Why won't php "see" my database?

matthewst

FYI: I inherited this website from the previous computer guy.

My php login page

<?php

session_start();

if($submit || $FrontPage) {
	include('db_con.php');
$User_Exists = mysql_query("SELECT table_id, rest_username, rest_pass, contact_fname FROM 123_table WHERE rest_username='$username' AND rest_pass = '$password' AND table_id = '$id'", $db_link);
		$exists = mysql_num_rows($User_Exists);
		$row = mysql_fetch_array($User_Exists);

	if($exists) {
	$_SESSION['track_id'] = $row['table_id'];
	$_SESSION['track_name'] = $row['contact_fname'];


	echo '<script type="text/javascript">
		location="home.php"
	* * * </script>';

}else{
$login_fail="true";
}
}
?>
<html>

<head>
	<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
	<meta name="generator" content="Adobe GoLive 5">
	<title>Admin Page :: Login</title>
</head>

<body bgcolor="#ffffff">
	<div align="center">
		<font face="Verdana, Arial, Helvetica, sans-serif">You're loged in!: <? echo $id; ?><br>
			<br>
			<? if ($login_fail=="true"){
			echo "<b><font color='#cc0033' face='Verdana, Arial, Helvetica, sans-serif'>Login Incorrect, please try again</font></b>";
			}
			?><br>
			<form name="FormName" action="<?=$PHP_SELF;?>" method="post">
				<table border="0" cellpadding="0" cellspacing="2" width="180">
					<tr height="19">
						<td colspan="2" height="19">
							<div align="center">
								<font size="3"><b>

									Login</b></font></div>
						</td>
					</tr>
					<tr>
						<td>Username:</td>
						<td><input type="text" name="username" CLASS="formTextbox" size="24"></td>
					</tr>
					<tr>
						<td>Password:</td>
						<td><input type="password" name="password" CLASS="formTextbox" size="24"></td>
					</tr>
					<tr>
						<td colspan="2">
							<div align="center">
								<input type="submit" CLASS="formTextbox" name="submit" value="Login"></div>
						</td>
					</tr>
				</table>
			</form>
		</font></div>
</body>

</html>

My database has a table called 123_table, in that table are fields named rest_username, rest_pass, contact_fname and table_id

My db_con

<?
$db_hostname = "localhost";
$db_name = "DBNAME";
$db_username = "USERNAME";
$db_password = "PASSWORD";

$db_link = @mysql_connect($db_hostname, $db_username, $db_password);
	$db_get = mysql_select_db($db_name, $db_link);

?>

When I try to login it says "login incorrect, please try again".

jabba_29

Registered globals issue most likely.

You are querying the database for $username and $password which are presumably posted through a form. RG is most likely switched off, so you could try defining the variables as
$POST['username'] and $POST['password'] respectively.

You should also sanitize your input - you are really open to attack with the script in the current state 🙂

HTH.

matthewst

globals is on, i do plan to clean up the code as soon as i get it working

made a little progress. when the page loads it gives me an error:

Notice: Undefined variable: login_fail in /Library/Tenon/WebServer/WebSites/admin/rest_site_creation/mgmt_index.php on line 51

line 51:

<? if ($login_fail=="true"){

when i login with a user and pass that is in the database it just reloads the page but when I try it with a user and pass that are not in the database it says incorrect login , please try again

<?php
error_reporting(E_ALL);
session_start();
include('db_con.php'); 



if(isset($_POST['submit'])) {

$sql = "SELECT table_id, rest_username, rest_pass, contact_fname FROM abc_tables WHERE rest_username='$username' AND rest_pass = '$password'";

echo 'DEBUG: '.$sql.'<br />';

$User_Exists = mysql_query($sql) or die(mysql_error());

$exists = mysql_num_rows($User_Exists);

$row = mysql_fetch_array($User_Exists);

var_dump($row);


$username = $_POST['username']; 

$password = $_POST['password']; 



$User_Exists = mysql_query("SELECT table_id, rest_username, rest_pass, contact_fname FROM abc_tables WHERE rest_username='$username' AND rest_pass = '$password'", $db_link); 

* * * * $exists = mysql_num_rows($User_Exists); 

* * * * $row = mysql_fetch_array($User_Exists); 

