I need some PHP help desperately!

D

DaEvAnAm

Well-Known Member
Joined
Jan 16, 2007
Messages
151
Reaction score
1
Location
Cape Town
Hi,

I have a few issues i need to address with app that I'm hoping someone can help me with! Pretty please :D

Firstly. My sessions! Basically i need to assign some pages to be viewed by only users and some by only admin. At the moment, you type in the address of any of the pages and you can see them. I need to get my sessions working too.

Secondly i'm trying to extract data from a MySQL table into a html/php table to be viewed.
Code: 
        <?php
		include ('/content/base.php');
		$query1 = mysql_query("SELECT * FROM testablishment");
		echo "<table border ='1'>
			<tr>
			<th>Establishment ID</th>
			<th>Establishment Name</th>
			<th>Establishment URL</th>
			<th>User ID</th>
			</tr>";
		while($row = mysql_fetch_array($query1)){
			echo "<tr>";
			echo "<td>" . $row['cEstablishmentID'] . "</td>";
			echo "<td>" . $row['cEstablishmentName'] . "</td>";
			echo "<td>" . $row['cEstablishmenURL'] . "</td>";
			echo "</tr>";
		}
		echo "</table>";
		?>

That's my code and i'm getting this error : Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given. Anyone can help me with that?

Thanks in advance!
 
For SELECT, SHOW, DESCRIBE, EXPLAIN and other statements returning resultset, mysql_query() returns a resource on success, or FALSE on error.
Click to expand...

http://php.net/manual/en/function.mysql-query.php

My guess is you're receiving a boolean value (FALSE) in $query1 because the query is failing.

Did you select the database?
Does that table exist (sure it's not establishment instead of testablishment)?
Is the connection alive?

Might want to get the last error using mysql_error() after your mysql_query() call:

http://www.php.net/manual/en/function.mysql-error.php
 
Last edited:
Ahhh! There was a typo in the connection script.

So it's not showing errors but it's not pulling in data from the table either. It's just showing an empty table.
 
Okay! Fixed that error now!

It's just the sessions that aren't working now :( Bugger! Just need to compartmentalize the pages!
 
Sorry!

Okay so this is my index page:
Code: 
<?php include "content/base.php"; ?>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
	<html xmlns="http://www.w3.org/1999/xhtml">  
<head>  
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  
	<title>Login</title>
	<link rel="stylesheet" href="style.css" type="text/css" />
</head>  
<body>  
	
<div id="main">
<h1>B'n'B Hospitality Service Providers Portal</h1><br />
<h2>Member Login</h2> 
<p>Thanks for visiting! Please either login below, or <a href="register.php">click here to register</a>.</p>
    
	<form method="post" action="validate/validate.php" name="loginform" id="loginform">
	<fieldset>
		<label for="username">Username:</label><input type="text" name="username" id="username" /><br />
		<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
		<input type="submit" name="login" id="login" value="Login" />
	</fieldset>
	</form>
	
</div>

<?php
		if(!isset($_SESSION))
		{
			session_start();
			session_id();
			$_SESSION['username']= "";
			$_SESSION['LoggedIn'] = false;
			$_SESSION['userID']= "";
			$_SESSION['userType'] = "";
		} 

		
?>

</body>
</html>

And this is the verify login page:
Code: 
<head>	
	<title>Registration</title>
	<link rel="stylesheet" href="../style.css" type="text/css" />
</head>
<body>
<div id="main">
	
	<?php
	include ('../content/base.php');
	$username = $_POST['username'];
	$password = $_POST['password'];
	$login = mysql_query("SELECT * FROM tuser WHERE (cUserName = '" . mysql_real_escape_string($username) . "') 
	AND (cUserPassword = '" . mysql_real_escape_string(md5($password)) . "')");
	
	echo mysql_error();
	
	if(mysql_num_rows($login) == 1)
	{
		$_SESSION['LoggedIn'] = true;
		$_SESSION['username'] = $username;
		$_SESSION['userID'] = mysql_query("SELECT cUserID FROM tuser WHERE cUserName = '". $username ."'");
		$_SESSION['userType'] = mysql_query("SELECT cUserType from tuser WHERE cUserName = '". $username . "'");
		
		$userstatus = mysql_query("SELECT cUserType FROM tuser WHERE cUserName = '" . $username . "'");
		$result = mysql_fetch_assoc($userstatus);

		if($result['cUserType'] == "user") 
		{
			echo "Welcome to our user portal ".$_SESSION['username'];
			echo '<META HTTP-EQUIV="Refresh" Content="2; URL=../usercp.php">';
		}
			else 
			{
				echo 
				header('Location: ../adminCP.php');
			}
	}
	else 
	{
		echo "Login failed<br />";
		echo "Go <a href='index.php'>try again now</a> or wait for automatic refresh"; 
		echo '<META HTTP-EQUIV="Refresh" Content="2; URL=../index.php">';
	}
	
	?>
</div>	
</body>
And the code im using to 'compartmentalize' the pages between admin and user:
Code: 
<?php include "content/base.php"; 
	if($_SESSION['LoggedIn'] = true)
	{
		
	}else{
		echo "click <a href = ../index.php> here </a> to login";
	}
	if($_SESSION['userType'] = "admin")
	{
		echo "You're logged in as an admin";
	}else
	{
		
	}
	
	?>
	<!DOC

And my logout page:
Code: 
<?php include "content/base.php";
$_SESSION = array();
session_destroy(); 
$_SESSION['username']= "";
$_SESSION['LoggedIn'] = false;
$_SESSION['userID']= "";
$_SESSION['userType'] = "";
 
?>
<meta http-equiv="refresh" content="0;index.php">

Basically, it's not doing anything it's meant to.

It's showing "youre logged in as an admin" on every page". If you log out, you can still access pages. The logout isn't destroying sessions.


Thanks in advance
 
Your logout page destroys session data, but not the session. (The session cookie)
see http://php.net/manual/en/function.session-destroy.php for explanation and sample code.

You need to call setcookie on the session id with a date/time in the past, which is how cookies are expired.
Then refresh the page as you are doing
 
Code: 
if($_SESSION['LoggedIn'] = true)

There is a difference between = and ==.
In an if statement you should use == and not =.
= <== assignment operator. This will always return true. In some languages it throws an error, and some allows it. Iirc PHP allows it.
== <== equality operator.
 
I sat for days and days and a few hours extra trying to sort out the same issue you are having now - with the logins, I am going to PM you a link to a zip file - it displays files in specific directories, so the only MySQL connection is actually for user authentication.

So skip the bulk of it, just check out the login/logout and the bits of code that check for cookies etc.

I have the same concept that you have - admin output is different to what a general user would see, for example.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X