I have a script that asks a user to login using an ID and password, it then
displays a login menu based on the users access type.
This script works on another machine, but I have attempted to set up PHP on
two new machines and keep getting the same problem.
The script runs but when the user types in their data and clicks the
continue button the parameters being input into the script do change but it
looks like it is being ignored.
e.g
Calling the page for the first time works:
http://160.221.21.129/timelog/index.php
Self-calling with the additional user_id parameter set results
in the login screen being shown again!
http://160.221.21.129/timelog/?user_id=99999
This should now show the users menu options. (As on the other system!)
If I don't put in a user Id and password the screen is updated to reflect
this, I don't understand this as again this is calling itself to perform
this change.
My script is included below, any help would be much appreciated:
<?php
// (Re-)Start the session handler
session_start();
include ( $to_root.'scripts_php/common.php' );
if ( isset ($_GET['LOGOUT']) ) {
$_SESSION = array();
header ('Location: http://'.$thiswebsite);
}
// Get the task_id, if supplied
$task_id = trim ($_REQUEST['task_id']);
$errormsg = '';
// Login requested?
if ( $_POST['login'] == 'Click To Login' ) {
$username = trim ($_POST['username']);
$f_username = fixquotes ($username); // fixed for SQL statements
$passwd = trim ($_POST['passwd']);
// $f_passwd = fixquotes (md5 ($passwd)); // fixed for SQL
statements
$f_passwd = fixquotes ($passwd); // fixed for SQL statements
// Error check the form data
if ( strlen ($username) == 0 ) {
$errormsg .= 'You must supply a username in the form
<em>Lastname Firstname</em>.<br />';
}
if ( strlen ($passwd) == 0 ) {
$errormsg .= 'You must supply a password.<br />';
}
$allok = ( strlen ($errormsg) > 0 ) ? false : true;
if ( $allok ) {
// Check that supplied data is valid
$sql = "
SELECT UserID,UserName,UserType,LastLogin FROM
userlog
WHERE UserName='$f_username' AND
UserPassword='$f_passwd'
";
$rs = @mysql_query ($sql);
if ( !$rs ) {
$errormsg .= 'There was a problem
accessing the database.<br />';
}
elseif ( mysql_num_rows ($rs) != 1 ) {
// Details not OK - error
$errormsg .= 'Username and/or password
supplied was incorrect.<br />';
} else {
// Details OK - process login
$_SESSION['LoggedIn'] = true;
$row = mysql_fetch_object ($rs);
$_SESSION['User_ID'] = $row->UserID;
$_SESSION['User_NAME'] = $row->UserName;
$_SESSION['User_TYPE'] = $row->UserType;
$_SESSION['LastLogin'] =
$row->LastLogin;
header ('Location:
http://'.$thiswebsite.'?user_id='.$row->UserID);
}
}
}
// End of Login requested?
?>
<?php echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?".">"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<title>Time Reporting Website</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<!-- Honeywell Intranet Template Header Files -->
<link rel=stylesheet type='text/css'
href="http://my.honeywell.com/inc/styleurl.css";>
<script language="JavaScript"
src="http://my.honeywell.com/inc/properties.js";></script>
<script language='JavaScript'
src='http://my.honeywell.com/inc/framed.js'></script>
<script language='JavaScript'
src='http://my.honeywell.com/inc/left_framed.js'></script>
<!-- End of Honeywell Intranet Template Header Files -->
<? include ( 'metas.php' ); ?>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_reloadPage(init) { //reloads the window if Nav4 resized
if (init==true) with (navigator) {if
((appName=="Netscape")&&(parseInt(appVersion)==4)) {
document.MM_pgW=innerWidth; document.MM_pgH=innerHeight;
onresize=MM_reloadPage; }}
else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH)
location.reload();
}
MM_reloadPage(true);
//-->
</script>
</head>
<body>
<div id="logo">Time<br />Reporting<br />System</div>
<!-- Honeywell Intranet Template Top Row -->
<script language="JavaScript"
src="http://my.honeywell.com/inc/globalnav.js";></script>
<!-- End of Honeywell Intranet Template Top Row -->
<!-- Honeywell Intranet Template Left Navigation List -->
<script language="JavaScript"
src="http://my.honeywell.com/inc/menuload_url.js";></script>
<script language="JavaScript">
// Change this value to highlight required link in menu
if ( LoggedIn == "1" ) {
honeywell.list.selItem=0;
} else {
honeywell.list.selItem=0;
}
</script>
<script language="JavaScript"
src="http://my.honeywell.com/inc/leftmenu_div.js";></script>
<!-- End of Honeywell Intranet Template Left Navigation List -->
<div id="container">
<?php
// Check for Login parameter
if ( $_SESSION['LoggedIn'] ) {
?>
<h3>Utilities available to <?php echo $_SESSION['User_NAME'] ?>.</h3>
<p><hr>
<table bgcolor="gray" width="70%" border="0" cellspacing="4"
cellpadding="4"><tr><td>
<p><font color="blue"><h4>OPTIONS:</h4></font><p>
<?php
switch ( $_SESSION['User_TYPE'] ) {
case 'viewer':
echo '
<a href="#" onclick="openwin
(\'inputer.php?user_id='.$user_id.'\',\'work\',true,700,525,15,20)">Enter
time against projects.</a>';
echo ( is_numeric ($user_id) ) ? '
(user_'.$user_id.' pre-selected)' : '';
echo '
</p>
<p>
<a href="#" onclick="openwin
(\'status.php?user_id='.$user_id.'\',\'status\',true,700,525,15,20)">View
Status reports.</a>';
echo ( is_numeric ($user_id) ) ? '
(user_'.$user_id.' pre-selected)' : '';
echo '
</p><hr><p>
';
echo '
<a href="#" onclick="openwin
(\'admin.php?user_id='.$user_id.'&admin_type=pass\',\'pass\',true,700,525,15
,20)">Change Password.</a></p>
';
echo '
</p></table>
';
break;
case 'inputer':
echo '
<a href="#" onclick="openwin
(\'inputer.php?user_id='.$user_id.'\',\'work\',true,700,525,15,20)">Enter
time against projects.</a>';
echo ( is_numeric ($user_id) ) ? ' (user_'.$user_id.'
