0

After a day of trying to code a simple tutorial from a book I have come to a point where the keyboard is about to go through the monitor :)

Can somebody please help me. I have an admin screen, code below

<?php require_once('Connections/nib.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
  $editFormAction .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
}

if ((isset($HTTP_POST_VARS["MM_insert"])) && ($HTTP_POST_VARS["MM_insert"] == "frmNews")) {
  // grab the contents of the uploaded files and pop the contents in a variable
  if(is_uploaded_file($_FILES['news_icon']['tmp_name'])) {
   $news_icon = implode ('', file($_FILES['news_icon']['tmp_name']));
   $news_icon_type = $_FILES['news_icon']['type'];
   $news_icon_meta = implode('',array_slice(getimagesize($_FILES['news_icon']['tmp_name']),3,1));
  }
  if(is_uploaded_file($_FILES['news_image']['tmp_name'])) {
   $news_image = implode ('', file($_FILES['news_image']['tmp_name']));
   $news_image_type = $_FILES['news_image']['type'];
   $news_image_meta = implode('',array_slice(getimagesize($_FILES['news_image']['tmp_name']),3,1));
  }
  $insertSQL = sprintf("INSERT INTO news (news_category_fk, news_date, news_headline, news_summary, news_fulltext, news_icon, news_icon_type, news_icon_meta, news_image, news_image_type, news_image_meta) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($HTTP_POST_VARS['news_category_fk'], "int"),
                       GetSQLValueString(time(), "int"),
                       GetSQLValueString($HTTP_POST_VARS['news_headline'], "text"),
                       GetSQLValueString(nl2br($HTTP_POST_VARS['news_summary']), "text"),
                       GetSQLValueString(nl2br($HTTP_POST_VARS['news_fulltext']), "text"),
                       GetSQLValueString(addslashes($news_icon), "text"),
					   GetSQLValueString($news_icon_type,"text"),
					   GetSQLValueString($news_icon_meta,"text"),
                       GetSQLValueString(addslashes($news_image), "text"),
					   GetSQLValueString($news_image_type,"text"),
					   GetSQLValueString($news_image_meta,"text"));
  mysql_select_db($database_nib, $nib);
  $Result1 = mysql_query($insertSQL, $nib) or die(mysql_error());
  $newsItem = mysql_insert_id();
  
  // Check to see if we must create a new linkitem in the links table
  if($HTTP_POST_VARS['radioLink']=='new' && strlen(trim($HTTP_POST_VARS['news_link_text'])) > 0) {
    $insertSQL = sprintf("INSERT INTO links (link_name) VALUES (%s)", 
						GetSQLValueString($HTTP_POST_VARS['news_link_text'],"text"));
	mysql_select_db($database_nib, $nib);
	$Result2 = mysql_query($insertSQL, $nib) or die(mysql_error());
	$linkItem = mysql_insert_id();
  } else {
    $linkItem = $HTTP_POST_VARS['news_link'];
  }
  // add the linkage to the news story, only if we have both a valid news and link item
  if ($linkItem > 0 && $newsItem > 0) {
    $insertSQL = sprintf("INSERT INTO linkmatrix (lm_links_fk, lm_news_fk) VALUES (%s, %s)",
   						GETSQLValueString($linkItem,"int"),
						GETSQLValueString($newsItem,"int"));
    mysql_select_db($database_nib, $nib);
    $Result3 = mysql_query($insertSQL, $nib) or die($insertSQL.mysql_error());
  }
  
  $insertGoTo = "admin.php?stamp=".time();
  header(sprintf("Location: %s", $insertGoTo));
}

session_start();
$varHash_rstLoggedIn = "nothing";
if (isset($_SESSION['editor_hash'])) {
  $varHash_rstLoggedIn = (get_magic_quotes_gpc()) ? $_SESSION['editor_hash'] : addslashes($_SESSION['editor_hash']);
}
mysql_select_db($database_nib, $nib);
$query_rstLoggedIn = sprintf("SELECT * FROM editors WHERE editor_hash = '%s'", $varHash_rstLoggedIn);
$rstLoggedIn = mysql_query($query_rstLoggedIn, $nib) or die(mysql_error());
$row_rstLoggedIn = mysql_fetch_assoc($rstLoggedIn);
$totalRows_rstLoggedIn = mysql_num_rows($rstLoggedIn);

