Is the User entering these values in a form, or are you retrieving them from elsewhere?
I (and eventually other users) am entering these values in a form. Basically, it's a login in script that allows a user to access certain pages. In this case, it allows people to enter, edit and delete job ads for a small local job board.
It uses a mysql database table called
users and it consists of the following fields:
user_id, email, pass, first_name, last_name, company_name, active, registration_date
I added company_name and maybe last_name, I can't remember.
You register and an email is sent to you with a link to activate your registration. I think it changes "active" from Not Null to Null. Once activated you can login and are able to access certain pages. The main page is the add_job.php page.
We talked about the top.php page that is called on every page. It has this(condensed):
[PHP]<?php
// This page begins the HTML header for the site.
// Start output buffering.
ob_start();
// Initialize a session.
session_start();
foreach( $_POST as $_key => $_val )
{
$_SESSION[$_key] = $_val;
}
// Check for a $page_title value.
if (!isset($pagetitle))
{
$pagetitle = 'Login';
}
?>
<html><head><title>Login</title></head><body>
stuff stuff stuff
<?php
if (isset($_SESSION['user_id']) AND ( basename($_SERVER['PHP_SELF'])== 'logout.php'))
{
echo '
<a href="logout.php">Logout</a><br>
<a href="change_password.php">Change Password</a><br>
<a href="add_job.php">Post Job Ad</a><br>
';
}
else
{ // Not logged in.
echo '
<a href="register.php">Register</a><br>
<a href="login.php">Login</a><br>
<a href="forgot_password.php">Forgot Password</a><br>
';
}
?>[/PHP]
Here's the login.php:
[PHP]<?php // login.php
// This is the login page for the site.
// Include the configuration file for error management and such.
require_once ('./includes/config.inc.php');
// Set the page title and include the HTML header.
$pagetitle = 'Login';
include ('top.php');
if (isset($_POST['submitted'])) { // Check if the form has been submitted.
require_once ('./includes/mysql_connect.php'); // Connect to the database.
// Validate the email address.
if (!empty($_POST['email'])) {
$e = escape_data($_POST['email']);
} else {
echo '<p><font color="red" size="+1">You forgot to enter your email address!</font></p>';
$e = FALSE;
}
// Validate the password.
if (!empty($_POST['pass'])) {
$p = escape_data($_POST['pass']);
} else {
$p = FALSE;
echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>';
}
if ($e && $p) { // If everything's OK.
// Query the database.
$query = "SELECT * FROM users WHERE (email='$e' AND pass=SHA('$p')) AND active IS NULL";
$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());
if (@mysql_num_rows($result) == 1) { // A match was made.
// Register the values & redirect.
$row = mysql_fetch_array ($result, MYSQL_NUM);
mysql_free_result($result);
mysql_close(); // Close the database connection.
$_SESSION['first_name'] = $row[3];
$_SESSION['user_id'] = $row[0];
$_SESSION['last_name'] = $row[4];
$_SESSION['company_name'] = $row[5];
// Start defining the URL.
$url = './../register/posting_rules.php';
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
} else { // No match was made.
echo '<p><font color="red" size="+1">Either the email address and password entered do not match those on file or you have not yet activated your account.</font></p>';
}
} else { // If everything wasn't OK.
echo '<p><font color="red" size="+1">Please try again.</font></p>';
}
mysql_close(); // Close the database connection.
} // End of SUBMIT conditional.
?>
<h1>Login</h1>
<p>Your browser must allow cookies in order to log in.</p>
<form action="login.php" method="post">
<p><b>Email Address:</b><br>
<input type="text" name="email" size="45" maxlength="45" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"></p>
<p><b>Password:</b><br>
<input type="password" name="pass" size="20" maxlength="20"></p>
<div><input type="submit" name="submit" value="Login"></div>
<input type="hidden" name="submitted" value="TRUE">
</form>
<p>
Not Registered? <a href="register.php"><strong>Register Now</strong></a>
<?php
include ('bottom.php');
?>[/PHP]
add_job.php:
[PHP]<?php
//require_once ('includes/config.inc.php');
$pagetitle = 'Submit a Job Ad';
include ('top.php');
if (!isset($_SESSION['first_name'])) {
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
if ((substr($url, -1) =='/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1);
}
$url .= './../register/login.php';
header("Location: $url");
exit();
}
else
{
// Welcome the user (by name if they are logged in).
echo '<h3>Logged in as';
if (isset($_SESSION['first_name']))
{
echo " {$_SESSION['first_name']}!";
}
}
echo '</h3>';
if (isset($_SESSION['company_name']))
{
echo '<p><strong>Company Name:</strong>';
if (isset($_SESSION['company_name']))
{
echo " {$_SESSION['company_name']}";
}
}
echo '</p>';
?>
</div>
<div class="bigmain">
<h3><?php echo "$pagetitle"; ?></h3>
<?php
if (isset($_POST['submitted']))
{
include('includes/mysql_connect.php');
$job_position = mysql_real_escape_string($_POST['job_position']);
$city = mysql_real_escape_string($_POST['city']);
$display_name = mysql_real_escape_string($_POST['display_name']);
$status = mysql_real_escape_string($_POST['status']);
$content = mysql_real_escape_string($_POST['content']);
$query = "INSERT INTO jobs VALUES ('', '".$_SESSION['user_id']."', '".$_SESSION['company_name']."', '".$display_name."', '".$job_position."', '".$status."', '".$city."', '".$content."', now())";
$result = mysql_query($query) or die('Error, query failed');
if ($result)
{
echo "<br><span style='color:red'><strong>Entry Added!</strong></span><br><br><a href='add_job.php'>Enter another Job Ad</a>";
}
else
{
echo "<br><span style='color:red'><strong>There was an error! The category was not created.</strong></span>";
}
include('bottom.php'); // Include the HTML footer.
