Need help with a script.

gilizama

The author of the script went MIA, so in turn I'm seeking help elsewhere.

The script is called myInvoice from http://www.widgetmonkey.com/app.php?id=14 You can download the script there if you want to check it out and help me.

Well anywho, here's the problem. When I first installed the script and setup the SQL databases, I tried logging in with the default username and pw, but it just takes me nowhere, it just stays at the login page. So I altered the $query code in the login.php file. And it logged me in, but as a client. Now, I'm having trouble logging in as an administrator. Can someone please take a look at the two files I have added below and help me please. I need to login as an admin, and I just can't figure out what's wrong with the code. I'm fairly new to PHP and MySQL, I know little of it, but not VERY little of it. So help me out. Please...

This is the login.php file:

<?
include("inc/config.php");
$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to connect!");
$query = "SELECT `name` FROM `clients` WHERE name = '$name' AND password = '$password'";
$result = mysql_db_query($database, $query, $connection);
if (mysql_num_rows($result) == 1)
	{
	session_start();

session_register("client_id");
session_register("client_name");
session_register("client_email");
session_register("client_ref");
session_register("client_title");
list($clientid, $name, $pass, $email, $ref, $title) = mysql_fetch_row($result);
$client_id = $clientid;
$client_name = $name;
$client_email = $email;
$client_ref = $ref;
$client_title = $title;

header("Location: menu.php");
mysql_free_result ($result);	

mysql_close($connection);
}
else

{
mysql_free_result ($result);	
mysql_close($connection);

header("Location: index.htm");
exit;
}
?>

This is the menu.php file:

<?
session_start();
if(!session_is_registered("client_id"))
{
header("Location: index.htm");
exit;
}
?>
<html>
<link rel="stylesheet" href="inc/style.css" type="text/css">

<body bgcolor="#FFFFFF">
<img src="inc/title.gif" width="308" height="82">
<?
if ($client_name !== 'admin')
{
?>
<h2>Hello <b> 
  <? echo $client_name ?>
  </b> </h2>
  Here are your invoices:

<?
include "inc/dbconnect.php";
include ("inc/date.php");
$result = mysql_query("SELECT * FROM invoices WHERE clientid = '$client_id' ORDER BY $param",$db);
if (!$param) {
$result = mysql_query("SELECT * FROM invoices WHERE clientid = '$client_id' ORDER BY id",$db);
}
echo "<p><table border=1 cellspacing=0 cellpadding=2 bordercolor=#eeeeee width=400>";
echo "<tr align=top><td><b><a href='menu.php?param=id'>Invoice number</a></b></td><td><b><a href='menu.php?param=date'>Date</a></b></td><td><b><a href='menu.php?param=total'>Total</a></b></td><td><b><a href='menu.php?param=status'>Status</a></b></td><td>&nbsp;</td></tr>";

while ($row = mysql_fetch_array($result))
{
	$id = $row["id"];
	$date = $row["date"];
	$dateshow = fixDate($date);
	$total = $row["total"];
	$status = $row["status"];

if ($alternate == "1") { 
	$color = "#ffffff"; 
	$alternate = "2"; 
	} 
	else { 
	$color = "#efefef"; 
	$alternate = "1"; 
	} 

echo "<tr valign=top bgcolor=$color><td>$id</td><td>$dateshow</td><td>$total</td><td>$status</td><td>[ <a href='invoice.php?id=$id'>view</a> ]</td></tr>";
}
echo "</table>";

}
elseif ($client_name == 'admin')
{

echo "<h2>admin options</h2>";

include "inc/dbconnect.php";
include ("inc/date.php");
$result = mysql_query("SELECT * FROM invoices ORDER BY $param",$db);
if (!$param) {
$result = mysql_query("SELECT * FROM invoices ORDER BY id",$db);
}
echo "<p><table border=1 cellspacing=0 cellpadding=2 bordercolor=#eeeeee width=600>";
echo "<tr align=top><td><b><a href='menu.php?param=id'>Invoice number</a></b></td><td><b><a href='menu.php?param=clientid'>Client</a></b></td><td><b><a href='menu.php?param=date'>Date</a></b></td><td><b><a href='menu.php?param=total'>Total</a></b></td><td><b><a href='menu.php?param=status'>Status</a></b></td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>";

while ($row = mysql_fetch_array($result))
{
	$id = $row["id"];
	$clientid = $row["clientid"];
	$clientfind = mysql_query("SELECT title FROM clients WHERE clientid = '$clientid'",$db);
	$clienttitle = mysql_result($clientfind,0);
	$date = $row["date"];
	$dateshow = fixDate($date);
	$total = $row["total"];
	$status = $row["status"];

if ($alternate == "1") { 
	$color = "#ffffff"; 
	$alternate = "2"; 
	} 
	else { 
	$color = "#efefef"; 
	$alternate = "1"; 
	} 

echo "<tr valign=top bgcolor=$color><td>$id</td><td>$clienttitle</td><td>$dateshow</td><td>$total</td><td>$status</td>";
if ($status == 'pending') {
echo "<td>[ <a href='admin_invoice.php?id=$id'>view / change status</a> ]</td>";
}
else {
echo "<td>[ <a href='admin_invoice.php?id=$id'>view</a> ]</td>";
}
echo "<td>[ <a href='notifyclient.php?id=$id'>notify client</a> ]</td><td>[ <a href='edit_invoice.php?id=$id'>edit</a> ]</td><td>[ <a href='delete_invoice.php?id=$id' onClick=\"return confirm('Are you sure?')\">delete</a> ]</td></tr>";
}
echo "</table>";

echo "<p><a href='edit_invoice.php'>add an invoice</a> | <a href='clients.php'>manage client profiles</a>";



}
?>

<p><a href="logout.php">Logout</a></p>

<?
include "inc/footer.inc";
?>

</body>
</html>

thorpe

In the menu page, you'll want to change this line...

if ($client_name !== 'admin')

to...

if ($_SESSION['client_name'] !== 'admin')

You'll also need to go through and change any other occurences of $Client_name to $_SESSION['client_name'].

gilizama

thorpe wrote:
In the menu page, you'll want to change this line...
if ($client_name !== 'admin')
to...
if ($_SESSION['client_name'] !== 'admin')
You'll also need to go through and change any other occurences of $Client_name to $_SESSION['client_name'].

Okay, let me try that, and I'll post back.

gilizama

thorpe wrote:
In the menu page, you'll want to change this line...
if ($client_name !== 'admin')
to...
if ($_SESSION['client_name'] !== 'admin')
You'll also need to go through and change any other occurences of $Client_name to $_SESSION['client_name'].

it's still logging me in as a client and not as an admin. do you think it will work if i use the client_id instead of client_name? and set it to 1. like so...

if ($_SESSION['client_id'] !== '1')