mysql_select_db($database_nib, $nib);
$query_rstCategories = "SELECT * FROM categories";
$rstCategories = mysql_query($query_rstCategories, $nib) or die(mysql_error());
$row_rstCategories = mysql_fetch_assoc($rstCategories);
$totalRows_rstCategories = mysql_num_rows($rstCategories);

mysql_select_db($database_nib, $nib);
$query_rstLinks = "SELECT * FROM links";
$rstLinks = mysql_query($query_rstLinks, $nib) or die(mysql_error());
$row_rstLinks = mysql_fetch_assoc($rstLinks);
$totalRows_rstLinks = mysql_num_rows($rstLinks);
?>
<?php echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?".">"; ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Administrators Page</title>
<link rel="stylesheet" href="css/style.css" type="text/css" media="screen" />
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_reloadPage(init) {  //reloads the window if Nav4 resized
  if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
    document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
  else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
}
MM_reloadPage(true);
//-->
</script>

<style type="text/css">
</style>
</head>

<body>
<div id="wrapper">
<div id="header"></div>
<div id="newscontent">

<div id="divTop" style="position:absolute; top:138px; width:700px; z-index:1" class="newstopbar"><img src="images/newstitlelogo.gif" width="125" height="31" alt="News Logo" /><img src="images/admintitlelogo.gif" width="125" height="31" alt="Admin Page Logo" /></div>

<div id="divNav" style="position:absolute; top:188px; width:125px; z-index:2"><img src="images/admin_news.gif" width="125" height="19" alt="Admin Page - News Title" /></div>

<div id="divContent" style="position:absolute; right:175px; top:188px; width:540px; z-index:3"><?php if ($totalRows_rstLoggedIn > 0) { // Show if recordset not empty ?>
      <span class="newsheadline">Add a news story:</span>
<form action="" method="POST" enctype="multipart/form-data" name="frmNews" id="frmNews">
  <table width="100%" border="0" class="admintd">
    <tr>
      <td>Category</td>
      <td><select name="news_category_fk" id="news_category_fk">
        <?php
do {  
?>
        <option value="<?php echo $row_rstCategories['cat_pk']?>"><?php echo $row_rstCategories['cat_name']?></option>
        <?php
} while ($row_rstCategories = mysql_fetch_assoc($rstCategories));
  $rows = mysql_num_rows($rstCategories);
  if($rows > 0) {
      mysql_data_seek($rstCategories, 0);
	  $row_rstCategories = mysql_fetch_assoc($rstCategories);
  }
?>
      </select></td>
    </tr>
    <tr>
      <td>Headline</td>
      <td><input name="news_headline" type="text" id="news_headline" /></td>
    </tr>
    <tr>
      <td>Summary</td>
      <td><textarea name="news_summary" cols="40" rows="4" id="news_summary"></textarea></td>
    </tr>
    <tr>
      <td>Fulltext</td>
      <td><textarea name="news_fulltext" cols="60" rows="10" id="news_fulltext"></textarea></td>
    </tr>
    <tr>
      <td>Icon
        <input name="MAX_FILE_SIZE" type="hidden" id="MAX_FILE_SIZE" value="100000" /></td>
      <td><input name="news_icon" type="file" id="news_icon" /></td>
    </tr>
    <tr>
      <td>Image</td>
      <td><input name="news_image" type="file" id="news_image" /></td>
    </tr>
    <tr>
      <td>Link</td>
      <td>Existing
        <input name="radioLink" type="radio" value="existing" checked="checked" />
        <select name="news_link" id="news_link">
          <?php
do {  
?>
          <option value="<?php echo $row_rstLinks['link_pk']?>"><?php echo $row_rstLinks['link_name']?></option>
          <?php
} while ($row_rstLinks = mysql_fetch_assoc($rstLinks));
  $rows = mysql_num_rows($rstLinks);
  if($rows > 0) {
      mysql_data_seek($rstLinks, 0);
	  $row_rstLinks = mysql_fetch_assoc($rstLinks);
  }
?>
      </select>
        <br />
        or, New
        <input type="radio" name="radioLink" value="new" />
        <input name="news_link_text" type="text" id="news_link_text" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input name="Submit" type="submit" id="Submit" value="Add" /></td>
    </tr>
  </table>
  <input type="hidden" name="MM_insert" value="frmNews">
  </form>
  <p>&nbsp;</p>
  <?php } // Show if recordset not empty ?>
  <?php if ($totalRows_rstLoggedIn == 0) { // Show if recordset empty ?>
  <p>The page you have requested is available for authenticated users only.<br />
  Please log in to continue:</p>
  <form name="formLogin" id="formLogin" method="post" action="login.php">
    <table width="60%" border="0" class="admintd">
      <tr>
        <td>Login</td>
        <td><input name="txtUser" type="text" class="text" id="txtUser" />
        </td>
      </tr>
      <tr>
        <td>Password</td>
        <td><input name="txtPassword" type="password" class="text" id="txtPassword" />
</td>
      </tr>
      <tr>
        <td><input name="hidRedirect" type="hidden" id="hidRedirect" value="<?php echo $_SERVER['PHP_SELF']; ?>" />
        </td>
        <td><input name="Submit" type="submit" class="button" value="Login" />
        </td>
      </tr>
    </table>
  </form>
  <?php } // Show if recordset empty ?>
  <p>&nbsp;</p>
</div>



