PHP - Sql Query Trouble
Alright when I run this query in MySQL everything goes smoothly: Code: [Select]
INSERT INTO accounts (id, password, email) VALUES ('1022911', 'blahblah7', 'zzz@zzz.com') But when this runs in my script: Code: (php) [Select] $sql = "INSERT INTO accounts (id, password, email) VALUES (' {$account_number}', '{$account_password}', '{$email}')"; the id changes from the users input, I believe because the field is set to auto-increment but, I don't understand why the query works correctly through MySQL and not my script. Similar TutorialsHi all, the last 15 minutes i wasted my time pulling my hair while looking at my php code. Of course I used mysqli_error() & mysqli_errno() to find out what was happening. I got something like this: Quote warning: mysqli_error() expects exactly 1 parameter, 0 given in /wicked/fatmonkeyseatbananas/zoo/index.php on line 12 That didnt really help me. I also echoed out my query. Until I thought let's double check the field names I have in the database. They were also correct. And that's when I found out that it was in fact the property of a my ID field. It was set as primary key, but not set to auto increment. Apparently each time a new row was inserted there was a conflict since the next row also had an id of 0. After I add auto increment it was all fixed. So if anyone ever has this problem, hope this helps now it's time for a beer btw. if anyone has a faster way of solving problems like this I love to hear it. Hi guys, i am currently working on a project that queries an inventory database through the use of radio buttons, for example; If the first button FOR THE Item(HAMMERS)is clicked, the output should be the name of the item, the number sold and the total profit(calculations) into a table. the way i have it now, when io click on the radio button my output comes back as the results for all the items in the table, i want it to display only the information about hammers, then only about each individual item when the corresponding radio button is clicked. any help would be greatly appreciated!!! Hi,
So I'm not very familiar with using mySQLi, but I'm wanting to print a user's last name, depending on which user is logged in (obviously it needs to be their last name and not another users)
So, we're getting the session for the user and saving their username as $username
$user = Session::Get('current_user'); $username = $user->Get('username');And then my query to display their lastname? $result = $db->Select('lastname')->Where('username', '$username')->Get(Config::Get('db.table')); print_r($result)But the query doesn't work, no error? Forgive my ignorance! >.< I'm having trouble getting all of the results out of a query array, as it is I only get the first result and nothing else. Here's the basic code I'm working with: Code: [Select] $query = "SELECT data_txt FROM jos_servicedirectory_fields_data WHERE fieldid = 19 AND itemid = $item->itemid"; $result = mysql_query($query) or die(mysql_error()); while($row = mysql_fetch_array($result)){ $listtags = $row['data_txt']; $tags = "$listtags, "; $title = "<div class='servicedirectoryItemTitle'><table class=\"sdlistingitemtitle\" cellspacing=\"5\"><tbody><tr>$listingimage<td style=\"vertical-align:top;width:690px;\">$listingbasicicon<span class=\"$listingtitleclass\">$listinglogo<a href=\"{$href}\" {$onClick} title=\"{$item->title}\">{$item->title}</a></span><br /><span class=\"listingdescription\">$listingdescription</span></td><td style=\"vertical-align:top;\">$featuredribbon$moreinfobasic</td></tr></tbody></table><div class=\"listingbottom\">Tags:<span class=\"listingtags\"> $tags </span></div></div>"; } I've also tried using a foreach loop thinking that would pop all of the results but I end up not getting anything at all then. I'm guessing I'm setting the foreach loop up wrong. Here's how I'm trying to do it: Code: [Select] foreach($listtags as $value) { $tags = $value; } Does it have something to do with sticking the $tags variable in the $title variable? I wouldn't think that would matter, but the strange thing is I use this exact same query in a different part of this component and just echo it directly and it works fine. This topic has been moved to MySQL