Jump to content

cannot get this admin form to work


zeusthegreat

Recommended Posts

I have an admin index page

 

index.php

 

 

<?php

session_start();

if(!isset($_SESSION["manager"])){

header("location: admin_login.php");

exit();

}

// Be sure to check that this manager SESSION value is in fact in the database

 

$managerID = preg_replace('#[^0-9]#i',"",$_SESSION["id"]); //filter everyhting but numbers and letters

$manager = preg_replace('#[^A_Za-z0-9]#i',"",$_SESSION["manager"]); //filter everything but numbers and letters

$password = preg_replace('#[^A_Za-z0-9]#i',"",$_SESSION["password"]); //filter everything but numbers and letters

//Run mySQL query to be sure that this person is an admin and that their password session varequals the database information

//Connect to the MySQL database

include "../storescripts/connect_to_mysql.php";

$sql= mysql_query("SELECT * FROM admin WHERE id='$managerID'AND username='$manager' AND password='$password' LIMIT 1"); //query the person --make sure person exists in database----

$existCount= mysql_num_rows($sql); //count the row nums

if($existCount==0){ //evaluate the count

header("location: ../index.php");

exit();

}

?>

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'>http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">'>http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Store Admin Area</title>

<link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" />

<style type="text/css">

body {

background-color: #FFF;

}

</style>

</head>

 

<body>

<div align="center"></div>

<div align="center" id="mainWrapper">

 

 

 

<?php include_once("../template_header.php"); ?>

 

<?php include_once("../template_sidebar.php"); ?>

 

 

 

 

 

<div align="left" id="pageContent">

<div align="left" style="margin-left:24px;">

<p>Hello store manager, what would you like to do today?</p>

<p><a href="inventory_list.php">Manage Inventory</a></p>

<p><a href="#">Manage Blah Blah</a></p>

<p><br>

</p>

</div>

</div>

<?php include_once("../template_footer.php"); ?>

 

</div>

</body>

</html>

 

 

and an adminlogin page also

 

 

admin_login.php

 

 

<?php

session_start();

if(!isset($_SESSION["manager"])){

header("location: index.php");

exit();

}

?>

<?php

// parse the log in form if the user has filled it out and pressed "Log in"

if (isset($_POST["username"])&& isset($_POST["password"])){

 

//remeber 2 double quotes ,"",$_POST["username"] and the same on password line.

$manager = preg_replace('#[^A_Za-z0-9]#i',"",$_POST["username"]); //filter everything but numbers and letters

$password = preg_replace('#[^A_Za-z0-9]#i',"",$_POST["password"]); //filter everything but numbers and letters

//Connect to the MySQL database

include "../storescripts/connect_to_mysql.php";

$sql= mysql_query("SELECT id FROM admin WHERE username='$manager'AND $passord='$password' LIMIT 1"); //query the person --make sure person exists in database----

$existCount= mysql_num_rows($sql); //count the row nums

if($existCount==1){ //evaluate the count

while($row =mysql_fetch_array($sql)){

$id=$row["id"];

}

$_SESSION["id"]=$id;

$_SESSION["manager"]=$manager;

$_SESSION["password"]=$password;

header("location: index.php");

exit();

}else{

echo 'That information is incorrect. try again<a href="index.php">Click Here</a>';

exit();

}

}

?>

 

 

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Admin Log In</title>

<link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" />

<style type="text/css">

body {

background-color: #FFF;

}

</style>

</head>

 

<body>

 

<div align="center" id="mainWrapper">

 

 

 

<?php include_once("../template_header.php"); ?>

 

<?php include_once("../template_sidebar.php"); ?>

 

 

 

 

 

<div align="left" id="pageContent">

<div align="left" style="margin-left:24px;">

<h2>Please Log In To Manage the Store</h2>

<form id="form1" name="form1" method="post" action="admin_login.php">

User Name:<br />

<input name="username" type="text" id="username" size="40" />

<br /><br />

Password:<br />

<input name="password" type="password" id="password" size="40" />

<br />

<br />

<br />

 

<input type="submit" name="button" id="button" value="Log In" />

 

</form>

</div>

</div>

<?php include_once("../template_footer.php"); ?>

 

</div>

</body>

</html>

 

 

and the result of my two pages returns

 

Parse error: syntax error, unexpected $end in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 51

Link to comment
Share on other sites

but when i log in the admin name and password i get

 

( ! ) Notice: Undefined variable: passord in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 17

Call Stack

# Time Memory Function Location

1 0.0007 380416 {main}( ) ..\admin_login.php:0

 

( ! ) Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 18

Call Stack

# Time Memory Function Location

1 0.0007 380416 {main}( ) ..\admin_login.php:0

2 0.0188 388200 mysql_num_rows ( ) ..\admin_login.php:18

That information is incorrect. try againClick Here

 

what i notice straight away is the name passord instead of password

 

 

resolved the password issue but still have

 

 

 

! ) Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 18

Call Stack

 

does it have a problem with

 

while($row = mysql_fetch_array($sql)){

 

 

as i cannot see anything else

Edited by talos
Link to comment
Share on other sites

! ) Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 18

You may want to check this line:

 

("SELECT * FROM admin WHERE id='$managerID'AND username='$manager' AND password='$password' LIMIT 1"

 

I'm betting that the lack of a space between "managerID'" and the "AND" is causing the issue. Add a space before the "AND" and the error will probably go away.

Link to comment
Share on other sites

"SELECT * FROM admin WHERE id = '$managerID 'AND username = '$manager' AND password = '$password' LIMIT 1");

 

 

for the index page

 

 

"SELECT id FROM admin WHERE username = '$manager 'AND $password = '$password' LIMIT 1");

 

the above is for the login page

 

stll no joy

 

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\wamp\www\myNewweb\storeadmin\admin_login.php on line 18

Edited by talos
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...