My users log in to a menu page, and from here they go off to various other pages to manage the site. However when they try to return to the menu page from one of these other pages all that is displayed is a blank page. Could this be something to do with the session variable not being passed around properly?? The code for the menu page is below...
<?php
//check for required fields from the form
if ((!isset($_POST["username"])) || (!isset($_POST["password"])))
{
header(("Locaction: home.php"));
exit;
}
//connect to server and select database
$mysqli = mysqli_connect("localhost", "root", "pass", "opp_group");
//create and issue the query
$sql = "SELECT firstname, surname
FROM cms_users
WHERE username = '".$_POST["username"]."'
AND password = MD5('".$_POST["password"]."')";
$result = mysqli_query($mysqli, $sql) or die(mysqli_error($mysqli));
//get the number of rows in the result set; should be 1 if a match
if (mysqli_num_rows($result) == 1)
{
//if authorised, get the values of firstname and surname
while ($info = mysqli_fetch_array($result))
{
$firstname = stripslashes($info['firstname']);
$surname = stripslashes($info['surname']);
}
//set authorisation cookie
setcookie("auth", "1", 0, "/", "localhost", 0);
//create display string
$display_block = "
<p>Hello ".$firstname.", please choose the feature you wish to change.</p>
";
}
else
{
//redirect back to login form if not authorised
header("Location: home.php");
exit;
}
?>
<html>
<head>
<link rel="stylesheet" href="backend.css">
<title>CMS Menu</title>
</head>
<body>
<br/>
<div align="center"><h1>Welcome to the Blandford Opportunity Group Staff Portal</h1>
<h2><?php echo "$display_block"; ?></h2></div>
<br/>
<table width="600" align="center" cellspacing="2"><tr>
<td><img src="spanner.gif" height="30"></td>
<td width="150" align="center" class="background" onClick="document.location.href='cms/manageusers.php'"><a href="cms/manageusers.php">Manage User Accounts</a></td>
<td></td>
<td width="150" align="center" class="background" bordercolor="#0066FF">Change Site Colour</td>
<td></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td>
<td><form action="logoutcms.php" method="GET"><input type="submit" name="logout" value="Logout"/></form></td>
</tr></table>
<br/></br>
</body>
</html>
And this is the code for one of the other pages it links to as an example...
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<head>
<title>Manage User Accounts</title>
<link rel="stylesheet" href="../backend.css">
</head>
<body>
<div class="test">
<br/>
<h1>Content Management System</h1>
<p>
<h2>Manage User Accounts</h2><a href="../cmsmenu.php">Back to Menu</a>
</p>
<br/>
<hr/>
<h3>Add a New User</h3>
Complete the form below to add a new user
<br/>
<?php
if(isset($_POST['submit']) && $_POST['submit'] == 'Submit')
{
// add a new record to the database
//Adding a new user
$mysqli = mysqli_connect("localhost","root","pass","opp_group");
$f = $_POST['firstname'];
$s = $_POST['surname'];
$u = $_POST['username'];
$p = $_POST['password'];
$addUser_sql = "INSERT INTO cms_users (firstname, surname, username, password)
VALUES ('$f', '$s','$u',MD5('$p'))";
$addUser_res = mysqli_query($mysqli, $addUser_sql) or die(mysqli_error($mysqli));
mysqli_close($mysqli);
// reload page
header("Location:manageusers.php");
exit();
}
echo "<form method=\"POST\" action=\"".$_SERVER["PHP_SELF"]."\">
<table>
<tr><td>First Name: </td><td><input type=\"text\" name=\"firstname\" size=\"20\" maxlength=\"25\"/></td></tr>
<tr><td>Surname: </td><td><input type=\"text\" name=\"surname\" size=\"20\" maxlength=\"25\" /></td></tr>
<tr><td>Username: </td><td><input type=\"text\" name=\"username\" size=\"15\"maxlength=\"10\"/></td></tr>
<tr><td>Password: </td><td><input type=\"password\" name=\"password\" size=\"15\" maxlength=\"10\"/></td></tr>
</table>
<p><h4>Username is first letter of firstname followed by surname, max 8 characters. e.g. jsmith. <br/>Password must be exactly 8 characters long</h4></p>
<input type=\"submit\" name=\"submit\" value=\"Submit\" />
<hr class=\"short\" align=\"left\"/>
</form>
";
?>
<h3>Edit or Delete a User</h3>
Choose the user from the drop down list and click "View" to see their details.<br/><br/>
<script type="text/javascript">
function eventWindow(url)
{
event_popupWin = window.open(url, 'event', 'resizable=yes,scrollbars=yes,toolbar=no,width=450,height=500');
event_popupWin.opener = self;
}
</script>
<?php
$mysqli = mysqli_connect("localhost","root","pass","opp_group");
//Get list of users in drop down
$getUsers_sql ="SELECT id, firstname, surname FROM cms_users ORDER BY firstname";
$getUsers_res = mysqli_query($mysqli, $getUsers_sql)or die(mysqli_error());
echo "<form method=\"POST\" action=\"../user.php\" >
<select name=\"users\">";
while ($row = mysqli_fetch_assoc($getUsers_res))
{
echo '<option value="' . $row['id'] . '">' . $row['firstname'] . ' ' . $row['surname'] . '</option>';
$id = $row['id'];
}
echo "</select>
<a href=\"javascript:eventWindow('../user.php?i=".$id."');\">
<input type=\"submit\" name=\"viewuser\" value=\"View\" />
</a>";
?>
</form>
</div>
</body>
</html>