exit();
mysql_close();
}
?>
<span style="color:red; font-weight:bold">Please ensure all fields are filled in!</a></span><br><br>
<form action="add_job.php" method="post">
Which would you like to use in the main "View Jobs" window?<br>
<input type="radio" value="<?php echo "{$_SESSION['company_name']}"; ?>" name="display_name" checked><strong><?php echo "{$_SESSION['company_name']}"; ?></strong><br>
<input type="radio" value="Local Company" name="display_name"><strong>Local Company</strong><br>
<input type="radio" value="National Company" name="display_name"><strong>National Company</strong>
<br>
<br>
Job Position:<br>
<input type="text" size="35" name="job_position">
<br>
<br>
Job Status:<br>
<input type="radio" value="Full-time" name="status"checked>Full-time
<input type="radio" value="Part-time" name="status">Part-time
<input type="radio" value="Full or Part-time" name="status">Full or Part-time
<input type="radio" value="Temporary" name="status">Temporary
<br>
<br>
City the Job is located in:<br>
<input type="text" size="35" name="city">
<br>
<br>
Job Ad:<br>
<script type="text/javascript">
var oFCKeditor = new FCKeditor('content');
oFCKeditor.BasePath = "./../fckeditor/";
oFCKeditor.ToolbarSet = 'MyToolbar' ;
oFCKeditor.Height = 400 ;
oFCKeditor.Create();
</script>
<br>
<br>
<input type="submit" name="Submit" value="Submit">
<input type="hidden" name="submitted" value="TRUE">
</form>
<?php
include('bottom.php');
?>[/PHP]
config.inc.php:
[PHP]<?php # config.inc.php
// This script determines how errors are handled.
// Flag variable for site status:
$live = TRUE;
// Error log email address:
$email = 'admin@here.com';
// Create the error handler.
function my_error_handler ($e_number, $e_message, $e_file, $e_line, $e_vars) {
global $live, $email;
// Build the error message.
$message = "An error occurred in script '$e_file' on line $e_line: \n<br>$e_message\n<br>";
// Add the date and time.
$message .= "Date/Time: " . date('n-j-Y H:i:s') . "\n<br>";
// Append $e_vars to the $message.
$message .= "<pre>" . print_r ($e_vars, 1) . "</pre>\n<br>";
if ($live) { // Don't show the specific error.
error_log ($message, 1, $email); // Send email.
// Only print an error message if the error isn't a notice.
if ($e_number != E_NOTICE) {
echo '<div id="Error">A system error occurred. We apologize for the inconvenience.</div><br>';
}
} else { // Development (print the error).
echo '<div id="Error">' . $message . '</div><br>';
}
} // End of my_error_handler() definition.
// Use my error handler.
set_error_handler ('my_error_handler');
?>[/PHP]
I believe this script sends out an email to the user whenever someone in Greenland sneezes. I don't know how it is doing it but I would like to stop it from sending an email to the user. If there is an error it can email me (the admin) a message but not the user. The emails usually contain an error message about an undefined input in the form. I was putting [PHP]value="</php echo $_POST['content']; ?>"[/PHP] in the inputs with the hopes of being able to do some blank field error checking and when the back button was pressed to correct mistakes, the user wouldn't have to re-enter in the information in the field. It didn't work of course, and I was getting an email for each error, usually about 3 each time I submitted a job ad. So I removed them.
I don't remember where I got this register and login script from, but here's basically what you have:
register.php
activate.php
login.php
index.php
logout.php
top.php (may have been header.php at one time and in includes folder)
bottom.php (may have been footer.php at one time and in includes folder)
and an include folder with:
mysql_connect.php
config.inc.php
This was on the login.php page:
[PHP]$query = "SELECT user_id, first_name FROM users..."
// Register the values & redirect.
$row = mysql_fetch_array ($result, MYSQL_NUM);
mysql_free_result($result);
mysql_close(); // Close the database connection.
$_SESSION['first_name'] = $row[1];
$_SESSION['user_id'] = $row[0];[/PHP]
It only pulled the user_id and first_name from the database and registered them, so I changed it to this::
[PHP]$query = "SELECT * FROM users..."
// Register the values & redirect.
$row = mysql_fetch_array ($result, MYSQL_NUM);
mysql_free_result($result);
mysql_close(); // Close the database connection.
$_SESSION['first_name'] = $row[3];
$_SESSION['user_id'] = $row[0];
$_SESSION['last_name'] = $row[4];
$_SESSION['company_name'] = $row[5];[/PHP]
I deduced that $row was the database table row. I'm sure that there are better registration and login scripts out there and it would be helpful if someone could point to one for me. But, it seems to be working for now.
I would like to be able to assign the information entered into the form as a session variable so that I could institute some kind of blank field checking. It would be nice if the user didn't have to re-enter in what they've already entered in correctly when they're sent bacj to correct mistakes. I'll look into it.
Thanks