PHP - Checking User Level Now Not Showing Value In Fields.

CREATE TABLE user (username varchar(20),password varchar(20),level varchar(20),PRIMARY KEY(username));

INSERT INTO `user` VALUES ('a', 'pass1', 'admin');
INSERT INTO `user` VALUES ('b', 'pass2', 'admin');
INSERT INTO `user` VALUES ('c', 'pass3', 'user');


This is my database

and

Registration.php

Code: [Select]
<html>
<head>
<script type="text/javascript">
  function a()
{
   var x = document.register.username.value;
   var y = document.register.pass.value;
   var z = document.register.pass2.value;
   
   if(x==""&& y==""&& z=="")
   {
    alert("Please insert all message!");
    return false;
   }
   if(x=="")
   {
     alert("Please insert an username!");
     return false;
   }
   if(y=="")
   {
     alert("Please insert an password!");
     return false;
   }
   if(z=="")
   {
     alert("Please insert an password2!");
     return false;
   }
   
   if (y!=z)
   {
     alert("Your passwords did not match");
     return false;
   }
   



}
</script>
</head>
<?php
    mysql_connect("localhost","root") or die(mysql_error());
    mysql_select_db("cute") or die(mysql_error());


     if (isset($_POST["sub"]))
     {
        $_POST['pass'] = md5($_POST['pass']);
      if (!get_magic_quotes_gpc())
       {
        $_POST['username'] = addslashes($_POST['username']);
        $_POST['pass'] = addslashes($_POST['pass']);
      }


       $usercheck = $_POST["username"];

       $check = mysql_query("SELECT username FROM regis WHERE username = '$usercheck'") or die(mysql_error());

       $check2 = mysql_num_rows($check);
        //if the name exists it gives an error
     if ($check2 != 0)
     {
      echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Sorry, the username" ." ".$usercheck." ". "is already in use.')</SCRIPT>");
      echo ("<SCRIPT LANGUAGE='JavaScript'>setTimeOut(window.location = 'registration.php',1)</script>");

     }

      else if($_POST['username'] && $_POST['pass'] && $_POST['pass2'] )
     {
      $insert = "INSERT INTO regis(username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')";
      $add_member = mysql_query($insert);
      echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Registration had been succesfully added :)')</SCRIPT>");
      echo "<meta http-equiv='refresh' content='0; url=login.php'>";
     }

     }
     
?>
<body>



  <form name="register" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"  onsubmit="return a()">
  <table border='0'>
  <tr><td>Username:</td><td><input type="text"name="username" maxlength="60"></td></tr>
  <tr><td>Password:</td><td><input type="password" name="pass" maxlength="10"></td></tr>
  <tr><td>Confirm Password:</td><td><input type="password" name="pass2" maxlength="10"></td></tr>
  <tr><th colspan=2><input type="submit" name="sub" value="Register"></th></tr></table>
  </form>
 

  </body>
 </html>

My main problem when in registration iam did not put user level field because it is not secure but how to manage or how to detect when someone registering he or she is user or admin?

DATABASE-id(auto increment),username,password and userlevel(int that is 1 for admin and 0 for user)

Login.php

Code: [Select]
<?php
    session_start();
    mysql_connect("localhost","root") or die(mysql_error());
    mysql_select_db("cute") or die(mysql_error());
    //session_start();
    $username = $_POST['username'];
    $password = $_POST['pass'];
    if (isset($_POST["submit"]))
    {
     $log = "SELECT * FROM regis WHERE username = '$username'";
     $login = mysql_query($log);
     $number = mysql_num_rows($login);

     if ($number == 0)
     {
      print "That user does not exist in our database. <a href=registration.php><input type='button' value='Register'></a>";
     }
      if ($number > 0)
     {
      $row = mysql_fetch_assoc($log);
      $_SESSION['username'] = $row['username'];
      $_SESSION['userlevel'] = $row['userlevel'];
      $_SESSION['is_logged_in'] = 1;
        if($_SESSION['userlevel']=0)
     {
       echo "<meta http-equiv='refresh' content='0; url=registration.php'>";
     }
     else if($_SESSION['userlevel']=1)
     {
       echo "<meta http-equiv='refresh' content='0; url=form2.php'>";
     }
     }



    }
    else
    {


?>
<html>
<head>
<script type="text/javascript">
 function a()
{
   var x = document.login.username.value;
   var y = document.login.pass.value;

   if(x==""&& y=="")
   {
    alert("Please insert all message!");
    return false;
   }
   if(x=="")
   {
     alert("Please insert an username!");
     return false;
   }
   if(y=="")
   {
     alert("Please insert an password!");
     return false;
   }
}
</script>
</head>



