I have a list of teachers and PINS (passwords) in SQL. On our intranet, the user logs in to enter a student merit. The FIRST time the user tries to log in they get this error:
PHP Notice: Undefined index: loggedin in e:\Inetpub\intranetroot\merits\mer_merit.php on line 4
If they then REENTER the same details, it allows access. I have the code split between the following files:
MER_INDEX: /////////////////////////////////////////////////////////////////////////////
<html>
<head>
<title>Merits</title>
</head>
<body onload="document.loginform.username.focus();">
<h2>JGHS Teacher Page: Merit Awards</h2>
<h3>Please remember to log off after issuing merits!<h3/>
<form
name="loginform"
method="post"
action="mer_logineval.php">
<table>
<tr>
<td>Username </td>
<td><input type="text" name="username" maxlength="16" /></td>
</tr>
<tr>
<td>Password </td>
<td><input type="password" name="password" maxlength="16" /></td>
</tr>
<tr>
<td> </td>
<td><input class="button" name="button" type="submit" value="Log in" /></td>
</tr>
</table>
<?php
$teachermenu = '<a href="\teachers.asp">Return to teacher menu</a>';
echo " ".$teachermenu;
?>
</table>
</body>
<html>
MER_LOGINEVAL ///////////////////////////////////////////////////////////////////////
<?php
session_start();
$back = '<a href="javascript:history.go(-2)">Back</a>';
// read the parameters, and give them the prefix $p
import_request_variables('gp', 'p');
$p_username = trim($p_username);
$p_password = trim($p_password);
if ($p_username == '') {echo 'Please type a username. '.$back; die();}
if ($p_password == '') {echo 'Please type a password. '.$back; die();}
require 'mer_connect.php';
// check if a user exist with that username and password
$sql = "SELECT * FROM mer_teachers
WHERE id = '$p_username'
and password = '$p_password'";
$result = mysql_query($sql);
$nrows = mysql_affected_rows();
if ($nrows == -1) {echo 'Unexpected error in the query:<br/>'; die($sql);};
if ($nrows > 1) {echo 'Unexpected error. More than one user has this username and password. '.$back; die();};
if ($nrows == 0)
{echo 'Sorry, no user found with that username and password. '.$back; die();}
// one user found with the given username and password, store the result of the query
$rowuser = mysql_fetch_array($result);
$SESSION['id'] = $rowuser['id'];
$SESSION['teachername'] = $rowuser['teachername'];
$_SESSION['loggedin'] = true;
if ($_SESSION['id'] == 'hs')
{
header("Location: mer_print.php"); // the secretary will print
}
else
{
header("Location: mer_merit.php"); // anybody else will add a merit
};
?>
MER_MERIT ////////////////////////////////////////////////////////////////////////////////
<?php
session_start();
///////////////////////THIS IS THE ERROR LINE! ///////////////////////////////////////
if(!$SESSION['loggedin'] || !isset($SESSION['loggedin']))
{echo 'Back to login page <a href="mer_index.php">Log in</a>';die();};
// read the parameters, and give them the prefix $p
import_request_variables('gp', 'p');
$p_fstudentid = (isset($p_fstudentid) ? $p_fstudentid : 0);
$p_fcategoryid = (isset($p_fcategoryid) ? $p_fcategoryid : 0);
?>
<html>
<head>
<title>Merits</title>
<link rel="stylesheet" type="text/css" href="mer.css" />
</head>
<body>
<div id="teacher">
<p><?php echo $_SESSION['teachername'].' ';?> is logged in
| <a href="mer_logout.php">Log out</a></p>
</div>
<div id = "main" align="center">
<p><b><font face="Monotype Corsiva" size="6">Merit Certificate</font></b></p>
<p><font face="Monotype Corsiva" size="4">awarded to</p>
<form name = "frmstudent" action="mer_merit.php" method="get">
