php_self not working
Posted: Mon Jul 16, 2007 11:37 pm
Is it correct that there should be one php_self per page...? I am trying to acheive few different tasks from one flow of script using if.
Any button with $_SERVER['PHP_SELF'] action logs me out of the page. What am I doing wrong here...
Any button with $_SERVER['PHP_SELF'] action logs me out of the page. What am I doing wrong here...
Code: Select all
<?php
include ('functions.php5');
session_start();
if ((isset($_SESSION['valid_user'])) && ($_SESSION['group'] == admin)) {
$username = $_GET['un'];
$edit = $_POST['editable'];
if ($edit == delete) {
if (isset($_GET['delete']) && $_GET['delete'] == 'no') {
header('location: admusers.php5');
}
if (isset($_GET['delete']) && $_GET['delete'] == 'yes') {
if (!$resultdel = @mysqli_query($link, 'DELETE FROM users WHERE username=\'' . $username . '\'')) {
echo getHeader();
echo '<p>Error2: ' . mysqli_error($link) . '.</p>';
echo getFooter();
exit;
}
echo getHeader();
echo '<p> Successfully deleted. </p>';
echo '<p class=nav><a href=admusers.php5>back</a></p>';
echo getFooter();
exit;
}
echo getHeader();
echo '<p>This will delete the user account. Are you sure?</p>';
echo '<p> <a href=' . $_SERVER['PHP_SELF'] . '?delete=yes>yes</a> | <a href=' . $_SERVER['PHP_SELF'] . '?delete=no>no</a> </p>';
echo '<p class=nav><a href=admusers.php5>back</a></p>';
echo getFooter();
exit;
}
if ($edit == password) {
if (isset($_GET['password']) && $_GET['password'] == 'no') {
header('location: admusers.php5');
}
if (isset($_GET['password']) && $_GET['password'] == 'yes') {
if (!$resultpw = @mysqli_query($link, 'UPDATE `users` SET `password` = sha1(\'password\') WHERE `username` = \'' . $username . '\'')) {
echo getHeader();
echo '<p>Error2: ' . mysqli_error($link) . '.</p>';
echo getFooter();
exit;
}
echo getHeader();
echo '<p> Password has been reset successfully. </p>';
echo '<p class=nav><a href=admusers.php5>back</a></p>';
echo getFooter();
exit;
}
echo getHeader();
echo '<p>This will reset user\'s password. Are you sure?</p>';
echo '<p> <a href=' . $_SERVER['PHP_SELF'] . '?password=yes>yes</a> | <a href=' . $_SERVER['PHP_SELF'] . '?password=no>no</a> </p>';
echo '<p class=nav><a href=admusers.php5>back</a></p>';
echo getFooter();
exit;
}
if ($edit == group) {
if (isset($_GET['grp'])) {
if (!$resultgp = @mysqli_query($link, 'UPDATE `users` SET `link` = ' . $_GET['group'] . ' WHERE `username` = \'' . $username . '\'')) {
echo getHeader();
echo '<p>Error2: ' . mysqli_error($link) . '.</p>';
echo getFooter();
exit;
}
echo getheader();
echo '<p>Group updated.</p>';
echo '<p class=nav><a href=admusers.php5>back</a></p>';
echo getFooter();
exit;
}
echo getHeader();
echo '<p>Please select the group to assign:</p>';
echo '<p> <a href=' . $_SERVER['PHP_SELF'] . '?grp=admin>admin</a> (Building Manager) | <a href=' . $_SERVER['PHP_SELF'] . '?grp=member>member</a> (Body Corporate Member)</p>';
echo '<p class=nav><a href=admusers.php5>back</a></p>';
echo getFooter();
exit;
}
if (isset($_POST['submit'])) {
if (!$result = @mysqli_query($link, 'UPDATE `users` SET ' . $edit . ' = ' . $_POST['editable'] . ' WHERE `username` = \'' . $username . '\'')) {
echo getHeader();
echo '<p>Error2: ' . mysqli_error($link) . '.</p>';
echo getFooter();
exit;
}
echo getHeader();
echo '<p>Please give new ' . $edit . '</p>';
echo '<p><form action=' . $_SERVER['PHP_SELF'] . ' method=post>';
echo '<input type=text name=editable maxlength=50 />';
echo '<input type=submit name=submit value=update />';
echo '</form></p>';
echo '<p class=nav><a href=admusers.php5>back</a></p>';
echo getFooter();
exit;
}
}
echo getHeader();
echo '<p> You are not logged in.</p>';
echo '<p class=nav><a href=login.php5>login</a></p>';
echo getFooter();
?>