 <body>
 <table border="0">
 <form name="login" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" onsubmit="return a()">
 <tr><td colspan=2><h1>Login</h1></td></tr>
 <tr><td>Username:</td>
 <td><input type="text" name="username" maxlength="40"></td></tr>
 <tr><td>Password:</td>
 <td><input type="password" name="pass" maxlength="50"></td></tr>
 <tr><td><input type="submit" name="submit" value="Register"></a></td>
 <td><input type="submit" name="submit" value="Login"></td></tr>
 </form>
 </body>
 <?php

  }

 

 ?> </html>





My problem is whether im login as admin or user the page only redirect to form2.php but will not detect the registration.php which is part am i missing can you recorrect it sir

Hi guy's,

I'm having problems adjusting a script to add a level (user rights) function. When i login with a admin or normal user it gives a blank page (not redirecting to home.php). It even does'nt return an echo that user / pass is incorrect. I'm breaking my head over this for day's now. Can you help me out?

Code: [Select]
<?php
session_start();

//Login form (index.php)

include "db_connect.php";
if(!$_POST['submit'])
{
?>

<html>
<head>
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="style.css" />
<![endif]-->
<![if !IE]>
<link rel="stylesheet" type="text/css" href="firefox.css" />
<![endif]>
</head>
<body>
<div id="wrapper">
<div id="header">
<?php include('header.php'); ?>
</div>
<div class="divider">

<strong>Login</strong>
<form method="post" action="index.php">

<div class="formElm">
<label for="username">Klantnummer:</label>
<input id="username" type="text" name="username" maxlength="16">
</div>

<div class="formElm">
<label for="password">Wachtwoord:</label>
<input type="password" name="password" maxlength="16">
</div>

<input type="submit" name="submit" value="Login">
</form>

</div>
<div id="footer"> 
<?php include('footer.php'); ?>
</div>
</div>
</html>

<?php
}
else
{
  $user = protect($_POST['username']);
  $pass = protect($_POST['password']);
  $level = protect($_POST['level']);
 
if($user && $pass && $level)
{
$pass = md5($pass); //compare the encrypted password
$sql1 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='1'"; 
$sql2 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='9'";
$queryN=mysql_query($sql1) or die(mysql_error());
$queryA=mysql_query($sql2) or die(mysql_error());

if(mysql_num_rows($queryN) == 1)
    {
      $resultN = mysql_fetch_assoc($queryN);
  $_SESSION['id'] = $resultN['id'];
      $_SESSION['username'] = $resultN['username'];   
header("location:home.php");     
    }
    elseif(mysql_num_rows($queryA) == 1)
    {
      $resultA = mysql_fetch_assoc($queryA); 
  $_SESSION['id'] = $resultA['id'];
      $_SESSION['username'] = $resultA['username'];  
header("location:home.php"); 
}

else{
echo "Wrong Username or Password";
}
}
}
?>
and the mysql code:

Code: [Select]
CREATE TABLE `user` (
  `id` int(4) unsigned NOT NULL auto_increment,
  `username` varchar(32) NOT NULL,
  `password` varchar(32) NOT NULL,
  `level` int(4) default '1',
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=27 DEFAULT CHARSET=latin1;

This code logs the user in with the correct user_email, user_pwd, and active=1.
A '0' is inserted into the active column of the users table during registration.
I need help checking if active=0 then flash_warning('User account not activated').

login_user.php
Code: [Select]
<?php
 include(MODEL_PATH.'user.php');

 switch ($route['view']){

 case "login_user":
if(login($params['user']['user_email'], $params['user']['user_pwd']))
{
flash_notice('You are logged in!');
redirect_to('');
}
else
{
flash_warning('Username or password is invalid!');
$route['view'] = 'login';
}
 break;
}user.php
Code: [Select]
<?php
 session_start();

 function login($username, $password)
 {
db_connect_posts();

$query = sprintf("SELECT * FROM users
WHERE 
user_email = '%s' AND
user_pwd = '%s' AND 
active = '1'"
, mysql_real_escape_string($username),
md5($password)
);

$result = mysql_query($query);

$number_of_posts = mysql_num_rows($result);

if($number_of_posts == 0)
{
return false;
}

$row = mysql_fetch_array($result);

$_SESSION['user'] = $row;

return true;
 }
?>Login form
Code: [Select]
<form action="<?php echo '/'.APP_ROOT.'/'; ?>sessions/login_user" method="post">
 <fieldset>
  <legend>Login</legend>
  <div>
    <label>E-mail</label>
    <input name="user[user_email]" size="40" type="text" />
  </div>
 
  <div>
    <label>Password</label>
    <input name="user[user_pwd]" size="40" type="password" />
  </div>
  <input type="submit" value="Login" />
 </fieldset>
</form>

Hi i have a simple script that functions perfect and easy but i am looking for a way to secure it a little   is there any way for me to create a simple user checking system ?   i have a mysql db with both usernames and passwords   is there any way to get the username and password from a get comand in the url and check the db to see if they exist and if they do run the rest of my code and if not throw access denied ?   i know this is not 100% secure but i its how i want it to be done   could anyone help me with this ?

