admin login

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • adweaver
    New Member
    • Oct 2009
    • 20
    #1

    admin login

    Hello All,

    I'm new to the world of php. I've just had a site designed for me by a company, and I'm now trying to manage and grow it, so it will suit my needs.

    The site was built in a folder called mysite.com/test. I coppied this folder a number of times, so I now have mysite.com/test2, mysite.com/test3 etc. Each folder acts as its own landing page.

    they setup an interface where we can control the upsells presented to the customer; basically a template. To access, I go to mysite.com/test/admin.php to login. I'd like to be able to be able to have a separate login for each landing page, so I'm trying to setup access at mysite.com/test2/login.php.

    I've copied my database, so that there are 2. I've pointed my dbconnect.php to the new database I created.

    Originally, the code looked like this;

    Code:
    <?php
mysql_connect("localhost", "energym2_wp01", "***");
mysql_select_db("energym2_wp01");
?>
    In my test2 folder, I changed the code to this;

    Code:
    <?php
mysql_connect("localhost", "energym2_wp01", "***");
mysql_select_db("energym2_wp02");
?>
    energym2_wp02 being the new database I created.

    When I try to login, I get the following error;

    Warning: mysql_fetch_arr ay(): supplied argument is not a valid MySQL result resource in /home/energym2/public_html/test3/login.php on line 15
    Below is the relevant (I think) code from the login page in /test2

    Code:
    if($_POST["btnLogin"] == "Login")
{
	$sqlAuthentication = "SELECT id FROM tbl_admin_info WHERE UserID ='".$_POST["txtUserID"]."' AND Password ='".$_POST["txtPassword"]."'";
	$resAuthentication = mysql_query($sqlAuthentication);
	$arrAuthentication = mysql_fetch_array($resAuthentication);
	$UsersID           = $arrAuthentication['id'];
	$Role              = "Admin";

	if($UsersID > 0)
	{
	
		$_SESSION['id']   = $UsersID;
		$_SESSION['Role'] = $Role;
		
		header("location:productAdmin.php");

	}
	else
	{
		$error = "<font style='color:#FF0000; width:170px;'>Invalid Login. Please Try Again!!!</font>";
	}
}

mysql_close();

    Any thoughts, ideas, suggestions would be greatly appreciated.

    Please let me know if there is any additional info required to answer this question.

    Andrew
    Last edited by Dormilich; Oct 19 '09, 04:19 AM. Reason: Please use [code] tags when posting code
    Tags: None
    • TheServant
      Recognized Expert Top Contributor
      • Feb 2008
      • 1168
      #2
      Welcome to Bytes.
      Use [CODE] tags around your code to make it easier to read.

      A few things could be improved, but starting with the basics: The MySQL error you ahve is because mysql_fetch_arr ay has been given an input that it wasn't expecting, like a NULL value or an error. Try replace relavent code with this and tell us the output:
      Code:
      /* Instead of: */
$resAuthentication = mysql_query($sqlAuthentication);
/* Use this: */
$resAuthentication = mysql_query($sqlAuthentication) or die(mysql_error());
      There is something wrong with your query, and adding a die() will stop if tehre is any error. Putting something in the die("There was an error") will display "There was an error" if there is any error. Finally, the function mysql_error() shows any error that happened. This is one of the best debugging techniques especially while you are still developing.

        Comment

        • adweaver
          New Member
          • Oct 2009
          • 20
          #3
          Thanks for the reply TS.

          I'd like to expand a little to make sure we're both on the same page.

          The template that was built works. When I go to mysite.com/test/login.php I can login and make changes to the upsells that are presented to our customers when they check out (pictures, discriptions, prices, etc.)

          When I created mysite.com/test2, I went to mysite.com/test2/login.php and I was able to login using the same username and password that I use to login at /test/login.php.

          What I noticed was that I was controlling the same interface. It didn't matter if I was logging in at test, test2, test3; I was always accessing the same template (ie. every landing page would have the same upsells presented to our customer).

          When I inquired into this, it was brought to my attention that I need to point the dbconnect.php in each folder to a separate database, in order for each folder/landing-page to own its own template. This led me to copy the exiting database 'wp01' and create an identical database (identical for now anyways) which I named 'wp02'.

