Copy variable across URLs 1

Sitehelp · Feb 4, 2004

If anyone can help with this I would be SOOO appreciative!

I am creating an online Help System using Dreamweaver MX, and I am creating it using PHP. Up until now all was going fine. The user can log in and it verifies their password in the database and then copies the clientID into the URL so it can be retrieved on the next page, however, once you have logged in I want it to be able to recognise the user on all the pages thus needing the ClientID to pass through all the URLs, or at least I presume this is the best and easiest way. I can get it through to one, when copying from the log in to the next page, as its done through a submit button, but cannot copy it to the other pages at all. I have imported buttons from Fireworks and created a navigation bar with them, which is in JavaScript I believe. Any ideas how I could get these buttons to copy the ClientID from the URL into the next URL when I click a link. I am using Dreamweaver MX by the way, if that makes any difference. Any help will be MUCH appreciated, hope this all made sense!!!!

Sitehelp · Feb 5, 2004

Sorry abour that I sent the wrong code! I meant to send:

if (!isset($_SESSION['ClientID'])&& isset($_POST['ClientID'])){

$SQL = "SELECT ClientID FROM clientinfo
WHERE ClientID ='".$_POST['$ClientID']."'
AND Cpassword = '".$_POST['$fPassword']."'";
$result = mysql_query($SQL) OR die("Error: MySQL said ".mysql_error());
$row = mysql_fetch_assoc($result);

if ($row['num'] == 1)
header("location:

http://localhost/project/User

Logged In/WelcomeUserPage.php&quot

;
} else {
print "Details either incorrect or not submitted";
$_SESSION['ClientID'] = $_POST['ClientID'];

Its posting through to the next page regardless of whether the SQL is correct? any ideas?

DRJ478 · Feb 5, 2004

It's always a good idea to inspect what the vars actually are.
Insert a print_r statement for the POST and SESSION vars at the top of the script:

Code:

print &quot;<pre>&quot;;
print_r($_POST);
print_r($_SESSION);
print &quot;</pre>&quot;;

This will dump all vars in the specified arrays. You could see all globals and superglobals by print_r($GLOBALS) - that will show you the entire environment your script is working in.
See if the values you expect are there. Let's go from here.

Sitehelp · Feb 5, 2004

ok I have inserted the print_r statements just above the code I printed out in the last message. Its returning:

Array
(
)

I presume values are supposed to be shown? I have used print_r($GLOBALS) which does return the whole scripting environment (can paste in if easier?). My code now looks like:

<?php require_once('../Connections/MARTIN.php'); ?>
<?php
if ((isset($HTTP_POST_VARS["MM_insert"])) && ($HTTP_POST_VARS["MM_insert"] == "form3&quot

) {
$insertSQL = sprintf("INSERT INTO loggedindetails (ClientID) VALUES (%s)",
GetSQLValueString($HTTP_POST_VARS['ClientID'], "text&quot

);

mysql_select_db($database_MARTIN, $MARTIN);
$Result1 = mysql_query($insertSQL, $MARTIN) or die(mysql_error());

if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $HTTP_SERVER_VARS['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}

$colname_Recordset1 = "1";
if (isset($HTTP_GET_VARS['ClientID'])) {
$colname_Recordset1 = (get_magic_quotes_gpc()) ? $HTTP_GET_VARS['ClientID'] : addslashes($HTTP_GET_VARS['ClientID']);
}
mysql_select_db($database_MARTIN, $MARTIN);
$query_Recordset1 = sprintf("SELECT ClientID FROM clientinfo WHERE ClientID = '%s'", $colname_Recordset1);
$Recordset1 = mysql_query($query_Recordset1, $MARTIN) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
print "<pre>";
print_r($_POST);
print_r($_SESSION);
print "</pre>";
//print_r($GLOBALS);
# check if not logged in
if (!isset($_SESSION['ClientID'])&& isset($_POST['ClientID'])){

$SQL = "SELECT ClientID, cpassword FROM clientinfo
WHERE ClientID ='".$_POST['$ClientID']."'
AND cpassword = '".$_POST['$fpassword']."'";

$result = mysql_query($SQL) OR die("Error: MySQL said ".mysql_error());
$row = mysql_fetch_assoc($result);

