Page 1 of 2

Please point me in the right direction

Posted: Wed Aug 25, 2010 8:00 pm
by diseman
Hello Experts,

Beginner here learning PHP by developing a fictional website.

I've reached a point where I'm trying to do something, but don't know how. I'm not even sure how to ask the question with the right terminology, so I'll just describe what I'm trying to do.

With my website, you basically login and are taken to a User's Control Panel that has several links to different pages. All you do is click a link, go to another page, and enter a bunch of data about yourself in all the text fields. You do that to all the pages and you're essentially done with everything this site can do.

This all works nicely w/ no problems. I currently have two fictional USERS with data saved to db. I also have one ADMIN-level userid/password saved to the database.

On to the problem:

When I login as ADMIN, I'm taken to the ADMIN's Control Panel. Using a:

Code: Select all

while($row = mysql_fetch_array($result))
I'm presented with some key information (lastname userid, start date, etc.) about the two user users that are saved to the database. I also added a graphic button to each $row.

The problem:

When I click the button, I'm taken to the USER's control panel page, but I'm not seeing their data. The reason is because as a User, when I login - I'm passing on myusername as $_SESSION information and my code does queries based on myusername and $_SESSION data. But, when I link over from the ADMIN control panel, I'm not passing $_SESSION data and therefore I'm not recognized.

FYI: myusername is the user's e-mail address.

Here is the code on the USER's control panel that let's them see their data when they login:

Code: Select all


<?php session_start();

if ($_SESSION['myusername'])  {

I did figure out a way to send the e-mail address in a URL from the ADMIN page to USER's control panel and then have it become the $_SESSION.. and I was able to see the user's data, but then I screwed up the login process. Meaning, when I logged in as the USER, it didn't work.

So, somehow I need to be able to come from the ADMIN side and see the USER's side as if I were them, but without loosing my admin status.

I realize this might be a tough one to help with, but does anyone have any samples they can paste or are there any links for me to read. Hard to find a solution when you don't know how to phrase the question for Google.

Thanks..

Re: Please point me in the right direction

Posted: Thu Aug 26, 2010 7:54 am
by shawngoldw
One solution would be to set a property(s), on the admin, equal to whatever property(s) on the normal user are used to pick and display the content. From what you said, it sounds like the only property is the email which you are storing as a session variable.

In this case you could set the admins email session variable to the user's email, but then that will most likely cause an issue in that you probably won't be able to detect that you are the admin anymore. Then again this may not be an issue because you can still detect that you are usertype 5.

If this is an issue you can create a new session variable, lets call it content_access, which will store the email of the user who's content you can see. You would need to set this on all normal users to their own email, and on the admin to the user who's content you want to see.


Shawn

Re: Please point me in the right direction

Posted: Thu Aug 26, 2010 1:29 pm
by diseman
Thanks Shawn,

Your first two paras were exactly what I was thinking and why I was having difficulties with the concept.

Your posting helped me get a little farther and I've spent several hours trying to crack the code, but I'm stuck on the one part. Truth be told, I'm not even sure my strategy is right or if I've been fixated on some ugly coding... Anyways... let me tell you what I've got so far and then show some code.

1. Basically, I found a site that shows how to send a variable to another page via a link.
2. I then learned how to parse the link and make variables out of what was passed along.
3. I then took the variable, which in my case was the user's e-mail address and made a session out of it.
4. I even tested the whole procedure up to now on two occasions, which you'll see in the code, and it appears what I want to have passed along is correct and the admin session is good.
5. The problem is the IF statement that checks which $_SESSION is being used. Doesn't seem to be working as expected. I end up going to the next page and it's not the user even though I did pass the user's username (email addy) perfectly fine.

I wanted to set the session in the admin page before I actually clicked on the user's name, but my 'username' was always being assigned to the last result in the database. So, even though I clicked on user 1, I was being taken to user 2 because he was the last user in the WHILE $row statement. I did see on that page username was being made into an array and that stumped me very quckly. : ) That's why I thought it would be easier to just pass the email address to the page I want to go to and then try to create the session for admin over there.

Here's the code:

Code: Select all


<?php session_start();

$admin = $_GET['username'] ;  //////// PARSE THE URL W/ USERNAME AND ASSIGN IT A VALUE OF $ADMIN

echo $admin ;  //////// THIS PROVES TO ME I'M SENDING/RECEIVING URL W/ USERNAME PROPERLY FROM PREVIOUS ADMIN PAGE

$_SESSION['admin'] = $admin ;  //////// SET ANOTHER SESSION TYPE FOR THE ADMINISTRATOR

echo $_SESSION['admin'];  /////// THIS PROVES TO ME THAT I'VE SET THE SESSION PROPERLY

if (($_SESSION['myusername']) or ($_SESSION['admin'])) {   ////// THIS I'M NOT SURE ABOUT SINCE I NEVER GET LOGGED IN AS THE USER

include ("../modules/control_panel.php");

include ("../_includes/top.php");

?>
the URL I'm using on the admin page when I click on a USER is: <a href=\"control_panel.php?username=".$row ['username']."\">, which has proven to be correct throughout all this. If I could have created a session right here with the correct username that would have been ideal/better I think. If necessary, I can post the admin page if you like, but not sure you need it.