          Initially I changed both instances of 'energym2_wp01' to 'energym2_wp02' in the dbconnect.php code located in /test2. When I went to see if it worked, by logging in at /test2/login.php the page had the following warnings at the top.



          Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'energym2_wp02' @'localhost' (using password: YES) in /home/energym2/public_html/test3/includes/dbConnect.php on line 2
          Warning: mysql_select_db () [function.mysql-select-db]: Access denied for user 'energym2'@'loc alhost' (using password: NO) in /home/energym2/public_html/test3/includes/dbConnect.php on line 3
          Warning: mysql_select_db () [function.mysql-select-db]: A link to the server could not be established in /home/energym2/public_html/test3/includes/dbConnect.php on line 3
          Warning: mysql_close(): no MySQL-Link resource supplied in /home/energym2/public_html/test3/login.php on line 34



          When I try to login using the username and password I use for test/login.php, I get the following;


          Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'energym2_wp02' @'localhost' (using password: YES) in /home/energym2/public_html/test3/includes/dbConnect.php on line 2
          Warning: mysql_select_db () [function.mysql-select-db]: Access denied for user 'energym2'@'loc alhost' (using password: NO) in /home/energym2/public_html/test3/includes/dbConnect.php on line 3
          Warning: mysql_select_db () [function.mysql-select-db]: A link to the server could not be established in /home/energym2/public_html/test3/includes/dbConnect.php on line 3
          Warning: mysql_query() [function.mysql-query]: Access denied for user 'energym2'@'loc alhost' (using password: NO) in /home/energym2/public_html/test3/login.php on line 14
          Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/energym2/public_html/test3/login.php on line 14
          Warning: mysql_fetch_arr ay(): supplied argument is not a valid MySQL result resource in /home/energym2/public_html/test3/login.php on line 15
          Warning: mysql_close(): no MySQL-Link resource supplied in /home/energym2/public_html/test3/login.php on line 34
          In addition, I get the message 'Invalid Login. Please Try Again!!!'



          I'm assuming that the username and password we use to sucessfully login at test/login.php is somewhere within the database that I copied, which is why I'm using the same username and password at test2/login.php. Maybe this isn't the case?



          Anyway, I looked at the code in dbConnect.php and decided I would try again, this time leaving "energym2_w p01" in the mysql_connect and using "energym2_w p02" in the mysql_select_db (initially I had changed both to wp02).

          This led to the content that I originally provided in my first post.

          Either way, I can still login to /test/login.php which is why I'm thinking it's not a problem with the code since it worked/works. I think the problem lies i the fact that I don't understand what I'm doing and have likely neglected to change something somewhere along the line.



          Thanks again, and please excuse any bad form on my part. I appreciate the help and any additional guidance that helps me present this to you in a fashion that best suits this forum. I'm trying to learn as I go here and any suggestions in the way of online tutorials or other learning tools are also appreciated.

            Comment

            • TheServant
              Recognized Expert Top Contributor
              • Feb 2008
              • 1168
              #4
              I am not sure if I understand correctly, but with regards to templates you do not need a duplicated database?? Your database code, and PHP are together, and then your html and css are together. I don't know what you mean by template, because if it is just the display of data then you simply need to select a different stylesheet.

              Your error messages are not about what's in the database, as they say, and I am sure you know, it is that you cannot connect to the database because your username and password are not correct. The username and password to access a database is not stored in that same database, but rather in a special MySQL one to log which users have access to which database. When you create a databse youneed to assign users (along with privilages) to each database. I think that you have forgotten to do this with your new (copied) database. Checkup on that and let me know what software you are using for databases?

              **ALSO** I am not a moderator, so I can't hide it for you, but if that's your real password for your MySQL connection, I suggest you change it, as it has now been shown to the world through this post (your first post).

                Comment

                • adweaver
                  New Member
                  • Oct 2009
                  • 20
                  #5
                  Cool. That's definitely it. I never setup access to the new db.

                  I did a search through those posts for my username and pw and it didn't come up, so I don't think I divulged that info, but it's due to be changed soon anyway.

