Hey All,

I'm fairly new to PHP Programming. I have compiled and installed
postgres version 8.0.1, and with that compiled postgres support into
my postgres (I'm using PHP version 5.0.4), and I've compiled support
for PHP into Apache (version 2.0.53) and all is working (in that I can
embed PHP into my HTML documents and get the expected results).

Recently I started working on a website in which I would like there to
be an administration page where the person who is logged in can add
and delete records. I figured that the best way to do this would be to
establish a session, (at the login page) then if the user login is
successful, I would then register the username and password and
redirect the user to the admin page. I chose not to use cookies, b/c
everyone may not have cookies enabled on their browser and I didn't
want that to be a hurdle that a user would have to jump over.

I've written the code but when I try to login to the site I get this message:

Warning: Cannot modify header information - headers already sent by
(output started at /export/home/www/htdocs/login.php:13) in
/export/home/www/htdocs/login.php on line 25

Warning: Unknown: Your script possibly relies on a session side-effect
which existed until PHP 4.2.3. Please be advised that the session
extension does not consider global variables as a source of data,
unless register_globals is enabled. You can disable this functionality
and this warning by setting session.bug_compat_42 or
session.bug_compat_warn to off, respectively. in Unknown on line 0

Information I've seen on the web for these types of messages would
indicate that I don't have a /tmp directory, but such is not the case.
 Other messages have indicated that my session variables are not
getting written to /tmp, but that is not true either, as I have seen
them in there...as I see entries such as:


So, I'm guessing that there aren't problems with my /tmp filesystem.

Please excuse the lack of style as I have mainly been trying to hack
out something, but plan to clean it up later.

My source code for the login page is as follows:

    echo "<html>
          <title>Joshua Generation Login Page</title>
          <body bgcolor='#9C9C9C'>
          <form action='login.php' method='POST'>
          <table border='1'>
            <tr><td>Enter Username:</td><td><input type='text'
            <tr><td>Enter Password:</td><td><input type='text'
            <input type='hidden' name='login' value='1'>
            <input type='submit'value='Login'>
    if ( $_POST )
      $username = $_POST['username'];
      $password = $_POST['password'];
      if ( $username == "test" && $password == "test" )
        global $username, $password;

        echo "<h1>Authorized Entry</h1>";
        header("Location: http://joshua1and8.homelinux.org/admin.php";);
      { echo $username;
        echo "<br>";
        echo $password;
        echo "<br>";
        echo "<h1>Login FAILED</h1>";
    echo "</body>

My source code for the admin page is as follows:

  global $username, $password;
<title>Joshua Generation Admin Page</title>
<body bgcolor='#9C9C9C'>
 * Radesh N. Singh
 * Admin Page
if (isset($username))
  echo "<h1>Joshua Generation Admin's Corner</h1>
  <form action=\"admin.php\" method=\"POST\">
  <table border=\"1\">
        <td>Cell Phone</td>
        <td>Work Phone</td>
        <td>Home Phone</td>
        <td>Email Address</td>
    <tr><td><input type=\"text\" name=\"name\"/></td>
      <td><input type=\"text\" name=\"cphone\"/></td>
      <td><input type=\"text\" name=\"wphone\"/></td>
      <td><input type=\"text\" name=\"hphone\"/></td>
      <td><input type=\"text\" name=\"emailaddr\"/></td>
    <tr><input type=\"hidden\" name=\"proc\" value=\"add\">
          <input type=\"submit\" value=\"Add Member Records\">
          <input type=\"hidden\" name=\"proc\" value=\"del\">
          <input type=\"submit\" value=\"Delete Member Records\">

  if ($_POST)
    $conn_string = "dbname=joshua_generation user=admin password=admin";
    $conn_hndl = pg_connect($conn_string);

    switch ($_POST['proc'])
      case 'add':
        $name = $_POST['name'];
        $cphone = $_POST['cphone'];
        $wphone = $_POST['wphone'];
        $hphone = $_POST['hphone'];
        $emailaddr = $_POST['emailaddr'];

