8O
My apologies for the sloppy code; I'm new to PHP and programming more generally. But I'm having fun anyway. On to my issue....I've sort of begun to grasp the idea behind Sessions and have managed to pass some data between two PHP pages (Globals are off on the server that I'm using). I'm having difficulty, however, when I attempt to get back to the page below.
Here is the script for the "login.php"page:
<?
session_start();
$username = $_POST['username']; //should I move these
$userpassword = $_POST['userpassword'];
$_SESSION['sessionid']=$username; include 'date.inc';
$connection = mysql_connect($host, $user, $password)
or die ("<h3><b>Host Connection Failed</b></h3>");
$db = mysql_select_db($database,$connection)
or die ("<h3><b>Database Connection Failed</b></h3>");
$Check = mysql_query("SELECT * FROM ReviewerInfo where username='".$username."' and password='".$userpassword."'");
if(!$Check)
die(mysql_error());
// was it correct?
$exist = mysql_num_rows($Check);
if($exist > 0)
{
echo "You are now logged in! Click the \"Update\" button below to update your information<br><br>";
$row = mysql_fetch_array($Check);
extract ($row);
echo "<table><form action='loginupdate.php' method='POST'>
<tr> \n
<td>Logon Id:</td>
<td><INPUT TYPE='text' NAME='UserName' Value=$UserName></td> \n
</tr>
<tr>
<td>Password:</td>
<td><INPUT TYPE='password' NAME='userpassword' Value=$userpassword></td>
</tr><tr>
<td>First Name:</td>
<td><INPUT TYPE='text' NAME='firstname' Value=$FirstName></td>
</tr><tr>
<td>Last Name:</td>
<td><INPUT TYPE='text' NAME='lastname' Value=$LastName></td>
</tr><tr>
<td>Email:</td>
<td><INPUT TYPE='text' NAME='email' Value=$Email></td>
</tr>
<td><INPUT TYPE='hidden' NAME='userid' Value=$ReviewerID></td>
</table>";
echo "<form action='loginupdate.php' method='POST'>
<INPUT TYPE='Submit' NAME='back' VALUE='Update Info'>
</form>";
}
else
{
echo "Invalid data...";
}
?>
And Here is the script for the page that updates the information:
<?
session_start();
$_SESSION['sessionid'];
$userpassword = $_POST['userpassword'];
$username = $_SESSION['username'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$userid = $_POST['userid'];
$email = $_POST['email'];
include 'date.inc'; // my connection stuff
$connection = mysql_connect($host, $user, $password)
or die ("<h3><b>Host Connection Failed</b></h3>");
$db = mysql_select_db($database,$connection)
or die ("<h3><b>Database Connection Failed</b></h3>");
$query = mysql_query("UPDATE ReviewerInfo SET username='".$username."', password='".$userpassword."',
firstname='".$firstname."', lastname='".$lastname."', email='".$email."'
WHERE ReviewerInfo.ReviewerID = '".$userid."'");
if(!$query)
die(mysql_error());
echo "Update successful. <br> <form action='login.php' method='POST'>
<INPUT TYPE='Submit' NAME='back' VALUE='BACK'>
</form>";
?>
The problem that I have is that the submit button takes me back to the preceeding page but the $username and $userpassword variables are not recognized. That is, the program defaults to the 'invalid info' warning. Perhaps I'm resetting the values with the two $_POST's at the top? :wink: I know I'm not using the session exactly right and that doing this would probably fix the problem.
Finally, my update query does update, but I'm getting weird results, par for the course I suppose. I think it has something to do with using the $user name as the session ID. In any case, with the $_SESSION AND $_POST as they are in this last script, I am unable to update the username field. I put a name in the box and the query will not update it.
Obviously, I have major validation/security/(lots of other stuff) issues and would like to get this resolved as well once I get this first problem resolved.
I'll thank you in advance. I really appreciate this forum; I've already learned a lot over the course of the past couple of weeks, much do to the posts contained herein. Thanks!!!!