Help. http://www.phpfreaks.com/forums/index.php?topic=313679.0 Hi All, First time posting here. I've googled the problem, but can't seem to find a response that's the same. All I want to do is have a list of id numbers and for each id number in the array, submit a MySQL query to retrieve information relating to the id number. When I execute the code below however, I end up with only the last item in the array being printed in the echo statement. Any clues? Thanks, Code: [Select] // get array of ids $ids = getIDs($ids); // loop through input list foreach ($ids as &$id) { getVarDetails($id); } function getVarDetails($local) { $con = mysql_connect('localhost:3306', 'root', '********'); if (!$con) { die('Could not connect: ' . mysql_error()); } // set database as Ensembl mysql_select_db("Ensembl", $con); $result = mysql_query("SELECT * FROM variations WHERE name = '$local' LIMIT 1"); $row = mysql_fetch_array($result) while($row = mysql_fetch_array($result)) { echo $row['name'] . " " . $row['id']; echo "<br />"; } // close connection mysql_close($con); } Hello all,
Based on the suggestion of you wonderful folks here, I went away for a few days (to learn about PDO and Prepared Statements) in order to replace the MySQLi commands in my code. That's gone pretty well thus far...with me having learnt and successfully replaced most of my "bad" code with elegant, SQL-Injection-proof code (or so I hope).
The one-and-only problem I'm having (for now at least) is that I'm having trouble understanding how to execute an UPDATE query within the resultset of a SELECT query (using PDO and prepared statements, of course).
Let me explain (my scenario), and since a picture speaks a thousand words I've also inlcuded a screenshot to show you guys my setup:
In my table I have two columns (which are essentially flags i.e. Y/N), one for "items alreay purchased" and the other for "items to be purchased later". The first flag, if/when set ON (Y) will highlight row(s) in red...and the second flag will highlight row(s) in blue (when set ON).
I initially had four buttons, two each for setting the flags/columns to "Y", and another two to reverse the columns/flags to "N". That was when I had my delete functionality as a separate operation on a separate tab/list item, and that was fine.
Now that I've realized I can include both operations (update and delete) on just the one tab, I've also figured it would be better to pare down those four buttons (into just two), and set them up as a toggle feature i.e. if the value is currently "Y" then the button will set it to "N", and vice versa.
So, looking at my attached picture, if a person selects (using the checkboxes) the first four rows and clicks the first button (labeled "Toggle selected items as Purchased/Not Purchased") then the following must happen:
1. The purchased_flag for rows # 2 and 4 must be switched OFF (set to N)...so they will no longer be highlighted in red.
2. The purchased_flag for row # 3 must be switched ON (set to Y)...so that row will now be highlighted in red.
3. Nothing must be done to rows # 1 and 5 since: a) row 5 was not selected/checked to begin with, and b) row # 1 has its purchase_later_flag set ON (to Y), so it must be skipped over.
Looking at my code below, I'm guessing (and here's where I need the help) that there's something wrong in the code within the section that says "/*** loop through the results/collection of checked items ***/". I've probably made it more complex than it should be, and that's due to the fact that I have no idea what I'm doing (or rather, how I should be doing it), and this has driven me insane for the last 2 days...which prompted me to "throw in the towel" and seek the help of you very helpful and intellegent folks. BTW, I am a newbie at this, so if I could be provided the exact code, that would be most wonderful, and much highly appreciated.
Thanks to you folks, I'm feeling real good (with a great sense of achievement) after having come here and got the great advice to learn PDO and prepared statements.
Just this one nasty little hurdle is stopping me from getting to "end-of-job" on my very first WebApp. BTW, sorry about the long post...this is the best/only way I could clearly explaing my situation.
