I don't see any $_GET['User_ID'] statements anywhere. When you pass a value via the URL like "scriptname.php?userid=9999", you either need to use $_GET[] or $_REQUEST[] to retrieve the data. That could be why it's being 'ignored' -TG > -----Original Message----- > From: Garry Grierson [mailto:garry.grierson@xxxxxxxxxxxxx] > Sent: Thursday, June 17, 2004 7:25 AM > To: php-windows@xxxxxxxxxxxxx > Subject: Self-calling script problem. > > > > I have a script that asks a user to login using an ID and > password, it then > displays a login menu based on the users access type. > > > > This script works on another machine, but I have attempted to > set up PHP on > two new machines and keep getting the same problem. > > > > The script runs but when the user types in their data and clicks the > continue button the parameters being input into the script do > change but it > looks like it is being ignored. > > e.g > > Calling the page for the first time works: > > http://160.221.21.129/timelog/index.php > > > > Self-calling with the additional user_id > parameter set results > in the login screen being shown again! > > http://160.221.21.129/timelog/?user_id=99999 > > This should now show the users menu options. (As on the other system!) > > > > If I don't put in a user Id and password the screen is > updated to reflect > this, I don't understand this as again this is calling itself > to perform > this change. > > > > My script is included below, any help would be much appreciated: > > > > <?php > > // (Re-)Start the session handler > > session_start(); > > > > include ( $to_root.'scripts_php/common.php' ); > > > > if ( isset ($_GET['LOGOUT']) ) { > > $_SESSION = array(); > > header ('Location: http://'.$thiswebsite); > > } > > > > // Get the task_id, if supplied > > $task_id = trim ($_REQUEST['task_id']); > > > > $errormsg = ''; > > // Login requested? > > if ( $_POST['login'] == 'Click To Login' ) { > > $username = trim ($_POST['username']); > > $f_username = fixquotes ($username); // fixed for > SQL statements > > $passwd = trim ($_POST['passwd']); > > // $f_passwd = fixquotes (md5 ($passwd)); // fixed for SQL > statements > > $f_passwd = fixquotes ($passwd); // fixed for SQL > statements > > > > // Error check the form data > > if ( strlen ($username) == 0 ) { > > $errormsg .= 'You must supply a > username in the form > <em>Lastname Firstname</em>.<br />'; > > } > > if ( strlen ($passwd) == 0 ) { > > $errormsg .= 'You must supply a > password.<br />'; > > } > > > > $allok = ( strlen ($errormsg) > 0 ) ? false : true; > > if ( $allok ) { > > // Check that supplied data is valid > > $sql = " > > SELECT UserID,UserName,UserType,LastLogin FROM > userlog > > WHERE UserName='$f_username' AND > UserPassword='$f_passwd' > > "; > > $rs = @mysql_query ($sql); > > if ( !$rs ) { > > $errormsg .= 'There was a problem > accessing the database.<br />'; > > } > > elseif ( mysql_num_rows ($rs) != 1 ) { > > // Details not OK - error > > $errormsg .= 'Username > and/or password > supplied was incorrect.<br />'; > > } else { > > // Details OK - process login > > $_SESSION['LoggedIn'] = true; > > $row = mysql_fetch_object ($rs); > > $_SESSION['User_ID'] = > $row->UserID; > > $_SESSION['User_NAME'] = > $row->UserName; > > $_SESSION['User_TYPE'] = > $row->UserType; > > $_SESSION['LastLogin'] = > $row->LastLogin; > > header ('Location: > http://'.$thiswebsite.'?user_id='.$row->UserID); > > } > > } > > } > > // End of Login requested? > > ?