                  I'll setup access to the new db and play around a bit to see if I can get it working. I'll report back sometime tomorrow.

                  Thanks again.

                  Andrew

                    Comment

                    • TheServant
                      Recognized Expert Top Contributor
                      • Feb 2008
                      • 1168
                      #6
                      No worries, let us know how you go.

                      And thanks Dorm for the code tags and **** ;)

                        Comment

                        • Dormilich
                          Recognized Expert Expert
                          • Aug 2008
                          • 8694
                          #7
                          Originally posted by TheServant
                          And thanks Dorm for the code tags and **** ;)
                          isn’t that what Mods are for? ;)

                            Comment

                            • supun24
                              New Member
                              • Aug 2006
                              • 11
                              #8
                              PHP Login Page

                              Hi.. You can create one login page for every page you visiting. If someone loged in to database. It will create new session. every page is searching for session and if can't find, it will redirect to login page..

                              This is login page index.php

                              Code:
                              <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script type="text/javascript">
function setFocus()
{
document.getElementById("username").focus();
}
</script>

<script language="JavaScript" type="text/javascript">
<!--
if (top==self)
self.location.href="blank.php";
-->
</script>


<title>Member Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body onload="setFocus()">
<form name="login-form" id="login-form" method="post" action="manage-check.php">
  <table width="207" height="108" border="1">
    <tr>
        <td width="197" height="102"><input name="submit" type="submit" style="position:absolute; left: 84px; top: 84px; width: 53px;" tabindex="3" value="Login" />
      <input name="button" type="button" id="button" style="position:absolute; left: 144px; top: 84px; width: 55px;" tabindex="4" onClick="window.location.href='blank.php'" value="Cancel"/>
     </td>
    </tr>
  </table>
  
  <label title="Username"><br />
   
    <input name="username" type="text" id="username" style="position:absolute; left: 102px; top: 28px; width: 100px;" tabindex="1" maxlength="100" />
  </label>
  <br />
<br />
  <label title="Password">
    <input name="password" type="password" id="password" style="position:absolute; left: 102px; top: 55px; width: 100px;" tabindex="2" maxlength="14" />
  <input name="" type='text' style='border-style:none; position:absolute; left: 20px; top: 29px; width: 75px;' value='User Name' onClick="setFocus();">
      <input name="" type='text' style='border-style:none; position:absolute; left: 20px; top: 55px; width: 75px;' value='Password'>
  </label>
<dl>
  <dt>&nbsp;</dt>
</dl>
</form>
</body>
</html>

                              This is Second page manage-check.php

                              Code:
                              <?php
session_start();
include('db.php');
if(isset($_POST['submit'])) :
// Username and password sent from signup form
// First we remove all HTML-tags and PHP-tags, then we create a sha1-hash
$username = strip_tags($_POST['username']);
$password = sha1(strip_tags($_POST['password']));
// Make the query a wee-bit safer
$query = sprintf("SELECT ID FROM members WHERE username = '%s' AND user_password = '%s' LIMIT 1;", mysql_real_escape_string($username), mysql_real_escape_string($password));
$result = mysql_query($query);
if(1 != mysql_num_rows($result)) :
// MySQL returned zero rows (or there's something wrong with the query)
header('Location: member.php');
else :
// We found the row that we were looking for
$row = mysql_fetch_assoc($result);
// Register the user ID for further use
$_SESSION['member_ID'] = $row['ID'];
header('Location: member.php');
endif;
endif;
?>
                              This is Database Connection db.php

                              Code:
                              <?php
session_start();
if(!session_is_registered('member_ID')) :
header('Location: index.php');
endif;
define('SQL_USER', '***');
define('SQL_PASS', '***');
define('SQL_DB', 'home');
// Create a link to the database server
$link = mysql_connect('localhost', SQL_USER, SQL_PASS);
if(!$link) :
die('Could not connect: ' . mysql_error());
endif;
// Select a database where our member tables are stored
$db = mysql_select_db(SQL_DB, $link);
if(!$db) :
die ('Can\'t connect to database : ' . mysql_error());
endif;
?>
                              This is function file functions.php