Cheers guys!
case "update-delete": if(isset($_POST['highlight-purchased'])) { // ****** Setup customized query to obtain only items that are checked ****** $sql = "SELECT * FROM shoplist WHERE"; for($i=0; $i < count($_POST['checkboxes']); $i++) { $sql=$sql . " idnumber=" . $_POST['checkboxes'][$i] . " or"; } $sql= rtrim($sql, "or"); $statement = $conn->prepare($sql); $statement->execute(); // *** fetch results for all checked items (1st query) *** // $result = $statement->fetchAll(); $statement->closeCursor(); // Setup query that will change the purchased flag to "N", if it's currently set to "Y" $sqlSetToN = "UPDATE shoplist SET purchased = 'N' WHERE purchased = 'Y'"; // Setup query that will change the purchased flag to "Y", if it's currently set to "N", "", or NULL $sqlSetToY = "UPDATE shoplist SET purchased = 'Y' WHERE purchased = 'N' OR purchased = '' OR purchased IS NULL"; $statementSetToN = $conn->prepare($sqlSetToN); $statementSetToY = $conn->prepare($sqlSetToY); /*** loop through the results/collection of checked items ***/ foreach($result as $row) { if ($row["purchased"] != "Y") { // *** fetch one row at a time pertaining to the 2nd query *** // $resultSetToY = $statementSetToY->fetch(); foreach($resultSetToY as $row) { $statementSetToY->execute(); } } else { // *** fetch one row at a time pertaining to the 2nd query *** // $resultSetToN = $statementSetToN->fetch(); foreach($resultSetToN as $row) { $statementSetToN->execute(); } } } break; }CRUD Queston.png 20.68KB 0 downloads Here is my code: // Start MySQL Query for Records $query = "SELECT codes_update_no_join_1b" . "SET orig_code_1 = new_code_1, orig_code_2 = new_code_2" . "WHERE concat(orig_code_1, orig_code_2) = concat(old_code_1, old_code_2)"; $results = mysql_query($query) or die(mysql_error()); // End MySQL Query for Records This query runs perfectly fine when run direct as SQL in phpMyAdmin, but throws this error when running in my script??? Why is this??? Code: [Select] You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= new_code_1, orig_code_2 = new_code_2WHERE concat(orig_code_1, orig_c' at line 1 If you also have any feedback on my code, please do tell me. I wish to improve my coding base. Basically when you fill out the register form, it will check for data, then execute the insert query. But for some reason, the query will NOT insert into the database. In the following code below, I left out the field ID. Doesn't work with it anyways, and I'm not sure it makes a difference. Code: Code: [Select] mysql_query("INSERT INTO servers (username, password, name, type, description, ip, votes, beta) VALUES ($username, $password, $name, $server_type, $description, $ip, 0, 1)"); Full code: Code: [Select] <?php include_once("includes/config.php"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><? $title; ?></title> <meta http-equiv="Content-Language" content="English" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" type="text/css" href="style.css" media="screen" /> </head> <body> <div id="wrap"> <div id="header"> <h1><? $title; ?></h1> <h2><? $description; ?></h2> </div> <? include_once("includes/navigation.php"); ?> <div id="content"> <div id="right"> <h2>Create</h2> <div id="artlicles"> <?php if(!$_SESSION['user']) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $name = mysql_real_escape_string($_POST['name']); $server_type = mysql_real_escape_string($_POST['type']); $description = mysql_real_escape_string($_POST['description']); if(!$username || !$password || !$server_type || !$description || !$name) { echo "Note: Descriptions allow HTML. Any abuse of this will result in an IP and account ban. No warnings!<br/>All forms are required to be filled out.