* * * * *

* * * * if($exists > 0) { 

* * * * $_SESSION['track_id'] = $row['table_id']; 

* * * * $_SESSION['track_name'] = $row['contact_fname']; 

* * * * *

* * * * *

* * * * echo '<script type="text/javascript"> 

* * * * * * location="home.php" 

* * * * * * * </script>'; 

* * * * *

* * * * }else{ 

* * * * * * $login_fail="true"; 

* * * * * * print_r($_SESSION); 

* * * * * * print_r($_POST); 

* * * * } 

} 

?>
<html>

<head>
	<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
	<meta name="generator" content="Adobe GoLive 5">
	<title>Admin Page :: Login</title>
</head>

<body bgcolor="#ffffff">
	<div align="center">
		<font face="Verdana, Arial, Helvetica, sans-serif">Please log in: <br>
			<br>
			<? if ($login_fail=="true"){
			echo "<b><font color='#cc0033' face='Verdana, Arial, Helvetica, sans-serif'>Login Incorrect, please try again</font></b>";
			}
			?><br>
			<form name="FormName" action="<?=$PHP_SELF;?>" method="post">
				<table border="0" cellpadding="0" cellspacing="2" width="180">
					<tr height="19">
						<td colspan="2" height="19">
							<div align="center">
								<font size="3"><b>

									Login</b></font></div>
						</td>
					</tr>
					<tr>
						<td>Username:</td>
						<td><input type="text" name="username" CLASS="formTextbox" size="24"></td>
					</tr>
					<tr>
						<td>Password:</td>
						<td><input type="password" name="password" CLASS="formTextbox" size="24"></td>
					</tr>
					<tr>
						<td colspan="2">
							<div align="center">
								<input type="submit" CLASS="formTextbox" name="submit" value="Login"></div>
						</td>
					</tr>
				</table>
			</form>
		</font></div>
</body>

</html>

matthewst

still playing with the syntax. I'm not sure if the problem is on line 51 or if it is really between 32 and 36

lines 32 - 36:

        }else{ 

        $login_fail="true"; 

        print_r($_SESSION); 

        print_r($_POST); 

    }

matthewst

now it displays login incorrect even on a fresh load

when using a user and pass in the database i get this error:

DEBUG: SELECT table_id, rest_username, rest_pass, contact_fname FROM abc_tables WHERE rest_username='test' AND rest_pass = 'test'
array(8) { [0]=> string(6) "100565" ["table_id"]=> string(6) "100565" [1]=> string(4) "test" ["rest_username"]=> string(4) "test" [2]=> string(4) "test" ["rest_pass"]=> string(4) "test" [3]=> string(13) "Paul & Sharon" ["contact_fname"]=> string(13) "Paul & Sharon" }
Warning: Cannot modify header information - headers already sent by (output started at /Library/Tenon/WebServer/WebSites/admin/rest_site_creation/mgmt_index.php:10) in /Library/Tenon/WebServer/WebSites/admin/rest_site_creation/mgmt_index.php on line 29

when i use a user an pass not in the database i get this error:

DEBUG: SELECT table_id, rest_username, rest_pass, contact_fname FROM abc_tables WHERE rest_username='sdfsf' AND rest_pass = 'sdfwer'
bool(false) Array ( [track_id] => 100565 [track_name] => Paul & Sharon ) Array ( [username] => sdfsf [password] => sdfwer [submit] => Login )

here is the code as it is now:

<?php
error_reporting(E_ALL);
session_start();
include('db_con.php'); 



$login_fail="true";
if(isset($_POST['submit'])) {

$sql = "SELECT table_id, rest_username, rest_pass, contact_fname FROM abc_tables WHERE rest_username='$username' AND rest_pass = '$password'";

echo 'DEBUG: '.$sql.'<br />';

$User_Exists = mysql_query($sql) or die(mysql_error());

$exists = mysql_num_rows($User_Exists);

$row = mysql_fetch_array($User_Exists);

var_dump($row);


$username = $_POST['username']; 

$password = $_POST['password']; 



$User_Exists = mysql_query("SELECT table_id, rest_username, rest_pass, contact_fname FROM abc_tables WHERE rest_username='$username' AND rest_pass = '$password'", $db_link); 

    $exists = mysql_num_rows($User_Exists); 

