Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

E-Commeerce PHP/MySQL admin page and index page error

Status
Not open for further replies.

nekorzu

Programmer
Feb 12, 2012
3
US
Hello,
I watched a tutorial from Youtube posted by flashbuilder.
There are two pages 'index.php' and 'admin_login.php' this two pages will connect to MySQL.
First, store manager goes to index.php if manager is set then manager can do inventory works, else he will prompted to the admin_login.php to login(the mysql role here is to check the database with name and password)

Problem is it always tells that invalid entry. Can smn help, Thanks.

<<< INDEX.PHP >>>
<?php
session_start();
if(!isset($_SESSION["manager"])){
header("location: admin_login.php");
exit();
}
//be sure to check that this manager SESSION value is in fact in //the database

$managerID = preg_replace('/[^0-9]/i', '', $_SESSION["id"]);
//filter everything but numbers and letters
$manager=preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["manager"]);
//filter everything but numbers and letters
$password=preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["password"]);

//filter everything but numbers and letters

//Run MySQL query to be sure that this person is an admin and //that their passsword session var equals the database information
//Connest to MySQL database
require("../storescripts/connect_to_mysql.php");
$rashid = "SELECT * FROM admin WHERE id = $managerID AND
username = $manager AND password = $password LIMIT 1";
$sql = mysql_query($rashid);//query the person
//----MAKE SURE PERSON EXISTS IN DATABASE-------
$existCount = mysql_num_rows($sql);//count the row nums
if($existCount == 0){//evaluate the count
echo "Your Login session data is not in the database";
exit();
}
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "<html xmlns="<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Store Admin Area</title>
<link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" />
<style type="text/css">
<!--
.style1 {color: #000000}
-->
</style>
</head>

<body>
<div align = "center" id="mainWrapper">
<?php include_once("../template/template_header.php"); ?>
<div id="pageContent"><br>
<div align=left style="margiin-left:24px;">
<h2 class="style1">Hello Store Manager, what would you like to do today?</h2>
<p class="style1">
<a href="inventory_list.php">Manage Inventory</a><br>
<a href="#">Manage Blah Blah
</a></p>
</div>
<br>
</div>
<?php include_once("../template/template_footer.php"); ?>
</div>
</body>
</html>

/////////////////////////////////////////////////////////////////
<<< ADMIN_LOGIN.PHP >>>

<?php
session_start();
if(isset($_SESSION["manager"])){
header("location: index.php");
exit();
}
?>
<?php
//Parse the log in form if the user has filled it out and //pressed "Log In"

isset($_POST["username"]) && isset($_POST["password"])){

$manager = preg_replace('#[^A-Za-z0-9]#i','',$_POST["manager"]);
//filter everything but numbers and letters
$password=preg_replace('#[^A-Za-z0-9]#i','',$_POST["password"]);//filter everything but numbers and letters

//Connect to the MySQL DATABASE
require("../storescripts/connect_to_mysql.php");
$sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1");
//query the person

$existCount = mysql_num_rows($sql);//count the row nums
if(($existCount) == 1){//evaluate the count
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["manager"] = $manager;
$_SESSION["password"] = $password;
header("location: index.php");
exit();
}else{
echo 'That information is incorrect, try again';
echo '<a href="index.php">Click Here</a>';
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "<html xmlns="<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Admin Login</title>
<link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" />
<style type="text/css">
<!--
.style1 {color: #000000}
-->
</style>
</head>

<body>
<div align = "center" id="mainWrapper">
<?php include_once("../template/template_header.php"); ?>
<div id="pageContent"><br>
<div align=left style="margiin-left:24px;">
<h2 class="style1">Please Log In To Manage the Store </h2>
<form id="form1" name="form1" method="post" action="admin_login.php">

User Name<br>
<input type="text" name="username" id="username" id="40" />
<br><br>
Password<br>
<input type="password" name="password" id="password" id="40" />
<br><br><br>
<input type="submit" name="button" id="button" value="Log In" />
</form>
</div>
<br>
</div>
<?php include_once("../template/template_footer.php"); ?>
</div>
</body>
</html>

/////////////////////////////////////////////////////////////////
 
In your index.php put your mysql variables in quotes
Code:
$rashid = "SELECT * FROM admin WHERE id = '$managerID' AND
          username = '$manager' AND password = '$password' LIMIT 1";

If you can't stand behind your troops, stand in front of them.
Semper Fidelis

Jim
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top