> > > <?php echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?".">"; ?> > > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > > <html xmlns="http://www.w3.org/1999/xhtml";> > > <head> > > <title>Time Reporting Website</title> > > <meta http-equiv="Content-Type" content="text/html; > charset=iso-8859-1" /> > > > > <!-- Honeywell Intranet Template Header Files --> > > <link rel=stylesheet type='text/css' > href="http://my.honeywell.com/inc/styleurl.css";> > > <script language="JavaScript" > src="http://my.honeywell.com/inc/properties.js";></script> > > <script language='JavaScript' > src='http://my.honeywell.com/inc/framed.js'></script> > > <script language='JavaScript' > src='http://my.honeywell.com/inc/left_framed.js'></script> > > <!-- End of Honeywell Intranet Template Header Files --> > > > > <? include ( 'metas.php' ); ?> > > > > <script language="JavaScript" type="text/JavaScript"> > > <!-- > > function MM_reloadPage(init) { //reloads the window if Nav4 resized > > if (init==true) with (navigator) {if > ((appName=="Netscape")&&(parseInt(appVersion)==4)) { > > document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; > onresize=MM_reloadPage; }} > > else if (innerWidth!=document.MM_pgW || > innerHeight!=document.MM_pgH) > location.reload(); > > } > > MM_reloadPage(true); > > //--> > > </script> > > </head> > > > > <body> > > > > <div id="logo">Time<br />Reporting<br />System</div> > > > > <!-- Honeywell Intranet Template Top Row --> > > <script language="JavaScript" > src="http://my.honeywell.com/inc/globalnav.js";></script> > > <!-- End of Honeywell Intranet Template Top Row --> > > > > <!-- Honeywell Intranet Template Left Navigation List --> > > <script language="JavaScript" > src="http://my.honeywell.com/inc/menuload_url.js";></script> > > <script language="JavaScript"> > > // Change this value to highlight required link in menu > > if ( LoggedIn == "1" ) { > > honeywell.list.selItem=0; > > } else { > > honeywell.list.selItem=0; > > } > > </script> > > <script language="JavaScript" > src="http://my.honeywell.com/inc/leftmenu_div.js";></script> > > <!-- End of Honeywell Intranet Template Left Navigation List --> > > > > <div id="container"> > > > > <?php > > // Check for Login parameter > > if ( $_SESSION['LoggedIn'] ) { > > ?> > > > > <h3>Utilities available to <?php echo > $_SESSION['User_NAME'] ?>.</h3> > > <p><hr> > > <table bgcolor="gray" width="70%" border="0" cellspacing="4" > cellpadding="4"><tr><td> > > <p><font color="blue"><h4>OPTIONS:</h4></font><p> > > <?php > > > > > > switch ( $_SESSION['User_TYPE'] ) { > > case 'viewer': > > echo ' > > <a href="#" onclick="openwin > (\'inputer.php?user_id='.$user_id.'\',\'work\',true,700,525,15 > ,20)">Enter > time against projects.</a>'; > > echo ( is_numeric ($user_id) ) ? ' > (user_'.$user_id.' pre-selected)' : ''; > > echo ' > > </p> > > <p> > > <a href="#" onclick="openwin > (\'status.php?user_id='.$user_id.'\',\'status\',true,700,525,1 > 5,20)">View > Status reports.</a>'; > > echo ( is_numeric ($user_id) ) ? ' > (user_'.$user_id.' pre-selected)' : ''; > > echo ' > > </p><hr><p> > > '; > > echo ' > > <a href="#" onclick="openwin > (\'admin.php?user_id='.$user_id.'&admin_type=pass\',\'pass\',t rue,700,525,15 > ,20)">Change Password.</a></p> > > '; > > echo ' > > </p></table> > > '; > > break; > > > > case 'inputer': > > echo ' > > <a href="#" onclick="openwin > (\'inputer.php?user_id='.$user_id.'\',\'work\',true,700,525,15 > ,20)">Enter > time against projects.