  </div>

	<div id="footer">
	  <div id="footer-valid">
			<a href="http://validator.w3.org/check/referer">xhtml</a> / <a href="http://www.google.co.uk/">Google</a></div>
	</div>

</div>

</body>
</html>

<?php
mysql_free_result($rstLoggedIn);

mysql_free_result($rstCategories);

mysql_free_result($rstLinks);
?>

and the login screen code

<?php require_once('Connections/nib.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$varUser_rstUser = "nothing";
if (isset($_POST['txtUser'])) {
  $varUser_rstUser = $_POST['txtUser'];
}
$varPass_rstUser = "nothing";
if (isset($_POST['txtPassword'])) {
  $varPass_rstUser = $_POST['txtPassword'];
}
mysql_select_db($database_nib, $nib);
$query_rstUser = sprintf("SELECT editors.editor_hash FROM editors WHERE editors.editor_username = %s AND editors.editor_password = PASSWORD(%s)", GetSQLValueString($varUser_rstUser, "text"),GetSQLValueString($varPass_rstUser, "text"));
$rstUser = mysql_query($query_rstUser, $nib) or die(mysql_error());
$row_rstUser = mysql_fetch_assoc($rstUser);
$varPass_rstUser = "nothing";
if (isset($_POST['txtPassword'])) {
  $varPass_rstUser = $_POST['txtPassword'];
}
$varUser_rstUser = "nothing";
if (isset($_POST['txtUser'])) {
  $varUser_rstUser = $_POST['txtUser'];
}
mysql_select_db($database_nib, $nib);
$query_rstUser = sprintf("SELECT editors.editor_hash FROM editors WHERE editors.editor_username = %s AND editors.editor_password = PASSWORD(%s)", GetSQLValueString($varUser_rstUser, "text"),GetSQLValueString($varPass_rstUser, "text"));
$rstUser = mysql_query($query_rstUser, $nib) or die(mysql_error());
$row_rstUser = mysql_fetch_assoc($rstUser);
$totalRows_rstUser = mysql_num_rows($rstUser);
if ($totalRows_rstUser > 0) { // Show if recordset not empty 
session_start();
$_SESSION['editor_hash'] =$row_rstUser['editor_hash'];
} // Show if recordset not empty
mysql_free_result($rstUser);
header("Location: ".$_POST['hidRedirect']);
?>

When I run the admin page in a browser, as you would expect the login screen kicks in. I type in the username & password, but nothing happens. It is not letting me into the admin area.

The database connection is correct. I'm sure its something simple but my head is totally scrambled.

If anybody could help, I would be so grateful.

regards

2
Contributors
1
Reply
2
Views
7 Years
Discussion Span
Last Post by kylegetson
0

I'd use a debugger or start printing out variables at various locations. You'll also want an 'else' case if the login does fail. session_start is usually called before other stuff happens, most specifically before any output is sent to the browser, so your lines #1-3 are probably sending output (empty lines, spaces, and/or tabs) to the browser.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.