        To add a member a name is all that is needed.
        Based on the name that is entered, the next nameid
        will be generated by the dbms, and the insert will
        be done into:
        based on that number
        The default MBRSTATUS.status will be ACTIVE
        $ins_names_stmt = "INSERT INTO NAMES VALUES ('nextval('nid'),'";
        $ins_names_stmt .= $name;
        $ins_names_stmt .= "');";
        $getcurval = "SELECT currval('$nid[0]') FROM NAMES";
        $curval = pg_fetch_row(pg_query($getcurval[0]));
        $ins_pnums_stmt = "INSERT INTO PNUMBERS (nameid, cnumber,
wnumber, hnumber) VALUES ('";
        $ins_pnums_stmt = $curval[0];
        $ins_pnums_stmt .= "','";
        $ins_pnums_stmt .= $cphone;
        $ins_pnums_stmt .= "','";
        $ins_pnums_stmt .= $wphone;
        $ins_pnums_stmt .= "','";
        $ins_pnums_stmt .= $hphone;
        $ins_names_stmt .= "');";
        $ins_emads_stmt = "INSERT INTO EMAILADDRS (nameid, emailaddr)
        $ins_emads_stmt .= $curval[0];
        $ins_pnums_stmt .= "','";
        $ins_emads_stmt .= $emailaddr;
        $ins_emads_stmt .= "');";
        $ins_mbsts_stmt = "INSERT INTO MBRSTATUS (nameid, status) VALUES ('";
        $ins_mbsts_stmt .= $curval[0];
        $ins_mbsts_stmt .= "','true');";
      case 'del':
          Deletion is really an archive then delete process...
          The goal is to save all of the data to an archive table,
          then delete the original data.
          The actual delete will be done on the NAMES table,
          which will result in the foreign keys being updated.
        /* Get nameid as the key to the rest of the queries */
        $searchname = $_POST['name'];
        $rval = "SELECT nameid FROM NAMES where name = '$searchname'";
        $row = pg_fetch_row(pg_query($rval));
        $nid = $row[0];

        /* SQL Statements */
        /* Get the phone number */
        $number_val =  "SELECT pnumbers.cnumber, pnumbers.wnumber,
pnumbers.hnumber ";
        $number_val .= "FROM pnumbers ";
        $number_val .= "WHERE  pnumbers.nameid = '";
        $number_val .= $nid;
        $number_val .= "';";

        /* Get the email address */
        $email_val = "SELECT emailaddrs.emailaddr FROM emailaddrs
WHERE emailaddrs.nameid = '";
        $email_val .= $nid;
        $email_val .= "';";

        /* Fetch the phone numbers */
        $number_row = pg_fetch_row(pg_query($number_val));

        /* Fetch the email address */
        $email_row = pg_fetch_row(pg_query(strtolower($email_val)));

        /* Store values of phone numbers and email addresses for future use */
        $cphone = $number_row[0];
        $wphone = $number_row[1];
        $hphone = $number_row[2];
        $emailaddr = $email_row[0];

        $arch_stmt = "INSERT INTO ARCHIVE (name, cnumber, wnumber,
hnumber, status) VALUES ('";
        $arch_stmt .= $searchname;
        $arch_stmt .= "','";
        $arch_stmt .= $cphone;
        $arch_stmt .= "','";
        $arch_stmt .= $wphone;
        $arch_stmt .= "','";
        $arch_stmt .= $hphone;
        $arch_stmt .= "','";
        $arch_stmt .= $emailaddr;
        $arch_stmt .= "','true');";


        $del_stmt = "DELETE FROM NAMES WHERE NAMES.nameid = '";
        $del_stmt .= $nid;
        $del_stmt .= "'";

        echo "No Action Selected";

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to