0

Im tryin to add an admin to my database. Its not working but im not gettin any error messages ive tried a hundred different ways but its always the same it appears to be working but never actually does. Im hoping a more skilled eye can spot my mistake. Thanks in advance.
Heres the code:

The last 3 paragrapghs of code is the insert ive included the rest incase its interfereing. The middle paragragh is used to determine if the admin is already in the daabase this doesn't work either.

<?php 

session_start();
if (!isset($_SESSION["manager"])) {
    header("location: admin_login.php"); 
    exit();
}
// Be sure to check that this manager SESSION value is in fact in the database
$managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters
// Run mySQL query to be sure that this person is an admin and that their password session var equals the database information
// Connect to the MySQL database  
include "../storescripts/connect_to_mysql.php"; 
$sql = mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); // query the person
// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
$existCount = mysql_num_rows($sql); // count the row nums
if ($existCount == 0) { // evaluate the count
     echo "Your login session data is not on record in the database.";
     exit();
}
?>
<?php 
// Script Error Reporting
error_reporting(E_ALL);
ini_set('display_errors', '1');
?>
<?php 
// Delete Item Question to Admin, and Delete Product if they choose
if (isset($_GET['deleteid'])) {
    echo 'Do you really want to delete the Admin with ID of ' . $_GET['deleteid'] . '? <a href="manageadmin.php?yesdelete=' . $_GET['deleteid'] . '">Yes</a> | <a href="inventory_list.php">No</a>';
    exit();
}
if (isset($_GET['yesdelete'])) {
    // remove item from system and delete its picture
    // delete from database
    $id_to_delete = $_GET['yesdelete'];
    $sql = mysql_query("DELETE FROM admin WHERE id='$id_to_delete' LIMIT 1") or die (mysql_error());

    header("location: manageadmin.php"); 
    exit();
}
?>
<?php 
// Parse the form data and add admin item to the system
if (isset($_POST['manager'])) {
    $id = mysql_real_escape_string($_POST['id']);
    $manager = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
    $date_added = strftime("%b %d, %Y", strtotime($POST["lastLogDate"]));


    // See if that product name is an identical match to another product in the system
    $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' ");
    $adminMatch = mysql_num_rows($sql); // count the output amount
    if ($adminMatch > 0) {
        echo 'Sorry you tried to place a duplicate "Admin Name" into the system, <a href="manageadmin.php">click here</a>';
        exit();
    }
    // Add this product into the database now
    $sql = mysql_query("INSERT INTO admin(id, username, password, lastLogDate) 
        VALUES('$id','$manager','$password', now())") or die (mysql_error());
  $id = mysql_insert_id();
    header("location: manageadmin.php"); 
    exit();
}
?>

<?php 
// This block grabs the whole list for viewing
$admin_list = "";
$sql = mysql_query("SELECT * FROM admin");
$adminCount = mysql_num_rows($sql); // count the output amount
if ($adminCount > 0) {
    while($row = mysql_fetch_array($sql)){ 
             $id = $row["id"];  
             $Uname = $row["username"];
             $date_added = strftime("%b %d, %Y", strtotime($row["lastLogDate"]));
             $admin_list .= "Admin ID: $id - <strong>$Uname</strong> <em>Added $date_added</em> &nbsp; &nbsp; &nbsp; <a href='admin_edit.php?id=$id'>edit</a> &bull; <a href='manageadmin.php?deleteid=$id'>delete</a><br />";
    }
} else {
    $admin_list = "You have no Admins listed in your store yet";
}
?>

The form to insert:

 <form action="manageadmin.php"  name="myForm" enctype="multipart/form-data" id="myform" method="post">
    <table width="90%" border="0" cellspacing="0" cellpadding="6">
      <tr>
        <td width="20%" align="right">Username</td>
        <td width="80%"><label>
          <input name="Username" type="text" id="Username"  />
        </label></td>
      </tr>
      <tr>
        <td align="right">Password</td>
        <td><label>

           <input type="password" name="pwd">
        </label></td>
      </tr>
       <tr>
        <td>&nbsp;</td>
        <td><label>
          <input type="submit" name="button" id="button" value="Add Admin Now" />
        </label></td>
      </tr>
    </table>

Edited by joseph.lyons.754: update

2
Contributors
1
Reply
15
Views
3 Years
Discussion Span
Last Post by GliderPilot
0

This is always going to evaluate to FALSE as you do not have a manager variable being passed from your form:

if (isset($_POST['manager']))

I'm guessing you want to change that to username to see if a form was submitted.

Also in your form, your username input field has the U is capatalized, but in the PHP script it is not.

<input name="Username" type="text" id="Username" /> -> $manager = mysql_real_escape_string($_POST['username']);

Make those changes and give it a shot.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.