// if num is 1 -> go ahead, 0 -> wrong pw/user
if ($row['num'] == 1)
header("location:

http://localhost/project/User

Logged In/WelcomeUserPage.php?ClientID=".$HTTP_POST_VARS['ClientID']."&quot

;
// ... redirect to destination ...
} else {
print "Details either incorrect or not submitted";
// ... error message, try again ...
} // $_SESSION['ClientID'] = $_POST['ClientID'];

// ... database code here ...
# if user ok
$_SESSION['ClientID'] = $_POST['ClientID'];

# now redirect

# form was not posted -> draw it
//print "<html><body>\n";
//print '<form name="login" action="'.$_SERVER[PHP_SELF].'" method="post">';
//print 'Username : <input type="text" name="ClientID"><br>';
//print 'Password : <input type="password" name="fpassword"><br>';
//print '<input type="submit" value="Submit"></form></body></html>';

//elseif ($num ==1)
//header ("location: User Section/UserHomePage.php&quot

;
// else
// $message = "<i>The details you have entered are incorrect";
//}
//$sql = "SELECT password FROM clientinfo // 26
// WHERE password=password('$fpassword')";
// $result2 = mysql_query($sql)
// or die("Couldn't execute query.&quot

;
// $num2 = mysql_num_rows($result2);
// if ($num2 > 0)
// header("location: AccessHomePage (user)/test1.htm&quot

{
$auth="yes";
$logname=$fusername;
$today = date("Y-m-d h:m:s&quot

;
$sql = "INSERT INTO Login (ClientID,LoginTime)
VALUES ('$logname','$today')";
mysql_query($sql) or die("Can't execute query.&quot

;
}
// else
// {
// unset($do); // 44
//$message="The Login Name, '$fusername' exists, // 45
// but you have not entered the correct
// password! Please try again.<br>";
// }
// }
// elseif ($num == 0) // login name not found // 51
// {
// unset($do); // 53
// $message = "The Login Name you entered does not
// exist! Please try again.<br>";
// }
//break; // 58

?>

<html>
<head>

<title>Untitled Document</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">


<script language="JavaScript" type="text/JavaScript">

</script>
</head>

<body>
<p><img src="Sites%20Title%20Border.png" width="799" height="89"></p>
<p align="justify">Welcome to the new IT Help-Online web site. In order to process
your request quickly and efficiently could you please enter your details in
below. If you are a new user please click <a href="New User Details/NewUserDetails.php" target="_top">here</a>.</p>
<p align="justify"> </p>
<p align="justify"> </p>
<form method="post" name="form3" onReset="MM_displayStatusMsg('Please enter your ClientID and Password');return document.MM_returnValue">

<table border="0" align="center">
<?php // 23
if (isset($message))
echo "<tr><td colspan='2'>$message </td></tr>";
?>

<tr>
<td align=right><b>ClientID</b></td>
<td><input name="ClientID" type="text" id="ClientID" onFocus="MM_displayStatusMsg('Please enter your ClientID and Password');return document.MM_returnValue" onSelect="MM_displayStatusMsg('Please enter your ClientID and Password');return document.MM_returnValue" size="20" maxlength="100" maxsize="20">
</td>
</tr>
<tr>
<td width="120" align="right"><b>Password</b></td>
<td><input name="fpassword" type="password"
size="20" maxlength="100" maxsize=" `20"></td>
</tr>
<tr>
<td align="center" colspan="2"> <br> <input type="submit" name="log" value="Submit">
<input type="reset" name="Reset" value="Reset"></td>
</tr>
</table>

</form>
<p align="justify"> </p>
<p align="justify"> </p>
<p align="justify"> </p>
<p>Administrators log on <a href="Staff&Admin%20Login%20Page/Staff&Admin%20Login%20Page.php">here</a></p>
</body>
</html>
<?php
mysql_free_result($Recordset1);
?>

This is the whole thing!

Chacalinc · Feb 5, 2004

Hi, I'm back.

I going to put you an example I made to undestarnd -time ago- the sessions (no DB, sorry, but you can modify it).