<br><form action='create.php' method='POST'><table><tr><td>Username</td><td><input type='text' name='username'></td></tr><tr><td>Password</td><td><input type='password' name='password'></td></tr>"; echo "<tr><td>Sever Name</td><td><input type='text' name='name' maxlength='35'></td></tr><tr><td>Type of Server</td><td><select name='type'> <option value='Any'>Any</option> <option value='PvP'>PvP</option> <option value='Creative'>Creative</option> <option value='Survival'>Survival</option> <option value='Roleplay'>RolePlay</option> </select></td></tr> <tr><td>Description</td><td><textarea maxlength='1500' rows='18' cols='40' name='description'></textarea></td></tr>"; echo "<tr><td>Submit</td><td><input type='submit'></td></tr></table></form>"; } elseif(strlen($password) < 8) { echo "Password needs to be higher than 8 characters!"; } elseif(strlen($username) > 13) { echo "Username can't be greater than 13 characters!"; } else { $check1 = mysql_query("SELECT username,name FROM servers WHERE username = '$username' OR name = '$name' LIMIT 1"); if(mysql_num_rows($check1) < 0) { echo "Sorry, there is already an account with this username and/or server name!"; } else { $ip = $_SERVER['REMOTE_ADDR']; mysql_query("INSERT INTO servers (username, password, name, type, description, ip, votes, beta) VALUES ($username, $password, $name, $server_type, $description, $ip, 0, 1)"); echo "Server has been succesfully created!"; } } } else { echo "You are currently logged in!"; } ?> </div> </div> <div style="clear: both;"> </div> </div> <div id="footer"> <a href="http://www.templatesold.com/" target="_blank">Website Templates</a> by <a href="http://www.free-css-templates.com/" target="_blank">Free CSS Templates</a> - Site Copyright MCTop </div> </div> </body> </html> I'm trying to update every record where one field in a row is less than the other. The code gets each row i'm looking for and sets up the query right, I hope I combined the entire query into one string each query seperated by a ; so it's like UPDATE `table` SET field2= '1' WHERE field1= '1';UPDATE `table` SET field2= '1' WHERE field1= '2';UPDATE `table` SET field2= '1' WHERE field1= '3';UPDATE `table` SET field2= '1' WHERE field1= '4';UPDATE `table` SET field2= '1' WHERE field1= '5'; this executes properly if i run the query in phpMyAdmin, however when I run the query in PHP, it does nothing... Any advice? I was just wondering if it's possible to run a query on data that has been returned from a previous query? For example, if I do Code: [Select] $sql = 'My query'; $rs = mysql_query($sql, $mysql_conn); Is it then possible to run a second query on this data such as Code: [Select] $sql = 'My query'; $secondrs = mysql_query($sql, $rs, $mysql_conn); Thanks for any help Say I have this query: site.com?var=1 ..I have a form with 'var2' field which submits via get. Is there a way to produce: site.com?var=1&var2=formdata I was hoping there would be a quick way to affix, but can't find any info. Also, the query could sometimes be: site.com?var2=formdata&var=1 I would have to produce: site.com?var2=updatedformdata&var=1 Is my only option to further parse the query? What would be the correct way to close a mysql query? At current the second query below returns results from the 1st query AND the 2nd query The 3rd query returns results from the 1st, 2nd and 3rd query. etc etc. At the moment I get somthing returned along the lines of... QUERY 1 RESULTS Accommodation 1 Accommodation 2 Accommodation 3 QUERY 2 RESULTS Restaurant 1 Restaurant 2 Restaurant 3 Accommodation 1 Accommodation 2 Accommodation 3 QUERY 3 RESULTS Takeaways 1 Takeaways 2 Takeaways 3 Restaurant 1 Restaurant 2 Restaurant 3 Accommodation 1 Accommodation 2 Accommodation 3 Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <?php include($_SERVER['DOCUMENT_ROOT'].'