                              Code:
                              <?php
function user_info($field='') {
// If $field is empty
if(empty($field))
return false;
// Check to see if we're allowed to query the requested field.
// If we add other fields, such as name, e-mail etc, this array
// will have to be extended to include those fields.
$accepted = array('username', 'user_password');
if(!in_array($field, $accepted))
return false;
// Poll the database
$result = mysql_query("SELECT ". $field ." FROM members WHERE ID = ". $_SESSION['member_ID'] .";");
// If we don't find any rows
if(1 != mysql_num_rows($result)) :
return false;
else :
// We found the row that we were looking for
$row = mysql_fetch_assoc($result);
// Return the field
return $row[$field];
endif;
} // end user_info
?>
                              Login Complete page member.php

                              Code:
                              <?php
// Start a session
session_start();
// Sends the user to the login-page if not logged in
if(!session_is_registered('member_ID')) :
echo "<a href='index.php' target='homeif'>Member Login</a> <br>";
echo "<a href='register.php'>Register</a>";
else:
include 'db.php';
include 'functions.php';
echo "<Strong> Welcome ";
print user_info('username');
echo "</strong>";
echo "<br><a href='logout.php'>Logout</a>";
endif;
?>
<head>
</head>
<body>
</body>
                              Last edited by Dormilich; Oct 19 '09, 10:00 AM. Reason: removed URLs

                                Comment

                                • adweaver
                                  New Member
                                  • Oct 2009
                                  • 20
                                  #9
                                  Thanks Supun24. Unfortunately, that's a little over my head.

                                  Part of my problem here is that I'm trying to keep our /test folder intact and not mess around too much with the code I've been given. The thought being that this firm has committed to getting this site up and operational for us, so I don't really mess with what's in /test; that's all theirs. I've just created my own folder /test2 which is where I'm doing all my messing around.

                                  Firstly, TS, I've granted the user that was setup with rights to db 'wp_01' access to the second db I created, 'wp_02'. That worked. I'm now able to login at test2/login.php and the changes I make to the orderpage (our upsells) stay intact. This means that customers that are directed to test/orderpage.php are given different upsell options than customers that are directed to test2/orderpage.php.

                                  orderpage.php is our template. The code for the template (productAdmin.p hp) looks as follows.

                                  Code:
                                  <?php
session_start();
include_once("includes/dbConnect.php");
include_once("includes/pagerForAll.php");

if($_SESSION['Role'] != 'Admin') header("location:login.php");

if($_GET[edit]) $_POST['hdnProductID'] = $_GET['edit'];

if($_SERVER['REQUEST_METHOD'] == "POST")
{
	$extension = "";
	if($_FILES['browseFile']['name'] != "")
	{
		$fileName      = "Product".date("Ymdhmi").$_FILES['browseFile']['name'];
		$tmpPath       = $_FILES['browseFile']['tmp_name']; 
		$sizeOfFile    = $_FILES['browseFile']['size'];
		$target        = "files/";
		$file		   = $target.$fileName;
	
		$arrFileName   =  explode(".", $fileName);             
															   
		$extension     =  $arrFileName[count($arrFileName)-1]; 
		$extension     =  strtolower($extension); 
	}
	
	if($extension == "jpg" || $extension == "jpeg" || $extension == "png" || $extension == "gif" || $extension == "tif")
	{
		if(move_uploaded_file($tmpPath, $file))
		{			
			if($_POST['hdnProductID'] < 1)
			{
				if(trim($_POST['txtOrder']) == "") $_POST['txtOrder'] = 0;
				$sqlOrder   = "SELECT order_position FROM product WHERE order_position=".$_POST['txtOrder']; 
				$resOrder   = mysql_query($sqlOrder);
				$rowCount   = mysql_num_rows($resOrder);
				
				if($rowCount > 0)
				{
					$sqlMaxOrder       = "SELECT (max(order_position) + 1) As MaxOrder FROM product";
					$resMaxOrder       = mysql_query($sqlMaxOrder);
					$arrMaxOrder       = mysql_fetch_array($resMaxOrder);
					$intMaxOrder       = $arrMaxOrder['MaxOrder'];
					$_POST['txtOrder'] = $intMaxOrder;
				}
				
