Why dont'n you use soma classes from www.phpclasses.com about User Management!! There are great classes in this site!! -----Original Message----- From: Shawn Singh [mailto:callmeshawn@xxxxxxxxx] Sent: Miércoles, 04 de Mayo de 2005 03:14 p.m. To: php-db@xxxxxxxxxxxxx Subject: Problem Using Sessions Hey All, I'm fairly new to PHP Programming. I have compiled and installed postgres version 8.0.1, and with that compiled postgres support into my postgres (I'm using PHP version 5.0.4), and I've compiled support for PHP into Apache (version 2.0.53) and all is working (in that I can embed PHP into my HTML documents and get the expected results). Recently I started working on a website in which I would like there to be an administration page where the person who is logged in can add and delete records. I figured that the best way to do this would be to establish a session, (at the login page) then if the user login is successful, I would then register the username and password and redirect the user to the admin page. I chose not to use cookies, b/c everyone may not have cookies enabled on their browser and I didn't want that to be a hurdle that a user would have to jump over. I've written the code but when I try to login to the site I get this message: Warning: Cannot modify header information - headers already sent by (output started at /export/home/www/htdocs/login.php:13) in /export/home/www/htdocs/login.php on line 25 Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 Information I've seen on the web for these types of messages would indicate that I don't have a /tmp directory, but such is not the case. Other messages have indicated that my session variables are not getting written to /tmp, but that is not true either, as I have seen them in there...as I see entries such as: sess_ec2249332b8b29863f161461cf8c1409 So, I'm guessing that there aren't problems with my /tmp filesystem. Please excuse the lack of style as I have mainly been trying to hack out something, but plan to clean it up later. My source code for the login page is as follows: <?php session_start(); echo "<html> <title>Joshua Generation Login Page</title> <body bgcolor='#9C9C9C'> <form action='login.php' method='POST'> <table border='1'> <tr><td>Enter Username:</td><td><input type='text' name='username'></td></tr> <tr><td>Enter Password:</td><td><input type='text' name='password'></td></tr> <input type='hidden' name='login' value='1'> <input type='submit'value='Login'> </table> </form>"; if ( $_POST ) { $username = $_POST['username']; $password = $_POST['password']; if ( $username == "test" && $password == "test" ) { global $username, $password; session_register("username"); session_register("password"); echo "<h1>Authorized Entry</h1>"; header("Location: http://joshua1and8.homelinux.org/admin.php";); } else { echo $username; echo "<br>"; echo $password; echo "<br>"; echo "<h1>Login FAILED</h1>"; } } echo "</body> </html>"; ?> My source code for the admin page is as follows: <?php session_start(); global $username, $password; session_register("username"); session_register("password"); ?> <html> <head> <title>Joshua Generation Admin Page</title> </head> <body bgcolor='#9C9C9C'> <?php /* * Radesh N. Singh * Admin Page */ if (isset($username)) { echo "<h1>Joshua Generation Admin's Corner</h1> <form action=\"admin.php\" method=\"POST\"> <table border=\"1\"> <tr><td>Name</td> <td>Cell Phone</td> <td>Work Phone</td> <td>Home Phone</td> <td>Email Address</td> </tr> <tr><td><input type=\"text\" name=\"name\"/></td> <td><input type=\"text\" name=\"cphone\"/></td> <td><input type=\"text\" name=\"wphone\"/></td> <td><input type=\"text\" name=\"hphone\"/></td> <td><input