Creating a rservation system?

barneybarney68

Hi,
i'm new to php and never used mySQL however i need to set up a sort of reservation system. I would prefer just using php but a database of required. hence posting here.

Here is what i want to achieve:
An items page with a submit or link button next to each item.
This button goes to a page that require filling in a form of name and contact details Retaining item number).
Once submitting the form an email is sent to me with the request and the user is redirected to a thankyou page with the info they submitted.
There is only one of each item so once somebody has reserved i want the link to redirect to a "sorry reserved and or sold page".
However the reservation i want to last only 5 days after which the link will become live/available again.

I hope you understand that i was wondering of anyone could give me some help in this department. I currently have this system set up and working but it manual, i.e. i have to manually change the link/submit next to each item to reserved or sold then change back after 5days if required. I want this process automatic so that somebody can use it without needing to change files since they don't know php.

Thankks for any help.

CoderDan

I haven't run this to test for parse errors, etc, but hopefully it'll get you underway:

<?php
/*
uses an table named 'items' with the following fields:
id - integer, primary key, probably auto incrementing
name - name of item, a varchar of 64 or whatever is minimum required length to handle all item names
reserved_ts - an integer field to store the unix timestamp of the reservation
user_id - an integer field to store the user's unique id.

can have as many other fields as you need - description, image location, price, whatever.
*/

// script assumes we have a mysql connection (standard from php.net documentation)
// also assumes we somehow have a valid $user_id integer value to identify the user viewing this page.


$five_days_ago = strtotime( '5 days ago' );

if ( $_POST['order'] )
{
	$query = "SELECT id, name, user_id, reserved_ts FROM items WHERE id = ".intval( $_POST['order'] );
	$result = mysql_query( $query ) or die( mysql_error( ) );
	if ( $item = mysql_fetch_assoc( $result ) )
	{
		if ( $item['reserved_ts'] > $five_days_ago )
		{
			echo "<p>Item '$item[name]' is already reserved.</p>\n";
		}
		else
		{
			// do whatever you want to with any other posted fields, send email, whatever.
			$query = "UPDATE items SET reserved_ts = ".time()." AND user_id = $user_id WHERE id = $item[id] ";
			mysql_query( $query ) or die( mysql_error( ) );
			echo "<p>Reserved $item[name] for you for 5 days.</p>\n";
		}
	}
	else
	{
		echo "<p>No item with id $_POST[order]</p>\n";
	}
}
else if ( $_GET['order'] )
{
	$query = "SELECT id, name, user_id, reserved_ts FROM items WHERE id = ".intval( $_GET['order'] );
	$result = mysql_query( $query ) or die( mysql_error( ) );
	if ( $item = mysql_fetch_assoc( $result ) )
	{
		if ( $item['reserved_ts'] > $five_days_ago )
		{
			echo "<p>Item '$item[name]' is already reserved.</p>\n";
		}
		else
		{
			echo
				"<form method='post' action='$_SERVER[PHP_SELF]'>\n".
				"<input type='hidden' name='order' value='$item[id]' />\n".
				"<p>Order Form for $item[name].</p>\n";
?>
<!-- any other form fields you want to put -->
<input type='submit' value='Place Order' />
</form>
<?php
		}
	}
	else
	{
		echo "<p>No item with id $_GET[order]</p>\n";
	}
}
else if ( $_GET['cancel'] )
{
	$query = "SELECT id, name, user_id, reserved_ts FROM items WHERE id = ".intval( $_GET['cancel'] );
	$result = mysql_query( $query ) or die( mysql_error( ) );
	if ( $item = mysql_fetch_assoc( $result ) )
	{
		if ( $item['reserved_ts'] <= $five_days_ago )
		{
			echo "<p>Item is not reserved</p>\n";
		}
		else if ( $item['user_id'] != $user_id )
		{
			echo "<p>Item '$item[name]' is reserved by someone else.</p>\n";
		}
		else
		{
			$query = "UPDATE items SET reserved_ts = 0 AND user_id = 0 WHERE id = $item[id] ";
			mysql_query( $query ) or die( mysql_error( ) );
			echo "<p>Reservation cancelled for $item[name].</p>\n";
		}
	}
	else
	{
		echo "<p>No item with id $_GET[cancel]</p>\n";
	}
}