</a>'; > > echo ( is_numeric ($user_id) ) ? ' (user_'.$user_id.' > pre-selected)' : ''; > > echo ' > > </p> > > <p> > > <a href="#" onclick="openwin > (\'status.php?user_id='.$user_id.'\',\'status\',true,700,525,1 > 5,20)">View > Status reports.</a>'; > > echo ( is_numeric ($user_id) ) ? ' > (user_'.$user_id.' pre-selected)' : ''; > > echo ' > > </p><hr><p> > > '; > > echo ' > > <a href="#" onclick="openwin > (\'admin.php?user_id='.$user_id.'&admin_type=pass\',\'pass\',t rue,700,525,15 > ,20)">Change Password.</a></p> > > '; > > echo ' > > </p></table> > > <p> > > '; > > break; > > > > case 'admin': > > echo ' > > <a href="#" onclick="openwin > (\'inputer.php?user_id='.$user_id.'\',\'work\',true,700,525,15 > ,20)">Enter > time against projects.</a>'; > > echo ' > > </p> > > <p> > > <a href="#" onclick="openwin > (\'status.php?user_id='.$user_id.'\',\'status\',true,700,525,1 > 5,20)">View > Status reports.</a>'; > > echo ' > > </p><p></table><hr><p> > > '; > > echo '<p><font color="blue"><h3>Administrative > Tasks:</h3></font><p>'; > > echo ' > > <a href="#" onclick="openwin > (\'admin.php?user_id='.$user_id.'&admin_type=list\',\'list\',t rue,700,525,15 > ,20)">Search for an IDWeb User ID.</a></p></table> > > '; > > echo ' > > <a href="#" onclick="openwin > (\'admin.php?user_id='.$user_id.'&admin_type=pass\',\'pass\',t rue,700,525,15 > ,20)">Change Local User Password.</a></p> > > '; > > echo ' > > <a href="#" onclick="openwin > (\'admin.php?user_id='.$user_id.'&admin_type=type\',\'type\',t rue,700,525,15 > ,20)">Change Local User Type.</a></p> > > '; > > echo ' > > <a href="#" onclick="openwin > (\'admin.php?user_id='.$user_id.'&admin_type=new\',\'new\',tru e,700,525,15,2 > 0)">Add a New Local User.</a></p></table> > > '; > > > > break; > > > > default: > > echo ' > > <p class="errormsg">You have an > unrecognised user type. There are no utilities available to you.</p> > > '; > > } > > ?> > > <hr> > > <h4>Last Logged in on: <?php echo $_SESSION['LastLogin'] ?>.</h4> > > <?PHP > > //Save Login-Time to the User-Log table > > $now = date ('Y-m-d H:i:s'); > > $sql = "UPDATE UserLog SET LastLogin = '$now' WHERE > UserID=$user_id"; > > $rs = @mysql_query ($sql); > > > > } else { > > ?> > > > > <h3>Please login to access the Time Logging system.</h3> > > > > <form name="loginform" action="<?php echo $PHP_SELF ?>" > method="post"> > > <input type="hidden" name="task_id" value="<?php echo > $task_id ?>" /> > > <table width="550" border="0" cellspacing="0" cellpadding="4"> > > <caption><?php echo '<span > class="errormsg">'.$row->UserID.$row->UserPassword.$errormsg.'</span>' > ?></caption> > > <tr> > > <td>Username: </td> > > <td><input type="text" name="username" tabindex="1" > value="<?php > echo $username ?>" /></td> > > </tr> > > <tr> > > <td>Password: </td> > > <td><input type="password" name="passwd" tabindex="2" /></td> > > </tr> > > <tr> > > <td colspan="2"><div align="center"> > > <input type="submit" name="login" value="Click To Login" > tabindex="3" /> > > </div></td> > > </tr> > > </table> > > </form> > > > > <?php > > > > } > > // End of Check for Login parameter > > ?> > > > > <!-- Footer section - do not touch --> > > <p> > > <script language="JavaScript" > src="http://my.honeywell.com/inc/footer_url.js";></script> > > <script language="JavaScript" src="<? echo $to_root > ?>content_owner.js"></script> > > </p> > > <!-- End of Footer section - do not touch --> > > </div> > > </body> > > </html> > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