I am trying to check for an admin user to access the admin panel.

I have been playing around try different things and this what I have ended up with

in my database table I have a column called usergroup and i do the follow to check for admin user.

Code: [Select]
$checkAdmin = mysql_query("SELECT * FROM  `users` WHERE email='$email' , usergroup =  'admin'");

$adminUser = mysql_num_rows($checkAdmin);

if ($adminUser == 0)
{
echo count($adminUser);
die ('You do not have permissions to access this area');

}

I do the select statement through phpmyadmin and it comes back with one row. which is basically hat i want to check for. I do have a variable called $email which is getting a value from the email cookie.

currently $adminUser Return a value of 10.

All of the count() functions is for testing purposes only.

Hi,

I'm trying to figure out the best way to determine if a user is currently downloading a file from my website.
The way my site works, is the user waits 30 seconds and views an ad. After the timer is up the download becomes available.
I heard that I could probably use a timestamp or something of the sort. I've read up on it but not sure how I could go about this.

I've got a page that allows users to upload a file (pdf, jpg, gif png). The user must be logged in in order to upload something. I have a query that checks if the user has already uploaded a file with the same name as the name of the file they are trying to upload.
If they have not uploaded the file yet, the file uploads and they get a "Success" message. If the file has already been uploaded by the user, they will get the message, "You have already uploaded that file".
When the query goes through, the message that shows is, "You have already uploaded that file". I ensured the file was not already in the database, and it still shows this error. I tried changing the if statement to say:

if ($duplicate==0)

instead of:

if ($duplicate!=0)

but it always shows the same error. Any ideas of what could be wrong with my code?

my sql table looks like:

Field     Type      Null     
id    int(11)    No          
userid    int(11)    No          
artist    varchar(50)    No          
title    varchar(50)    No          
file    varchar(2083)    No          
uploaded    varchar(3)    No          

Code:

<?php
session_start();

if (isset($_SESSION['username'])){

$username = $_SESSION['username'];
$submit = $_POST['submit'];

include_once('inc/connect.php');

$uploadsql = mysql_query("SELECT * FROM `users` WHERE `username`='$username'"); 
$uploadrow = mysql_fetch_assoc($uploadsql); 

$userid = $uploadrow['id']; 
$folder = "sheets/fromusers/";

if (isset($submit)){

// Name of file
$name = $_FILES["location"]["name"];
// Type of file (video/avi) or image/jpg, etc
$type = $_FILES["location"]["type"];
//size of file
$size = $_FILES["location"]["size"];
//stores file in a temporary location
$temp = $_FILES["location"]["tmp_name"];
// if there is an error
$error = $_FILES["location"]["error"];

$artist = strtolower($_POST['artist']);
$title = strtolower($_POST['title']);

// Check if fields are filled in
if($artist&&$title){

if ($error > 0)
{
$sheeterror = "<div id='messageerror'>An error occured. Please try again.</div>";
}
else
{

// Determine the extension of the file
// If file is This File.pdf
// Then $ext is now equal to pdf

$ext = strtolower(substr($name, strrpos($name, '.') + 1)); 

if ($ext=="pdf" || $ext=="gif" || $ext=="jpeg" || $ext=="jpg" || $ext=="png")
{
if ($size <= 26214400) // If size <= 25 megabytes
{
$duplicatecheck = mysql_query("SELECT file FROM upload WHERE id='$userid'");
$duplicate = mysql_num_rows($duplicatecheck);

if ($duplicate!=0){
$sheeterror = "<div id='messageerror'>You have already uploaded this file!</div>";

}
else{
$sheetquery = mysql_query("INSERT INTO upload VALUES ('','$userid','$artist','$title','$name','no')");

move_uploaded_file($temp, $folder.$name);

$success = "<div id='messagesuccess'>Upload Complete!</div><div align='center'>".ucwords($artist)." - ".ucwords($title)."</div>";
}

}
else{
$sheeterror = "<div id='messageerror'>Your sheet must be less than 25 megabytes.</div>";
}
}
else
{
$sheeterror = "<div id='messageerror'>".ucfirst($ext)." files are not allowed!</div>";

}
}
}
else{
$sheeterror = "<div id='messageerror'>Fill In All Fields</div>";
}
}
}
else{
$sheeterror = "<div id='messageerror'>You must be logged in to add sheets!</div>";
}

?>

 <html>
 <head>
 <title>Add Sheet</title>
 <style>
 #container{
width: 350px;
height: 150px;
margin-left: auto;
margin-right: auto; 
background-color: #cccccc;
 }
  