Code:

1. ---------- login.html ------------------
<html>
<head>
<title>Login Page</title>
</head>
<body>
<form method=post action=login.php>
User:
<input type=text name=user>
<br>
Password:
<input type=password name=pwd>
<br>
<input type=submit value=&quot;Login!&quot;>
</form>
</body>
</html>

2. ----------- login.php ------------------
<?php
	session_start();
	$user=$_POST[&quot;user&quot;];
	$pwd=$_POST[&quot;pwd&quot;];

	if (($user == &quot;Chacal&quot;) && ($pwd == &quot;admin&quot;))
	{
		$_SESSION['nombre']=&quot;Victor Cuevas D.&quot;;
		$_SESSION['logged']=&quot;Si&quot;;
		header(&quot;Location: index.php&quot;);
	} else
		header(&quot;Location: login.html&quot;);
?>

3. ------------ index.php ----------------
<?php
	session_start();
	
	include_once(&quot;control.php&quot;);

	if (!is_logged())
	{
		header(&quot;Location: login.html&quot;);
		exit(0);
	}
	echo &quot;Hola we'on..&quot; . $_SESSION[&quot;nombre&quot;] .&quot;<br>\n&quot;;
	echo &quot;<hr>\n&quot;;
	echo &quot;<a href='page2.php'>Vamos a la otra p&aacute;ginas</a><br>\n&quot;;
	echo &quot;<a href='salir.php'>A salgamos de esta we&aacute;</a><br>\n&quot;;
		
?>

4. ---------- control.php ---------------------
<?php
	function is_logged(){
		if ((!isset($_SESSION[&quot;logged&quot;])) || ($_SESSION[&quot;logged&quot;]!=&quot;Si&quot;))
			return FALSE;
		else 
			return TRUE;
	}
?>

5. ------------ page2.php ------------------
<?php
	session_start();
	
	include_once(&quot;control.php&quot;);
	
	if (!is_logged())
	{
		header(&quot;Location: login.html&quot;);
		exit(0);
	}
	echo &quot;Hola we'on..<br>\n&quot;;
	echo &quot;<hr>\n&quot;;
	echo &quot;<a href='index.php'>Vamos a la p&aacute;gina 1</a><br>\n&quot;;
	echo &quot;<a href='salir.php'>A salgamos de esta we&aacute;</a><br>\n&quot;;
		
?>

6. -------------- salir.php (get_out.php inenglish)----
<?php
	session_start();
	$_SESSION[]=array();
	session_destroy();
	header(&quot;Location: login.html&quot;);
?>

Try it and analyze it, if you have questions, let us know!

Cheers.

DRJ478 · Feb 5, 2004

I see that you are using Dreamweaver to create some of the PHP code. Of course, I believe that hand coding is better since it teaches how it really works.
Using the canned DW code makes debugging this difficult and time intensive. We've discussed all the parts you need for the desired functionality and most of them are there even as written out code. I suggest that you solve the problem by:
1. Make a simple HTML form with the username and password fields that posts to the login script.
2. Write the login script in the way it was described in the previous posts.

The code you posted has also other issues. It is not a good idea to have filenames and URLs that contain spaces, ampersands etc. It's better to stick to contiguous filenames that stay away from special characters.
There are also references to HTTP_POST_VARS and HTTP_GET_VARS for the same variable 'ClientId'. That will mess things up also by making it ambiguos.

Best bet, again, write the thing from scratch and ditch the DW code. It will be to your benefit.

Chacalinc · Feb 5, 2004

I agree with DRJ478, if you want to learn PHP forget DW and do all code hands-on!

When you have learned PHP you can use tools as DW, but if you don't know how PHP works, how can you fix problems made by DW?

Cheers.

Sitehelp · Feb 5, 2004

Cheers for both your help, much appreciated! Gonna ditch DW MX for a bit I think! I am just trying your code Chacalinc and I am getting a parse error on line 19, 20?

$user=$_POST"user";
$pwd=$_POST"pwd";

any ideas? I think I am understanding this all a lot better now!

Chacalinc · Feb 5, 2004

the problem is tek.tips.com display...

with no spaces, lines are:

$user=$_POST [ "user" ];
$pwd=$_POST [ "pwd" ];

remember, NO SPACES.

