Recalling stored session values

I realize what I wrote above is confusing, so I'll try to make it more understandable.

My website allows for local job posting. Before someone can post an ad they have to register and log in. If the login is successful they are directed to a form where they can enter in their job information. The fields below are in the users database:
user_id
email
pass
first_name
last_name
company_name
active
registration_date

The jobs database has:
user_id
display_name (radio button options are - *see below, Local Company or National Company)
job_position
job_status (Full-time, Part-time, Full or Part-time, Temporary)
city
content

*[PHP]value="<?php echo "{$_SESSION['company_name']}"; ?>", [/PHP]

On the top of my Job Submit form I have this:
[PHP]<?php
require_once ('includes/config.inc.php');
include ('top.php'); //starts the session with session_start();

// Welcome the user (by name if they are logged in).
echo '<h1>Welcome';
if (isset($_SESSION['first_name'])) {
echo ", {$_SESSION['first_name']}!";
}
echo '</h1>';
?>[/PHP]

The first_name is registered, but how do I register the user_id and company_name without echo-ing it in the same breath. Instead, I want to echo company_name later in the form field "display_name".

And would I pass along the user_id in a hidden field like this:

Heya, David.

Session variables are persistent. Regardless of where on the page you use them, once you set them, they are defined until you unset them (or the session is destroyed, for example, if the User leaves and doesn't come back for 3 years).

You don't need to use hidden form inputs to 'save' session variables.

As long as you call session_start() at the top of each page (which it seems you do in top.php), you can reference any session variable anywhere you want.

To set a session variable, simply:
For example:

So I set the session variables like this:
[PHP]$_SESSION['user_id']=$user_id;
$_SESSION['company_name'] = $company_name;[/PHP]

I'm sorry, I don't understand how to use this:
[PHP]foreach( $_POST as $_key => $_val )
{
$_SESSION[$_key] = $_val;
}[/PHP]
Where would I put this and how would $_key and $_val be replaced with my information?

I have this on top of my form page. It does check to see if the first_name is set and if not takes you to the login page. But it did not grab the other information, i.e. user_id and company_name.

My seesion must be set to expire after a certain period of time, because I didn't log off but it dropped me. This is also in the top.php:
[PHP]<?php
if (isset($_SESSION['user_id']) AND (substr($_SERVER['PHP_SELF'], -10) != 'logout.php'))
{
echo '
<a href="logout.php">Logout</a><br><br>
<a href="change_password.php">Change Password</a><br>
';

} else

{ // Not logged in.

echo '
<a href="register.php">Register</a><br>
<a href="login.php">Login</a><br>
<a href="forgot_password.php">Forgot Password</a><br>
';
}
?>[/PHP]


Also, how would I add the session user_id into the query to add information into the database:
[PHP]$query = "INSERT INTO $table VALUES ('', '".$user_id."', '".$display_name."', '".$job_position."', '".$status."', '".$city."', '".$content."')";[/PHP]

This isn't working:
[PHP]<input type=hidden name="user_id" value="<?php echo $_SESSION['user_id'] ?>">

<input type="radio" value="<?php echo $_SESSION['company_name'] ?>" name="display_name" checked><?php echo $_SESSION['company_name'] ?>[/PHP]

Session names are showing up in form.

I put this in top.php under session start:
[PHP]$_SESSION['user_id'] = $user_id;
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['company_name'] = $company_name;[/PHP]

Diesn't seem to be doing much good though.

Heya, David.

Real quick:
works, but perhaps you'd find this to be easier to manage:
Now then.

If you put this at the top of your page:
PHP will run through $_POST, and for each element, it will assign the key to $_key and the value to $_val. Then it will assign $_val to $_SESSION[$_key].

In other words, it copies each variable in $_POST to $_SESSION.

For more information, check out this page.

The problem with doing this:
Is that $user_id and $company_name are undefined.