<select
size="1"
name="fstudentid"
onchange='document.frmstudent.submit()'>
<?php
require 'mer_connect.php';
$csql = "select * from mer_students order by studentname";
$result = mysql_query($csql);
$nrows = mysql_num_rows($result);
if ($nrows == -1) {echo 'Unexpected error in the query:<br/>'; die($csql);};
$cdummy = (!isset($p_fstudentid) ? "selected=\'selected\'" : "");
$row = mysql_fetch_array($result);
echo('<option value="0"'.$cdummy.'>(select a student)</option>');
while ($row = mysql_fetch_array($result))
{
if ($p_fstudentid == $row['id'] )
{
echo('<option value = '.$row['id'].' selected=\'selected\' >'.$row['studentname'].'</option>')
.'<div id="studentname">'.$row["studentname"]
.' '.$row["group"].'</div>';
$cdummy = substr($row['group'],2,1);
$SESSION['tgp'] = $row['group'];
$SESSION['studentid'] = $row['id'];
$_SESSION['studname'] = $row['studentname'];
}
else
{
echo('<option value="'.$row['id'].'" >'.$row['studentname'].' </option>');
}
}
?>
</select>
</form>
<br/><br/>
<?php
switch ($cdummy)
{
case 'D':
$chouse = 'Dolphin';
break;
case 'M':
$chouse = 'Marlin';
break;
case 'T':
$chouse = 'Tarpon';
break;
case 'W':
$chouse = 'Wahoo';
break;
default :
$chouse = '';
break;
}
echo 'of '.$chouse; ?> house<br/><br/>
for<br/><br/> </font>
<form action="mer_teacherchoice.php" method="get">
<select
size="1"
name="fcategoryid"
onChange="document.getElementById('txtcategory').value=this.options[this.selectedIndex].text;">
<?php
//<form action="mer_savemerit.php" method="get">
$csql = "select * from mer_categories order by description";
$result = mysql_query($csql);
$nrows = mysql_num_rows($result);
if ($nrows == -1) {echo 'Unexpected error in the query:<br/>'; die($csql);};
$cdummy = (!isset($p_fcategoryid) ? "selected=\'selected\'" : "");
$row = mysql_fetch_array($result);
echo('<option value="0"'.$cdummy.'>(select a category)</option>');
while ($row = mysql_fetch_array($result))
{
if ($p_fcategoryid == $row['id'])
{
echo('<option value = '.$row['id'].' selected=\'selected\' >'.$row['description'].'</option>');
$cdummy = substr($row['group'],2,1);
}
else
{
echo('<option value="'.$row['id'].'" >'.$row['description'].'</option>');
}
}
// $_SESSION['mmid']=$row['id']; // set merit id variable
?>
</select>
<br/><br/><input name = "feditcategory" size = "55" type="text" id="txtcategory"
value = "<?php echo (isset($p_feditcategory) ? $p_feditcategory : ' (edit a category or type whatever)'); ?>">
<br/><br/>
<?php
$csql = "select * from mer_house where house = '".$chouse."'";
$result = mysql_query($csql);
$nrows = mysql_affected_rows();
if ($nrows == -1) {echo 'Unexpected error in the query:<br/>'; die($csql);};
$row = mysql_fetch_array($result);
// set variables ////
$SESSION['mhouse']=$row['House'];
$SESSION['mhouseheadm']= $row['male'];
$_SESSION['mhouseheadf']= $row['female'];
?>
<table>
<tr><td align="center"><?php echo $row['male']; ?></td><td align="center"><?php echo $row['female']; ?></td></tr>
<tr><td align="center"><font size="2">Head of house (boys)</font></td><td align="center"><font size="2">Head of house (girls)</font></td></tr>
<tr><td> </td></tr>
<tr><td align="center"><?php echo $_SESSION['teachername'].' ';?></td>
<td align="center"><?php echo date('d-M-y'); ?></td></tr>
<tr><td align="center"><font size="2">Teacher</font</td><td align="center"><font size="2">Issue date</font</td></tr>
</table>
<input name="button" type="submit" value="Save the merit certificate">
</form>
</div>
</body>
</html>
Can anyone help me? Thanks in advance
John
