RE: Problem Using Sessions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Why dont'n you use soma classes from www.phpclasses.com about User
Management!!
There are great classes in this site!!

-----Original Message-----
From: Shawn Singh [mailto:callmeshawn@xxxxxxxxx]
Sent: Miércoles, 04 de Mayo de 2005 03:14 p.m.
To: php-db@xxxxxxxxxxxxx
Subject:  Problem Using Sessions


Hey All,

I'm fairly new to PHP Programming. I have compiled and installed
postgres version 8.0.1, and with that compiled postgres support into
my postgres (I'm using PHP version 5.0.4), and I've compiled support
for PHP into Apache (version 2.0.53) and all is working (in that I can
embed PHP into my HTML documents and get the expected results).

Recently I started working on a website in which I would like there to
be an administration page where the person who is logged in can add
and delete records. I figured that the best way to do this would be to
establish a session, (at the login page) then if the user login is
successful, I would then register the username and password and
redirect the user to the admin page. I chose not to use cookies, b/c
everyone may not have cookies enabled on their browser and I didn't
want that to be a hurdle that a user would have to jump over.

I've written the code but when I try to login to the site I get this
message:

Warning: Cannot modify header information - headers already sent by
(output started at /export/home/www/htdocs/login.php:13) in
/export/home/www/htdocs/login.php on line 25

Warning: Unknown: Your script possibly relies on a session side-effect
which existed until PHP 4.2.3. Please be advised that the session
extension does not consider global variables as a source of data,
unless register_globals is enabled. You can disable this functionality
and this warning by setting session.bug_compat_42 or
session.bug_compat_warn to off, respectively. in Unknown on line 0

Information I've seen on the web for these types of messages would
indicate that I don't have a /tmp directory, but such is not the case.
 Other messages have indicated that my session variables are not
getting written to /tmp, but that is not true either, as I have seen
them in there...as I see entries such as:

sess_ec2249332b8b29863f161461cf8c1409

So, I'm guessing that there aren't problems with my /tmp filesystem.

Please excuse the lack of style as I have mainly been trying to hack
out something, but plan to clean it up later.

My source code for the login page is as follows:

<?php
    session_start();
    echo "<html>
          <title>Joshua Generation Login Page</title>
          <body bgcolor='#9C9C9C'>
          <form action='login.php' method='POST'>
          <table border='1'>
            <tr><td>Enter Username:</td><td><input type='text'
name='username'></td></tr>
            <tr><td>Enter Password:</td><td><input type='text'
name='password'></td></tr>
            <input type='hidden' name='login' value='1'>
            <input type='submit'value='Login'>
          </table>
          </form>";
    if ( $_POST )
    {
      $username = $_POST['username'];
      $password = $_POST['password'];
      if ( $username == "test" && $password == "test" )
      {
        global $username, $password;
        session_register("username");
        session_register("password");

        echo "<h1>Authorized Entry</h1>";
        header("Location: http://joshua1and8.homelinux.org/admin.php";);
      }
      else
      { echo $username;
        echo "<br>";
        echo $password;
        echo "<br>";
        echo "<h1>Login FAILED</h1>";
      }
    }
    echo "</body>
          </html>";
?>


My source code for the admin page is as follows:

<?php
  session_start();
  global $username, $password;
  session_register("username");
  session_register("password");
?>
<html>
<head>
<title>Joshua Generation Admin Page</title>
</head>
<body bgcolor='#9C9C9C'>
<?php
/*
 * Radesh N. Singh
 * Admin Page
 */
if (isset($username))
{
  echo "<h1>Joshua Generation Admin's Corner</h1>
  <form action=\"admin.php\" method=\"POST\">
  <table border=\"1\">
    <tr><td>Name</td>
        <td>Cell Phone</td>
        <td>Work Phone</td>
        <td>Home Phone</td>
        <td>Email Address</td>
    </tr>
    <tr><td><input type=\"text\" name=\"name\"/></td>
      <td><input type=\"text\" name=\"cphone\"/></td>
      <td><input type=\"text\" name=\"wphone\"/></td>
      <td><input type=\"text\" name=\"hphone\"/></td>
      <td><input type=\"text\" name=\"emailaddr\"/></td>
    </tr>
    <tr><input type=\"hidden\" name=\"proc\" value=\"add\">
          <input type=\"submit\" value=\"Add Member Records\">
          <input type=\"hidden\" name=\"proc\" value=\"del\">
          <input type=\"submit\" value=\"Delete Member Records\">
      </tr>
  </table>
  </form>";

  if ($_POST)
  {
    $conn_string = "dbname=joshua_generation user=admin password=admin";
    $conn_hndl = pg_connect($conn_string);

    switch ($_POST['proc'])
    {
      case 'add':
        $name = $_POST['name'];
        $cphone = $_POST['cphone'];
        $wphone = $_POST['wphone'];
        $hphone = $_POST['hphone'];
        $emailaddr = $_POST['emailaddr'];