				$sqlInsert  = "INSERT INTO product(product_name, description, price, order_position, filename) VALUES ('".$_POST['txtProduct']."', '".addslashes(str_replace('"',"\'",trim($_POST['txtDescription'])))."',".$_POST['txtPrice'].",".$_POST['txtOrder'].",'".$fileName."')";
				$resInsert  = mysql_query($sqlInsert);
				$insertID   = mysql_insert_id();
				
				if($insertID > 0) $strError .= "<font style='color:#006633'>Inserted Successfully</font>";
			}
			else
			{
				$sqlUpdate  = "  UPDATE product SET ";
				$sqlUpdate .= "  product_name        = '".$_POST['txtProduct']."'";
				$sqlUpdate .= ", description         = '".addslashes(str_replace('"',"\'",trim($_POST['txtDescription'])))."'";
				$sqlUpdate .= ", price               = '".$_POST['txtPrice']."'";
				$sqlUpdate .= ", order_position      = '".$_POST['txtOrder']."'";
				$sqlUpdate .= ", filename            = '".$fileName."'";
				$sqlUpdate .= "  WHERE id            = ".$_POST['hdnProductID'];

				$resUpdate  = mysql_query($sqlUpdate);
				$rowUpdate  = mysql_affected_rows();
				
				if($rowUpdate > 0) $strError .= "<font style='color:#006633'>Updated Successfully</font>";	
			}
		
			$_POST['txtProduct'] 	 = "";
			$_POST['txtDescription'] = "";
			$_POST['txtOrder']		 = "";
			$_POST['hdnProductID']    = "";
			$_POST['hdnOrder']		 = "";
		}
		else
		{
			$strError .= "<font style='color:#FF0000'>Max Upload File Size is 3.5 MB</font>";
		}
	}
	else if($extension == "" && $_POST['hdnProductID'] > 0)
	{
		if($_POST['hdnOrder'] > 0)
		{
			  $sqlUpd = "UPDATE product SET order_position=".$_POST['hdnOrder']." WHERE order_position = ".$_POST['txtOrder'];
			  $resUpd = mysql_query($sqlUpd);
		}
		
		$sqlUpdate  = "  UPDATE product SET ";
		$sqlUpdate .= "  product_name        = '".$_POST['txtProduct']."'";
		$sqlUpdate .= ", description         = '".addslashes($_POST['txtDescription'])."'";
		$sqlUpdate .= ", price               = '".$_POST['txtPrice']."'";
		$sqlUpdate .= ", order_position = '".$_POST['txtOrder']."'";
		$sqlUpdate .= "  WHERE id       = ".$_POST['hdnProductID'];
		
		$resUpdate  = mysql_query($sqlUpdate);
		$rowUpdate  = mysql_affected_rows();
		
		if($rowUpdate > 0) $strError .= "<font style='color:#006633'>Updated Successfully</font>";	
		
		$_POST['txtProduct'] 	 = "";
		$_POST['txtDescription'] = "";
		$_POST['txtOrder']		 = "";
		$_POST['hdnProductID']   = "";
		$_POST['hdnOrder']		 = "";
		$_POST['txtPrice']       = "";
	}
	else if($extension == "" && $_POST['hdnProductID'] < 1)
	{
			$sqlOrder   = "SELECT order_position FROM product WHERE order_position=".$_POST['txtOrder']; 
			$resOrder   = mysql_query($sqlOrder);
			$rowCount   = mysql_num_rows($resOrder);
			
			if($rowCount > 0)
			{
				$sqlMaxOrder       = "SELECT (max(order_position) + 1) As MaxOrder FROM product";
				$resMaxOrder       = mysql_query($sqlMaxOrder);
				$arrMaxOrder       = mysql_fetch_array($resMaxOrder);
				$intMaxOrder       = $arrMaxOrder['MaxOrder'];
				$_POST['txtOrder'] = $intMaxOrder;
			}
			
			$fileName = "noimage.jpg";
			
