www.webdeveloper.com
Results 1 to 5 of 5

Thread: Problem Keeping the session active in a custom admin panel

  1. #1
    Join Date
    Sep 2012
    Posts
    2

    Arrow Problem Keeping the session active in a custom admin panel

    Hello, I am having trouble with this custom admin panel. It is pretty simple, it has an admin login page, an index page , and a page where you can Add and Delete invetory items ( <--this one is the one with the problem ) Everything was working okey, I added 2 items, deleted one, and now it gives me this Error everytime i try to add or deleted any items.

    " Your login session data is not on record in the database. "

    You can try it out. the URL is http://regismartinez.com/pepe/storea...dmin_login.php

    The credentials are: administrator / asdf1234

    Here is the code for admin_login.php (works fine )

    Code:
    <?php 
    
    session_start();
    ob_start();
    if (isset($_SESSION["manager"])) {
        header("location: index.php"); 
        exit();
    	ob_end_flush();
    }
    ?>
    
    <?php 
    // Parse the log in form if the user has filled it out and pressed "Log In"
    if (isset($_POST["username"]) && isset($_POST["password"])) {
    
    	$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters
        $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters
        // Connect to the MySQL database  
        include "../storescripts/connect_to_mysql.php"; 
        $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person
    
        // ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
        $existCount = mysql_num_rows($sql); // count the row nums
        if ($existCount == 1) { // evaluate the count
    	     while($row = mysql_fetch_array($sql)){ 
                 $id = $row["id"];
    		 }
    		 $_SESSION["id"] = $id;
    		 $_SESSION["manager"] = $manager;
    		 $_SESSION["password"] = $password;
    		 header("location: index.php");
             exit();
        } else {
    		echo 'That information is incorrect, try again <a href="index.php">Click Here</a>';
    		exit();
    	}
    }
    ?>
    Here is the code for the index.php (the admin index page)

    Code:
    <?php 
    
    session_start();
    if (!isset($_SESSION["manager"])) {
        header("location: admin_login.php"); 
        exit();
    }
    // Be sure to check that this manager SESSION value is in fact in the database
    $managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters
    
    $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters
    
    $password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters
    
    // Run mySQL query to be sure that this person is an admin and that their password session var equals the database information
    // Connect to the MySQL database  
    include "../storescripts/connect_to_mysql.php"; 
    $sql = mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); // query the person
    
    // ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
    $existCount = mysql_num_rows($sql); // count the row nums
    if ($existCount == 0) { // evaluate the count
    	 echo "Your login session data is not on record in the database.";
         exit();
    }
    ?>
    And here is the code for the inventory_list.php ( the one with the problem I believe)

    Code:
    <?php 
    
    session_start();
    if (!isset($_SESSION["manager"])) {
        header("location: admin_login.php"); 
        exit();
    }
    
    // Be sure to check that this manager SESSION value is in fact in the database
    $managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters
    
    $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters
    
    $password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters
    
    // Run mySQL query to be sure that this person is an admin and that their password session var equals the database information
    // Connect to the MySQL database  
    include "../storescripts/connect_to_mysql.php"; 
    $sql = mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); // query the person
    
    // ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
    $existCount = mysql_num_rows($sql); // count the row nums
    if ($existCount == 0) { // evaluate the count
    	 echo "Your login session data is not on record in the database.";
         exit();
    }
    ?>
    
    <?php 
    // Script Error Reporting
    error_reporting(E_ALL);
    ini_set('display_errors', '1');
    ?>
    
    <?php 
    
    // Delete Item Question to Admin, and Delete Product if they choose
    if (isset($_GET['deleteid'])) {
    	echo 'Do you really want to delete product with ID of ' . $_GET['deleteid'] . '? <a href="inventory_list.php?yesdelete=' . $_GET['deleteid'] . '">Yes</a> | <a href="inventory_list.php">No</a>';
    	exit();
    }
    if (isset($_GET['yesdelete'])) {
    	// remove item from system and delete its picture
    	// delete from database
    	$id_to_delete = $_GET['yesdelete'];
    	$sql = mysql_query("DELETE FROM products WHERE id='$id_to_delete' LIMIT 1") or die (mysql_error());
    	// unlink the image from server
    	// Remove The Pic -------------------------------------------
        $pictodelete = ("../inventory_images/$id_to_delete.jpg");
        if (file_exists($pictodelete)) {
           		    unlink($pictodelete);
        }
    	header("location: inventory_list.php"); 
        exit();
    }
    ?>
    