      /*
        To add a member a name is all that is needed.
        Based on the name that is entered, the next nameid
        will be generated by the dbms, and the insert will
        be done into:
        NAMES, PNUMBERS, EMAILADDRS, MBRSTATUS
        based on that number
        The default MBRSTATUS.status will be ACTIVE
      */
        $ins_names_stmt = "INSERT INTO NAMES VALUES ('nextval('nid'),'";
        $ins_names_stmt .= $name;
        $ins_names_stmt .= "');";
        pg_query($ins_names_stmt);
        $getcurval = "SELECT currval('$nid[0]') FROM NAMES";
        $curval = pg_fetch_row(pg_query($getcurval[0]));
        $ins_pnums_stmt = "INSERT INTO PNUMBERS (nameid, cnumber,
wnumber, hnumber) VALUES ('";
        $ins_pnums_stmt = $curval[0];
        $ins_pnums_stmt .= "','";
        $ins_pnums_stmt .= $cphone;
        $ins_pnums_stmt .= "','";
        $ins_pnums_stmt .= $wphone;
        $ins_pnums_stmt .= "','";
        $ins_pnums_stmt .= $hphone;
        $ins_names_stmt .= "');";
        pg_query($ins_names_stmt);
        $ins_emads_stmt = "INSERT INTO EMAILADDRS (nameid, emailaddr)
VALUES ('";
        $ins_emads_stmt .= $curval[0];
        $ins_pnums_stmt .= "','";
        $ins_emads_stmt .= $emailaddr;
        $ins_emads_stmt .= "');";
        pg_query($ins_emads_stmt);
        $ins_mbsts_stmt = "INSERT INTO MBRSTATUS (nameid, status) VALUES
('";
        $ins_mbsts_stmt .= $curval[0];
        $ins_mbsts_stmt .= "','true');";
        pg_query($ins_mbsts_stmt);
      break;
      case 'del':
        /*
          Deletion is really an archive then delete process...
          The goal is to save all of the data to an archive table,
          then delete the original data.
          The actual delete will be done on the NAMES table,
          which will result in the foreign keys being updated.
        */
        /* Get nameid as the key to the rest of the queries */
        /* THIS MUST BE DONE FIRST */
        $searchname = $_POST['name'];
        $rval = "SELECT nameid FROM NAMES where name = '$searchname'";
        $row = pg_fetch_row(pg_query($rval));
        $nid = $row[0];

        /* SQL Statements */
        /* Get the phone number */
        $number_val =  "SELECT pnumbers.cnumber, pnumbers.wnumber,
pnumbers.hnumber ";
        $number_val .= "FROM pnumbers ";
        $number_val .= "WHERE  pnumbers.nameid = '";
        $number_val .= $nid;
        $number_val .= "';";

        /* Get the email address */
        $email_val = "SELECT emailaddrs.emailaddr FROM emailaddrs
WHERE emailaddrs.nameid = '";
        $email_val .= $nid;
        $email_val .= "';";

        /* Fetch the phone numbers */
        $number_row = pg_fetch_row(pg_query($number_val));

        /* Fetch the email address */
        $email_row = pg_fetch_row(pg_query(strtolower($email_val)));

        /* Store values of phone numbers and email addresses for future use
*/
        $cphone = $number_row[0];
        $wphone = $number_row[1];
        $hphone = $number_row[2];
        $emailaddr = $email_row[0];

        $arch_stmt = "INSERT INTO ARCHIVE (name, cnumber, wnumber,
hnumber, status) VALUES ('";
        $arch_stmt .= $searchname;
        $arch_stmt .= "','";
        $arch_stmt .= $cphone;
        $arch_stmt .= "','";
        $arch_stmt .= $wphone;
        $arch_stmt .= "','";
        $arch_stmt .= $hphone;
        $arch_stmt .= "','";
        $arch_stmt .= $emailaddr;
        $arch_stmt .= "','true');";

        pg_query($arch_stmt);

        $del_stmt = "DELETE FROM NAMES WHERE NAMES.nameid = '";
        $del_stmt .= $nid;
        $del_stmt .= "'";

        pg_query($del_stmt);
      break;
      default:
        echo "No Action Selected";
      break;
    }
  }
}
?>
</body>
</html>

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux