Updating session commands

Azarath

Its been a while since I used php at all, and as such, most of what I used doesnt seem to work anymore.

After some hours of editing, I fixed out most of the errors, and they seem to work OK now, just the header.php file that makes any error...thats when im trying to validate a session after its been created on a previous page...

logintable.php:

<form method="post" action="admintest.php">

<div align="center">
<table width="20%"  border="0" cellspacing="0" cellpadding="0">
<tr>
<td width=50%><span class="style5">Username:</span></td>
<td width=50%><input type=text name="name2" size=17 maxlength=20></td>
</tr>
<tr>
<td><span class="style5">Password:</span></td>
<td><input type=password name="pass2" size=17 maxlength=20></td>
</tr>
<tr>
<td colspan="2"><div align="center">
<input type=submit value="Log In">
</div></td>
</tr>
</table>
</div>

</form>

admintest.php:

<?
if (!$_POST['name2'] || !$_POST['pass2']) {
echo "Please fill out all fields.";
exit;
}

$name = $_POST['name2']; 
$pass = $_POST['pass2']; 
include("config.php");
$logres = @mysql_num_rows(mysql_query("select * from members where name='$name' and pass='$pass'"));

if ($logres <= 0) {
echo "Login failed. If you have authority to log in, please check your spelling and try again.";
exit;
} else {
$_SESSION['name'] = $name;
$_SESSION['pass'] = $pass;

$grouppermissions = mysql_query("SELECT * FROM members WHERE name='$name' AND pass='$pass'");
while ($group = mysql_fetch_array($grouppermissions)){

echo "Welcome, $name <br>";
if ($group[group] == "Admin") {
include("adminoptions.php");
}
}
}

?>

adminoptions.php & addnews.php:

<?
echo"Pick an option:<br>
<br>
<a href=addnews.php>Add a news article</a>
";
?>


<?
include("config.php");
$memberstat = mysql_fetch_array(mysql_query("select * from members where name='$name' and pass='$pass'")); 
?>
</td>
<td valign="top" bordercolor="#000000" bgcolor="#E7E3EF"><div align="center" class="style3">
<form method="post" action="addnews2.php">
<div align="left"></div>

<div align="center">
<table width="50%"  border="0" cellspacing="0" cellpadding="0">
<tr>
<td width=20%><div align="center">Posted:</div></td>
<td>
<div align="left">
<input type="text" name="time" size="25" maxlength="20" value=<?
echo strftime("%Y-%m-%d&nbsp;%H:%M:%S");
?> readonly="yes">
</div></td>
</tr>
<tr>
<td>Author:</td>
<td>
<div align="left">
<input type="text" name="author" size="25" maxlength="20" value="<? 
echo "$memberstat[name]"; 
?>" readonly="yes">
</div></td>
</tr>
<tr>
<td height="182">News:</td>
<td><textarea name="news" cols="61" rows="10"></textarea></td>
</tr>
<tr>
<td colspan="2"><div align="center">
<input type=submit value="Add news">
</div></td>
</tr>
</table>
</div>
</form>

addnews2.php:

<?
include ("header.php");

echo "<b><u>News:</u></b><br>";

$query = "INSERT INTO `news` VALUES ('$id','$time','$author','$news')";
$result = mysql_db_query("web13_clantoru", $query);

$newslist = mysql_query("SELECT * FROM `news` WHERE 1 ORDER BY `time` DESC");

while ($news = mysql_fetch_array($newslist)) {   

echo "
<b>Posted:</b> $news[time] <br>~-~-~-~-~-~-~<br><b>Author:</b> $news[author] <br>~-~-~-~-~-~-~<br>$news[news]
<br>
<hr>"; 
}
?>

header.php:

<?php  

session_start(); 
include("config.php"); 
if (!session_is_registered("name") || !session_is_registered("pass")) {  

print "Sesion has expired.";  

exit; 
} 
$memberstat = mysql_fetch_array(mysql_query("select * from members where name='$name' and pass='$pass'")); 
?>

At the moment, the only problems I can tell is that on addnews.php, the author name isnt put into the table, not sure if theres some sort of $_GET command I need to add.

And that when going to add a news item, addnews2.php returns "Session has expired".

Theres probably more though, I'd be greatly apprectiative if someone could look through it all, pointing out any errors I have...

jansky

in your adminoptions.php & addnews.php:
try replacing the include with header.php

Azarath

That just returns "Session has expired"

LoganK

How about "if (!isset($SESSION['user']) || !isset($SESSION['pass']))"?

And as for the author name, I was under the impression that you need to enclose arrays within double-quoted echoes with brackets:

echo "{$array['keyname']}";

Azarath

putting that line in still gives "headers already sent out" error, line 2 of header.php

And I take it I have to set the array up first beforehand somewhere? changing to that still gives me a blank box for the author :S

jansky

<?
if (!$POST['name2'] || !$POST['pass2']) {
echo "Please fill out all fields.";
exit;
}

$name = $POST['name2'];
$pass = $POST['pass2'];
include("config.php");

can you put the your include above your code and replace it with header.php
And also can you post your code in config.php

Azarath

Put config to header, and put it to the top, now I get the header errors on header.php still, then under it "Session has expired".

Config.php:

<?php 
$db = mysql_connect("localhost","******","******")

or die("Failed connecting to database"); 

mysql_select_db("web13_clantoru",$db); 
?>