Problem with sesison in Custom PHP admin panel

Question

Jakx 0 Newbie Poster

12 Years Ago

Hello, I am having trouble with this custom admin panel. It is pretty simple, it has an admin login page, an index page , and a page where you can Add and Delete invetory items ( <--this one is the one with the problem ) Everything was working okey, I added 2 items, deleted one, and now it gives me this Error everytime i try to add or deleted any items.

" Your login session data is not on record in the database. "

You can try it out. the URL is http://regismartinez.com/pepe/storeadmin/admin_login.php

The credentials are: administrator / asdf1234

Here is the code for admin_login.php (works fine )

<?php 

session_start();
ob_start();
if (isset($_SESSION["manager"])) {
    header("location: index.php"); 
    exit();
    ob_end_flush();
}
?>

<?php 
// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])) {

    $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters
    $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters
    // Connect to the MySQL database  
    include "../storescripts/connect_to_mysql.php"; 
    $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person

    // ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
    $existCount = mysql_num_rows($sql); // count the row nums
    if ($existCount == 1) { // evaluate the count
         while($row = mysql_fetch_array($sql)){ 
             $id = $row["id"];
         }
         $_SESSION["id"] = $id;
         $_SESSION["manager"] = $manager;
         $_SESSION["password"] = $password;
         header("location: index.php");
         exit();
    } else {
        echo 'That information is incorrect, try again <a href="index.php">Click Here</a>';
        exit();
    }
}
?>

Here is the code for the index.php (the admin index page)

<?php 

session_start();
if (!isset($_SESSION["manager"])) {
    header("location: admin_login.php"); 
    exit();
}
// Be sure to check that this manager SESSION value is in fact in the database
$managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters

$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters

$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters

// Run mySQL query to be sure that this person is an admin and that their password session var equals the database information
// Connect to the MySQL database  
include "../storescripts/connect_to_mysql.php"; 
$sql = mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); // query the person

// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
$existCount = mysql_num_rows($sql); // count the row nums
if ($existCount == 0) { // evaluate the count
     echo "Your login session data is not on record in the database.";
     exit();
}
?>

And here is the code for the inventory_list.php ( the one with the problem I believe)

<?php 

session_start();
if (!isset($_SESSION["manager"])) {
    header("location: admin_login.php"); 
    exit();
}

// Be sure to check that this manager SESSION value is in fact in the database
$managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters

$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters

$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters

// Run mySQL query to be sure that this person is an admin and that their password session var equals the database information
// Connect to the MySQL database  
include "../storescripts/connect_to_mysql.php"; 
$sql = mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); // query the person

// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
$existCount = mysql_num_rows($sql); // count the row nums
if ($existCount == 0) { // evaluate the count
     echo "Your login session data is not on record in the database.";
     exit();
}
?>

<?php 
// Script Error Reporting
error_reporting(E_ALL);
ini_set('display_errors', '1');
?>

<?php 

// Delete Item Question to Admin, and Delete Product if they choose
if (isset($_GET['deleteid'])) {
    echo 'Do you really want to delete product with ID of ' . $_GET['deleteid'] . '? <a href="inventory_list.php?yesdelete=' . $_GET['deleteid'] . '">Yes</a> | <a href="inventory_list.php">No</a>';
    exit();
}
if (isset($_GET['yesdelete'])) {
    // remove item from system and delete its picture
    // delete from database
    $id_to_delete = $_GET['yesdelete'];
    $sql = mysql_query("DELETE FROM products WHERE id='$id_to_delete' LIMIT 1") or die (mysql_error());
    // unlink the image from server
    // Remove The Pic -------------------------------------------
    $pictodelete = ("../inventory_images/$id_to_delete.jpg");
    if (file_exists($pictodelete)) {
                unlink($pictodelete);
    }
    header("location: inventory_list.php"); 
    exit();
}
?>


<?php 
// Parse the form data and add inventory item to the system

if (isset($_POST['product_name'])) {

    $product_name = mysql_real_escape_string($_POST['product_name']);
    $price = mysql_real_escape_string($_POST['price']);
    $category = mysql_real_escape_string($_POST['category']);
    $subcategory = mysql_real_escape_string($_POST['subcategory']);
    $details = mysql_real_escape_string($_POST['details']);

    // See if that product name is an identical match to another product in the system

    $sql = mysql_query("SELECT id FROM products WHERE product_name='$product_name' LIMIT 1");
    $productMatch = mysql_num_rows($sql); // count the output amount
    if ($productMatch > 0) {
        echo 'Sorry you tried to place a duplicate "Product Name" into the system, <a href="inventory_list.php">click here</a>';
        exit();
    }

    // Add this product into the database now

    $sql = mysql_query("INSERT INTO products (product_name, price, details, category, subcategory, date_added) 
        VALUES('$product_name','$price','$details','$category','$subcategory',now())") or die (mysql_error());
     $pid = mysql_insert_id();
    // Place image in the folder 
    $newname = "$pid.jpg";
    move_uploaded_file( $_FILES['fileField']['tmp_name'], "../inventory_images/$newname");
    header("location: inventory_list.php"); 
    exit();
}
?>


<?php 
// This block grabs the whole list for viewing
$product_list = "";
$sql = mysql_query("SELECT * FROM products ORDER BY date_added DESC");
$productCount = mysql_num_rows($sql); // count the output amount
if ($productCount > 0) {
    while($row = mysql_fetch_array($sql)){ 
             $id = $row["id"];
             $product_name = $row["product_name"];
             $price = $row["price"];
             $date_added = strftime("%b %d, %Y", strtotime($row["date_added"]));
             $product_list .= "Product ID: $id - <strong>$product_name</strong> - $$price - <em>Added $date_added</em>       <a href='inventory_edit.php?pid=$id'>edit</a> • <a href='inventory_list.php?deleteid=$id'>delete</a><br />";
    }
} else {
    $product_list = "You have no products listed in your store yet";
}
?>

This is a tutorial I am trying to follow on youtube. I am new to php , and i do not own this code. However i am stuck with this problem. Thank you in advance for any help you guys can provide me.

php

Edited 11 Years Ago by Dani because: Formatting fixed

2 Contributors
3 Replies
279 Views
10 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by simplypixie

simplypixie 123 Posting Pro in Training

12 Years Ago

I think you need to find a simpler tutorial as there is no need to keep querying your database on every page, just do it once at login and ensure all required data is stored in your session variables as required and then use checks on the session data to determine if a page can be viewed or not.

What all the preg_replace on the session data is for I have no idea either - there is no need for it and is probably what is causing your database query to fail to be honest.

Just get rid of the additional queries and use your session data only.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Jakx 0 Newbie Poster · Answer 1 · 2012-09-05T16:40:53+00:00

Alright I am gonna try to find another tutorial, and also try to get rid of the additional queries to see if that possibly can solve the problem. Thank you

Update: I did what you said ( simplypixie ) i got rid of the extra queries checking for the user in the data base, and i just left the check to determine if the page can be viewed or not , and now it works ! it adds and deletes items normally without giving the " Your login session data is not on record in the database. " message.

simplypixie 123 Posting Pro in Training · Answer 2 · 2012-09-05T17:33:56+00:00

simplypixie 123 Posting Pro in Training

12 Years Ago

Glad to hear it :-)