// display items
$query = "SELECT id, name, user_id, reserved_ts FROM items ";
$result = mysql_query( $query ) or die( mysql_error( ) );
if ( mysql_num_rows( $result ) )
{
	while ( $item = mysql_fetch_assoc( $result ) )
	{
		if ( $item['reserved_ts'] > $five_days_ago )
		{
			echo "<a href='?order=$item[id]'>$item[name]</a><br />\n";
		}
		else if ( $user_id == $item['user_id'] )
		{
			echo "You have ordered $item[name]. [<a href='?cancel=$item[id]'>cancel</a>]<br />\n";
		}
		else
		{
			echo "$item[name] has been ordered and will not be available until ".date( 'm/d/y g:ia', strtotime( '5 days', $item['reserved_ts'] ) )."<br />\n";
		}
	}
}
else
{
	echo "<p>No items</p>";
}
?>

barneybarney68

If i understand correctly the requester/reserver would need to be logged in of some sort or have some sort of unique id? I'd prefer to not have this, is that possible? if not would 1 need to alos creat a sign up/in system too?

CoderDan

ahh i probably got a little ahead of myself 🙂
no need for it, remove any user id stuff, and the ability to cancel a request, or show if you are the one that has requested it...
I'm just too much in the habit of having users 😛

barneybarney68

thank you very much for the script you have wrote me btw. I'm very grateful it should give me a good start

barneybarney68

The ability to cancel the order is one that would improve my system some what. Instead of creating a user on the database could i get a randomly generated number that would relate to that order and the customer can use that code to "call" that particular order?

Also is it possible to create fields into the database as and when i add items to the site like from a webpage?

Please visit my site to see what i want to achieve it may help. I'm will be advertising some baby reptiles, so i will obviously require some way of updating the items too. I fear i may as well just end up getting some sort of ecommerce script? This is not really favoured however as i don't want them to pay over the net just reserve?

barneybarney68

oh here's the website and the page underneither
sleepinggecko.co.uk
sleepinggecko.co.uk/geckos.php

CoderDan

for a cancel you're going to need a way to identify returning customers.
you could use cookies, however they only stick on the machine they're using. you could ask them for their email address as their identifier, as that's sure to be unique, however there is no security on that, and anyone knowing or guessing their email address could cancel their orders.
You're really best to create a user signup with a user table, it's really not that hard.
as for product management, you can use phpmyadmin as the ghetto admin tool to manage the items table, or you could write a script that only you have access to as an admin tool, which also isn't that tricky.
Sure, a ecommerce ... i won't say 'script' as most of those packages are sites unto themselves.. would handle your needs (and much much more) but could probably be trimmed down to just what you need, but writing it yourself would be much much cleaner, and much more satisfying i'm sure, and as you only need a few basic features, really not that much trouble.

If you do decide to continue writing it yourself, however, I reccomend planning out a list of what features you want (visit similar sites or whatever you can find to get some ideas) and then trim that list down to what you can commit to creating, and go from there.
Planning it all out in advance means you can make a solid db structure before you start and build on that (look up database normalization for tips on how to make a good structure, even if you only do first or second level of normalization)

barneybarney68

Here is what i have so far wondered how it looked since i've never done this before thanks.

/////////////////
newsession file
////////////////
<?php
// session start
session_start(); 
$_SESSION['id']=session_id();
$_SESSION['u_id']=$u_id; 
?>

////////////////
signup file
////////////////
<?php
// sign up
// Make a MySQL Connection
include('db_connect.php');

// Has the form been submitted
// If yes then add to db
// If no then show form
if(!isset($submitted['submitted'])){
// form is not submitted so continue to check session and show from

// Is a user logged in
// If yes then redirect to customer home page
// If no then dsplay for for login/signup
if(!isset($_SESSION['u_id'])){
// session not logged in so display form
?>

<form action="signup.php" method="post">
	<input type="hidden" value="true" name="submitted" />
	<h4>Forename:</h4><input type="text" name="fname" />
	<h4>Surname:</h4><input type="text" name="sname" />
	<h4>Date of Birth:</h4><input type="text" name="dob" />
	<h4>Email:</h4><input type="text" name="email" />
	<h4>Password:</h4><input type="text" name="pass" />
	<h4>Contact Number:</h4><input type="text" name="phnumb" />
	<h4>Sex:</h4>
		<input type="text" name="sex" /><input type="radio" value="male" name="sex" /><p>Male</p>
		<input type="radio" value="female"  name="sex" /><p>Female</p>
	<h4>City/location:</h4><input type="text" name="location" />
	<input type="submit" />
</form>

<?php	
	}else{
	// session logged
	inlcude('c_home.php;');
	}

}else{
// handel the sumitted form and display c_home page
// insert a user of information 'fname', 'sname', 'dob', 'email', 'pass', 'phnumb', 'sex', 'location' into the table "users"
mysql_query("INSERT INTO users 
(fname, sname, email, phnumb, sex, city) VALUES('$fname', '$lname',  '$dob', '$email', 'pass', '$phnumb', '$sex', '$location') ") 
or die(mysql_error());

// diplay c_home page
include('c_home.php');
}
?>


///////////////////
loginck file
///////////////////
<?php
// login script to deal with login requests

// esape injection attacks variables gotton from login form
$email=mysql_real_escape_string($email);
$pass=mysql_real_escape_string($pass);

// is the login correct
// if yes then display c_home
// if no then display login
$rec=mysql_fetch_array(mysql_query("SELECT * FROM users WHERE email='$email' AND pass = '$pass'"))

// check email and password matches
	if(($rec['email']==$email)&&($rec['pass']==$pass)){
	// password matches so start session and see c_home
	 include "newsession.php";
            echo "<p>Successfully,Logged in</p>";
     print "<script>";
       print " self.location='../c_home.php';"; // Comment this line if you don't want to redirect
          print "</script>";

} 

else {
// password does not match or email not exist show error and back link
	session_unset(); // unset all current sessions
echo "<p>Wrong Login. Use your correct Email and Password and Try again.<input type='button' value='Retry' onClick='history.go(-1)'>";	
}
?>


///////////////
login form
///////////////
	<form action="loginck.php" method="post">	
		<h4>Email:</h4><input type="text" name="email">
		<h4>Password:</h4><input type="text" name="pass">
	</form>
		<p>not registered, click <a href="signup.php">here to signup</a>.</p>
// put this in a html/php page


//////////////
db_connect file
/////////////
<?php
// database configuration settings
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'password';
$dbname = 'name';

// open connection to the database
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die			('Error connecting to mysql');
mysql_select_db($dbname);
?>

How is this looking are there many mistakes. Also i'll need help creating a c_home.php page that will display current orders, edit user and cancel orders. I'm going to take some code from above if possible.

CoderDan

OK, a few things - and I jsut work up and am on my first coffee, so I hope this all makes sense:
1) newsession file
you don't really need an included file for this, just call session_start() at start of each page.
getting the session id into it isn't necessary
you are assigning['u_id'] to an uninitialized variable, and, again, this shouldn't be needed.
when a session is started like this it will already hold any information previously put into it by you.

2) signup file
this also doesn't need to be it's own file, but the form can be alternate content on any page for 'not logged in' status, really. (of course only needed on any page login is required for)
if you have a 'isLoggedIn()' type function you call on each page that does something like the following:
checks if a login has been posted, and if so, processes it
- this can also spit out any errors on signup processing
- on successful login or creation, it logs teh user in (puts their info into session)
else checks if a user is trying to log out (ie, $_GET['logout'] == true, or however you provide logout) and if they are, logs them out (ie, clears relevant session values)
checks if a user is logged in, and if so, returns true.
if not, displays the form and returns false.
- there should probably be 2 forms to this part - a returning login and a creation.

then you can call this function, and if it returns true, you can show page content, and if not, it's already spat out the forms

of course, this is because your signup form is short, if you want a specific page for signing up, you could put it elsewhere

your user insertion query doesn't match up fields and values properly - the 'pass' is not in teh fields and not as a value

you should probably check if a username exists before inserting a new user to prevent duplicate username entries.

after running insert query, run a select filtering my mysql_insert_id() to get teh newly created user and put them into _session var to store them as logged in

loginck file :

$email=mysql_real_escape_string($email);
should be
$email=mysql_real_escape_string($_POST['email']);

(same for pass)

and then the if check isn't needed, if you get a resulting row, then you already know the username and password combo works

you store the resulting row into $_SESSION, or at least the relevant info, this is what you check to see if a user is logged in, and unset/clear if they log out.

I think that's pretty much everything, if my half awake brain missed anything, lemme know 😛

barneybarney68

Sorry but all of that is falling on a simple mind. I didn't really get much of it, mainly in understanding it really. Like why don't i need to put session variables in as to call from for displaying their orders etc...
tbh i dont really understand how sessions work.

Also the rest i plainly did not get. The bit i did get was to change to loginck query to $_POST

Any further wise words or help. Thanks

CoderDan

ok, a very brief overview of sessions. (assuming default behavior - they can be customized) (if you want to know all about them, there's plenty of resources out there)

session_start() must be called before any output is sent. this doesn't include header setting.
it must be called on every page, to maintain it.
it sets a cookie on teh user's client to identify itself.
any information you store into $SESSION will then be available on every page.
if the user closes their browser, the session identifier is gone, and they need to get a new one.
php takes care of saving the data between pageloads, and getting rid of it when it is no longer needed (by default it cleans itself out if unused for 4 hours)
Thats the bare bones.
make session_start() your first call on every page, and then anything you store in the global $SESSION stays there between page loads. (use it as an array, it's very handy)

Yes, you can do a lot more with sessions, from messing with identifiers, to making them store in a db on the server, but for the average user, all that is needed is the basic functionality.
having an array of variables that you can update and check on any page in any class or function is handy for a lot of things that require keeping data about a specific user's browsing session.

barneybarney68

Well i'm assuming all i need to set in the session is the users email and password since this is what i'm using to check if a user is logged in.

Not sure what you mean by the global session, where do i set this? i assume i need to set the email and pass here, i'm guessing this would be done a login however i thought i did that, is there some otherway to set this?
then wouldn't i need to check on every page is session is set to then process of redirect to login?

barneybarney68

ok also reading through your post again and again, the user id i.e. u_id variable is what i want to specify not the user. I want is to be an incremental number starting say 001 and increasing by one for each new registration.

The pass i have entered into the right places now - thanks good eye

also you mentioned about checking if the user is logged in.. for this i believe i was simply using whether the session is set of not? The session can only be set by login and the user information and ordered will be called based on the set session information i.e. email. Should i also include the password for further security of is this ok?

i've made a start on the signup file but not sure where to go in terms of code. I've also begun a c_home file that will call session value of email to retrieve data.

CoderDan

barneybarney68;10916660 wrote:
Well i'm assuming all i need to set in the session is the users email and password since this is what i'm using to check if a user is logged in.

well, you should really only need to store the id, you can store a username/email/whatever if you want to display something on each page like 'logged in as blah'

barneybarney68;10916660 wrote:
Not sure what you mean by the global session, where do i set this? i assume i need to set the email and pass here, i'm guessing this would be done a login however i thought i did that, is there some otherway to set this?
then wouldn't i need to check on every page is session is set to then process of redirect to login?

the $SESSION variable is, by nature, global, once session_start() is called (assuming it's called properly, ie. first thing), then the $SESSION global will exist, containing any information you stored in it previously since the user came to your site.
You only need store the user's login info to it once, when they first login, then you just check it's there - if it's there, they're already logged in.

barneybarney68;10916669 wrote:
ok also reading through your post again and again, the user id i.e. u_id variable is what i want to specify not the user. I want is to be an incremental number starting say 001 and increasing by one for each new registration.

The incrementing should be done by default by mysql - when creating a new user you don't specify the id, and in your table creation/modification make sure it is set to be a primary key that autoincrements.

barneybarney68;10916669 wrote:
The pass i have entered into the right places now - thanks good eye

also you mentioned about checking if the user is logged in.. for this i believe i was simply using whether the session is set of not? The session can only be set by login and the user information and ordered will be called based on the set session information i.e. email. Should i also include the password for further security of is this ok?

well, if you call session_start() the session should exist. so you check if it contains the users information stored this script run or on a previous script run.
assuming you do something like:
$SESSION['user'] = $mysql_fetched_association_of_user_query;
then you can check: isset( $SESSION['user'] ) or $SESSION['user']['user_id'] or whatever to see if they're logged in already. what specific user info you store is up to you. You only need to verify them when they first log in and you save an entry to the SESSION for them, you don't need to verify them again, so password seems like useless info to you at that point.

barneybarney68;10916669 wrote:
i've made a start on the signup file but not sure where to go in terms of code.

well a signup you just collect the info you want to have for a user, then upon verified submission, INSERT an entry for them, then get that entry's id (at least) back, and store it into SESSION so they're 'logged in' and do as you like from there.

barneybarney68;10916669 wrote:
I've also begun a c_home file that will call session value of email to retrieve data.

and the data on the user should be in _SESSION if they're logged in, so you shouldn't need to retrieve it again.

barneybarney68

@:
Ok i'm getting somewhere now and i've just borrowed a php and mySQL book my O'Reilly. This is helping me along. I have some exams now so will be dormant for a couple of weeks but could you please stay subscribed and i will post back again when i need help thanks.