Sitehelp · Feb 5, 2004

thanks! is the code meant to be on one page or split into different pages denoted by ---------- between each code bit?

and is the space problem the same for other lines like

echo "Hola we'on.." .$_SESSION"nombre". "<br>\n";

and line 49!

Chacalinc · Feb 5, 2004

1. yes, differents file, denoted by ---name_file.ext --- in the same folder.

2. yes, line should be ... $_SESSION [ "nombre" ] ..., with no spaces.

be aware that lines with $_SESSIONS, $_POST and $_GET must be:

$_SOMETHING [ "variable" ] with no spaces.

Cheers.

Sitehelp · Feb 5, 2004

how can you have a login.html and a login.php file in the same folder wont they over-write one another?

sleipnir214 · Feb 5, 2004

"login.php" and "login.html" are different filenames.

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!!

Chacalinc · Feb 5, 2004

no, because login.html is a plain page and login.php has the scripting to let you get in or get you back to login.html.

Your apache config should have the line:

DirectoryIndex index.html index.htm index.php ...another indexes extensions..

whit this line you tell Apache to look for:
1. index.html, if it does not exist
2. index.htm, if it does not exist
3. index.php, if it does not exist
4, look for another indexes that match this directive.

Sitehelp · Feb 5, 2004

Ok I have entered the code in, on seperate pages and loaded it up, I put the username in as Chacal and password admin but it does not come up with anything it just refreshes the login page. I think all the code is in correctly as when I load each page individually no errors appear! any ideas?

Chacalinc · Feb 5, 2004

1. in "control.php" the line

if ((!isset($_SESSION"logged&quot

) || ($_SESSION"logged"!="Si&quot

)

do you have $_SESSION [ "logged" ] with no spaces?

try replacing in the same line:
$_SESSION['logged'] instead of $_SESSION [ "logged" ] (note the difference is using ' instead of " ).

2. what browser are you using?

Sitehelp · Feb 5, 2004

I am using IE 6.0, its still not working!

Chacalinc · Feb 5, 2004

just to make sure the sessions vars, in index.php on lines:

if (!is_logged())
{
header("Location: login.html&quot

;
exit(0);
}

let them as comentaries:
/* if (!is_logged())
{
header("Location: login.html&quot

;
exit(0);
}
*/
and try login.html

when index.php displays, a name should be written (Victor...)

What is your server? w2k, linux?
are you running apache?
Could you try with IE55 or mozilla/netscape?

Sitehelp · Feb 5, 2004

Yeah that worked! it came up with the second page and had a couple of links on them! I presume that is correct! its just that part that was commented out, is this needed and what does it do?

Chacalinc · Feb 5, 2004

oh.. don't harry up.

It was only a test, with commented lines you forget the secutiry, I mean if you go to index.php directly (not from login.html) you will have access. If you click on link to page2.php you could have the same problem.

1. The name "Victor..." is displayed?
2. could you try, uncommenting the lines, from IE5 and mozilla/netscape?

I don't know why some IE explorers have problems with session... actually, this pages (you are using right now) are working good in my apache server and I tested them with mozilla, netscape, IE5, 55 and IE6 with no problem.

When I make pages with sessions for login enabled pages, sometime I got the same problem, and then they are resolved, but I still don't know why..

plz, try with mozilla or another browser (even IE5), uncommenting the lines.

Chacalinc · Feb 5, 2004

BTW, as you can see, I speak spanish (native language), sorry if my english is not quit good.

)

on index.php you have 2 links:

echo "<a href='page2.php'>Vamos a la otra páginas</a><br>\n";
echo "<a href='salir.php'>A salgamos de esta weá</a><br>\n";

page2.php is secured, before it is displayed it will see whether you are loged in or not (same as index.php)

salir.php in english is getout.php, it means, kill sessions variables and sends you to login.html.

Try them!

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Copy variable across URLs 1

Technical User

Technical User

IS-IT--Management

Technical User

Vendor

IS-IT--Management

Vendor

Technical User

Vendor

Technical User

Vendor

Technical User

Programmer

Vendor

Technical User

Vendor

Technical User

Vendor

Technical User

Vendor

Vendor

Similar threads

Log in

Part and Inventory Search

Sponsor