			$sqlInsert  = "INSERT INTO product(product_name, description, order_position, filename) VALUES ('".$_POST['txtProduct']."', '".addslashes($_POST['txtDescription'])."',".$_POST['txtOrder'].",'".$fileName."')";
			$resInsert  = mysql_query($sqlInsert);
			$insertID   = mysql_insert_id();
			
			if($insertID > 0) $strError .= "<font style='color:#006633'>Inserted Successfully</font>";
			$_POST['txtProduct'] 	 = "";
			$_POST['txtDescription'] = "";
			$_POST['txtOrder']		 = "";
			$_POST['hdnProductID']   = "";
			$_POST['hdnOrder']		 = "";
			$_POST['txtPrice']       = "";
	}
	else
	{
		$strError .="<font style='color:#FF0000'>Improper File</font>";
	}
}
else if($_GET['edit']!="")
{
	 $sqlSelectById             = "SELECT * FROM product where id=".$_GET['edit'];
	 $resSelectById             = mysql_query($sqlSelectById);

	 $_POST['txtProduct']       = mysql_result($resSelectById, 0, "product_name");
	 $_POST['txtDescription']   = mysql_result($resSelectById, 0, "description");
	 $_POST['txtOrder']  		= mysql_result($resSelectById, 0, "order_position");
	 $_POST['txtPrice']         = mysql_result($resSelectById, 0, "price");
	 $_POST['hdnProductID']     = mysql_result($resSelectById, 0, "id"); 
	 $_POST['hdnFileName']      = mysql_result($resSelectById, 0, "filename");
	 $_POST['hdnOrder']			= mysql_result($resSelectById, 0, "order_position");
	 $image						= mysql_result($resSelectById, 0, "filename");  
}
else if($_GET['delete'] != "")
{
	@unlink($_GET['fileName']);
	
	$sqlSelect = "SELECT order_position FROM product WHERE id=".$_GET['delete'];
	$resSelect = mysql_query($sqlSelect);
	$cntSelect = mysql_num_rows($resSelect) > 0 ? mysql_result($resSelect, 0, "order_position") : "0";
	
	if($cntSelect > 0)
	{
		$sqlUpdOrder = "UPDATE product SET order_position = order_position - 1 WHERE order_position > ".$cntSelect;
		$resUpdOrder = mysql_query($sqlUpdOrder);
		
		$sqlDelete = "DELETE FROM product WHERE id=".$_GET['delete'];
		$resDelete = mysql_query($sqlDelete);
		$rowDelete = mysql_affected_rows();
		
		if($rowDelete > 0)  $strError .= "<font style='color:#006633'>Deleted Successfully</font>";
	}
}

$pageRows		  = 5;
$intFromRecord	  = 0;
$pagenum		  = 1;

$sqlCount 	 = "SELECT count(id) As Count FROM product";

$resCount 		  = mysql_query($sqlCount);
$numRowsDb        = mysql_result($resCount, 0, "Count"); 

$numOfPages		  = ceil($numRowsDb/$pageRows);

if($_GET['pageNum'])
	$pagenum   = $_GET['pageNum'];
	
if(!(isset($pagenum))) 
	$pagenum   = 1; 

$last          = ceil($numRowsDb/$pageRows); 
				
if ($pagenum < 1) 
	$pagenum   = 1; 
	
else if($last<1)
	$pagenum   = 1; 
	
else if($pagenum > $last) 
	$pagenum   = $last; 

$intFromRecord    = ($pagenum - 1) * $pageRows;
$max 		      = "LIMIT " .$intFromRecord."," .$pageRows;

$sqlProduct  = "SELECT * FROM product ORDER BY order_position ".$max;;
$resProduct  = mysql_query($sqlProduct);
$rowCount    = mysql_num_rows($resProduct);
?>

<?php
session_start();
include_once("includes/dbConnect.php");

if($_GET['loginFailed'] == 1)  $error = "<font style='color:#FF0000;'>Please login as Administrator</font>";

if($_GET['logout'] == 1) session_destroy();

if($_SESSION['Role'] == 'A') header("location:productAdmin.php");

if($_POST["btnLogin"] == "Login")
{
	$sqlAuthentication = "SELECT id FROM tbl_admin_info WHERE UserID ='".$_POST["txtUserID"]."' AND Password ='".$_POST["txtPassword"]."'";
	$resAuthentication = mysql_query($sqlAuthentication);
	$arrAuthentication = mysql_fetch_array($resAuthentication);
	$UsersID           = $arrAuthentication['id'];
	$Role              = "Admin";

	if($UsersID > 0)
	{
	
		$_SESSION['id']   = $UsersID;
		$_SESSION['Role'] = $Role;
		
		header("location:productAdmin.php");

