Member Avatar for KPheasey

I am having a weird problem setting a session variable. I use a session array ($_SESSION) to display messages.

$_SESSION = error/success;
$_SESSION = $message;

Here is the function for displaying the message:

function displayMessage(){
	if(isset($_SESSION['message'])){
		echo"
		<div class=\"notification " . $_SESSION['message']['type'] . " png_bg\">
				<div>
					" . $_SESSION['message']['message'] . "
				</div>
		</div>";
		$_SESSION['message'] = NULL;
	}
}

This works great when I delete a user and confirm the delete. Here's the delete user code.

function deleteUser(){
	if(isset($_POST['deleteUsers'])){
		$users = $_POST['users'];
		foreach ($users as $user) {
			$user = stripslashes($user);
			$user = mysql_real_escape_string($user);
			$sql = "DELETE FROM `users`
					WHERE `username` = '$user'
					LIMIT 1";
			if(!mysql_query($sql)){
				$error = true;
			}
		}
		if(!$error){
			$_SESSION['message']['type'] = "success";
			$_SESSION['message']['message'] = "The specified users have been deleted.";
			header("location:index.php");
		}
		else{
			$_SESSION['message']['type'] = "error";
			$_SESSION['message']['message'] = "There was an error deleting the specified users.  Some but not all of the selected users have been deleted, please try again.";
			header("location:index.php");
		}
	}
	elseif(isset($_GET['user'])){
		$user = $_GET['user'];
		$user = stripslashes($user);
		$user = mysql_escape_string($user);

		$sql = "DELETE FROM `users`
				WHERE `username` = '$user'
				LIMIT 1";
		if(mysql_query($sql)){
			$_SESSION['message']['type'] = "success";
			$_SESSION['message']['message'] = "The specified user has been deleted.";
			header("location:index.php");
		}
		else{
			$_SESSION['message']['type'] = "error";
			$_SESSION['message']['message'] = "The specified user could not be deleted, pleas try again.";
			header("location:index.php");
		}
	}
}

When index.php loads it calls displayMessage(); and displays the success or error message properly when deleting a user. However, when I add a user no message shows.

Here is the add user function:

function addUser(){
	//Validate input form
	if(validateAddUserForm()){
		$error = false;
		//Add user to the database
		$username = $_POST['username'];
		$fname = $_POST['fname'];
		$lname = $_POST['lname'];
		$email = $_POST['email'];
		$group = $_POST['group'];

		$username = stripslashes($username);
		$fname = stripslashes($fname);
		$lname = stripslashes($lname);
		$email = stripslashes($email);
		$group = stripslashes($group);

		$username = mysql_escape_string($username);
		$fname = mysql_escape_string($fname);
		$lname = mysql_escape_string($lname);
		$email = mysql_escape_string($email);
		$group = mysql_escape_string($group);

		$sql = "INSERT INTO users (
				`username`,
				`group`,
				`fname`,
				`lname`,
				`email`
			)
			VALUES (
				'" . $username . "',
				'" . $group . "',
				'" . $fname . "',
				'" . $lname . "',
				'" . $email . "'
			)";
		if(mysql_query($sql)){
			if($group = "Student"){
				$sql = "INSERT INTO `student_steps` (
						`username`
					)
					VALUES (
						'" . $username . "'
					)";
				if(!mysql_query($sql)){
					$error = true;
					$_SESSION['message']['type'] = "error";
					$_SESSION['message']['message'] = "The student account was not initiated properly.  Please delete the account and try again.";
					header('location:index.php');
				}
			}
		}
		else{
			$error = true;
			$_SESSION['message']['type'] = "error";
			$_SESSION['message']['message'] = "There was an error adding the new user to the database.  Please make sure that a user with the same username does not already exist and try again.";
			header('location:index.php');
		}
		if(!$error){
			$_SESSION['message']['type'] = "success";
			$_SESSION['message']['message'] = "The new user has been added successfully.";
			header('location:index.php');
		}
	}
}

And in case you need it, here is the validateAddUserForm function (the error messages from this form appear properly on the appropriate page).

function validateAddUserForm(){
	if(!isset($_POST['username']) || $_POST['username'] == ""){
		$error .= "Please enter a username. <br />";
	}
	else{
		$username = trim($_POST['username']);
		$username = stripslashes($username);
		$username = mysql_real_escape_string($username);

		$sql = "SELECT *
				FROM `users`
				WHERE `username` = '$username'";
		$query = mysql_query($sql);
		$count = mysql_num_rows($query);
		if($count > 0){
			$error .= "The specified username already exists in the database. <br />";
		}
	}

	$fname = trim($_POST['fname']);
	if($fname == ""){
		$error .= "Please enter a first name. <br />";
	}

	$lname = trim($_POST['lname']);
	if($lname == ""){
		$error .= "Please enter a last name. <br />";
	}

	$email = trim($_POST['email']);
	if($_POST['email'] == ""){
		$error .= "Please enter an email addresses. <br />";
	}
	elseif(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST['email'])){
		$error .= "You have entered an invalid email address. <br />";
	}

	if($_POST['group'] == ""){
		$error .= "Please select a group. <br />";
	}
	//If there are errors in the form, go back and report errors
	if(isset($error)){
		$addUserError['username'] = $_POST['username'];
		$addUserError['fname'] = $_POST['fname'];
		$addUserError['lname'] = $_POST['lname'];
		$addUserError['email'] = $_POST['email'];
		$addUserError['group'] = $_POST['group'];
		$_SESSION['addUserError'] = $addUserError;
		$_SESSION['message']['type'] = "error";
		$_SESSION['message']['message'] = $error;
		return false;
	}
	else{
		return true;
	}
}

I'm not getting any error messages and if I try and print the message whether or no isset is checked I get nothing. All pages in script require the following script at the beginning.

session_start();
if($_SESSION['group'] != 'admin'){
	header("location:../");
}

require('dbConnect.php');
  • 2 Contributors
  • 2 Replies
  • 277 Views
  • 9 Hours Discussion Span
  • Latest Post Latest Post by KPheasey
Member Avatar for hielo

In validateAddUserForm() you are using $error .= ...; but you have not initialized $error. Initialize it at the very top of your function (before the if clause). If you are still not seeing anything, begin adding echo sprintf('%s(): %s',__FUNCTION__,__LINE__); statements throughout your function(s) so find out which lines are actually being executed.

Also, in addUser() you have if($group = "Student") . You MISSED an equal sign.

Edited by hielo because: n/a
Member Avatar for KPheasey

Thank you for your response helio. However the problem was that the addUser() function was being called from the addUser page, so when the addUser() function changed the header, the addUser page would first fully load. Which means displayMessage() was called on that page instead of the index page.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.