/include/db.php'); ?> <title>Untitled Document</title> <style type="text/css"> <!-- --> </style> <link href="a.css" rel="stylesheet" type="text/css" /> </head><body> <div id="listhold"> <!------------------------------------------------------------------------------------------------------------------------------------------------------> <div class="list"><a href="Placestostay.html">Places To Stay</a><br /> <?php $title ="TITLE GOES HERE"; $query = mysql_query("SELECT DISTINCT subtype FROM business WHERE type ='Accommodation' AND confirmed ='Yes' ORDER BY name"); echo mysql_error(); while($ntx=mysql_fetch_row($query)) $nt[] = $ntx[0]; $i = -1; foreach($nt as $value) {$i++; $FileName = str_replace(' ','_',$nt[$i]) . ".php"; $FileUsed = str_replace('_',' ',$nt[$i]); echo "<a href='" . str_replace(' ','_',$nt[$i]) . ".php?title=$title&subtype=$FileUsed'>" . $nt[$i] . "</a>" . "<br/>"; $FileHandle = fopen($FileName, 'w') or die("cant open file"); $pageContents = file_get_contents("header.php"); fwrite($FileHandle,"$pageContents");} fclose($FileHandle); ?> </div> <!------------------------------------------------------------------------------------------------------------------------------------------------------> <div class="list"><a href="Eatingout.html">Eating Out</a><br /> <?php $title ="TITLE GOES HERE"; $query = mysql_query("SELECT DISTINCT subtype FROM business WHERE type ='Restaurant' AND confirmed ='Yes' ORDER BY name"); echo mysql_error(); while($ntx=mysql_fetch_row($query)) $nt[] = $ntx[0]; $i = -1; foreach($nt as $value) {$i++; $FileName = str_replace(' ','_',$nt[$i]) . ".php"; $FileUsed = str_replace('_',' ',$nt[$i]); echo "<a href='" . str_replace(' ','_',$nt[$i]) . ".php?title=$title&subtype=$FileUsed'>" . $nt[$i] . "</a>" . "<br/>"; $FileHandle = fopen($FileName, 'w') or die("cant open file"); $pageContents = file_get_contents("header.php"); fwrite($FileHandle,"$pageContents");} fclose($FileHandle); ?> </div> <!------------------------------------------------------------------------------------------------------------------------------------------------------> <div class="list"><a href="Eatingin.html">Eating In</a><br /> <?php $title ="TITLE GOES HERE"; $query = mysql_query("SELECT DISTINCT subtype FROM business WHERE type ='Takeaways' AND confirmed ='Yes' ORDER BY name"); echo mysql_error(); while($ntx=mysql_fetch_row($query)) $nt[] = $ntx[0]; $i = -1; foreach($nt as $value) {$i++; $FileName = str_replace(' ','_',$nt[$i]) . ".php"; $FileUsed = str_replace('_',' ',$nt[$i]); echo "<a href='" . str_replace(' ','_',$nt[$i]) . ".php?title=$title&subtype=$FileUsed'>" . $nt[$i] . "</a>" . "<br/>"; $FileHandle = fopen($FileName, 'w') or die("cant open file"); $pageContents = file_get_contents("header.php"); fwrite($FileHandle,"$pageContents");} fclose($FileHandle); ?> </div> <!------------------------------------------------------------------------------SKILLED TRADES BELOW---------------------------------------------------> <div class="list"><a href="Skilledtrades.html">Skilled Trades</a><br/> <?php $title ="TITLE GOES HERE"; $query = mysql_query("SELECT DISTINCT subtype FROM business WHERE type ='Skilled Trades' AND confirmed ='Yes' ORDER BY name"); echo mysql_error(); while($ntx=mysql_fetch_row($query)) $nt[] = $ntx[0]; $i = -1; foreach($nt as $value) {$i++; $FileName = str_replace(' ','_',$nt[$i]) . ".php"; $FileUsed = str_replace('_',' ',$nt[$i]); echo "<a href='" . str_replace(' ','_',$nt[$i]) . ".php?title=$title&subtype=$FileUsed'>" . $nt[$i] . "</a>" . "<br/>"; $FileHandle = fopen($FileName, 'w') or die("cant open file"); $pageContents = file_get_contents("header.php"); fwrite($FileHandle,"$pageContents");} fclose($FileHandle); ?