Jump to content

The author went MIA.


Guest LALING

Recommended Posts

Guest LALING
Okay, I have this script that I downloaded from www.widgetmonkey.com and it's been giving me problems and all. At first when I logged in with the default user and pw, it just takes me back to the login page. Then I screwed around with the $query code in the login.php file, and it logged me in. But now it's not logging me in as an administrator, it's logging me in as a client.

Here is the script info and link if anyone would like to give it a try and help me figure out what's going on. I know very little of PHP and MySQL, so please help me.
[a href=\"http://www.widgetmonkey.com/app.php?id=14\" target=\"_blank\"]http://www.widgetmonkey.com/app.php?id=14[/a]
Link to comment
Share on other sites

Guest LALING
Okay, can someone look at the codes I provided below and tell me if there's something wrong in it.

This is the login.php file.
[code]
<?
include("inc/config.php");
$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!");
$query = "SELECT `name` FROM `clients` WHERE name = '$name' AND password = '$password'";
$result = mysql_db_query($database, $query, $connection);
if (mysql_num_rows($result) == 1)
    {
    session_start();

    session_register("client_id");
    session_register("client_name");
    session_register("client_email");
    session_register("client_ref");
    session_register("client_title");
    list($clientid, $name, $pass, $email, $ref, $title) = mysql_fetch_row($result);
    $client_id = $clientid;
    $client_name = $name;
    $client_email = $email;
    $client_ref = $ref;
    $client_title = $title;
    
    header("Location: menu.php");
    mysql_free_result ($result);    

    mysql_close($connection);
    }
else

    {
    mysql_free_result ($result);    
    mysql_close($connection);

    header("Location: index.htm");
    exit;
    }
?>
[/code]

This is the menu.php file.
[code]
<?
session_start();
if(!session_is_registered("client_id"))
{
header("Location: index.htm");
exit;
}
?>
<html>
<link rel="stylesheet" href="inc/style.css" type="text/css">

<body bgcolor="#FFFFFF">
<img src="inc/title.gif" width="308" height="82">
<?
if ($client_name !== 'admin')
{
?>
<h2>Hello <b>
  <? echo $client_name ?>
  </b> </h2>
  Here are your invoices:

<?
include "inc/dbconnect.php";
include ("inc/date.php");
$result = mysql_query("SELECT * FROM invoices WHERE clientid = '$client_id' ORDER BY $param",$db);
if (!$param) {
$result = mysql_query("SELECT * FROM invoices WHERE clientid = '$client_id' ORDER BY id",$db);
}
echo "<p><table border=1 cellspacing=0 cellpadding=2 bordercolor=#eeeeee width=400>";
echo "<tr align=top><td><b><a href='menu.php?param=id'>Invoice number</a></b></td><td><b><a href='menu.php?param=date'>Date</a></b></td><td><b><a href='menu.php?param=total'>Total</a></b></td><td><b><a href='menu.php?param=status'>Status</a></b></td><td>&nbsp;</td></tr>";

while ($row = mysql_fetch_array($result))
{
    $id = $row["id"];
    $date = $row["date"];
    $dateshow = fixDate($date);
    $total = $row["total"];
    $status = $row["status"];

if ($alternate == "1") {
    $color = "#ffffff";
    $alternate = "2";
    }
    else {
    $color = "#efefef";
    $alternate = "1";
    }

echo "<tr valign=top bgcolor=$color><td>$id</td><td>$dateshow</td><td>$total</td><td>$status</td><td>[ <a href='invoice.php?id=$id'>view</a> ]</td></tr>";
}
echo "</table>";

}
elseif ($client_name == 'admin')
{

echo "<h2>admin options</h2>";

include "inc/dbconnect.php";
include ("inc/date.php");
$result = mysql_query("SELECT * FROM invoices ORDER BY $param",$db);
if (!$param) {
$result = mysql_query("SELECT * FROM invoices ORDER BY id",$db);
}
echo "<p><table border=1 cellspacing=0 cellpadding=2 bordercolor=#eeeeee width=600>";
echo "<tr align=top><td><b><a href='menu.php?param=id'>Invoice number</a></b></td><td><b><a href='menu.php?param=clientid'>Client</a></b></td><td><b><a href='menu.php?param=date'>Date</a></b></td><td><b><a href='menu.php?param=total'>Total</a></b></td><td><b><a href='menu.php?param=status'>Status</a></b></td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>";

while ($row = mysql_fetch_array($result))
{
    $id = $row["id"];
    $clientid = $row["clientid"];
    $clientfind = mysql_query("SELECT title FROM clients WHERE clientid = '$clientid'",$db);
    $clienttitle = mysql_result($clientfind,0);
    $date = $row["date"];
    $dateshow = fixDate($date);
    $total = $row["total"];
    $status = $row["status"];

if ($alternate == "1") {
    $color = "#ffffff";
    $alternate = "2";
    }
    else {
    $color = "#efefef";
    $alternate = "1";
    }

echo "<tr valign=top bgcolor=$color><td>$id</td><td>$clienttitle</td><td>$dateshow</td><td>$total</td><td>$status</td>";
if ($status == 'pending') {
echo "<td>[ <a href='admin_invoice.php?id=$id'>view / change status</a> ]</td>";
}
else {
echo "<td>[ <a href='admin_invoice.php?id=$id'>view</a> ]</td>";
}
echo "<td>[ <a href='notifyclient.php?id=$id'>notify client</a> ]</td><td>[ <a href='edit_invoice.php?id=$id'>edit</a> ]</td><td>[ <a href='delete_invoice.php?id=$id' onClick=\"return confirm('Are you sure?')\">delete</a> ]</td></tr>";
}
echo "</table>";

echo "<p><a href='edit_invoice.php'>add an invoice</a> | <a href='clients.php'>manage client profiles</a>";



}
?>

<p><a href="logout.php">Logout</a></p>

<?
include "inc/footer.inc";
?>

</body>
</html>
[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.