 #formhold{
width: 300px;
text-align: right;
margin-right: auto; 
 }
 #messagesuccess{
background-color: #66CD00; 
width: 350px; 
margin-left: auto; 
margin-right: auto;
 }
  #messageerror{
background-color: #ff2211; 
width: 350px; 
margin-left: auto; 
margin-right: auto;
 }
 </style>
 </head>
 <body OnLoad="document.newsheet.artist.focus();">
<?php
include_once('inc/nav.php');
?>
 <center>
 <h1>Add Sheet</h1>
 <br />
 <div id="container">
 <br />
 <div id="formhold">
 <form action="addsheet.php" method="post" name="newsheet" enctype="multipart/form-data">
Artist: <input type="text" name="artist" size="30"><br />
Title: <input type="text" name="title" size="30"><br />
Sheet: <input type="file" name="location" size="17"><br />
 </div>
<center><input type="submit" name="submit" value="Submit"></center>
 </form>
 

 </div>
 <div id="bottomcont">
 <?php echo $success, $sheeterror; ?>
 </div>
 </center>
 </body>
 </html>

This is something that has intrigued me, that has only recently surfaced when viewing the forum.

Which of the following methods of authenticating that a user exists would be better/faster/ect?

Example 1 - Fetching Row Data
<?PHP
  $username = 'LoserVille';
  $password = 'password';

  $myQuery = mysql_query("SELECT account_id FROM user_accounts WHERE username = '$username' AND password = '$password'");
  $myQuery = mysql_fetch_assoc($myQuery);

  if($myQuery) {
    /*### User Exists ###*/
  } else {
    /*### User Does Not Exist ###*/
  }
?>


Example 2 - Fetching Number of Results
<?PHP
  $username = 'LoserVille';
  $password = 'password';

  $myQuery = mysql_query("SELECT account_id FROM user_accounts WHERE username = '$username' AND password = '$password'");
  $myQuery = mysql_num_rows($myQuery);

  if($myQuery >= 1) {
    /*### User Exists ###*/
  } else {
    /*### User Does Not Exist ###*/
  }
?>


Just looking for some insight, not really a problem

Regards, PaulRyan.

This topic has been moved to Other.

http://www.phpfreaks.com/forums/index.php?topic=318815.0

Hey guys and gals!

This is my first post here and needing a bit of help with my php code! So here is the deal, i have 3 tables in ms sql 2000 which i will be using on this project.

i have an employee table that has the regular information such as:

TABLE employee( uniqueid, employee_number, lastname, firstname, dob, address, city, state, zip )

TABLE employee_docs( uniqueid, employee_number, doc_type int, date_received, date_issued, date_expired )

TABLE doc_type(uniqueid, description, valid_month)


so basically from the employee_doc table, the doc_type column is an int and will have the description of the document as well as valid month column which will tell you how long the document type is valid until. the Description gives a brief description of what the product is. The uniqueid is used as what ever number is chose from the employee_docs table will represent the document type from table doc_type.

ok so now that i gave a brief explanation of the tables i am working with, I can tell you what i need.

i need a php page that will display:

employee number, lastname, firstname, doc_type, date_received, date_issued, date_expired.

Code: [Select]
select pn.empnum as employeeid, (pn.lastname + ', ' +  pn.firstname)as [Full Name],
dt.description as doc_type,
formatDate(pd.received) as [Date Received],
formatDate(pd.expired)as [Date Expired],
formatDate(pd.issued) as [Date In Service]

from personnel_document pd
left join document_types dt on (dt.uniqueid = pd.doc_type)
left join personnel pn on (pd.empnum = pn.empnum)

where pd.empnum = '$EmpNum'
now, I went ahead and did this for the html part:
 