CoderDan

I keep checking in 🙂

barneybarney68

Here is what i have for my login/signup/logout function form so far. Here is a list of things that i think i stall need to do:
#validate the entries into the forms (both login and signup)
#check if email already exists in the database and if so then display message saying so to the user => this leads to some sort of password regeneration script i.e email new random pass
#encrypt the password being saved to the db, i think md5() seems adequate here

Could you help me with any of these things since not sure how to do any of these

code:

<?php
/* login script to deal with login requests and signups

checks if a login has been posted, and if so, processes it
else checks if a registration has been posted, and if so, processes it
	on successful login or creation, log the user in (puts their info into session)
		sends user to the c_home page
	else checks if a user is trying to log out, and if they are, logs them out ( clears relevant session values)
		prints logged out and then sends to home page
*/

// escape injection attacks variables gotton from login form
$email = mysql_real_escape_string($_POST['email']);
$pass = mysql_real_escape_string($_POST['pass']);

// escape injection attacks variables gotton from signup form
$fname = mysql_real_escape_string($_POST['fname']);
$sname = mysql_real_escape_string($_POST['sname']);
$dob = mysql_real_escape_string($_POST['dob']);
$phnumb = mysql_real_escape_string($_POST['phnumb']);
$location = mysql_real_escape_string($_POST['location']);

if ($_POST['logging_in'] == 'true') {
// login has been posted so process, query db for user values, orders for any orders, and geckos to match with orders
$fetch_user = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE email='$email' AND pass='$pass'"))
	if(($fetch_user['email']==$email)&&($fetch_user['pass']==$pass)){
	// password matches with email so start and set session variables and goto c_home
		session_start(); 
			$_SESSION['u_id'] = $fetch_user['u_id']; 
			$_SESSION['fname'] = $fetch_user['fname'];
		echo "<p>Successfully, Logged in</p>";
		header("location: c_home.php"); //consider adding the reload part here
	}
	else {
		echo "Wrong login. Use your correct Email and Password and try again.";
		header("location: ../login.php");
	}
}
elseif ($_POST['signing_up'] == 'true') {
// signup has been posted so process, adding the user to the db table users and logging session
	mysql_query('INSERT INTO users (fname, sname, dob, email, pass, phnumb, location)
	VALUES (?,?,?,?,?,?,?)',
	array($fname, $sname, $dob, $email, $pass, $phnumb, $location));
		or die(mysql_error());
	// user added, now start session
	$u_id = mysql_query("SELECT last_insert_id()");
	session_start();
		$_SESSION['u_id'] = $u_id; 
		$_SESSION['fname'] = 'new user';
	echo "<p>Successfull registration</p>";
	header("location: c_home");
}
elseif ($_POST['logging_out'] == 'true') {
// logging out therfire ckear session data
	session_destroy();
	header("location: ../index.php");
}
else {
// called by external source so send to login
	header("location: ../login.php");
}
?>

CoderDan

added some comments for you, hope it helps out:

<?php
/* login script to deal with login requests and signups

checks if a login has been posted, and if so, processes it
else checks if a registration has been posted, and if so, processes it
    on successful login or creation, log the user in (puts their info into session)
        sends user to the c_home page
    else checks if a user is trying to log out, and if they are, logs them out ( clears relevant session values)
        prints logged out and then sends to home page
*/

/****Dan: You're best to escape these variables when creating teh query, not 'generally' as you may have other uses for them that you won't want them sql escaped for ****/

// escape injection attacks variables gotton from login form
$email = mysql_real_escape_string($_POST['email']);
$pass = mysql_real_escape_string($_POST['pass']);