    $row = mysql_fetch_array($User_Exists); 



    if($exists > 0) { 

    $_SESSION['track_id'] = $row['table_id']; 

    $_SESSION['track_name'] = $row['contact_fname']; 



$login_fail = false;         

header("Location: home.php"); 

exit; 



    }else{ 

        $login_fail="true"; 

        print_r($_SESSION); 

        print_r($_POST); 

    } 

} 

?>
<html>

<head>
	<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
	<meta name="generator" content="Adobe GoLive 5">
	<title>Admin Page :: Login</title>
</head>

<body bgcolor="#ffffff">
	<div align="center">
		<font face="Verdana, Arial, Helvetica, sans-serif">Please log in: <br>
			<br>
			<? if ($login_fail=="true"){
			echo "<b><font color='#cc0033' face='Verdana, Arial, Helvetica, sans-serif'>Login Incorrect, please try again</font></b>";
			}
			?><br>
			<form name="FormName" action="<?=$PHP_SELF;?>" method="post">
				<table border="0" cellpadding="0" cellspacing="2" width="180">
					<tr height="19">
						<td colspan="2" height="19">
							<div align="center">
								<font size="3"><b>

									Login</b></font></div>
						</td>
					</tr>
					<tr>
						<td>Username:</td>
						<td><input type="text" name="username" CLASS="formTextbox" size="24"></td>
					</tr>
					<tr>
						<td>Password:</td>
						<td><input type="password" name="password" CLASS="formTextbox" size="24"></td>
					</tr>
					<tr>
						<td colspan="2">
							<div align="center">
								<input type="submit" CLASS="formTextbox" name="submit" value="Login"></div>
						</td>
					</tr>
				</table>
			</form>
		</font></div>
</body>

</html>

matthewst

almost there, currently looks like this:

<?php
//error_reporting(E_ALL);
session_start();
include('db_con.php'); 

$login_fail="false";
if(isset($_POST['submit'])) {
$username = $_POST['username']; 

$password = $_POST['password']; 
//$sql = "SELECT table_id, rest_username, rest_pass, contact_fname FROM abc_tables WHERE rest_username='$username' AND rest_pass = '$password'";

//echo 'DEBUG: '.$sql.'<br />';

//$User_Exists = mysql_query($sql) or die(mysql_error());

//$exists = mysql_num_rows($User_Exists);

//$row = mysql_fetch_array($User_Exists);

//var_dump($row);


$User_Exists = mysql_query("SELECT table_id, rest_username, rest_pass, contact_fname FROM abc_tables WHERE rest_username='$username' AND rest_pass = '$password'", $db_link); 

    $exists = mysql_num_rows($User_Exists); 

    $row = mysql_fetch_array($User_Exists);



    if($exists > 0) { 

    $_SESSION['track_id'] = $row['table_id']; 

    $_SESSION['track_name'] = $row['contact_fname']; 



	echo '<script type="text/javascript">
		location="home.php"
	      </script>';



}else{
$login_fail="true";
}
}
?>


<html>

<head>
	<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
	<meta name="generator" content="Adobe GoLive 5">
	<title>Admin Page :: Login</title>
</head>

<body bgcolor="#ffffff">
	<div align="center">
		<font face="Verdana, Arial, Helvetica, sans-serif">Please log in: <br>
			<br>
			<? if ($login_fail=="true"){
			echo "<b><font color='#cc0033' face='Verdana, Arial, Helvetica, sans-serif'>Login Incorrect, please try again</font></b>";
			}
			?><br>
			<form name="FormName" action="<?=$PHP_SELF;?>" method="post">
				<table border="0" cellpadding="0" cellspacing="2" width="180">
					<tr height="19">
						<td colspan="2" height="19">
							<div align="center">
								<font size="3"><b>

									Login</b></font></div>
						</td>
					</tr>
					<tr>
						<td>Username:</td>
						<td><input type="text" name="username" CLASS="formTextbox" size="24"></td>
					</tr>
					<tr>
						<td>Password:</td>
						<td><input type="password" name="password" CLASS="formTextbox" size="24"></td>
					</tr>
					<tr>
						<td colspan="2">
							<div align="center">
								<input type="submit" CLASS="formTextbox" name="submit" value="Login"></div>
						</td>
					</tr>
				</table>
			</form>
		</font></div>
</body>

</html>

with a user and pass not in the database it displays login incorrect

with a user and pass in the database it takes me to index.php which doesn't exist (i think home.php is supposed to generate index.php with the current users credentials)

let me give you the long story. this site is for people who are "members" of a sales group. the bosses thaought it would be a good idea for each sales rep to have there own website. we (the it dept) thought it would be better if they used a simple templet. at the time all this went down i was just a pc tech. now i've been thrust into the fast moving world of website stuff.

