<?php

// connect to database
include("inc/connect.php");

// include auth and nav
include("inc/auth.php");

// begin content
//include("inc/nav.php");

// close mysql connection
//mysql_close(); 

// Check if the form has been submitted.
if (isset($_POST['Submit'])) {

	//require_once ('mysql_connect.php'); // Connect to the db.
		
	$errors = array(); // Initialize error array.
	
	// Check for a first name.
	if (empty($_POST['brandC'])) {
		$errors[] = 'You forgot to select the cycle brand.';
	} else {
		$bc = escape_data($_POST['brandC']);
		}
	
	// Check for a last name.
	if (empty($_POST['typeC'])) {
		$errors[] = 'You forgot to select the cycle type.';
	} else {
		$tc = escape_data($_POST['typeC']);
		}
	
	// Check for an email address.
	if (empty($_POST['styleC'])) {
		$errors[] = 'You forgot to select the cycle style.';
	} else {
		$sc = escape_data($_POST['styleC']);
		}
	
	// Check for an email address.
	if (empty($_POST['modelC'])) {
		$errors[] = 'You forgot to enter the cycle model.';
	} else {
		$mc = escape_data($_POST['modelC']);
		}
	
	// Check for an email address.
	if (empty($_POST['gearNoC'])) {
		$errors[] = 'You forgot to enter the cycle gear no.';
	} else {
		$gnc = escape_data($_POST['gearNoC']);
		}
	
	// Check for an email address.
	if (empty($_POST['frameC'])) {
		$errors[] = 'You forgot to select the cycle frame.';
	} else {
		$fc = escape_data($_POST['frameC']);
		}
	
	// Check for an email address.
	if (empty($_POST['groupSetC'])) {
		$errors[] = 'You forgot to select the cycle groupSet.';
	} else {
		$gsc = escape_data($_POST['groupSetC']);
		}
	
	// Check for an email address.
	if (empty($_POST['priceC'])) {
		$errors[] = 'You forgot to enter the cycle price.';
	} else {
		$pc = escape_data($_POST['priceC']);
		}
	
	//Check for an email address.
	if (empty($_POST['releaseDateC'])) {
		$errors[] = 'You forgot to input the current date.';
	} else {
		$rdc = escape_data($_POST['releaseDateC']);
	}
	
	if (empty($errors)) { // If everything's OK.
	
		// Register the user in the database.
		
		// Check for previous registration.
		$query = "SELECT cycleID FROM cycles WHERE model='$mc'";
		$result = mysql_query($query);
		if (mysql_num_rows($result) == 0) {

			// Make the query.
			$query = "INSERT INTO cycles (brand, type, style, model, gearNo, frame, groupset, price, releaseDate) VALUES ('$bc', '$tc', '$sc', '$mc', '$gnc', '$fc', '$gsc', '$pc', '$rdc', NOW() )";		
			$result = @mysql_query ($query); // Run the query.
			if ($result) { // If it ran OK.
			
				// Send an email, if desired.
				
				// Redirect the user to the thanks.php page.
				// Start defining the URL.
				$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
				
				// Check for a trailing slash.
				if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
					$url = substr ($url, 0, -1); // Chop off the slash.
				}
				
				// Add the page.
				//$url .= '/thanks.php';
				
				header("Location: thanks.php");
				exit();
				
			} else { // If it did not run OK.
				$errors[] = 'You could not be registered due to a system error. We apologize for any inconvenience.'; // Public message.
				$errors[] = mysql_error() . '<br /><br />Query: ' . $query; // Debugging message.
			}
				
		} else { // Email address is already taken.
			$errors[] = 'The model name has already been registered to the system.';
		}
				
	} // End of if (empty($errors)) IF.

	mysql_close(); // Close the database connection.
		
} else { // Form has not been submitted.

	$errors = NULL;

} // End of the main Submit conditional.

// Begin the page now.
//$page_title = 'Register';

if (!empty($errors)) { // Print any error messages.
	echo '<h1 id="mainhead">Error!</h1>
	<p class="error">The following error(s) occurred:<br />';
	foreach ($errors as $msg) { // Print each error.
		echo " - $msg<br />\n";
	}
	echo '</p><p>Please try again.</p>';
}

// Create the form.
?>
<html>
<head>
	<title>Cycle Tracks Portal - Add Cycle Page</title>
	<style type="text/css" media="all">@import"images/style.css";
	</style>
<?php    
$date = date("Y-m-d");
?>
</head>
<body>
<div class="content">
		<div class="topmenu">
			<div class="date_">
				<?php echo date('l dS \of F Y'); ?>
			</div>
		</div>
	<div id="submenu">
		<form action="#">
		</form>
		<br>
	</div>	
	<div class="cycle">
		<div class="title" style="text-align: center; width: 179px">
			<sup>
			<span class="copynresv">&copy;</span></sup>CYCLE TRACKS<sup><span class="copynresv">&reg;</span></sup></div>
		<div class="slogan" style="width: 223px; height: 11px">&quot;We are ONE of the BEST and NOT like the REST!</div>
	</div>
	<div class="nav">
		<ul>
			<li><a href="index.html">HOME</a> | </li> 
			<li><a href="#">INSTRUCTIONS</a> | </li>
			<li><a href="find.php">FIND</a> | </li> 
			<li><a href="display.php">DISPLAY</a> | </li>
			<li><a href="addlist.php">ADD</a> | </li>
			<li><a href="view_users.php">MANAGE</a> | </li>
			<li><a href="admin.php">ADMIN</a> | </li>
			<li><a href="#">CREDITS</a> | </li>
			<li><a href="logout.php">EXIT</a></li>
		</ul>
	</div>