Code: [Select]
<table border=0>
           
            <tr>
                    <td height=20px weight=1px valign=bottom><span class=underline>DESCRIPTION</span></td>
                            <td height=20px weight=1px valign=bottom><span class=underline>DATE RECEIVED</span></td>
                            <td height=20px weight=1px valign=bottom><span class=underline>LICENSE NUMBER</span></td>
                    <td height=20px weight=1px valign=bottom><span class=underline>DATE IN SERVICE</span></td>
                            <td height=20px weight=1px valign=bottom><span class=underline>DATE EXPIRED</span></td>
                    </tr>
                    <tr>
                    </tr>
                    <tr>
                            <td height=20px valign=bottom><span class=label_text>PHYSICAL EXAM</span></td>
                            <td valign=top><input class=demog_box type=text size=10 name= phexam_dr id=phexam_dr onBlur= 'formatDate(this)' value='<?php echo $phexam_dr;  ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= phexam_ln id=phexam_ln onBlur='formatDate(this)' value='<?php echo $phexam_ln;                              ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= phexam_is id=phexam_is onBlur= 'formatDate(this)' value='<?php echo $phexam_is;                            ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= phexam_ex id=phexam_ex onBlur='formatDate(this)' value='<?php echo $phexam_ex;                             ?>'>&nbsp;</td>
                    </tr>
                    <tr>
                    </tr>
                    <tr>
                            <td height=20px valign=bottom><span class=label_text>PROFESSIONAL LICENSE</span></td>
                            <td valign=top><input class=demog_box type=text size=10 name= prolic_dr id=prolic_dr onBlur='formatDate(this)' value='<?php echo $prolic_dr;                            ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= prolic_ln id=prolic_ln onBlur='formatDate(this)' value='<?php echo $prolic_ln;                            ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= prolic_is id=prolic_is onBlur='formatDate(this)' value='<?php echo $prolic_is;                            ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= prolic_ex id=prolic_ex onBlur='formatDate(this)' value='<?php echo $prolic_ex;                              ?>'>&nbsp;</td>
                    </tr>
                    <tr>
                    </tr>
                    <tr>
                            <td height=20px valign=bottom><span class=label_text>PROFESSIONAL INSURANCE</span></td>
                            <td valign=top><input class=demog_box type=text size=10 name= proins_dr id=proins_dr onBlur='formatDate(this)' value='<?php echo $proins_dr;                            ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= proins_ln id=proins_ln onBlur='formatDate(this)' value='<?php echo $proins_ln;      ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= proins_is id=proins_is onBlur='formatDate(this)' value='<?php echo $proins_is;   ?>'>&nbsp;</td>
                            <td valign=top><input class=demog_box type=text size=10 name= proins_ex id=proins_ex onBlur='formatDate(this)' value='<?php echo $proins_ex;   ?>'>&nbsp;</td>
                    </tr>
                    <tr>
                    </tr>
                    <tr>
                            <td height=20px valign=bottom><span class=label_text>DRIVER'S LICENSE</span></td>
                            <td valign=top><input class=demog_box type=text size=10 name=dl_dr id=dl_dr onBlur='formatDate(this)' value='<?php echo $dl_dr; ?>'>&nbsp;
                            </td>
                            <td valign=top><input class=demog_box type=text size=10 name=dl_ln id=dl_ln onBlur='formatDate(this)' value='<?php echo $dl_ln; ?>'>&nbsp;
                            </td>
                            <td valign=top><input class=demog_box type=text size=10 name=dl_is id=dl_is onBlur='formatDate(this)' value='<?php echo $dl_is; ?>'>&nbsp;
                            </td>
                            <td valign=top><input class=demog_box type=text size=10 name=dl_ex id=dl_ex onBlur='formatDate(this)' value='<?php echo $dl_ex; ?>'>&nbsp;
                            </td>
    </tr>
                    <tr>
                    </tr>
                    <tr>

</table>

I am now doing the the sql statement to insert into my db but i am stuck.
i basically want to get the information that the user enters for each field and save it on the employees profile.

$querydoc = "update    personnel_document
                      set empnum = '$EmpNum' , doc_type = ???, date_received = ????, date_expired = ????, date issued = ???
         where empnum = '$EmpNum' ";

The problem is that since each description has a different variable im not sure how to update it.... would I have to create a new update for each description? also I hard coded the name of each description but i believe it is better if i echo the description name from the db as i cant use taht as the doc_type... i am pretty confused, if anyone has a better way of doing this i would really appreciate it!

eventually i also want to make sure that the description is expired to to with the fields I have there and promp the user of something that is expired. Once again, any help given is much appreciated!!!

Set up:
    * XAMPP 1.7.3
    * Apache 2.2.14 (IPv6 enabled) + OpenSSL 0.9.8l
    * MySQL 5.1.41 + PBXT engine
    * PHP 5.3.1
    * phpMyAdmin 3.2.4
    * Perl 5.10.1
    * FileZilla FTP Server 0.9.33
    * Mercury Mail Transport System 4.72

I'm trying to set up a multipage registration script. It's tuff! I've set up some basic scripts to distribute variables into the correct tables from previous forms using a session. But I want the script to check the input from form one is valid before it moves on to form 2.