I'm going to go beat my head against the wall for a while. If anyone can have a look at this and tell me how to fix it I will forever refer him/her as the the royal highness of php

in the archive is supposed to be a directory called styles. the styles directory has all the different themes the salesmen can choose from. i had to remove it from the archive because it was to large (240kb) to upload

matthewst

No more login problem! Now on to problem number two.
Getting this error after a successful login.

Notice: A session had already been started - ignoring session_start() in /Library/Tenon/WebServer/WebSites/admin/rest_site_creation/id.php on line 2

Notice: Undefined variable: row in /Library/Tenon/WebServer/WebSites/www.ABCAdvertising.net/admin/rest_site_creation/id.php on line 4

Notice: Undefined variable: row in /Library/Tenon/WebServer/WebSites/admin/rest_site_creation/id.php on line 5

Notice: Undefined variable: id in /Library/Tenon/WebServer/WebSites/admin/rest_site_creation/home.php on line 43

Notice: Undefined variable: set_style_id in /Library/Tenon/WebServer/WebSites/admin/rest_site_creation/home.php on line 50
Welcome to your administration panel ID:
Notice: Undefined variable: id in /Library/Tenon/WebServer/WebSites/admin/rest_site_creation/home.php on line 110

<?php
session_start();
//INCLUDES
include('id.php');

//BEGIN LOGIN
if($submit || $FrontPage){
include('db_con.php');

$User_Exists = mysql_query("SELECT table_id, rest_username, rest_pass, contact_fname FROM abc_tables WHERE rest_username='$username' AND rest_pass = '$password'", $db_link);
		$exists = mysql_num_rows($User_Exists);
		$row = mysql_fetch_array($User_Exists);

	//if($exists) {
if($exists > 0) { 

	$row = mysql_fetch_array($User_Exists);
	$_SESSION['track_id'] = $row['table_id'];
	$_SESSION['track_name'] = $row['contact_fname'];


	echo '<script type="text/javascript">
		location="home.php"
	      </script>';

}else{
$login_fail="true";
}
}
?>
<html>

<head>
	<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
	<meta name="generator" content="Adobe GoLive 5">
	<title>Admin Page :: Login</title>
</head>

<body bgcolor="#ffffff">
	<div align="center">
		<font face="Verdana, Arial, Helvetica, sans-serif">Welcome to your administration panel ID: <? echo $id; ?><br>
			<br>
			<? if ($login_fail=="true"){
			echo "<b><font color='#cc0033' face='Verdana, Arial, Helvetica, sans-serif'>Login Incorrect, please try again</font></b>";
			}
			?><br>
			<form name="FormName" action="<?=$PHP_SELF;?>" method="post">
				<table border="0" cellpadding="0" cellspacing="2" width="180">
					<tr height="19">
						<td colspan="2" height="19">
							<div align="center">
								<font size="3"><b>

									Login</b></font></div>
						</td>
					</tr>
					<tr>
						<td>Username:</td>
						<td><input type="text" name="username" CLASS="formTextbox" size="24"></td>
					</tr>
					<tr>
						<td>Password:</td>
						<td><input type="password" name="password" CLASS="formTextbox" size="24"></td>
					</tr>
					<tr>
						<td colspan="2">
							<div align="center">
								<input type="submit" CLASS="formTextbox" name="submit" value="Login"></div>
						</td>
					</tr>
				</table>
			</form>
		</font></div>
</body>

</html>

home.php:

<?php
session_start();
error_reporting(E_ALL);
 function copyr($source, $dest)
 {
     // Simple copy for a file
    if (is_file($source)) {
         return copy($source, $dest);
     }

 // Make destination directory
 if (!is_dir($dest)) {
     mkdir($dest);
 }

 // Loop through the folder
 $dir = dir($source);
 while (false !== $entry = $dir->read()) {
     // Skip pointers
     if ($entry == '.' || $entry == '..') {
         continue;
     }