Any help would be appreciated....

Thank you...

Re: Please point me in the right direction

Posted: Thu Aug 26, 2010 2:46 pm
by shawngoldw
You're not going to be able to set the user in the admin page because you won't know which user is selected until the next page loads.

In php you don't use or, you instead use ||
Maybe that will help?

Re: Please point me in the right direction

Posted: Thu Aug 26, 2010 2:56 pm
by diseman
Hi again...

Well that's good to know. Now I won't have to redo everything again.

I did use the pipes (||), but it didn't do anything different. I just put them back in to make sure and no change.

My echo statements still show everything is coming over. I do wonder though if when logging in regularly if the email address is being seen by the session start, but through admin, my session isn't created until after the session_start and therefore not working?? Make sense? think that could have anything to do with it?

Thanks...

Re: Please point me in the right direction

Posted: Thu Aug 26, 2010 3:07 pm
by shawngoldw
Sorry, I don't quite fully understand what you are trying to say there, I'll briefly explain how the sessions work, maybe that will clarify something.

Sessions allow you to store variables on the server so that you can access them on multiple pages for the same user. Usually they do this by saving a file to the disk which is associated with a session id or SID which is stored as a cookie on the user's computer. When you call session_start() one of two things happen:
1. If there is not already a session associated with the SID of the user, a new session is started.
2. If there is already a session associated with the SID of the user, the parameters stored in the file get put into the $_SESSION array

Once the session is running you can create new $_SESSION variables which will get stored in the file on the server when the script finishes executing.

By calling session_unset() all of those variables are deleted. And by calling session_destroy() the association to the SID is destroyed.


Just a note: echo'ing $_SESSION['admin'] there does not tell you that the session variable has been set properly. You can not know if it has been set properly until you try using it on another page. It should be working though because you have run session_start() successfully.


Shawn

Re: Please point me in the right direction

Posted: Sun Aug 29, 2010 9:42 pm
by diseman
Well, still not getting anywhere with this. Seems like a pretty routine capability I'm trying to do. I'm posting my code below. This is from the admin page. I'm simply pulling all users in the db and listing them. I then want to click on the button (control_panel.jpg) and be taken to the control_panel.php page, where I can see the information for the user's name I clicked on.

Code: Select all

while($row = mysql_fetch_array($result)){

// Convert users start/stop_date (unix time) back to regular date for display

$normal_date_start = $row['start_date'];
$normal_date_complete = $row['complete_date'];

// Format output into HTML format for integration into existing table

echo ("<tr> \n").

("<td> \n").
"<form><input type=\"checkbox\" name=\"checkbox\" id=\"checkbox\" /></form>".
("</td> \n").

("<td> \n").
$row['file_status'].
("</td> \n").

("<td> \n").
$row['b_lastname'].
("</td> \n").

("<td> \n").
$row['paid'].
("</td> \n").

("<td width=\"100\">").
"<center><a href=\"account_panel.php?email=".$row ['username']."\"><img src=\"../images/account.jpg\" width=\"75\" height=\"18\" border=\"0\" /></a></center>".
("</td> \n").

("<td width=\"100\">").
"<center><a href=\"control_panel.php?email=".$row ['username']."\"><img src=\"../images/packet.jpg\" width=\"75\" height=\"18\" border=\"0\" /></a></center>".
("</td> \n").

("<td> \n").
$row['affiliate'].
("</td> \n").

("<td> \n").
date('m-d-Y',$normal_date_start).
("</td> \n").

("<td> \n").
date('m-d-Y',$normal_date_complete).
("</td> \n");

echo ("</tr>");
echo "<br />";

}

Here's the page I'm going to (control_panel.php). You can see that I'm checking the session from the login script. That works fine.

Code: Select all

<?php session_start();

// ----------------------------------------------------------------------------------------------------------
// Ensure the user has logged in and has proper access to this page
// ----------------------------------------------------------------------------------------------------------

//$admin = $_GET['email'] ;  //////// PARSE THE URL W/ USERNAME AND ASSIGN IT A VALUE OF $ADMIN; not working

//$_SESSION['myusername'] = $admin ;  //////// SET ANOTHER SESSION TYPE FOR THE ADMINISTRATOR; not working

if ($_SESSION['myusername']) {   ////// THIS I'M NOT SURE ABOUT SINCE I NEVER GET LOGGED IN AS THE USER

include ("../modules/control_panel.php");

include ("../_includes/top.php");

?>
Would like to get over this hurdle. Your help is greatly appreciated.

Re: Please point me in the right direction

Posted: Fri Sep 03, 2010 9:25 am
by diseman
Bump :: :banghead:

Re: Please point me in the right direction

Posted: Fri Sep 03, 2010 11:39 am
by shawngoldw

Code: Select all

//$admin = $_GET['email'] ;  //////// PARSE THE URL W/ USERNAME AND ASSIGN IT A VALUE OF $ADMIN; not working
Look at the source of your admin page, in the part where you see this:

Code: Select all

"<center><a href=\"control_panel.php?email=".$row ['username']."\"><img src=\"../images/packet.jpg\" width=\"75\" height=\"18\" border=\"0\" /></a></center>"
what does email equal?

Re: Please point me in the right direction

Posted: Fri Sep 03, 2010 1:22 pm
by diseman
It correctly shows the e-mail address of the person it's associated with.

I can make this part work correctly:

Code: Select all

$admin = $_GET['email'] ;
Problem is, I can't get both to work. In other words, if the ADMIN works, then the login for the USER doesn't and vise versa...

I tried to do a combination of both using ' or ' but couldn't get it to work.

Thanks for coming back. :)

Re: Please point me in the right direction

Posted: Fri Sep 03, 2010 1:49 pm
by shawngoldw
Oh I see...

Code: Select all

$admin = $_GET['email'] ;

$_SESSION['myusername'] = $admin ;

if ($_SESSION['myusername']) {
There is a problem with this, in that I can go to yoursite.com/page.php?email=you@email.com and see the page without ever logging in as a user or admin.
Do you have a session variable which says that you are the admin? You should.

Then you would do something along these lines:

Code: Select all


$show = '';
if($_SESSION['isadmin'])
{
  $show = $_GET['email'];
}
elseif($_SESSION['myusername'])
{
  $show = $_SESSION['myusername'];
}

if($show){...}
Shawn

Re: Please point me in the right direction

Posted: Fri Sep 03, 2010 2:04 pm
by diseman
Ok, it didn't work, but that's because of something else I got going on. I think we're very close though.

When I was taken to the next page, I didn't see the data for that user because my query was built, at that time, for only one type of user; and that didn't include an admin user. So, my queries look like this pretty much throughout the site:

Code: Select all

$query =  "SELECT * FROM users WHERE username = '".$_SESSION['myusername']."' " ;
Now that we have an ADMIN as well, somehow I have to account for them in the query. This is still the problem I've been running into. I keep trying the 'or' command hoping to account for either a USER or ADMIN, but nothing I do seems to get it right.

How do we account for either a USER or ADMIN at the same time?

Thanks!

Re: Please point me in the right direction

Posted: Fri Sep 03, 2010 2:16 pm
by shawngoldw
The $show from my example will contain the email address of the user that you are trying to get the info about. If you are the admin it is set to the email from GET and otherwise it is set from the session.

Shawn

Re: Please point me in the right direction

Posted: Fri Sep 03, 2010 2:27 pm
by diseman
OK, I understand what you're saying.

It's working still for the USER when I login, but when I login as ADMIN and then click the button I don't see any data.

Here's the link that I'm passing: http://localhost/mysite/templates/contr ... ewhere.com

and here's the code on the page that I'm trying to see the USER's info:

Code: Select all


<?php

include ("../_includes/dbconnect.php");

// Query database and get userid, username, and first name, so to personalize the control panel a little

$query =  "SELECT * FROM users WHERE username = '".$_SESSION['myusername']."' " ;

$result = mysql_query($query);

if (!$result) die(mysql_error());

else

{
	$row = mysql_fetch_object($result);

	$account	=	$row ->	account;
}


$query =  "SELECT * FROM contact_info WHERE username = '".$_SESSION['myusername']."' " ;

$result = mysql_query($query);

if (!$result) die(mysql_error());

else

{

	$row = mysql_fetch_object($result);

	$username 	= 	$row	->	username;
	$b_firstname 	= 	$row	->	b_firstname;
}


mysql_close($con);

?>

Re: Please point me in the right direction

Posted: Fri Sep 03, 2010 2:39 pm
by shawngoldw
I'm assuming that the usernames are emails?

This:

Code: Select all

$query =  "SELECT * FROM users WHERE username = '".$_SESSION['myusername']."' " ;
should instead be:

Code: Select all

$query =  "SELECT * FROM users WHERE username = '".$show."' " ;
where $show is defined similarily to my example


Shawn