> </div> here's the code: Code: [Select] $companyName = 'big company'; $address1 = 'big bay #8'; $address2 = 'some big warehouse'; $city = 'big city'; $province = 'AB'; $postalCode = 'T1T0N0'; $phone = '0123456789'; $email2 = 'bigKahuna@bigKahuna.edu'; $query = "INSERT INTO clients ( companyName, address1, address2, city, province, postalCode, phone, email) VALUES ( ". $companyName.",".$address1.",".$address2.",".$city.",".$postalCode.",".$phone.",".$email2.")"; $result = mysql_query($query, $connexion); if ($result) { // Success! echo "Fabulous! check the DB, we did it! :D<br>"; ?> <pre> <?php print_r($result); ?> </pre> <?php } else { // Fail! echo"CRAAAAAPP! something went wrong. FIX IT! :P<br>"; echo mysql_error(); } if (isset($connexion)) { mysql_close($connexion); } i copied it over from an old *working* file to illustrate how a simple INSERT works. this is the error i get: Code: [Select] You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'company,big bay #8,some big warehouse,big city,T1T0N0,0123456789,bigKahuna@bigKa' at line 4 looks completely valid to me. all the database table elements are set to VARCHAR(80), so it can't be a space/type issue... halp! WR! I'm restarting this under a new subject b/c I learned some things after I initially posted and the subject heading is no longer accurate. What would cause this behavior - when I populate session vars from a MYSQL query, they stick, if I populate them from an MSSQL query, they drop. It doesn't matter if I get to the next page using a header redirect or a form submit. I have two session vars I'm loading from a MYSQL query and they remain, the two loaded from MSSQL disappear. I have confirmed that all four session vars are loading ok initially and I can echo them out to the page, but when the application moves to next page via redirect or form submit, the two vars loaded from MSSQL are empty. Any ideas? Good Day Guys
I have a bit of a urgent problem.
Here is my Query:
$query = "SELECT distinct Img.propertyId as PropertyId, Title, ImageUrl, Location, Bedrooms, Bathrooms, Parking, Price FROM PROPERTIES as Prop LEFT JOIN IMAGES as Img ON Img.PropertyId = Prop.PropertyId WHERE 1=1 AND Price >=1000 AND Price <=5000 "; I am trying to create a query which reads and uses a previous query which could go on for upto four queries. For example: Query: $carcolour(red), Query: $carmodel(ford), Query: $enginesize(1600), Query: $carlocation(New York) This displays all red cars, which are Ford, which 1600CC, which are located in New York. or Query: $enginesize(1600), Query: $carcolour(red), Query: $carmodel(ford), Query: $carlocation(New York) This displays all 1600CC cars, which red car, which are Ford, which are located in New York. (Same result as above) I have found this guide but Im not sure it what I am looking for. I have also come across the Join function. However this seems to be based on joining two seperate queries. http://www.suite101.com/content/how-tor-run-multiple-mysql-queries-with-php-a105672 Can anyone advise on the best way to create a set of queries which reads and uses the results of the previous query? Hi Chaps, I have a PHP FTP App, where users can log in using a unique code and a password. Their unique code corresponds to an FTP folder, e.g. Quote \FTP_Root\Customer A & Co\ So when the user logs in, they can see their FTP directory and contents, in this case an Inbox and an Outbox. This works as the FTP folder contains both an Inbox and an Outbox. The problem I am having is when I try browsing within this directory (say the Inbox), ftp-chdir fails. I have a hyperlink that sends a 'dir' parameter to the same ftp.php page, and if set, will attempt to change to the given directory. So even though the URL Hyperlink reads: Quote ....server.co.uk/ftp.php?dir=/FTP_Root/Customer A & Co/Inbox When you click on this link, the page tries to load: Quote ....server.co.uk/ftp.php?dir=/FTP_Root/Customer A So my question is what do I need to change, the Hyperlink to read something like: Quote ....server.co.uk/ftp.php?dir=/FTP_Root/Customer%20A%20&%20Co/Inbox Do something to the ftp-chdir function, where I encode/decode/whatever to make sure it tries to change to the correct FTP directory? Or exclude all ampersand entirely? Hello everyone, I am new to this forum and PHP world. Doing my first project, a pretty complicated one to start with. I will be needing your help a lot to accomplish it. Here is the first one. 1. I have a certain field called 'country' 2. I have small flag icons for every country. WHAT DO I WANT TO DO? Example - If the country is U.S.A., the U.S. flag shows up and is a link to www.domain.com/usa If the country is Germany, the German flags shows up and is a link to www.domain.com/germany If the country is not set, no flag shows up. END. How do I execute this? This is what I am doing to get the image <img src="images/flags/<?php echo $row_rsPilots['country']; ?>.gif" alt="" name="Flag" width="20" height="20" id="Flag" /> How do make it a link to www.domain.com/'country' Thanks in advance Building a website for work. I am struggling with the login for some reason. I`m using a lot of the same code as I did for my personal site and a few other websites I`ve programmed which has always worked. But for some reason, it isn`t working now. I`ve already told it to display to me the information that`s being processed and that is all correct (it even updates the database like it`s supposed to). It just won`t show the person being logged in, which defeats the purpose of logging in, yanno? Here are all the files in question. login.php <?php include "file_calls.php"; $title = "Business Name (Beta): Log In"; include "functions.php"; session_start(); echo "$title"; echo "<p>"; echo "Log into the Business Name website. Only authorized members of the Business Name Staff can log into the website."; echo "<p>"; include "login_form.php"; ?> login_form.php <?php echo "<form action='logging.php' method='post'>"; echo "E-Mail Address:"; echo "<br><input type='text' name='email' size=60 maxlength=100>"; echo "<p>"; echo "Password:"; echo "<br><input type='password' name='pass' size=60 maxlength=25>"; echo "<p>"; $buttonlabel = "Log In"; include "formbutton_format.php"; echo "</form>"; ?> logging.php <?php include "file_calls.php"; $title = "Business Name (Beta): Logging In"; include "functions.php"; session_start(); echo "$title"; echo "<p>"; echo "Logging into the Business Name website. Only authorized members of the Business Name Staff can log into the website."; echo "<p>"; $email = $_POST['email']; $pass = $_POST['pass']; $entry_date = strftime("%B\ %e\,\ %Y %I:%M:%S %p", time()); $res = mysql_query("SELECT id, memlev, pwd1, pwd2, email, name FROM user_data WHERE email='$email'"); $by = mysql_fetch_row($res); mysql_free_result($res); $log = $by[4]; $pas = $by[2]; $pas2 = $by[3]; if ($email && $pass) { if ($by[0]) { if ($by[1] == 2) { $passwd = crypt($_REQUEST['pass'],$by[5]); if ($pass == $pas2) { mysql_query("UPDATE user_data SET lastlogin='$entry_date' WHERE email='$email'"); mysql_close($con); header("Location: index.php"); } elseif ($passwd != $pas) { header("Location: nolog.php?logout=1&m=4"); } } elseif ($by[1] == 1) { header("Location: nolog.php?logout=1&m=2"); } elseif ($by[1] == 0) { header("Location: nolog.php?logout=1&m=3"); } } elseif (!$by[0]) { header("Location: nolog.php?logout=1&m=1"); } } elseif (!$email || !$pass) { echo "<b>Error:</b> Both username and password must be entered in order to log in."; echo "<p>"; include "login_form.php"; } ?>[/php index.php [php]<?php include "file_calls.php"; $title = "Business Name (Beta)"; include "functions.php"; session_start(); echo "$title"; echo "<p>"; echo "This website is currently under construction. Thank you for your patience."; echo "<p>"; if ($lev > 1) { echo "Hello, $loggeduser !"; } elseif ($lev < 2) { echo "Not logged in."; } echo "<p>"; echo "$lev"; echo "<br>$loggeduser<br>$email"; ?> auth.php <?php // Defines DEFINE('SESSION_MAGIC','sadhjasklsad2342'); // Initialization @session_start(); @ob_start(); /* Redirects to another page */ function Redirect($to) { @session_write_close(); @ob_end_clean(); @header("Location: $to"); } /* Deletes existing session */ function RemoveSession() { $_SESSION = array(); if (isset($_COOKIE[session_name()])) { @setcookie(session_name(), '', time()+(60*60*24*365), '/'); } } /* Checks if user is logged in */ function isLoggedIn() { return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC)); } /* read message count */ function CountMessages($id) { if ($res=mysql_query("SELECT * FROM user_data WHERE email='$email'")) { $count=mysql_num_rows($res); mysql_free_result($res); return($count); } return 0; } /* Go login go! */ function Login($email,$pass) { global $nmsg, $rows; $ok=false; if ($res=mysql_query("SELECT id, email, name, pwd1, pwd2, memlev FROM user_data WHERE email='$email' AND pwd2='$pass'")) { if ($rows=mysql_fetch_row($res)) { $_SESSION['sess_name'] = $rows[2]; $_SESSION['pass'] = $pass; $_SESSION['gal'] = $rows[0]; $_SESSION['level2'] = $rows[5]; $_SESSION['email'] = $rows[1]; $_SESSION['magic'] = SESSION_MAGIC; $nmsg = CountMessages($rows[0]); $ok=true; } else { include('login_failed.php'); } mysql_free_result($res); } return($ok); } /* Terminates an existing session */ function Logout() { @RemoveSession(); @session_destroy(); } /* Escape array using mysql */ function Escape(&$arr) { if (Count($arr)>0) { foreach($arr as $k => $v) { if (is_array($v)) { Escape($arr[$k]); } else { if (function_exists('get_magic_quotes')) { if(!get_magic_quotes_gpc()) { $arr[$k] = stripslashes($v); } } $arr[$k] = mysql_real_escape_string($v); } } } } // ----------------------------------------------- // Main // ----------------------------------------------- Escape($_POST); Escape($_GET); Escape($_COOKIE); Escape($_REQUEST); Escape($_GLOBALS); Escape($_SERVER); ?> file_calls.php <?php include "info_con.php"; include "auth.php"; ?> functions.php <?php echo "<title>$title</title>"; $lev=isset($_SESSION['level2'])?$_SESSION['level2']:0; $logged=isset($_SESSION['gal'])?$_SESSION['gal']:0; $loggeduser=$_SESSION['sess_name']; $nmsg = 0; $rows = isset($_SESSION['rows'])?$_SESSION['rows']:array(); $email = isset($_SESSION['email'])?$_SESSION['email']:''; $pass = isset($_SESSION['pass'])?$_SESSION['pass']:''; function rand_chars($c, $l, $u = FALSE) { if (!$u) for ($s = '', $i = 0, $z = strlen($c)-1; $i < $l; $x = rand(0,$z), $s .= $c{$x}, $i++); else for ($i = 0, $z = strlen($c)-1, $s = $c{rand(0,$z)}, $i = 1; $i != $l; $x = rand(0,$z), $s .= $c{$x}, $s = ($s{$i} == $s{$i-1} ? substr($s,0,-1) : $s), $i=strlen($s)); return $s; } function ShowLoggedInBar() { global $email,$pass,$rows,$logid; $nmes=""; if($nmsg){ $nmes="($nmsg New)"; } echo "Hello, $loggeduser !"; } /* check if we are logging out */ if (isset($_REQUEST['logout'])) { Logout(); } /* check if already logged in */ if (isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC)) { ShowLoggedInBar(); } else { /* not logged in, is it a form post? */ if (isset($_REQUEST['email']) && isset($_REQUEST['pass'])) { $email = $_REQUEST['email']; $pass = crypt($_REQUEST['pass'],$email); Login($email,$pass); } else { } } ?> Can anyone see why it works on everything but getting the person logged in? |