     // Deep copy directories
     if ($dest !== "$source/$entry") {
         copyr("$source/$entry", "$dest/$entry");
     }
 }

 // Clean up
 $dir->close();
 return true;
 }
//INCLUDES
include('id.php');
include('db_con.php');





//CHECK LOGIN VS ID
if ($id!=$_SESSION['track_id']){

echo '<script type="text/javascript">
			location="index.php"
		      </script>';

}
if ($set_style_id!=""){
//GET SITE PATH

$get_root_folder=mysql_query("SELECT root_folder FROM rest_filesystem WHERE rest_id='$id'",$db_link);
$row=mysql_fetch_array($get_root_folder);
$root_folder=$row['root_folder'];
$root_folder_css=($root_folder."/css");
$root_folder_img=($root_folder."/images");

//GET THEME PATHS
$get_theme_path=mysql_query("SELECT css_doc FROM styles WHERE style_id='$set_style_id'",$db_link);
$row=mysql_fetch_array($get_theme_path);
$theme_path=$row['css_doc'];

$theme_path_css=($theme_path."CSS");
$theme_path_img=($theme_path."IMAGES");

$index_file=($theme_path."live_index.php");


copyr($theme_path_css, $root_folder_css);

copyr($theme_path_img, $root_folder_img);

//CHECK MYSQL FOR ALL PAGES AND NAMES - COPY:
//copy($index_file, $root_folder."/index.php");
//TO ALL FILE NAMES CONTAINED
//AND PUT IN PAGE ID WHERE IT'S SUPPOSED TO GO

	$getpages = mysql_query("SELECT cust_id, pg_id, pg_name, pg_addr FROM rest_pages where cust_id=$id", $db_link);
							while($row = mysql_fetch_array($getpages)) { 
								$row['pg_id'] != "";
								copy($index_file, $root_folder."/".$row['pg_addr']);

				$page_id=$row['pg_id'];

				$fh = fopen($root_folder."/".$row['pg_addr'], 'r+') or die("can't open file");

				$stringData = '<?php $page_id='. $page_id.';';
				fwrite($fh, $stringData);


				fclose($fh);

}


}

?>
<html>

<head>
	<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
	<meta name="generator" content="Adobe GoLive 5">
	<title>Admin Page :: Home</title>
</head>

<body bgcolor="#ffffff">
	<div align="center">
		<font face="Verdana, Arial, Helvetica, sans-serif">Welcome to your administration panel ID: <? echo $id; ?><br>
			<br>
			<br>

				<table border="0" cellpadding="0" cellspacing="2" width="180">
					<tr height="19">
						<td colspan="2" height="19">
							<div align="center">
							<font size="3"><b>Actions:</b></font></div>
						</td>
					</tr>
					<tr>
						<td>Select Theme:</td>
						<td><a href="themes.php">Link</a></td>
					</tr>
					<tr>
						<td>Upload Images:</td>
						<td><a href="images.php">Link</a></td>
					</tr>
					<tr>
						<td>Manage Pages:</td>
						<td><a href="pages.php">Link</a></td>
					</tr>
					<tr>
						<td>Change Content:</td>
						<td><a href="content.php">Link</a></td>
					</tr>
					<tr>
						<td>View Page:</td>
						<td><a href="../">Link</a></td>
					</tr>
					<tr>
						<td colspan="2">
							<div align="center">
							</div>
						</td>
					</tr>
				</table>

		</font></div>
</body>

</html>

id.php:

<?php
session_start();
include('db_con.php');
$_SESSION['track_id'] = $row['table_id']; 
$_SESSION['track_name'] = $row['contact_fname'];
?>

It's not storing the variable in id.php
What am I missing?

ps i can't thank everyone enough for all the help i've already recieved

matthewst

I'm Stumped(not that that is hard to do)

Once logged in my users are presented with a "control panel" where they can select a predefined web templet. New users of course won't have style yet. Any ideas?

Notice: Undefined variable: set_style_id in /Library/Tenon/WebServer/WebSites/admin/rest_site_creation/home.php on line 50

<?php
session_start();
error_reporting(E_ALL);
 function copyr($source, $dest)
 {
* * *// Simple copy for a file
* * if (is_file($source)) {
* * * * *return copy($source, $dest);
* * *}
* 
* * *// Make destination directory
* * *if (!is_dir($dest)) {
* * * * *mkdir($dest);
* * *}
* 
* * *// Loop through the folder
* * *$dir = dir($source);
* * *while (false !== $entry = $dir->read()) {
* * * * *// Skip pointers
* * * * *if ($entry == '.' || $entry == '..') {
* * * * * * *continue;
* * * * *}
* 
* * * * *// Deep copy directories
* * * * *if ($dest !== "$source/$entry") {
* * * * * * *copyr("$source/$entry", "$dest/$entry");
* * * * *}
* * *}
* 
* * *// Clean up
* * *$dir->close();
* * *return true;
 }
//INCLUDES
include('id.php');
include('db_con.php');





//CHECK LOGIN VS ID
if ($track_id!=$_SESSION['track_id']){

echo '<script type="text/javascript">
			location="index.php"
		* * * </script>';

}
//******HERE IS THE PROBLEM***************************************
if ($set_style_id!=""){
//****************************************************************
//GET SITE PATH

$get_root_folder=mysql_query("SELECT root_folder FROM rest_filesystem WHERE rest_id='$id'",$db_link);
$row=mysql_fetch_array($get_root_folder);
$root_folder=$row['root_folder'];
$root_folder_css=($root_folder."/css");
$root_folder_img=($root_folder."/images");

//GET THEME PATHS
$get_theme_path=mysql_query("SELECT css_doc FROM styles WHERE style_id='$set_style_id'",$db_link);
$row=mysql_fetch_array($get_theme_path);
$theme_path=$row['css_doc'];

$theme_path_css=($theme_path."CSS");
$theme_path_img=($theme_path."IMAGES");

$index_file=($theme_path."live_index.php");


copyr($theme_path_css, $root_folder_css);

copyr($theme_path_img, $root_folder_img);

//CHECK MYSQL FOR ALL PAGES AND NAMES - COPY:
//copy($index_file, $root_folder."/index.php");
//TO ALL FILE NAMES CONTAINED
//AND PUT IN PAGE ID WHERE IT'S SUPPOSED TO GO

	$getpages = mysql_query("SELECT cust_id, pg_id, pg_name, pg_addr FROM rest_pages where cust_id=$id", $db_link);
							while($row = mysql_fetch_array($getpages)) { 
								$row['pg_id'] != "";
								copy($index_file, $root_folder."/".$row['pg_addr']);

				$page_id=$row['pg_id'];

				$fh = fopen($root_folder."/".$row['pg_addr'], 'r+') or die("can't open file");

				$stringData = '<?php $page_id='. $page_id.';';
				fwrite($fh, $stringData);


				fclose($fh);

}


}

?>
<html>

<head>
	<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
	<meta name="generator" content="Adobe GoLive 5">
	<title>Admin Page :: Home</title>
</head>

<body bgcolor="#ffffff">
	<div align="center">
		<font face="Verdana, Arial, Helvetica, sans-serif">Welcome to your administration panel ID: <? echo "$track_id"; ?><br>
			<br>
			<br>

				<table border="0" cellpadding="0" cellspacing="2" width="180">
					<tr height="19">
						<td colspan="2" height="19">
							<div align="center">
							<font size="3"><b>Actions:</b></font></div>
						</td>
					</tr>
					<tr>
						<td>Select Theme:</td>
						<td><a href="themes.php">Link</a></td>
					</tr>
					<tr>
						<td>Upload Images:</td>
						<td><a href="images.php">Link</a></td>
					</tr>
					<tr>
						<td>Manage Pages:</td>
						<td><a href="pages.php">Link</a></td>
					</tr>
					<tr>
						<td>Change Content:</td>
						<td><a href="content.php">Link</a></td>
					</tr>
					<tr>
						<td>View Page:</td>
						<td><a href="../">Link</a></td>
					</tr>
					<tr>
						<td colspan="2">
							<div align="center">
							</div>
						</td>
					</tr>
				</table>

		</font></div>
</body>

</html>

I've attached the styles table of my database

matthewst

I just noticed that after I login with a new user the links on the "control panel" (home.php) all take me to index.php which doesn't exist. When I use an existing user the links take me to the correct pages.