<form action="addlist.php" method="post">
	<table style="width: 764px" align="left">
		<tr>
			<td style="height: 20px">
			<table style="width: 100%">
				<tr>
					<td class="style3" style="width: 143px"><strong>
					SPECIFICATION</strong></td>
					<td class="style4"><strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
					OPTIONS</strong></td>
				</tr>
				<tr>
					<td style="width: 143px">Brand</td>
					<td>
						<select name="brandC" style="width: 200px">
							<option></option>
							<option>Trek</option>
							<option>Ridgeback</option>
							<option>Scott</option>
							<option>Specilised</option>
							<option>Kona</option>
							<option>Cannondale</option>
						</select>
					</td>
				</tr>
				<tr>
					<td style="width: 143px">Type</td>
					<td>
						<select name="typeC" style="width: 200px">
							<option></option>
							<option>Road</option>
							<option>Hybrid</option>
							<option>Touring</option>
							<option>Road Touring</option>
							<option>Kids</option>
							<option>Mountain</option>
						</select>
					</td>
				</tr>
				<tr>
					<td style="width: 143px">Style</td>
					<td>
						<select name="styleC" style="width: 200px">
							<option></option>
							<option>Male</option>
							<option>Female</option>
							<option>Unisex</option>
						</select>
					</td>
				</tr>
				<tr>
					<td style="width: 143px">Model</td>
					<td>
						<input type="text" name="modelC" size="30" maxlength="40" style="width: 200px">
					</td>
				</tr>
				<tr>
					<td style="width: 143px">Gear No</td>
					<td>
						<input type="int" name="modelC" size="2" maxlength="2" style="width: 200px">
							<option></option>
						</select>
					</td>
				</tr>
				<tr>
					<td style="width: 143px">Frame</td>
					<td>
						<select name="frameC" style="width: 200px">
							<option></option>
							<option>Carbon</option>
							<option>Alpha Aluminium</option>
							<option>Steel</option>
							<option>Aluminium</option>
							<option>A1 Premium Aluminium</option>
							<option>Columbus SLX</option>
							<option>7005 DB</option>
							<option>Easton Ultralight</option>
							<option>Custom 7005</option>
							<option>T6 Aluminium</option>
						</select>
					</td>
				</tr>
				<tr>
					<td style="width: 143px">Group Set</td>
					<td>
						<select name="groupSetC" style="width: 200px">
							<option></option>
							<option>Durace</option>
							<option>Deore LX Bontanger</option>
							<option>Bontanger</option>
							<option>Altus/Alivio</option>
							<option>Shimano</option>
							<option>Acera/Scram</option>
							<option>Tiagra/Sora</option>
							<option>Ultegra</option>
							<option>Deora/XT</option>
							<option>Deora/Truvativ</option>
							<option>Kona</option>
							<option>Shimano LX</option>
							<option>Shimano Deore</option>
							<option>N/A</option>
						</select>
					</td>
				</tr>
				<tr>
					<td style="width: 143px">Price(<span class="style2">&pound;</span>)</td>
					<td>
						<input type="int" name="modelC" size="6" maxlength="7" style="width: 200px">
					</td>
				</tr>
				<tr>
					<td style="width: 143px">Release Date</td>
					<td>
						<input type="text" name="releaseDateC" value="<?php echo $date?>" readonly="readonly" style="width: 200px"/>
					</td>
				</tr>
				<tr>
					<td style="width: 143px">&nbsp;</td>
					<td>
					<input name="Submit" type="submit" value="Add Cycle" style="width: 97px">&nbsp;<input name="Reset" type="reset" value="Clear All" style="width: 97px"></td>
				</tr>
			</table>
			</td>
		</tr>
	</table>
	<!--<input type="hidden" name="submitted" value="TRUE" />-->
</form>
</table>
	<div class="footer">
		<div class="padding">
			&copy; Copyright Cycle Tracks <span>®</span></div>
	</div>
</div>
</body>
</html>

When I click "Add Cycle" button, I will say that "You are not authenticated. Please login.". I've already logged in as admin. Why it doesn't want to accept the values and keep on saying that I'm not authorized. When I checked the session, it was still active and not logged out.

Please help.

// include auth and nav
include("inc/auth.php");

auth.php

<?php
// auth.php

// start session
session_start(); 

// convert username and password from _POST or _SESSION
if($_POST){
  $_SESSION['username']=$_POST["username"];
  $_SESSION['password']=$_POST["password"];  
}

// query for a user/pass match
$result=mysql_query("select * from users 
  where username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'");

// retrieve number of rows resulted
$num=mysql_num_rows($result); 

// print login form and exit if failed.
if($num < 1){
  echo "You are not authenticated.  Please login.<br><br>
  
  <form method=POST action=admin.php>
  username: <input type=text name=\"username\">
  password: <input type=password name=\"password\">
  <input type=submit>
  </form>";
  
  exit;
}
?>

try to put mysql_error(); i don't see where you connect to the database. if you have some errors because of that your "if($num < 1 ) will always be true and will display your login form.

Found my mistakes and managed to solve it myself. Anyway thanks for your advises.

The actual error was the form posting the value to the script not captured.

This article has been dead for over six months. Start a new discussion instead.