Now on the other hand, you could do this...
But then you might as well do this:

OK, I now have this at the top of top,php:
[PHP]<?php
// This page begins the HTML header for the site.

// Start output buffering.
ob_start();
// Initialize a session.
session_start();

foreach( $_POST as $_key => $_val )
{
$_SESSION[$_key] = $_val;
}


// Check for a $page_title value.
if (!isset($pagetitle)) {
$pagetitle = 'Login';
}
?>[/PHP]

On the login.php pahe there is this:
[PHP]// Query the database.
$query = "SELECT user_id, first_name FROM users WHERE (email='$e' AND pass=SHA('$p')) AND active IS NULL";
$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());


if (@mysql_num_rows($result) == 1) { // A match was made.

// Register the values & redirect.
$row = mysql_fetch_array ($result, MYSQL_NUM);
mysql_free_result($result);
mysql_close(); // Close the database connection.
$_SESSION['first_name'] = $row[1];
$_SESSION['user_id'] = $row[0];[/PHP]
So logging in pulls the session information from the users database and here sets the session variable for first_name and user_id. I don't understand the $row[1] and $row[0], though.

If "all" the session variables are being set with:
[PHP]foreach( $_POST as $_key => $_val )
{
$_SESSION[$_key] = $_val;
}[/PHP]

Then why can't I get them to display in my job-submit form?
[PHP]<input type=hidden name="user_id" value="<?php echo $_SESSION['user_id'] ?>">

<input type="radio" value="<?php echo $_SESSION['company_name'] ?>" name="display_name" checked><?php echo $_SESSION['company_name'] ?><br>[/PHP]

I've also tried this:
[PHP]foreach( $_POST as $_key => $_val )
{
$_SESSION[$_key] = $_val;
}


$_SESSION['user_id'] = $user_id;
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['company_name'] = $company_name;[/PHP]
But it isn't working.

The only session variable I'm able to get is first_name. And to get that I have to use this:
[PHP]if (!isset($_SESSION['first_name'])) {
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
if ((substr($url, -1) =='/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1);
}
$url .= './../register/login.php';
header("Location: $url");
exit();
}
else
{

// Welcome the user (by name if they are logged in).
echo '<h1>You\'re logged in as';

if (isset($_SESSION['first_name']))
{
echo " {$_SESSION['first_name']}!";
}
}

echo '</h1>';[/PHP]
I'm going to have to isset the session variable user_id and company_name and echo it in the same line, as above before it'll display I guess.

It may be that my server uses an older version of php (PHP Version 4.3.11) than what is needed to get this to work properly.

Apparently, whenever there is an error I get an email - I've received a BUNCH of them. Along with a plethora of other information it gives me this:
[PHP][cookname] => David
[cookid] => bunch of numbers
[PHPSESSID] => bunch of numbers[/PHP]
It doesn't give me the other variables - last_name and company_name, so maybe they're aren't registering.

These emails are coming to me at my user email. I've got to change this somehow so that it comes to me "the admin" instead of to the user. It contains a bunch of information about my server and website.

Heya, David.

Is the User entering these values in a form, or are you retrieving them from elsewhere?

Is the User entering these values in a form, or are you retrieving them from elsewhere?

I (and eventually other users) am entering these values in a form. Basically, it's a login in script that allows a user to access certain pages. In this case, it allows people to enter, edit and delete job ads for a small local job board.

It uses a mysql database table called users and it consists of the following fields:
user_id, email, pass, first_name, last_name, company_name, active, registration_date

I added company_name and maybe last_name, I can't remember.

You register and an email is sent to you with a link to activate your registration. I think it changes "active" from Not Null to Null. Once activated you can login and are able to access certain pages. The main page is the add_job.php page.

We talked about the top.php page that is called on every page. It has this(condensed):
[PHP]<?php
// This page begins the HTML header for the site.