I'm completely lost.

matthewst

I'm also having trouble with my image upload and viewing page.

images.php:

<?php
session_start();
//INCLUDES
include('id.php');
include('db_con.php');


//CHECK LOGIN VS ID
if ($id!=$_SESSION['track_id']){

echo '<script type="text/javascript">
			location="index.php"
		      </script>';

}

//GET SITE PATH
$get_root_folder=mysql_query("SELECT root_folder FROM rest_filesystem WHERE rest_id='$id'",$db_link);
$row=mysql_fetch_array($get_root_folder);
$root_folder=$row['root_folder'];

$root_folder_img=($root_folder."/images");


if($submit) {

//BEGIN PICTURE UPLOAD CODE________________________________________________________________________________*


//user defined variables
$abpath=($root_folder_img); //Absolute path to where images are uploaded. No trailing slash
$sizelim = "no"; //Do you want size limit, yes or no
$size = "2500000"; //What do you want size limited to be if there is one

//all image types to upload
$cert1 = "image/pjpeg"; //Jpeg type 1
$cert2 = "image/jpeg"; //Jpeg type 2
$cert3 = "image/gif"; //Gif type
$cert4 = "image/png"; //PNG type

$log = "";



//==================================================================begin upload 1===============================================================

//checks if file exists
if ($img1_name == "") {
$log .= "No file selected for upload 1<br>";
}
if ($img1_name != "") {


$image1nameext = $img1_name;
if ($image1nameext!=""){
//Checks if file is an image
if (($img1_type == $cert1) or ($img1_type == $cert2) or ($img1_type == $cert3) or ($img1_type == $cert4) or($img1_type == $cert5)) {
if (($img1_type == $cert1) or ($img1_type == $cert2) or ($img1_type == $cert3) or ($img1_type == $cert4)) {
if (($img1_type == $cert1) or ($img1_type == $cert2) or ($img1_type == $cert3)) {
if (($img1_type == $cert1) or ($img1_type == $cert2)) {

}
if ($img1_type == $cert3) {

}
if ($img1_type == $cert4) {

}
if ($img1_type == $cert3) {

}
}
}
@copy($img1, "$abpath/$image1nameext") or $log .= "Couldn't copy file 1 to server - it may be too large, or the transfer may have been disrupted<br>";

if (file_exists("$abpath/$image1nameext")) {

$log .= "File 1 was uploaded<br>It can be embedded by typing:<br><font size='-2' face='Verdana, Arial, Helvetica, sans-serif'> &lt;img src=&quot;images/$image1nameext&quot;&gt;</font><br>into any content area.<br><br>";
}
} else {
$log .= "File 1 is not an image$img1_name<br>";
}
}
}



//==================================================================begin upload 2===============================================================
//checks if file exists
if ($img2_name == "") {
$log .= "No file selected for upload 2<br>";
}
if ($img2_name != "") {


$image2nameext = $img2_name;
if ($image2nameext!=""){
//Checks if file is an image
if (($img2_type == $cert1) or ($img2_type == $cert2) or ($img2_type == $cert3) or ($img2_type == $cert4) or($img2_type == $cert5)) {
if (($img2_type == $cert1) or ($img2_type == $cert2) or ($img2_type == $cert3) or ($img2_type == $cert4)) {
if (($img2_type == $cert1) or ($img2_type == $cert2) or ($img2_type == $cert3)) {
if (($img2_type == $cert1) or ($img2_type == $cert2)) {

}
if ($img2_type == $cert3) {

}
if ($img2_type == $cert4) {

}
if ($img2_type == $cert3) {

}
}
}
@copy($img2, "$abpath/$image2nameext") or $log .= "Couldn't copy file 2 to server - it may be too large, or the transfer may have been disrupted<br>";

if (file_exists("$abpath/$image2nameext")) {

$log .= "File 2 was uploaded<br>It can be embedded by typing:<br><font size='-2' face='Verdana, Arial, Helvetica, sans-serif'> &lt;img src=&quot;images/$image2nameext&quot;&gt;</font><br>into any content area.<br><br>";
}
} else {
$log .= "File 2 is not an image$img1_name<br>";
}
}
}


//==================================================================begin upload 3===============================================================




//checks if file exists
if ($img3_name == "") {
$log .= "No file selected for upload 3<br>";
}
if ($img3_name != "") {