	}
	else
	{
		$error = "<font style='color:#FF0000;'>Invalid Login. Please Try Again!!!</font>";
	}
}

mysql_close();

?>



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Foosh</title>
<link rel="stylesheet" href="css/style.css" type="text/css" />
<link href="css/pagination.css" rel="stylesheet" type="text/css" />
<script type="text/javascript">
<!--
function MM_swapImgRestore() { //v3.0
  var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
}
function MM_preloadImages() { //v3.0
  var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
    var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
    if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}

function MM_findObj(n, d) { //v4.01
  var p,i,x;  if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
    d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
  if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
  for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
  if(!x && d.getElementById) x=d.getElementById(n); return x;
}

function MM_swapImage() { //v3.0
  var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
   if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
}

function fnValidate()
{
	if(document.getElementById("txtUserID").value == "")
	{
		alert("Please enter the User ID");
		return false;
	}
	else if(document.getElementById("txtPassword").value == "")
	{
		alert("Please enter the Password");
		return false;
	}
	
	return true;

}

//-->

function fnValidate()
{
	var regExNumeric =/^[0-9]+$/;
	var str = trim(document.getElementById("browseFile").value);
	document.getElementById("txtDescription").value = trim(document.getElementById("txtDescription").value)
	document.getElementById("txtProduct").value     = trim(document.getElementById("txtProduct").value)
	
	if(document.getElementById("txtProduct").value == "")
	{
		alert("Please enter the Product Name");
		document.getElementById("txtProduct").focus();
		return false;
	}
	else if(document.getElementById("txtDescription").value == "")
	{
		alert("Please enter the description");
		document.getElementById("txtDescription").focus();
		return false;
	}
	else if(str != "")
	{
		var extension = str.substring(str.length-4,str.length).toLowerCase();
		if(extension != ".jpg" && extension != "jpeg" && extension != ".png" && extension != ".gif" && $extension != ".tif")
		{
			alert("Please select Image, Document or Zip file");
			document.getElementById("browseFile").focus();
			return false;
		}
		return true;
	}
	else if(trim(document.getElementById("txtPrice").value) == "")
	{
		alert("Please enter the Price");
		return false;
	}
	else if(regExNumeric.test(document.getElementById("txtPrice").value) == false)
	{
		alert("Invalid Price");
		return false;
	}
	else if(trim(document.getElementById("txtOrder").value) == "")
	{
		alert("Please enter the Ordering No");
		return false;
	}
	else if(regExNumeric.test(document.getElementById("txtOrder").value) == false)
	{
		alert("Invalid Ordering Number");
		return false;
	}
	
	return true;
}

function ltrim(argvalue) {

  while (1) {
    if (argvalue.substring(0, 1) != " ")
      break;
    argvalue = argvalue.substring(1, argvalue.length);
  }

  return argvalue;
}

function rtrim(argvalue) {

  while (1) {
    if (argvalue.substring(argvalue.length - 1, argvalue.length) != " ")
      break;
    argvalue = argvalue.substring(0, argvalue.length - 1);
  }

  return argvalue;
}

function trim(argvalue) {
  var tmpstr = ltrim(argvalue);

  return rtrim(tmpstr);

}

function fnDisplayImage()
{
	document.getElementById("image").style.display = "";
	document.getElementById("image").onclick =  function() {fnHideImage()};
	document.getElementById("link").onclick =  function() {fnHideImage()};
}

function fnHideImage()
{
	document.getElementById("image").style.display = "none";
	document.getElementById("image").onclick =  function() {fnDisplayImage()};
	document.getElementById("link").onclick  =  function() {fnDisplayImage()};
}

</script>

<style type="text/css">
<!--
body {
	margin-left: 5px;
	margin-top: 10px;
	margin-right: 5px;
	margin-bottom: 5px;
	background-color: #EBFAFF;
	font-family:Arial, Helvetica, sans-serif;
	font-size:12px;
}