// Start output buffering.
ob_start();
// Initialize a session.
session_start();

foreach( $_POST as $_key => $_val )
{
$_SESSION[$_key] = $_val;
}

// Check for a $page_title value.
if (!isset($pagetitle))
{
$pagetitle = 'Login';
}
?>

<html><head><title>Login</title></head><body>
stuff stuff stuff

<?php
if (isset($_SESSION['user_id']) AND ( basename($_SERVER['PHP_SELF'])== 'logout.php'))
{
echo '
<a href="logout.php">Logout</a><br>
<a href="change_password.php">Change Password</a><br>
<a href="add_job.php">Post Job Ad</a><br>
';
}
else
{ // Not logged in.
echo '
<a href="register.php">Register</a><br>
<a href="login.php">Login</a><br>
<a href="forgot_password.php">Forgot Password</a><br>
';
}
?>[/PHP]

Here's the login.php:
[PHP]<?php // login.php
// This is the login page for the site.

// Include the configuration file for error management and such.
require_once ('./includes/config.inc.php');

// Set the page title and include the HTML header.
$pagetitle = 'Login';
include ('top.php');

if (isset($_POST['submitted'])) { // Check if the form has been submitted.

require_once ('./includes/mysql_connect.php'); // Connect to the database.

// Validate the email address.
if (!empty($_POST['email'])) {
$e = escape_data($_POST['email']);
} else {
echo '<p><font color="red" size="+1">You forgot to enter your email address!</font></p>';
$e = FALSE;
}

// Validate the password.
if (!empty($_POST['pass'])) {
$p = escape_data($_POST['pass']);
} else {
$p = FALSE;
echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>';
}

if ($e && $p) { // If everything's OK.

// Query the database.
$query = "SELECT * FROM users WHERE (email='$e' AND pass=SHA('$p')) AND active IS NULL";
$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());

if (@mysql_num_rows($result) == 1) { // A match was made.

// Register the values & redirect.
$row = mysql_fetch_array ($result, MYSQL_NUM);
mysql_free_result($result);
mysql_close(); // Close the database connection.
$_SESSION['first_name'] = $row[3];
$_SESSION['user_id'] = $row[0];
$_SESSION['last_name'] = $row[4];
$_SESSION['company_name'] = $row[5];

// Start defining the URL.
$url = './../register/posting_rules.php';

ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.

} else { // No match was made.
echo '<p><font color="red" size="+1">Either the email address and password entered do not match those on file or you have not yet activated your account.</font></p>';
}

} else { // If everything wasn't OK.
echo '<p><font color="red" size="+1">Please try again.</font></p>';
}

mysql_close(); // Close the database connection.
} // End of SUBMIT conditional.
?>

<h1>Login</h1>

<p>Your browser must allow cookies in order to log in.</p>
<form action="login.php" method="post">

<p><b>Email Address:</b><br>
<input type="text" name="email" size="45" maxlength="45" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"></p>

<p><b>Password:</b><br>
<input type="password" name="pass" size="20" maxlength="20"></p>

<div><input type="submit" name="submit" value="Login"></div>
<input type="hidden" name="submitted" value="TRUE">
</form>

<p>
Not Registered? <a href="register.php"><strong>Register Now</strong></a>

<?php
include ('bottom.php');
?>[/PHP]

add_job.php:
[PHP]<?php
//require_once ('includes/config.inc.php');
$pagetitle = 'Submit a Job Ad';
include ('top.php');


if (!isset($_SESSION['first_name'])) {
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
if ((substr($url, -1) =='/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1);
}
$url .= './../register/login.php';
header("Location: $url");
exit();
}
else
{


// Welcome the user (by name if they are logged in).
echo '<h3>Logged in as';

if (isset($_SESSION['first_name']))
{
echo " {$_SESSION['first_name']}!";
}
}

echo '</h3>';


if (isset($_SESSION['company_name']))
{
echo '<p><strong>Company Name:</strong>';
if (isset($_SESSION['company_name']))
{
echo " {$_SESSION['company_name']}";
}
}
echo '</p>';
?>

