Forum Moderators: coopster
I have a simple membership only site that I am building and I am trying to have the page where members enter there own "parts" into the database detect their member username and insert it into te database, so that later, they can search only their own inventory and manage it accordingly.
I am using a two-page pass-through data entry form, where "enterinfo" passes the data through a form, and enter1.php sends it to the MySql database.
When successful, enter1.php prompts them to "add another?". Using the code below, I managed to successfully have the PHP detect the username (called loginName here) from the session that starts at the top, and post it to the db. But when they come around for a second try, the query fails. So it appears that the session information is not carrying through for some reason:
here is the code in question:
<?php
session_start();
if (@$_SESSION['auth']!= "yes")
{
header("Location: Login.php");
exit();
}
?>
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
</head>
<body>
<?php
include("dogs.inc");
$connection = mysql_connect($host, $user,$password) #14
or die ("Couldn't connect to server.");
$db = mysql_select_db($database, $connection)
or die ("Couldn't select database.");
$query = "INSERT INTO
main
(id_no, mfg, product, condition, model, price, member, comments,loginName)
VALUES
('',
'".$_POST['mfg']."',
'".$_POST['product']."',
'".$_POST['condition']."',
'".$_POST['model']."',
'".$_POST['price']."',
'".$_POST['member']."',
'".$_POST['comments']."',
'$logname')
";
$result = mysql_query($query)
or die ("Couldn't do it, bud");
As you can see, the variable $logname is coming from the session login when the user log on. As I said, it works once only, then the second time, I get "couldn't do it bud".
Is there anything glaringly missing?
Any input or feedback woul dbe greatly appreciated.
actually I can't see it, I only see the use of a var $logname there is no reference in the code above that shows how it is assigned or if session_start is called properly or if the var might be overwritten.
I would start by adding a
echo $_SESSION['logname'];
on each page to see if the value is intact through out the process.
<?php
session_start(); # 9
include("dogs.inc"); #10
switch (@$_GET['do']) #11
{
case "login": #13
$connection = mysql_connect($host, $user,$password) #14
or die ("Couldn't connect to server.");
$db = mysql_select_db($database, $connection)
or die ("Couldn't select database."); #17
$sql = "SELECT loginName FROM Member
WHERE loginName='$_POST[fusername]'"; #20
$result = mysql_query($sql)
or die("Couldn't execute query."); #22
$num = mysql_num_rows($result); #23
if ($num == 1) // login name was found #24
{
$sql = "SELECT loginName FROM Member
WHERE loginName='$_POST[fusername]'
AND password=password('$_POST[fpassword]')";
$result2 = mysql_query($sql)
or die("Couldn't execute query 2."); #30
$num2 = mysql_num_rows($result2);
if ($num2 > 0) // password is correct #32
{
$_SESSION['auth']="yes"; #34
$logname=$_POST['fusername'];
$_SESSION['logname'] = $logname; #36
$today = date("Y-m-d h:m:s"); #37
$sql = "INSERT INTO Login (loginName,loginTime)
VALUES ('$logname','$today')";
mysql_query($sql) or die("Can't execute query.");
header("Location: Member_page.php"); #41
}
else // password is not correct #43
{
unset($do); #45
$message="The Username, '$_POST[fusername]'
exists, but you have not entered the
correct password! Please try again.<br>";
include("login_form.inc"); #49
}
} #51
elseif ($num == 0) // login name not found #52
{
unset($do); #54
$message = "The Username you entered does not
exist. Please try again.<br>";
include("login_form.inc");
}
break; #59
default: #168
include("login_form.inc");
}
?>
I will try the Echo that you mentioned in and see if I can verify that it's carrying through. Many thanks
pat