Here are my scripts:
form 1:

<html>
 <head>
  <title>Register</title>
  <style type="text/css">
   td { vertical-align: top; }
  </style>
 </head>
 <body>
  <form action="form2.php" method="post">
   <table>
    <tr>
     <td><label for="name">Username:</label></td>
     <td><input type="text" name="name" id="name" size="20"
       maxlength="20" value=""/></td>
    </tr><tr>
     <td><label for="password">Password:</label></td>
     <td><input type="password" name="password" id="password" size="20"
       maxlength="20" value=""/></td>
    </tr><tr>    
     <td><label for="first_name">First name:</label></td>
     <td><input type="text" name="first_name" id="first_name" size="20"
       maxlength="20" value=""/></td>
    </tr><tr>
     <td><label for="last_name">Last name:</label></td>
     <td><input type="text" name="last_name" id="last_name" size="20"
       maxlength="20" value=""/></td>
    </tr><tr>
     <td><label for="email">Email:</label></td>
     <td><input type="text" name="email" id="email" size="20" maxlength="50"
       value=""/></td>
    </tr><tr>
     <td><label for="address">Address:</label></td>
     <td><input type="text" name="address" id="address" size="20" maxlength="20"
       value=""/></td>
    </tr><tr>
     <td><label for="city">City/Town:</label></td>
     <td><input type="text" name="city" id="city" size="20" maxlength="20"
       value=""/></td>
    </tr><tr>
 <td><label for="county">County:</label></td>
     <td><input type="text" name="county" id="county" size="20" maxlength="20"
       value=""/></td>
    </tr><tr>
 <td><label for="post">Postcode:</label></td>
     <td><input type="text" name="post" id="post" size="20" maxlength="20"
       value=""/></td>
    </tr><tr>
 <td><label for="home">Home Number:</label></td>
     <td><input type="text" name="home" id="home" size="20" maxlength="20"
       value=""/></td>
    </tr><tr>
 <td><label for="mobile">Mobile:</label></td>
     <td><input type="text" name="mobile" id="mobile" size="20" maxlength="20"
       value=""/></td>
    </tr><tr>
     <td> </td>
     <td><input type="submit" name="submit" value="Sumbit"/></td>
    </tr>
   </table>
  </form>
 </body>
</html>


Form 2:

<?php

//let's start the session
session_start();

//now, let's register our session variables
session_register('name');
session_register('password');
session_register('first_name');
session_register('last_name');
session_register('email');
session_register('address');
session_register('city');
session_register('county');
session_register('post');
session_register('home');
session_register('mobile');

//finally, let's store our posted values in the session variables
$_SESSION['name'] = $_POST['name'];
$_SESSION['password'] = $_POST['password'];
$_SESSION['first_name'] = $_POST['first_name'];
$_SESSION['last_name'] = $_POST['last_name'];
$_SESSION['email'] = $_POST['email'];
$_SESSION['address'] = $_POST['address'];
$_SESSION['city'] = $_POST['city'];
$_SESSION['county'] = $_POST['county'];
$_SESSION['post'] = $_POST['post'];
$_SESSION['home'] = $_POST['home'];
$_SESSION['mobile'] = $_POST['mobile'];

?>

<html>
 <head>
  <title>Register</title>
  <style type="text/css">
   td { vertical-align: top; }
  </style>
 </head>
 <body>
  <form action="form3.php" method="post">
   <table>
    <tr>
     <td><label for="bio">Biography:</label></td>
     <td><input type="text" name="bio" id="bio" size="400"
       maxlength="500" value=""/></td>
    </tr><tr>    
     <td> </td>
     <td><input type="submit" name="submit" value="Sumbit"/></td>
    </tr>
   </table>
  </form>
 </body>
</html>



I've also got form3.php and process_forms.php(that's where I mysql_real_escape_string and input the data) but that's probably not relevant. How would I get this to work? Are there any sites I should look at that you'd recommend? Any help appreciated.

I've put together a very simple form & processing script for my site.. Everything works great except the body of the email i receive when the form is submitted contains everything but the info that has been entered into the fields. I'm sure it's something simple that I'm overlooked, but I'm officially stumped.  What am I doing wrong here? 
<?php
$mymail = 'ordietryingodt@yahoo.com';
$cc = 'New Recruit To Add!';
$BoDy = ' ';
$FrOm = 'FROM:' .$_POST['t1'];
$FrOm .= 'Reply-To:' .$_POST['t1'];
$FrOm .= 'X-MAILER: PHP'.phpversion();
$BoDy .= 'Quake Live Name: ';
$BoDy .= $_POST['t1'];
$BoDy .= "\n";
$BoDy .= 'Age: ';
$BoDy .= $_POST['t2'];
$BoDy .= "\n";
$BoDy .= 'Residing Country: ';
$BoDy .= $_POST['t3'];
$BoDy .= "\n";
$BoDy .= 'Favorite Game Type: ';
$BoDy .= $_POST['t4'];
$BoDy .= "\n";
$send = mail("$mymail", "$cc", "$BoDy", "$FrOm");

if($send)
{
echo '<html><head>';
echo '<meta http-equiv="refresh" content="0;URL=/submitted.htm">';
echo '</head><body>Email send....';
echo '</body></html>';
}
?>

when i submit it, the only field that updates is the email field.