// escape injection attacks variables gotton from signup form
$fname = mysql_real_escape_string($_POST['fname']);
$sname = mysql_real_escape_string($_POST['sname']);
$dob = mysql_real_escape_string($_POST['dob']);
$phnumb = mysql_real_escape_string($_POST['phnumb']);
$location = mysql_real_escape_string($_POST['location']);

if ($_POST['logging_in'] == 'true') {
// login has been posted so process, query db for user values, orders for any orders, and geckos to match with orders
/****Dan: I'd prefer to use something like:
$query = "SELECT * FROM users WHERE email='".mysql_escape_string( $_POST['email'] )."' AND pass=MD5( '".mysql_escape_string( $_POST['pass'] )."' ) ";
$result = mysql_query( $query ) or die( mysql_error()."<p>$query</p>" );
if ( $fetch_user = mysql_fetch_assoc( $result ) ) {
  $_SESSION['u_id'] = $fetch_user['u_id'];
**** etc.... ****/
$fetch_user = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE email='$email' AND pass='$pass'"))
/****Dan: you just want to check if you got a result ($fetch_user) as the query has already filtered to email and pw match ****/
    if(($fetch_user['email']==$email)&&($fetch_user['pass']==$pass)){
    // password matches with email so start and set session variables and goto c_home
        session_start(); /****Dan: this should be first thing on the page - if you have any warnings/errors/etc pop out (anything at all) before this, it won't work ****/
            $_SESSION['u_id'] = $fetch_user['u_id'];
            $_SESSION['fname'] = $fetch_user['fname'];
        echo "<p>Successfully, Logged in</p>";
        header("location: c_home.php"); //consider adding the reload part here
        /****Dan: if you're using header locations, then you're best to exit the script here ****/
    }
    else {
        echo "Wrong login. Use your correct Email and Password and try again.";
        header("location: ../login.php");
        /****Dan: again, best to call exit; here ****/
    }
}
elseif ($_POST['signing_up'] == 'true') {
// signup has been posted so process, adding the user to the db table users and logging session
/****Dan: first, query the db for the email to check if it already exists - if it does, return a 'email already registered' message, else go ahead with teh insert ****/
    mysql_query('INSERT INTO users (fname, sname, dob, email, pass, phnumb, location)
    VALUES (?,?,?,?,?,?,?)',
        or die(mysql_error());
    array($fname, $sname, $dob, $email, $pass, $phnumb, $location));
    $u_id = mysql_query("SELECT last_insert_id()");
    /****Dan: I'd verify all wanted values are provided, and check the date is recognised as a date, perhaps ensure a minimum length in password, etc, if anything fails, send a message, and reshow the login form, if it checks out, I'd use something like:
    $query = "INSERT INTO users (fname, sname, dob, email, pass, phnumb, location) ".
      "VALUES ( ".
      "'".mysql_real_escape_string( $_POST['fname'] )."', ".
      "'".mysql_real_escape_string( $_POST['sname'] )."', ".
      "'".date( 'Y-m-d', strtotime( $_POST['dob'] ) )."', ". // assuming this is a date format in mysql
      "'".mysql_real_escape_string( $_POST['email'] )."', ".
      "MD5( '".mysql_real_escape_string( $_POST['pass'] )."' ), ".
      "'".mysql_real_escape_string( $_POST['phnumb'] )."', ".
      "'".mysql_real_escape_string( $_POST['location'] )."' ".
      ") ";
    mysql_query( $query ) or die( mysql_error()."<p>$query</p>" );
    $u_id = mysql_insert_id();
    ****/
    // user added, now start session
    session_start(); /****Dan: again, session_start should have been called first thing ****/
        $_SESSION['u_id'] = $u_id;
        $_SESSION['fname'] = 'new user';
    echo "<p>Successfull registration</p>";
    header("location: c_home");
}
elseif ($_POST['logging_out'] == 'true') {
// logging out therfire ckear session data
    session_destroy(); /****Dan: I'd use unset( $_SESSION['u_id'] ); rather than destroying the entire session, and use $_SESSION['u_id'] to check for a valid user. ****/
    header("location: ../index.php");
}
else {
// called by external source so send to login
    header("location: ../login.php");
}
?>

barneybarney68

OK i'm back now and i've just completed my first real useful script. It is also for the same site and basically is a counter for paypal donations. AND IT WORKS!!! yay.

OK back to the more elabrate scrpt i need, i've completed most of the admin tool but still have lots of work to do on the script as a whole. I'll post back with more comments and help needs soon, thanks CoderDan for sticking around.