$image3nameext = $img3_name;
if ($image1nameext!=""){
//Checks if file is an image
if (($img3_type == $cert1) or ($img3_type == $cert2) or ($img3_type == $cert3) or ($img3_type == $cert4) or($img3_type == $cert5)) {
if (($img3_type == $cert1) or ($img3_type == $cert2) or ($img3_type == $cert3) or ($img3_type == $cert4)) {
if (($img3_type == $cert1) or ($img3_type == $cert2) or ($img3_type == $cert3)) {
if (($img3_type == $cert1) or ($img3_type == $cert2)) {

}
if ($img3_type == $cert3) {

}
if ($img3_type == $cert4) {

}
if ($img3_type == $cert3) {

}
}
}
@copy($img3, "$abpath/$image3nameext") or $log .= "Couldn't copy file 3 to server - it may be too large, or the transfer may have been disrupted<br>";

if (file_exists("$abpath/$image3nameext")) {

$log .= "File 3 was uploaded<br>It can be embedded by typing:<br><font size='-2' face='Verdana, Arial, Helvetica, sans-serif'> &lt;img src=&quot;images/$image3nameext&quot;&gt;</font><br>into any content area.<br><br>";
}
} else {
$log .= "File 3 is not an image$img3_name<br>";
}
}
}



//END PICTURE UPLOAD CODE__________________________________________________________________________________*
}
?>
<html>

<head>
	<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
	<meta name="generator" content="Adobe GoLive 5">
	<title>Admin Page :: Images</title>
</head>

<body bgcolor="#ffffff">
	<div align="center">
		<font face="Verdana, Arial, Helvetica, sans-serif">Welcome to your administration panel ID: <? echo "$track_id"; ?><br>
			<? echo $log; ?><br>
			<br>
			<table border="0" cellpadding="0" cellspacing="2" width="600">
				<form action="<?=$PHP_SELF;?>" method="post" enctype="multipart/form-data" name="FormName">
					<tr height="19">
						<td colspan="2" height="19">
							<div align="center">
								<font size="3"><b>Upload New Pictures:</b></font></div>
						</td>
					</tr>
					<tr>
						<td valign="top" width="150"><b>You may upload up to five pictures at a time.<input type="hidden" value="<?=$project;?>" name="project"><input type="hidden" value="hiddenValue" name="hiddenName"></b></td>
						<td>
							<p>Pictures to upload:<br>
								<input type=file name=img1 size=30><br>
								<input type=file name=img2 size=30><br>
								<input type=file name=img3 size=30><br>
								<input type=file name=img4 size=30><br>
								<input type=file name=img5 size=30><br>
							</p>
						</td>
					</tr>
					<tr>
						<td colspan="2">
							<div align="center">
								<input type="submit" name="submit" value="Upload"></div>
						</td>
					</tr>
				</form>
			</table>
		</font><font face="Verdana, Arial, Helvetica, sans-serif"><br>
			<?php
 $mydir = ("$root_folder/images");
 //$mydir = dir("rest/MattsBBQ_603/images") 


?><br>
			</font><font face="Verdana, Arial, Helvetica, sans-serif">
			<table width="650" border="0" cellspacing="2" cellpadding="0">
				<tr>
					<td colspan="3" align="center"><b>Your Pictures:</b><br>
							<font size="-2">Click to enlarge.</font></td>
				</tr>

			<?php while(($file = $mydir->read()) !== false) {


  if($file==".") {
   }else{
  if($file==".."){
  }else{
  if($file==".DS_Store"){
 }else{ 
    echo "<tr><td align='center'>$file</td></tr><tr><td align='center'><a href='../images/$file' target='_blank'><img width='150' border='0' src='../images/$file'></a></td></tr><tr><td align='center'>&lt;img src=&quot;images/$file&quot;&gt;</td></tr>";
     }
     }
  }
   }
   $mydir->close();?>


		</table>
			<br>



		</font><font face="Verdana, Arial, Helvetica, sans-serif"><br>
			<a href="home.php">Admin Home</a></font></div>
</body>

</html>

It keeps giving me this error:

Fatal error: Call to a member function read() on a non-object in /Library/Tenon/WebServer/WebSites/admin/rest_site_creation/images.php on line 324

line 324 is:

<?php while(($file = $mydir->read()) !== false) {