it did not run OK.
                echo '<div class="titletext">System Error</div>
                <p class="error">You must make a change to the information in order to submit.</p>'; // Public message.
                //echo '<p>' . mysql_error() . '<br /><br />Query: ' . $query . '</p>'; // Debugging message.
                //include ('./includes/footer.html');
                echo "</td></tr></table>";
    include('include/loginfooter2.php');
    exit();
            }
                
        } else { // Already registered.
            echo '<div class="titletext">Error!</div>
            <p class="error">An error has occured...Please try again later.</p>';
        }
    } else { // Report the errors.
    
        echo '<div class="titletext">Error!</div>';
        foreach ($errors as $msg) { // Print each error.
            echo " - $msg<br />\n";
        }
        echo '</p><p>Please try again.</p><p><br /></p>';
        
    } // End of if (empty($errors)) IF.

} // End of submit conditional.

// Always show the form.

// Retrieve the product's information.

$query = "SELECT products.product_title,products.product_description,products.product_user_id,products.product_category_id,products.product_price_id,products.product_price,users.user_id,users.first_name,users.last_name, category.category_id,category.category_name,price.price_id,price.price_name FROM products,users,category,price WHERE products.product_id=$product_id AND products.product_user_id=users.user_id AND products.product_category_id=category.category_id AND products.product_price_id=price.price_id";        
$result = @mysql_query ($query); // Run the query.

if (mysql_num_rows($result) == 1) { // Valid product ID, show the form.

    // Get the product's information.
    $row = mysql_fetch_array ($result, MYSQL_NUM);
    
    // Create the form.
    echo '<div class="titletext">Edit a Product</div><br />
<form action="product_edit.php" method="post">
<table>
    <tr>
        <td width="120">Product Title:</td>
        <td width="200"><input type="text" name="product_title" size="30" value="' . $row[0] . '" /></td>        
    </tr>
    <tr>
        <td>Description:</td>
        <td><textarea name="product_description" cols="25" rows="5">' . $row[1] . '</textarea></td>
    </tr>

    <tr>
        <td>User:</td>
        <td><select name="user_id">';
        $query = "SELECT user_id,first_name,last_name,email FROM users ORDER BY first_name ASC";
        $result = mysql_query($query,$connect);
        for($i=0;$i<mysql_num_rows($result);$i++){
            list($user_id,$first_name,$last_name,$email)=mysql_fetch_row($result);
            echo "<option value='$user_id'>$first_name   $last_name</option>";
        }
        echo '</select></td>
    </tr>
    <tr>
        <td>Category:</td>
        <td><select name="category_id">';
        $query = "SELECT category_id,category_name FROM category ORDER BY category_name ASC";
        $result = mysql_query($query,$connect);
        for($i=0;$i<mysql_num_rows($result);$i++){
            list($category_id,$category_name)=mysql_fetch_row($result);
            echo "<option value='$category_id'>$category_name</option>";
        }
        echo '</select></td>
    </tr>
    <tr>
        <td>Price:</td>
        <td><select name="price_id">';
        $query = "SELECT price_id,price_name FROM price ORDER BY price_name ASC";
        $result = mysql_query($query,$connect);
        for($i=0;$i<mysql_num_rows($result);$i++){
            list($price_id,$price_name)=mysql_fetch_row($result);
            echo "<option value='$price_id'>$price_name</option>";
        }
        echo '</select></td>
    </tr>
    <tr>
        <td>Price:</td>
        <td><input type="text" name="product_price" size="30" maxlength="30" value="' . $row[5] . '" /></td>
    </tr>

    <tr>
        <td><input type="submit" name="submit" value="Submit" /></td>
    </tr>
</table>
<input type="hidden" name="submitted" value="TRUE" />
<input type="hidden" name="product_id" value="' . $product_id . '" />
</form>';

} else { // Not a valid product ID.
    echo '<div class="titletext">Page Error 181</div>
    <p class="error">This page has been accessed in error.</p><p><br /><br /></p>';
}


/*}else{
    echo "You are not authorized to view this page.";
}
*/
?>


<!-----------------------------------THE CONTENT GOES ABOVE THIS LINE----------------------------------->
                </td>
        <td width="20px"> </td>
    </tr>
</table>

<?php include('include/loginfooter2.php'); ?>[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.