type=\"text\" name=\"emailaddr\"/></td> </tr> <tr><input type=\"hidden\" name=\"proc\" value=\"add\"> <input type=\"submit\" value=\"Add Member Records\"> <input type=\"hidden\" name=\"proc\" value=\"del\"> <input type=\"submit\" value=\"Delete Member Records\"> </tr> </table> </form>"; if ($_POST) { $conn_string = "dbname=joshua_generation user=admin password=admin"; $conn_hndl = pg_connect($conn_string); switch ($_POST['proc']) { case 'add': $name = $_POST['name']; $cphone = $_POST['cphone']; $wphone = $_POST['wphone']; $hphone = $_POST['hphone']; $emailaddr = $_POST['emailaddr']; /* To add a member a name is all that is needed. Based on the name that is entered, the next nameid will be generated by the dbms, and the insert will be done into: NAMES, PNUMBERS, EMAILADDRS, MBRSTATUS based on that number The default MBRSTATUS.status will be ACTIVE */ $ins_names_stmt = "INSERT INTO NAMES VALUES ('nextval('nid'),'"; $ins_names_stmt .= $name; $ins_names_stmt .= "');"; pg_query($ins_names_stmt); $getcurval = "SELECT currval('$nid[0]') FROM NAMES"; $curval = pg_fetch_row(pg_query($getcurval[0])); $ins_pnums_stmt = "INSERT INTO PNUMBERS (nameid, cnumber, wnumber, hnumber) VALUES ('"; $ins_pnums_stmt = $curval[0]; $ins_pnums_stmt .= "','"; $ins_pnums_stmt .= $cphone; $ins_pnums_stmt .= "','"; $ins_pnums_stmt .= $wphone; $ins_pnums_stmt .= "','"; $ins_pnums_stmt .= $hphone; $ins_names_stmt .= "');"; pg_query($ins_names_stmt); $ins_emads_stmt = "INSERT INTO EMAILADDRS (nameid, emailaddr) VALUES ('"; $ins_emads_stmt .= $curval[0]; $ins_pnums_stmt .= "','"; $ins_emads_stmt .= $emailaddr; $ins_emads_stmt .= "');"; pg_query($ins_emads_stmt); $ins_mbsts_stmt = "INSERT INTO MBRSTATUS (nameid, status) VALUES ('"; $ins_mbsts_stmt .= $curval[0]; $ins_mbsts_stmt .= "','true');"; pg_query($ins_mbsts_stmt); break; case 'del': /* Deletion is really an archive then delete process... The goal is to save all of the data to an archive table, then delete the original data. The actual delete will be done on the NAMES table, which will result in the foreign keys being updated. */ /* Get nameid as the key to the rest of the queries */ /* THIS MUST BE DONE FIRST */ $searchname = $_POST['name']; $rval = "SELECT nameid FROM NAMES where name = '$searchname'"; $row = pg_fetch_row(pg_query($rval)); $nid = $row[0]; /* SQL Statements */ /* Get the phone number */ $number_val = "SELECT pnumbers.cnumber, pnumbers.wnumber, pnumbers.hnumber "; $number_val .= "FROM pnumbers "; $number_val .= "WHERE pnumbers.nameid = '"; $number_val .= $nid; $number_val .= "';"; /* Get the email address */ $email_val = "SELECT emailaddrs.emailaddr FROM emailaddrs WHERE emailaddrs.nameid = '"; $email_val .= $nid; $email_val .= "';"; /* Fetch the phone numbers */ $number_row = pg_fetch_row(pg_query($number_val)); /* Fetch the email address */ $email_row = pg_fetch_row(pg_query(strtolower($email_val))); /* Store values of phone numbers and email addresses for future use */ $cphone = $number_row[0]; $wphone = $number_row[1]; $hphone = $number_row[2]; $emailaddr = $email_row[0]; $arch_stmt = "INSERT INTO ARCHIVE (name, cnumber, wnumber, hnumber, status) VALUES ('"; $arch_stmt .= $searchname; $arch_stmt .= "','"; $arch_stmt .= $cphone; $arch_stmt .= "','"; $arch_stmt .= $wphone; $arch_stmt .= "','"; $arch_stmt .= $hphone; $arch_stmt .= "','"; $arch_stmt .= $emailaddr; $arch_stmt .= "','true');"; pg_query($arch_stmt); $del_stmt = "DELETE FROM NAMES WHERE NAMES.nameid = '"; $del_stmt .= $nid; $del_stmt .= "'"; pg_query($del_stmt); break; default: echo "No Action Selected"; break; } } } ?> </body> </html> -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