UserEdit.php file

<?
/**
 * UserEdit.php
 *
 * This page is for users to edit their account information
 * such as their password, email address, etc. Their
 * usernames can not be edited. When changing their
 * password, they must first confirm their current password.
 *
 */
include("include/session.php");
?>

<html>
<title>Edit Your Details</title>
<link rel="stylesheet" type="text/css" href="../assets/css/styles.css" />
<link rel="stylesheet" type="text/css" href="../assets/css/forms.css" />
<link rel="stylesheet" type="text/css" href="../assets/css/layout.css" />
<link rel="stylesheet" type="text/css" href="../assets/css/style.css" />
<style>
#form6 input{
margin:0;
width:250px;
border:1px solid #ddd;
padding:3px 5px 3px 25px;
}


input{
font:100% Trebuchet MS, Arial, Helvetica, Sans-Serif;
line-height:160%;
color:#FFF;
}
#form6 input{background:#000;
}
</style>
<body>

<?
/**
 * User has submitted form without errors and user's
 * account has been edited successfully.
 */
if(isset($_SESSION['useredit'])){
   unset($_SESSION['useredit']);
   
   echo "<h1>User Account Edit Success!</h1>";
   echo "<p><b>$session->username</b>, your account has been successfully updated. "
       ."<a href=\"index.php\">Main</a>.</p>";
}
else{
?>

<?
/**
 * If user is not logged in, then do not display anything.
 * If user is logged in, then display the form to edit
 * account information, with the current email address
 * already in the field.
 */
if($session->logged_in){
?>

<h2>User Account Edit : <? echo $session->firstname; ?></h2>
<?
if($form->num_errors > 0){
   echo "<td><font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font></td>";
}
?>
<form id="form6" action="process.php" method="POST">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr>
<td>Email:</td>
<td><input type="text" name="email" maxlength="50" value="
<?
if($form->value("email") == ""){
   echo $session->userinfo['email'];
}else{
   echo $form->value("email");
}
?>">
</td>
<td><? echo $form->error("email"); ?></td>
</tr>
<tr>
<td>Phone:</td>
<td><input type="text" name="tel" maxlength="50" value="
<?
if($form->value("tel") == ""){
   echo $session->userinfo['tel'];
}else{
   echo $form->value("tel");
}
?>">
</td>
<td><? echo $form->error("tel"); ?></td>
</tr>
<tr>
<td>Address:</td>
<td>
<input type="text" name="address" maxlength="50" value="
<?
if($form->value("address") == ""){
   echo $session->userinfo['address'];
}else{
   echo $form->value("address");
}
?>" style="height: 138px">
</td>
<td><? echo $form->error("address"); ?></td>
</tr>
<tr>
<td>Company:</td>
<td><input type="text" name="company" maxlength="50" value="
<?
if($form->value("company") == ""){
   echo $session->userinfo['company'];
}else{
   echo $form->value("company");
}
?>">
</td>
<td><? echo $form->error("company"); ?></td>
</tr>
<tr><td colspan="2" align="right">
<input type="hidden" name="subedit" value="1">
<input type="submit" value="Edit Account"></td></tr>
<tr><td colspan="2" align="left"></td></tr>
</table>
</form>

<?
}
}

?>

</body>
</html>


sends to session.php
   /**
    * editAccount - Attempts to edit the user's account information
    * including the password, which it first makes sure is correct
    * if entered, if so and the new password is in the right
    * format, the change is made. All other fields are changed
    * automatically.
    */
   function editAccount($subcurpass, $subnewpass, $subemail, $subtel, $subaddress, $subcompany){
      global $database, $form;  //The database and form object

     /* New password entered */
      if($subnewpass){
         /* Current Password error checking */
         $field = "curpass";  //Use field name for current password
         if(!$subcurpass){
            $form->setError($field, "* Current Password not entered");
         }
         else{
            /* Check if password too short or is not alphanumeric */
            $subcurpass = stripslashes($subcurpass);
            if(strlen($subcurpass) < 4 ||
               !eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))){
               $form->setError($field, "* Current Password incorrect");
            }
            /* Password entered is incorrect */
            if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){
               $form->setError($field, "* Current Password incorrect");
            }
         }
         
         /* New Password error checking */
         $field = "newpass";  //Use field name for new password
         /* Spruce up password and check length*/
         $subpass = stripslashes($subnewpass);
         if(strlen($subnewpass) < 4){
            $form->setError($field, "* New Password too short");
         }
         /* Check if password is not alphanumeric */
         else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){
                     $form->setError($field, "* New Password not alphanumeric");
         }
      }
      /* Change password attempted */
      else if($subcurpass){
         /* New Password error reporting */
         $field = "newpass";  //Use field name for new password
         $form->setError($field, "* New Password not entered");
      }
      
      /* Email error checking */
      $field = "email";  //Use field name for email
      if($subemail && strlen($subemail = trim($subemail)) > 0){
         /* Check if valid email address */
         $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
                 ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
                 ."\.([a-z]{2,}){1}$";
         if(!eregi($regex,$subemail)){
            $form->setError($field, "* Email invalid");
         }
         $subemail = stripslashes($subemail);
      }
      
      /* Errors exist, have user correct them */
      if($form->num_errors > 0){
         return false;  //Errors with form
      }
      
      /* Update password since there were no errors */
      if($subcurpass && $subnewpass){
         $database->updateUserField($this->username,"password",md5($subnewpass));
      }
      
      /* Change Email */
      if($subemail){
         $database->updateUserField($this->username,"email",$subemail);
      }
      /* Change Email */
      if($subtel){
         $database->updateUserField($this->username,"tel",$subtel);
      }
      /* Change Email */
      if($subaddress){
         $database->updateUserField($this->username,"address",$subaddress);
      }
      /* Change Email */
      if($subcompany){
         $database->updateUserField($this->username,"company",$subcompany);
      }
      
      /* Success! */
      return true;
   }


sends to database.php
   /**
    * updateUserField - Updates a field, specified by the field
    * parameter, in the user's row of the database.
    */
   function updateUserField($username, $field, $value){
      $q = "UPDATE ".TBL_USERS." SET ".$field." = '$value' WHERE username = '$username'";
      return mysql_query($q, $this->connection);
   }


think thats all you should need?

I have a really strange query for you all to figure out why I'm not coming up with the right SELECT statement. I've echoed it and I'll show you what I get for a result from the echo as well. 

Table- Users
Fields- id,creator_id,username,password,firstname,lastname,email,status_id,isadmin,datecreated

$query = "SELECT CONCAT_WS(' ', firstname, lastname) AS name, CONCAT_WS(' ', firstname, lastname) AS handler, DATE_FORMAT(datecreated, '%M %d, %Y') AS datecreated, id, username, email FROM handlers WHERE handlers.id = handlers.creator_id";

produced this result...

SELECT CONCAT_WS(' ', firstname, lastname) AS name, CONCAT_WS(' ', firstname, lastname) AS handler, DATE_FORMAT(datecreated, '%M %d, %Y') AS datecreated, id, username, email FROM handlers WHERE handlers.id = handlers.creator_id

php data table code:

<?php 
$query = "SELECT CONCAT_WS(' ', firstname, lastname) AS name, CONCAT_WS(' ', firstname, lastname) AS handler, DATE_FORMAT(datecreated, '%M %d, %Y') AS datecreated, id, username, email FROM handlers WHERE handlers.id = handlers.creator_id";
    $result = mysqli_query ( $dbc, $query ); // Run The Query
    $rows = mysqli_num_rows($result);
    echo $query;         
<?php if ($rows > 0) { ?>
<table cellspacing="0" class="listTable" id="handlersPageList">
<!-- Thead -->
<thead>
<tr>
<th class="first"><div></div></th>
<th><a href="#" title="Handler Name">Handler Name</a></th>
                <th><a href="#" title="Handler Username">Handler Username</a></th>
                <th><a href="#" title="Handler Emal">Handler Email</a></th>
<th><a href="#" title="Creator">Creator</a></th>
<th class="last"><a href="#" title="Date Created">Date Created</a></th>
</tr>
</thead>
while ( $row = mysqli_fetch_array ( $result, MYSQL_ASSOC ) ) {
              echo '
              <tr>
              <td><input type=checkbox class=checkbox value="' . $row['id'] . '" /></td>
  <td>' . $row['handler'] . '</td>
  <td>' . $row['username'] . '</td>
              <td><a href="mailto:' . $row['email'] . '>' . $row['email'] . '</a></td>
  <td>' . $row['name'] . '</td>
  <td class=last>' . $row['datecreated'] . '</td>
  </tr>';
            }
        ?>


I just decided to take out the parts of the page that would be needed to answer this problem instead of the whole file. This is a little confusing okay lets say the first user is the Administrator with an id of 1 obviously has a first name and last name and username and email and the date he registered is his datecreated and his creator_id is going to be preset because he created it himself so its going to be 1.

The 1st row in the database displays fine however I have 4 other rows that for some reason aren't displaying. And don't know why. For handlers 2-4 they all have their own first and last names and usernames and everything else however when it comes to the creator_id those 3 have a creator_id of 1 representing that the Administrator created it so in the data table instead of it showing the value of 1 for the creator_id I just want it to get the CONCCAT version of the first and last name of the Administrator.

In the past I have not done a very good job of explaining things so I hope this is more than clarified my intention with my code and what it should do and what it is doing wrong right now. If you have any other questions please ask.