greetings all. kinda new to the whole PHP world so go easy on me 🙂
im trying to create an admin section for my users where they can login and edit their profile information.
i have created the following 4 pages so far:
- index.php // the login page
- loggedin.php // confirmation of login with auto redirect to cp.php
- cp.php // the form page that calls current data in the database and displays in the fields. this page is also set so users can enter updated info into the form elements and hit the submit button
- update.php // this page is used to confirm that the changes were successful. this page does the actual inserting of info into the database.
i have sessions set on every page and everything works as i want it to. if no session is set (user doesnt log in)...manually browsing to any page (through the address bar) results in a redirect to index.php. perfect. working as intended so far.
what i am trying to do is have it so when the session expires, and a user tries to hit submit to make the change to his/her account...no changes are made to that account and that person is redirected to an error page that says their session is expired and to log back in.
as it stands now...even though the session expires, hitting the submit button enters the changes into the DB and redirects to update.php.
how can i make this happen?
cp.php:
<?php
# user/admin control panel
session_name ('HR');
session_set_cookie_params (60, '/', '');
session_start();
if (!isset($_SESSION['user_id'])) {
// start defining the url
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// check for a trailing slash
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // chop off the slash
}
$url .= '/index.php'; // add the page
header("Location: $url");
exit(); // quit the script
}
$u = $_SESSION['user_id'];
require_once ('./includes/mysql_connect.inc.php'); // connect to the db
$page_title = 'HR Control Panel';
include ('./includes/head_include.inc');
// make the query
$query = "SELECT email AS em, alias AS al, fav_game AS fg, interests AS it, bio AS bi
FROM users
WHERE user_id='$u'";
// run the query
$result = @mysql_query ($query);
if ($result) { // if it ran ok, display the records
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
echo "\n\n<form action=\"update.php\" method=\"post\">
<p>Email: <input type=\"text\" name=\"email\" value=\"" . $row['em'] . "\" /></p>
<p>Alias: <input type=\"text\" name=\"alias\" value=\"" . $row['al'] . "\" /></p>
<p>Favorite Game: <input type=\"text\" name=\"fav_game\" value=\"" . $row['fg'] . "\" /></p>
<p>Interests: <input type=\"text\" name=\"interests\" value=\"" . $row['it'] . "\" /></p>
<p>Bio: <input type=\"text\" name=\"bio\" value=\"" . $row['bi'] . "\" /></p>
<p><input type=\"submit\" name=\"submit\" value=\"Update\" /></p>
<input type=\"hidden\" name=\"submitted\" value=\"TRUE\" />
</form>\n\n";
} // closes while loop
mysql_free_result ($result); // free up the resources
} // close the $result IF
mysql_close();
include ('./includes/foot_include.inc');
?>
update.php:
<?php
# handle the cp.php form
session_name ('HR');
session_set_cookie_params (60, '/', '');
session_start();
if (!isset($_SESSION['user_id'])) {
// start defining the url
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// check for a trailing slash
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // chop off the slash
}
$url .= '/index.php'; // add the page
header("Location: $url");
exit(); // quit the script
}
$u = $_SESSION['user_id'];
require_once ('./includes/mysql_connect.inc.php'); // connect to the db
// check if the form has been submitted
if (isset($_POST['submitted'])) {
// check for email
if (empty($_POST['email'])) {
$e = NULL;
} else {
$e = escape_data($_POST['email']);
}
// check for an alias
if (empty($_POST['alias'])) {
$alias = NULL;
} else {
$alias = escape_data($_POST['alias']);
}
// check for fav_game
if (empty($_POST['fav_game'])) {
$fav_game = NULL;
} else {
$fav_game = escape_data($_POST['fav_game']);
}
// check for interests
if (empty($_POST['interests'])) {
$interests = NULL;
} else {
$interests = escape_data($_POST['interests']);
}
// check for bio
if (empty($_POST['bio'])) {
$bio = NULL;
} else {
$bio = escape_data($_POST['bio']);
}
// make the query
$query = "UPDATE users SET
email='$e', alias='$alias', fav_game='$fav_game', interests='$interests', bio='$bio'
WHERE user_id='$u'";
$result = @mysql_query ($query); // run the query
if ($result) { // if it ran ok
// redirect the user to the update.php page
// start defining the url
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// check for a trailing slash
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // chop off the slash
}
// add the page
$url .= '/update.php';
header("location: $url");
exit();
}
mysql_close();
}
?>
sdfsdfsdfsdfsdf