</div>

<div class="bigmain">

<h3><?php echo "$pagetitle"; ?></h3>

<?php

if (isset($_POST['submitted']))
{

include('includes/mysql_connect.php');


$job_position = mysql_real_escape_string($_POST['job_position']);
$city = mysql_real_escape_string($_POST['city']);
$display_name = mysql_real_escape_string($_POST['display_name']);
$status = mysql_real_escape_string($_POST['status']);
$content = mysql_real_escape_string($_POST['content']);

$query = "INSERT INTO jobs VALUES ('', '".$_SESSION['user_id']."', '".$_SESSION['company_name']."', '".$display_name."', '".$job_position."', '".$status."', '".$city."', '".$content."', now())";
$result = mysql_query($query) or die('Error, query failed');
if ($result)
{
echo "<br><span style='color:red'><strong>Entry Added!</strong></span><br><br><a href='add_job.php'>Enter another Job Ad</a>";
}
else
{
echo "<br><span style='color:red'><strong>There was an error! The category was not created.</strong></span>";
}

include('bottom.php'); // Include the HTML footer.
exit();
mysql_close();
}
?>


<span style="color:red; font-weight:bold">Please ensure all fields are filled in!</a></span><br><br>

<form action="add_job.php" method="post">

Which would you like to use in the main "View Jobs" window?<br>
<input type="radio" value="<?php echo "{$_SESSION['company_name']}"; ?>" name="display_name" checked><strong><?php echo "{$_SESSION['company_name']}"; ?></strong><br>
<input type="radio" value="Local Company" name="display_name"><strong>Local Company</strong><br>
<input type="radio" value="National Company" name="display_name"><strong>National Company</strong>

<br>
<br>

Job Position:<br>
<input type="text" size="35" name="job_position">

<br>
<br>

Job Status:<br>
<input type="radio" value="Full-time" name="status"checked>Full-time&nbsp;&nbsp;&nbsp;
<input type="radio" value="Part-time" name="status">Part-time&nbsp;&nbsp;&nbsp;
<input type="radio" value="Full or Part-time" name="status">Full or Part-time&nbsp;&nbsp;&nbsp;
<input type="radio" value="Temporary" name="status">Temporary

<br>
<br>

City the Job is located in:<br>
<input type="text" size="35" name="city">

<br>
<br>

Job Ad:<br>
<script type="text/javascript">
var oFCKeditor = new FCKeditor('content');
oFCKeditor.BasePath = "./../fckeditor/";
oFCKeditor.ToolbarSet = 'MyToolbar' ;
oFCKeditor.Height = 400 ;
oFCKeditor.Create();
</script>

<br>
<br>

<input type="submit" name="Submit" value="Submit">
<input type="hidden" name="submitted" value="TRUE">
</form>

<?php
include('bottom.php');
?>[/PHP]

config.inc.php:
[PHP]<?php # config.inc.php

// This script determines how errors are handled.

// Flag variable for site status:
$live = TRUE;

// Error log email address:
$email = 'admin@here.com';

// Create the error handler.
function my_error_handler ($e_number, $e_message, $e_file, $e_line, $e_vars) {

global $live, $email;

// Build the error message.
$message = "An error occurred in script '$e_file' on line $e_line: \n<br>$e_message\n<br>";


// Add the date and time.
$message .= "Date/Time: " . date('n-j-Y H:i:s') . "\n<br>";


// Append $e_vars to the $message.
$message .= "<pre>" . print_r ($e_vars, 1) . "</pre>\n<br>";


if ($live) { // Don't show the specific error.

error_log ($message, 1, $email); // Send email.

// Only print an error message if the error isn't a notice.
if ($e_number != E_NOTICE) {
echo '<div id="Error">A system error occurred. We apologize for the inconvenience.</div><br>';
}

} else { // Development (print the error).
echo '<div id="Error">' . $message . '</div><br>';
}

} // End of my_error_handler() definition.

