The author went MIA.

Posted May 3, 2006 · May 3, 2006

Okay, I have this script that I downloaded from www.widgetmonkey.com and it's been giving me problems and all. At first when I logged in with the default user and pw, it just takes me back to the login page. Then I screwed around with the $query code in the login.php file, and it logged me in. But now it's not logging me in as an administrator, it's logging me in as a client.

Here is the script info and link if anyone would like to give it a try and help me figure out what's going on. I know very little of PHP and MySQL, so please help me.
[a href=\"http://www.widgetmonkey.com/app.php?id=14\" target=\"_blank\"]http://www.widgetmonkey.com/app.php?id=14[/a]

Posted May 3, 2006 · May 3, 2006

Okay, can someone look at the codes I provided below and tell me if there's something wrong in it.

This is the login.php file.
[code]
<?
include("inc/config.php");
$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!");
$query = "SELECT `name` FROM `clients` WHERE name = '$name' AND password = '$password'";
$result = mysql_db_query($database, $query, $connection);
if (mysql_num_rows($result) == 1)
    {
    session_start();

    session_register("client_id");
    session_register("client_name");
    session_register("client_email");
    session_register("client_ref");
    session_register("client_title");
    list($clientid, $name, $pass, $email, $ref, $title) = mysql_fetch_row($result);
    $client_id = $clientid;
    $client_name = $name;
    $client_email = $email;
    $client_ref = $ref;
    $client_title = $title;

    header("Location: menu.php");
    mysql_free_result ($result);

    mysql_close($connection);
    }
else

    {
    mysql_free_result ($result);
    mysql_close($connection);

    header("Location: index.htm");
    exit;
    }
?>
[/code]

This is the menu.php file.
[code]
<?
session_start();
if(!session_is_registered("client_id"))
{
header("Location: index.htm");
exit;
}
?>
<html>
<link rel="stylesheet" href="inc/style.css" type="text/css">

<body bgcolor="#FFFFFF">
<img src="inc/title.gif" width="308" height="82">
<?
if ($client_name !== 'admin')
{
?>
<h2>Hello <b>
  <? echo $client_name ?>
  </b> </h2>
  Here are your invoices:

<?
include "inc/dbconnect.php";
include ("inc/date.php");
$result = mysql_query("SELECT * FROM invoices WHERE clientid = '$client_id' ORDER BY $param",$db);
if (!$param) {
$result = mysql_query("SELECT * FROM invoices WHERE clientid = '$client_id' ORDER BY id",$db);
}
echo "<p><table border=1 cellspacing=0 cellpadding=2 bordercolor=#eeeeee width=400>";
echo "<tr align=top><td><b><a href='menu.php?param=id'>Invoice number</a></b></td><td><b><a href='menu.php?param=date'>Date</a></b></td><td><b><a href='menu.php?param=total'>Total</a></b></td><td><b><a href='menu.php?param=status'>Status</a></b></td><td> </td></tr>";

while ($row = mysql_fetch_array($result))
{
    $id = $row["id"];
    $date = $row["date"];
    $dateshow = fixDate($date);
    $total = $row["total"];
    $status = $row["status"];

if ($alternate == "1") {
    $color = "#ffffff";
    $alternate = "2";
    }
    else {
    $color = "#efefef";
    $alternate = "1";
    }

echo "<tr valign=top bgcolor=$color><td>$id</td><td>$dateshow</td><td>$total</td><td>$status</td><td>[ <a href='invoice.php?id=$id'>view</a> ]</td></tr>";
}
echo "</table>";

}
elseif ($client_name == 'admin')
{

echo "<h2>admin options</h2>";

include "inc/dbconnect.php";
include ("inc/date.php");
$result = mysql_query("SELECT * FROM invoices ORDER BY $param",$db);
if (!$param) {
$result = mysql_query("SELECT * FROM invoices ORDER BY id",$db);
}
echo "<p><table border=1 cellspacing=0 cellpadding=2 bordercolor=#eeeeee width=600>";
echo "<tr align=top><td><b><a href='menu.php?param=id'>Invoice number</a></b></td><td><b><a href='menu.php?param=clientid'>Client</a></b></td><td><b><a href='menu.php?param=date'>Date</a></b></td><td><b><a href='menu.php?param=total'>Total</a></b></td><td><b><a href='menu.php?param=status'>Status</a></b></td><td> </td><td> </td><td> </td><td> </td></tr>";

while ($row = mysql_fetch_array($result))
{
    $id = $row["id"];
    $clientid = $row["clientid"];
    $clientfind = mysql_query("SELECT title FROM clients WHERE clientid = '$clientid'",$db);
    $clienttitle = mysql_result($clientfind,0);
    $date = $row["date"];
    $dateshow = fixDate($date);
    $total = $row["total"];
    $status = $row["status"];

if ($alternate == "1") {
    $color = "#ffffff";
    $alternate = "2";
    }
    else {
    $color = "#efefef";
    $alternate = "1";
    }

echo "<tr valign=top bgcolor=$color><td>$id</td><td>$clienttitle</td><td>$dateshow</td><td>$total</td><td>$status</td>";
if ($status == 'pending') {
echo "<td>[ <a href='admin_invoice.php?id=$id'>view / change status</a> ]</td>";
}
else {
echo "<td>[ <a href='admin_invoice.php?id=$id'>view</a> ]</td>";
}
echo "<td>[ <a href='notifyclient.php?id=$id'>notify client</a> ]</td><td>[ <a href='edit_invoice.php?id=$id'>edit</a> ]</td><td>[ <a href='delete_invoice.php?id=$id' onClick=\"return confirm('Are you sure?')\">delete</a> ]</td></tr>";
}
echo "</table>";

echo "<p><a href='edit_invoice.php'>add an invoice</a> | <a href='clients.php'>manage client profiles</a>";

}
?>

<p><a href="logout.php">Logout</a></p>

<?
include "inc/footer.inc";
?>

</body>
</html>
[/code]

Sign In

The author went MIA.

Recommended Posts

Guest LALING

Link to comment

Share on other sites

Guest LALING

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information