pre-selected)' : '';
echo '
</p>
<p>
<a href="#" onclick="openwin
(\'status.php?user_id='.$user_id.'\',\'status\',true,700,525,15,20)">View
Status reports.</a>';
echo ( is_numeric ($user_id) ) ? '
(user_'.$user_id.' pre-selected)' : '';
echo '
</p><hr><p>
';
echo '
<a href="#" onclick="openwin
(\'admin.php?user_id='.$user_id.'&admin_type=pass\',\'pass\',true,700,525,15
,20)">Change Password.</a></p>
';
echo '
</p></table>
<p>
';
break;
case 'admin':
echo '
<a href="#" onclick="openwin
(\'inputer.php?user_id='.$user_id.'\',\'work\',true,700,525,15,20)">Enter
time against projects.</a>';
echo '
</p>
<p>
<a href="#" onclick="openwin
(\'status.php?user_id='.$user_id.'\',\'status\',true,700,525,15,20)">View
Status reports.</a>';
echo '
</p><p></table><hr><p>
';
echo '<p><font color="blue"><h3>Administrative
Tasks:</h3></font><p>';
echo '
<a href="#" onclick="openwin
(\'admin.php?user_id='.$user_id.'&admin_type=list\',\'list\',true,700,525,15
,20)">Search for an IDWeb User ID.</a></p></table>
';
echo '
<a href="#" onclick="openwin
(\'admin.php?user_id='.$user_id.'&admin_type=pass\',\'pass\',true,700,525,15
,20)">Change Local User Password.</a></p>
';
echo '
<a href="#" onclick="openwin
(\'admin.php?user_id='.$user_id.'&admin_type=type\',\'type\',true,700,525,15
,20)">Change Local User Type.</a></p>
';
echo '
<a href="#" onclick="openwin
(\'admin.php?user_id='.$user_id.'&admin_type=new\',\'new\',true,700,525,15,2
0)">Add a New Local User.</a></p></table>
';
break;
default:
echo '
<p class="errormsg">You have an
unrecognised user type. There are no utilities available to you.</p>
';
}
?>
<hr>
<h4>Last Logged in on: <?php echo $_SESSION['LastLogin'] ?>.</h4>
<?PHP
//Save Login-Time to the User-Log table
$now = date ('Y-m-d H:i:s');
$sql = "UPDATE UserLog SET LastLogin = '$now' WHERE UserID=$user_id";
$rs = @mysql_query ($sql);
} else {
?>
<h3>Please login to access the Time Logging system.</h3>
<form name="loginform" action="<?php echo $PHP_SELF ?>" method="post">
<input type="hidden" name="task_id" value="<?php echo $task_id ?>" />
<table width="550" border="0" cellspacing="0" cellpadding="4">
<caption><?php echo '<span
class="errormsg">'.$row->UserID.$row->UserPassword.$errormsg.'</span>'
?></caption>
<tr>
<td>Username: </td>
<td><input type="text" name="username" tabindex="1" value="<?php
echo $username ?>" /></td>
</tr>
<tr>
<td>Password: </td>
<td><input type="password" name="passwd" tabindex="2" /></td>
</tr>
<tr>
<td colspan="2"><div align="center">
<input type="submit" name="login" value="Click To Login"
tabindex="3" />
</div></td>
</tr>
</table>
</form>
<?php
}
// End of Check for Login parameter
?>
<!-- Footer section - do not touch -->
<p>
<script language="JavaScript"
src="http://my.honeywell.com/inc/footer_url.js";></script>
<script language="JavaScript" src="<? echo $to_root
?>content_owner.js"></script>
</p>
<!-- End of Footer section - do not touch -->
</div>
</body>
</html>
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