// Use my error handler.
set_error_handler ('my_error_handler');
?>[/PHP]
I believe this script sends out an email to the user whenever someone in Greenland sneezes. I don't know how it is doing it but I would like to stop it from sending an email to the user. If there is an error it can email me (the admin) a message but not the user. The emails usually contain an error message about an undefined input in the form. I was putting [PHP]value="</php echo $_POST['content']; ?>"[/PHP] in the inputs with the hopes of being able to do some blank field error checking and when the back button was pressed to correct mistakes, the user wouldn't have to re-enter in the information in the field. It didn't work of course, and I was getting an email for each error, usually about 3 each time I submitted a job ad. So I removed them.

I don't remember where I got this register and login script from, but here's basically what you have:
register.php
activate.php
login.php
index.php
logout.php
top.php (may have been header.php at one time and in includes folder)
bottom.php (may have been footer.php at one time and in includes folder)

and an include folder with:
mysql_connect.php
config.inc.php


This was on the login.php page:
[PHP]$query = "SELECT user_id, first_name FROM users..."

// Register the values & redirect.
$row = mysql_fetch_array ($result, MYSQL_NUM);
mysql_free_result($result);
mysql_close(); // Close the database connection.
$_SESSION['first_name'] = $row[1];
$_SESSION['user_id'] = $row[0];[/PHP]
It only pulled the user_id and first_name from the database and registered them, so I changed it to this::
[PHP]$query = "SELECT * FROM users..."

// Register the values & redirect.
$row = mysql_fetch_array ($result, MYSQL_NUM);
mysql_free_result($result);
mysql_close(); // Close the database connection.
$_SESSION['first_name'] = $row[3];
$_SESSION['user_id'] = $row[0];
$_SESSION['last_name'] = $row[4];
$_SESSION['company_name'] = $row[5];[/PHP]

I deduced that $row was the database table row. I'm sure that there are better registration and login scripts out there and it would be helpful if someone could point to one for me. But, it seems to be working for now.

I would like to be able to assign the information entered into the form as a session variable so that I could institute some kind of blank field checking. It would be nice if the user didn't have to re-enter in what they've already entered in correctly when they're sent bacj to correct mistakes. I'll look into it.

Thanks

Heya, David.

Ah. Now I see what you're saying.

In which case, you'll definitely NOT want to use this code:
I thought you were trying to save form data into the _SESSION instead of the other way around.

Now then. You should be good to go by setting the value attribute of your hidden inputs... but consider that since they're already stored in the session, you don't even need to do that....

I've made an edit_jobs.php script that I'm having problems with. The first has to do with a "{" that the script is getting hung up on. I'll post it in just a few minutes along with the line that it's on, to see if someone can spot the problem.

But keeping with what I've posted thus far... you've seen the config.inc.php file and others, can you tell me how I can turn off the emailing of error messages to the user? These emails contain information about my server and besides, they're unprofessional.

I remembered where I got this login script. The book - "PHP and MYSQL for Dynamic Websites Second Edition".

I still need to stop that email bombardment I'm getting, but until a solution comes I'll move onto the edit_jobs.php page.

I did away with the "{" and "}" between the if and elseif statements in the script, and I was able to progress on to other problems. For now it concerns the FCKeditor WYSIWYG editor I'm using in both the add_job.php and edit_jobs.php pages.

I'm pulling information from a mysql database like so:
[PHP]oFCKeditor.Value = "<?php echo $content; ?>" ;[/PHP]

The information is being drawn out (seen from View Source) but it isn't being displayed. Now, from the View Source the information appears as it does in the database with the HTML characters. I'm hoping that I can get this displayed for editing purposes as WYSIWYG.

The javascript error message I'm getting is this:
Line: 296
Char: 107
Error: Unterminated string constant

Which is at the end of: oFCKeditor.Value = "

It is looking for the "; at the end of that line and it isn't there because of the information drawn out of the database.