    
    <?php 
    // Parse the form data and add inventory item to the system
    
    if (isset($_POST['product_name'])) {
    	
        $product_name = mysql_real_escape_string($_POST['product_name']);
    	$price = mysql_real_escape_string($_POST['price']);
    	$category = mysql_real_escape_string($_POST['category']);
    	$subcategory = mysql_real_escape_string($_POST['subcategory']);
    	$details = mysql_real_escape_string($_POST['details']);
    
    	// See if that product name is an identical match to another product in the system
    
    	$sql = mysql_query("SELECT id FROM products WHERE product_name='$product_name' LIMIT 1");
    	$productMatch = mysql_num_rows($sql); // count the output amount
        if ($productMatch > 0) {
    		echo 'Sorry you tried to place a duplicate "Product Name" into the system, <a href="inventory_list.php">click here</a>';
    		exit();
    	}
    
    	// Add this product into the database now
    
    	$sql = mysql_query("INSERT INTO products (product_name, price, details, category, subcategory, date_added) 
            VALUES('$product_name','$price','$details','$category','$subcategory',now())") or die (mysql_error());
         $pid = mysql_insert_id();
    	// Place image in the folder 
    	$newname = "$pid.jpg";
    	move_uploaded_file( $_FILES['fileField']['tmp_name'], "../inventory_images/$newname");
    	header("location: inventory_list.php"); 
        exit();
    }
    ?>
    
    
    <?php 
    // This block grabs the whole list for viewing
    $product_list = "";
    $sql = mysql_query("SELECT * FROM products ORDER BY date_added DESC");
    $productCount = mysql_num_rows($sql); // count the output amount
    if ($productCount > 0) {
    	while($row = mysql_fetch_array($sql)){ 
                 $id = $row["id"];
    			 $product_name = $row["product_name"];
    			 $price = $row["price"];
    			 $date_added = strftime("%b %d, %Y", strtotime($row["date_added"]));
    			 $product_list .= "Product ID: $id - <strong>$product_name</strong> - $$price - <em>Added $date_added</em> &nbsp; &nbsp; &nbsp; <a href='inventory_edit.php?pid=$id'>edit</a> &bull; <a href='inventory_list.php?deleteid=$id'>delete</a><br />";
        }
    } else {
    	$product_list = "You have no products listed in your store yet";
    }
    ?>
    This is a tutorial I am trying to follow on youtube. I am new to php , and i do not own this code. However i am stuck with this problem. Thank you in advance for any help you guys can provide me.

  2. #2
    Join Date
    Aug 2012
    Location
    Belgium
    Posts
    66

    try catch

    ever thought about catching your errors for debug? much easier than if else method.
    Also separating your code MVC way would help you see clear.

  3. #3
    Join Date
    Jan 2009
    Posts
    3,346
    To help clarify. If a query is returned "false" meaning there were errors it will also evaluate to "0".

    PHP Code:
    $result mysql_query($sql);
    if(!
    $result){
       die(
    mysql_error());
    }
    $row_count mysql_num_rows($result);
    if(
    $row_count === 0){
       
    //the third equal sign is for absolute equality

    Also of note, you check in one script if the mysql_num_rows is equal to '1' but check if it is equal to '0' in the others. While this isn't incorrect it can be confusing when making adjustments later to your code.

  4. #4
    Join Date
    Sep 2012
    Posts
    2
    Okay I'll try to apply that.

    But it works now. What i did:

    i got rid of the extra queries checking for the user in the data base in the inventory_list.php , and i just left the check to determine if the page can be viewed or not by the current session user , and now it works ! it adds and deletes items normally without giving the " Your login session data is not on record in the database. " message.

  5. #5
    Join Date
    Nov 2013
    Posts
    1

    Exclamation Hi Jakx

    Quote Originally Posted by Jakx View Post
    Okay I'll try to apply that.

    But it works now. What i did:

    i got rid of the extra queries checking for the user in the data base in the inventory_list.php , and i just left the check to determine if the page can be viewed or not by the current session user , and now it works ! it adds and deletes items normally without giving the " Your login session data is not on record in the database. " message.


    Hi Jakx how are you?! I have the same problem! But Dont know what you did (I dont understand by just reading the solution I'm new in Php and Mysql" can you explain me with code what you did?! I'll really appreciate that! Best regards for you my friend!!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles