Page 1 of 1

Sessions Help?

Posted: Wed Mar 01, 2006 5:07 pm
by steves
I'm developing a set of PHP pages to record employee expenses. The first page is just a login, where the user enters their name and password, then selects what they want to do (enter expenses, review expenses, etc.).

I'm using $_SESSION to store basic info about the user collected on that login page, essentially just:

- user name
- user password (to MySQL server)

The idea is that the PHP will use this client-side data to authenticate to MySQL on any subsequent pages they access.

I developed the code with hard-coded username/password first (on a local machine, don't worry), and everything worked just peachy. When I added <?php session_start() ?> to the login page, still OK.

The page that users go to first (after login) is to enter expense data. It's an HTML form, that GETs info to send to another page that saves the form data into the database. Also worked just fine, UNTIL ... I added the $SESSION variables. As soon as I did that, the form just doesn't submit. You can click submit all day, and it just sits there.

So, basically, the flow is:

login.php --> enterExpenseData.php --> saveitem.php

Anyone know what's going on?

Posted: Wed Mar 01, 2006 5:18 pm
by Fractal
Mind showing your code so we/I can see if you just have a typo or something of that sort. o_O

Posted: Wed Mar 01, 2006 5:36 pm
by steves
no problem - it's just a lot of stuff. i'm pretty sure there aren't typos, but here goes: (by the way, I'm not a programmer, so forgive the sloppiness. i'm self-taught - or actually self-teaching)

LOGIN.PHP
-------------

Code: Select all

<?php session_start(); ?>
<?php ob_start(); ?>
<html><head>
<title>Log In to Expenses Database</title>
</head>
<body bgcolor="#FFFFFF">

<?php
		// connect to the server
		mysql_connect( 'localhost', 'root', '' )
			or die( "error! could not connect to database: " . mysql_error() );
   
		// select the database
		mysql_select_db( 'pmg_finance' )
			or die( "error! could not select the database: " . mysql_error() );
			
if (isset($_GET['action']) && $_GET['action'] == 'submitted') {

		$_SESSION['employee'] = $_GET['employee'];
		$_SESSION['password']  = $_GET['password'];
		
		$logged_user = $_SESSION['employee'];
		
		$employee_query = "SELECT * from employees where alias = \"$logged_user\"";
		$employee_result = mysql_query( $employee_query );
		$login_info = mysql_fetch_object( $employee_result );

		$_SESSION['full_name'] = $login_info -> full_name;
		$_SESSION['inits'] = $login_info -> inits;
		$_SESSION['cash_bal'] = $login_info -> cash_bal;
		
//  ROUTES THE USER TO WHAT THEY WANT TO DO (ENTER, REVIEW, PRINT)

		if ($_GET['router'] == 'cashAdv') {
			header("Location: enterCashAdvance.php?employee=".$_GET['employee']);
			ob_end_flush(); }

		else if ($_GET['router'] == 'enterInfo') {
			header("Location: enterExpenseData?employee=".$_SESSION['employee']);
			ob_end_flush(); }

		elseif ($_GET['router'] == 'reviewData') {
			header("Location: list.php?period=".$_GET['review']);
			ob_end_flush(); }

		elseif ($_GET['router'] == 'weekPrint') {
//CHANGE TO THE FINAL FILE STRUCTURE WHEN DONE!!
			header("Location: /PMG_Fin/Code_Done_copy/weekly/goPrint_local.php?employee=".$_GET['employee']);
			ob_end_flush(); }

		elseif ($_GET['router'] == 'monthPrint') {
//CHANGE TO THE FINAL FILE STRUCTURE WHEN DONE!!
			header("Location: /PMG_Fin/Code_Done_copy/monthly/monthly_gl_totals.php?employee=".$_GET['employee']);
			ob_end_flush(); }

		elseif ($_GET['router'] == 'invoice') {
			header("Location: invoice.php?employee=".$_GET['employee']);
			ob_end_flush(); }

		elseif ($_GET['router'] == 'addClient') {
			header("Location: xxxxxxxxxxx.php?employee=".$_GET['employee']);
			ob_end_flush(); }

		elseif ($_GET['router'] == 'addEmployee') {
			header("Location: xxxxxxxxxx.php?employee=".$_GET['employee']);
			ob_end_flush(); }
		
} else {

?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="GET">

				<table border="0" cellpadding="2" cellspacing="0">

<!-- PUT THIS IN AN IF STATEMENT SO RETURNS AREN'T PRESENTED WITH NAME/PASSWORD -->
				<tr>
					<th align="left">Your Name</th>
					<td>
					<select name="employee" size="1">
						<option disabled=true>
						<option value="andreas">employee1
						<option value="janinep">employee2
						<option value="steves">etc.
					</select>
					</td>
				</tr>
				<tr>	
					<th align="left">Password</th>
					<td><input name="password" type="password"></td>
				</tr>

<!-- END THE IF PORTION -->

<tr>
	<th align="left" valign="top">What would you like to do?</th>
	<td>
	<input name="router" type="radio" value="cashAdv">Enter a Cash Advance<p>
	<input name="router" type="radio" value="enterInfo">Enter New Expense Information<p>
	<input name="router" type="radio" value="reviewData">Review Expense Items:<br>
		<font size="-1"><optgroup>
			<input name="review" type="radio" value="today">Today
			<input name="review" type="radio" value="week">Past Week
			<input name="review" type="radio" value="month">This Month
			<input name="review" type="radio" value="year">This Year
		</optgroup></font><p>
	<input name="router" type="radio" value="weekPrint">Select & Print Weekly Reports<p>
	<input name="router" type="radio" value="monthPrint">Select & Print Monthly Reports<p>
	<input disabled=true name="router" type="radio" value="invoice">Enter Invoices<p>
	<input disabled=true name="router" type="radio" value="addClient">Add Client <p>
	<input disabled=true name="router" type="radio" value="addEmployee">Add Employee
	</td>
</tr>
<tr>
<td colspan="2" align="center">

<input type="reset" name="reset" value="Reset Form" />
<input type="hidden" name="action" value="submitted" />
<input type="submit" name="submit" value="Go Do It" />
</td>
</form>	

</table>

<?php
}
?>

</body>
</html>
enterExpenseData.php
---------------------------

Code: Select all

<?php session_start() ; ?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    "http://www.w3.org/TR/html4/loose.dtd">	
	<html><head>	
	<title>Enter Expense Item</title>	
	<meta http-equiv="Content-type" content="text/html; charset=iso-8859-1">	
	</head>	
	<body bgcolor="#FFFFFF">	
	<font size="-2" face="Verdana, Geneva, Arial">	
	<form action="saveitem2.php" method="get">
	<input type="hidden" name="id" value="<?php echo($id) ?>">

	<table border="0" cellpadding="2" cellspacing="0">
		<tr>
			<th style="width: 150px;text-align:left;">Date of Expense</th>
			<td align="left">
		<input color="#BBBBBB" name="item_date" type="text" value="YYYY-MM-DD" />
		</td>
		</tr>
		<tr>
			<th align="left" valign="top">Expense Category</th>
			<td align="left" valign="top">
	
	<b>--MEALS & ENTERTAINMENT--</b>	
	<br><input type="radio" name="exp_cat" value="Breakfast">Breakfast	
	<br><input type="radio" name="exp_cat" value="Lunch">BUNCH OF OTHER RADIO_BUTTON ITEMS HERE
			</td>
		</tr>
		<tr>
			<th align="left">Other</th>
			<td align="left">
				<input name="other" type="text" size="40" />
			</td>
		</tr>
		<tr>
			<th align="left">Client</th>
			<td align="left"><?php include 'client.php' ; ?></td>
		</tr>
		<tr>
			<th align="left">Type of Payment</th>
			<td align="left">
		<select name="type" value="<?php echo($type) ?>" />
		<option>BUNCH OF OPTIONS HERE
		</select>
			</td>
		</tr>
		<tr>
			<th align="left">Amount</th>
			<td align="left">
				<input name="amt" type="text" value="<?php echo($amt) ?>" />
			</td>
		</tr>
		<tr>
			<th align="left">Amplifying Notes</th>
			<td align="left">
				<input name="notes" type="text" />
			</td>
		</tr>
	</table>
	<br>
	<input type="submit" value="Save Entry">

	</form>			
	</font>
 	
	</body>	
	</html>
client.php (included file)
----------------------------

Code: Select all

<?php

		$employee = $_SESSION['employee'];
		$password = $_SESSION['password'];
		
		// connect to the server
		mysql_connect( 'parasolserver.local', "$employee", "$password" )
			or die( "error! could not connect to database: " . mysql_error() );

		// select the database
		mysql_select_db( 'pmg_finance' )
			or die( "error! could not select the database: " . mysql_error() );
	
//		echo "<form action=\"FILL IN AS APPROPRIATE TO USE\" method=\"GET\">";
		echo "<select name=\"client\" size=\"1\">";
		echo "<option disabled=\"true\" value=\"\"><br>";
		
		$client_query = "SELECT client from clients order by id";
		$client_result = mysql_query( $client_query );
		
		while ($client_fetch = mysql_fetch_object( $client_result ))
		
		{$this_client = $client_fetch -> client ;
		echo "<option>".$this_client."<br>";
		}

		echo "</select>";
		echo "</form>";
?>
and finally,

saveitem.php
----------------

Code: Select all

<?php session_start(); ?>

<html>
<title>Record Added</title>
<body>

<?php
	
	$employee_inits = $_SESSION['inits'];
	
	//  saving script

	//  connect to the server
	mysql_connect( 'localhost', 'root', '' )
		or die( "Error! Could not connect to database: " . mysql_error() );
	
	//  select the database
	mysql_select_db( 'pmg_finance' )
		or die( "Error! Could not select the database: " . mysql_error() );

	//  get the variables from the URL request string

			$id = $_GET['id'];
			$item_date = $_GET['item_date'];
			$exp_cat = mysql_real_escape_string($_GET['exp_cat']);
			$other = mysql_real_escape_string($_GET['other']);
			$client = $_GET['client'];
			$type = $_GET['type'];
			$amt = $_GET['amt'];
			$notes = mysql_real_escape_string($_GET['notes']);
			$report_num = $_SESSION['inits'];

	// if $id is not defined, we have a new entry, otherwise update the old entry
	if( $id )
	{ 
		$query = "UPDATE expenses06 ";
		$query .= "SET item_date='$item_date', exp_cat='$exp_cat_submit',";
		$query .= "Other='$other', client='$client', type_exp='$type',amt='$amt', notes='$notes' ";
		$query .= "WHERE id=\"$id\"";
	}
	else
	{ 
		$query = "INSERT INTO expenses06 ";
		$query .= "(report_num,item_date,Exp_Cat,Other,Client,Type_Exp,AMT,Notes ) ";
		$query .= "VALUES ( '$report_num','$item_date',";
		$query .= "(select id from expense_cats where expense_cats.exp_cat='$exp_cat'),";
		$query .= "'$other','$client','$type','$amt','$notes') ";
	}
	
	// save the info to the database

	$results = mysql_query( $query );

	// print out the results
	if( $results )
	{
		echo( "Successfully saved the entry. <p><a href='enterExpenseData.php'>Add Another Expense Item</a><p><a href='login.php'>Do Something Else</a>" );

	}
	else
	{
		die( "Trouble saving information to the database: <p>" . mysql_error() );
	}

?>

</body>
</html>
(this last one is also accessed by files that modify existing expense data, which is why there's an if - UPDATE else - INSERT.

Enjoy!!

steve

Posted: Wed Mar 01, 2006 6:09 pm
by steves
:oops:

it seems like it was a browser compatibility issue - make sense to anyone? i was using Opera when it didn't work, but Safari and Firefox worked just fine. hmm.

Posted: Wed Mar 01, 2006 6:12 pm
by nickman013
You can try this, because this is one error, that I have noticed real quick.

Change

Code: Select all

<td align="left"><?php include 'client.php' ; ?></td>
to

Code: Select all

<td align="left"><?php include('client.php'); ?></td>

Read up on include()

EDIT:

Actually you can ignore that. It is on a different page. But you should fix it when you fix the form.