I'm using the javascript version of FCKeditor because I couldn't get the php version to work. Appearantly, the javascript isn't recognizing the $content information as a continuous input.

How can I fix this so that it will not only display, but do so in WYSIWYG format? Anyone have any experience with FCKeditor?

Heya, David.

Try running $content through addslashes():

I tried it, but I got the same results.

When I discovered fckeditor I thought "This is great!" What a great tool for users to be able to give their message some styling. It puts information into the database great, but you can't edit the information with it.

What WYSIWYG editor does this forum use? It obviously puts info into the database and allows you to pull it back out in WYSIWYG format and allows you to edit it. This is what I would like for people to be able to do on my website.

Heya, David.

Are there any newline characters in $content? You'll need to escape those as well.

This will put a slash in front of all newline characters in $content.

I was using the javascript version of fckeditor and it wouldn't work with line breaks or something, so I switched over to the php version and it's working fine.

I would like to get back to my getting a bunch of error emails from the config.php script in this Registration / Login system. I've been able to fix some of the problems, but one is still a major source of pain. I'll get several emails regarding errors on different pages but they all refer to this:

Undefined variable: SCRIPT_URL

And this comes from the main function.php page and it concerns the breadcrumb navigation script:
[PHP]breadCrumb($SCRIPT_URL);[/PHP]

The functions.php file is called on all pages, including the ones inside the register folder where all my registration and login files or located. This is why I get an error email every time a access a page in this folder.

What does the Undefined variable: SCRIPT_URL message mean? And how can I define it or fix it so that these emails will stop?

Here is the breadcrumb.php file:
[PHP]
<?php
function breadCrumb($PATH_INFO) {
global $page_title, $root_url;

// Remove these comments if you like, but only distribute
// commented versions.

// Replace all instances of _ with a space
$PATH_INFO = str_replace("_", " ", $PATH_INFO);
// split up the path at each slash
$pathArray = explode("/",$PATH_INFO);

// Initialize variable and add link to home page
if(!isset($root_url)) { $root_url=""; }
$breadCrumbHTML = '<a href="'.$root_url.'/" title="Home Page">Home</a> &gt; ';

// initialize newTrail
$newTrail = $root_url."/";

// starting for loop at 1 to remove root
for($a=1;$a<count($pathArray)-1;$a++) {
// capitalize the first letter of each word in the section name
$crumbDisplayName = ucwords($pathArray[$a]);
// rebuild the navigation path
$newTrail .= $pathArray[$a].'/';
// build the HTML for the breadcrumb trail
$breadCrumbHTML .= '<a href="'.$newTrail.'">'.$crumbDisplayName.'</a> &gt; ';
}
// Add the current page
if(!isset($page_title)) { $page_title = "Current Page"; }
$breadCrumbHTML .= '<strong>'.$page_title.'</strong>';

// print the generated HTML
print($breadCrumbHTML);

// return success (not necessary, but maybe the
// user wants to test its success?
return true;
}

?>[/PHP]

Heya, David.

Use $_SERVER['SCRIPT_URL'] instead.

That made my breadcrumb disappear.

I just commented out the send email function in the config.inc.php file so it would stop sending me those blasted error emails. I was getting several hundred a day. I don't know what Larry Ullman was thinking when he came up with that piece of work.

It would be OK if it were a major error or problem that was being emailed, but this thing would send a separate email for every little thing. Like this:
[PHP]if($_GET["cmd"]=="edit" || $_POST["cmd"]=="edit")[/PHP]

I would get an error email saying - undefined: cmd

cmd comes from this:
[PHP]if(!isset($cmd))
{
stuff stuff stuff
<a href='edit_jobs.php?cmd=edit&id=$id'> Edit </a>[/PHP]

And I've already mentioned the one about the breadcrumb url. Anywho, there's more problems out there yet to be discovered and conquered. So off I go - HI-HO, HI-HO...

Thanks for the help.

David