-->
</style>
</head><body onload="MM_preloadImages('images/ordrbttn2.gif')">
<table><td><table align="center" width="972" cellspacing="0" cellpadding="0"><tr><td scope="row"><table  align="center" width="972" cellspacing="0" cellpadding="0">
  <tr>
    <td scope="row"><img src="images/innerpageLefthdr.gif" /></td>
    <td><img src="images/innerpageRghthdr.gif" /></td>
  </tr>
</table></td>
    </tr>
</table>
<table class="midcontent3" width="929" border="0" cellspacing="0" cellpadding="0">
  <tr><td>
    <table align="center" width="870" border="0" cellspacing="0" cellpadding="0">

      <tr>
        <td colspan="2" scope="row">&nbsp;</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td height="24" colspan="5"  class="graynav"scope="row" style="padding-left:5px;">

<table width="562" border="0" cellspacing="0" cellpadding="0">


      <tr align="left" valign="top">
        <th scope="row">&nbsp;</th>
        <td align="center" valign="middle">

<br /><br />
<form name="frmProductAdmin" action="productAdmin.php" method="post" enctype="multipart/form-data" onsubmit="return fnValidate();">
   
<div align="center">
<a href="login.php?logout=1">Logout</a> <!--| <a href="manage_admin.php">Manage Admin</a>-->
<table width="520" border="0" cellspacing="0" cellpadding="5"  style=" border:1px solid #666666;">
  <?php if($strError != "") { ?>
  <tr>
    <td colspan="2" align="left" style="border:0px;"><?php echo $strError; ?></td>
  </tr>
  <?php } ?>
	<tr>
		<th align="left" colspan="2" valign="top" bgcolor="#CCCCCC" scope="row"><strong>Product  Admin </strong></th>
	</tr>
  <tr>
    <td scope="col" colspan="2" align="left">Add / Edit Product </td>
  </tr>
  <tr>
    <td width="151" valign="top">Product</td>
    <td width="243" align="left" valign="top">
		<input type="text" name="txtProduct" id="txtProduct" value="<?php echo $_POST['txtProduct']; ?>" />
		<input type="hidden" name="hdnProductID" id="hdnProductID" value="<?php echo $_POST['hdnProductID']; ?>" />
		<input type="hidden" name="hdnFileName" id="hdnFileName" value="<?php echo $_POST['hdnFileName']; ?>" />	
	</td>
  </tr>
  <tr>
    <td width="151" valign="top">Description</td>
    <td width="243" align="left" valign="top"><textarea type="text" name="txtDescription" id="txtDescription" style=" border:1px solid #666666; width:200px; height:100px; font-family:Arial, Helvetica, sans-serif; font-size:12px;"> <?php echo trim($_POST['txtDescription']); ?></textarea></td>
  </tr>
  <tr>
    <td width="151" valign="top">Price</td>
    <td width="243" align="left" valign="top">
	<input type="text" name="txtPrice" id="txtPrice" value="<?php echo $_POST['txtPrice']; ?>"  style="width:40px;"/>
	</td>
  </tr>
  <tr>
    <td width="151" valign="top">Ordering</td>
    <td width="243" align="left" valign="top">
	<input type="text" name="txtOrder" id="txtOrder" value="<?php echo $_POST['txtOrder']; ?>"  style="width:40px;"/>
	<input type="hidden" name="hdnOrder" id="hdnOrder" value="<?php echo $_POST['hdnOrder']; ?>" />
	</td>
  </tr>
  <tr>
    <td valign="top">Photo</td>
    <td align="left" valign="top">
	 <input type="file" name="browseFile" id="browseFile" />&nbsp; 
	 <?php if($image != "") { ?>
	 <a name="link" id="link" onclick="javascript:fnDisplayImage();" style="color:#0000FF; cursor:pointer;"><?php echo $image;  ?></a>
	 <div id="image" style="display:none">
	 	<img src="files/<?php echo $image;  ?>" width="60" height="60" />
	 </div>
	 <?php } ?>
	 </td>
  </tr>
  <tr>
  	<td>&nbsp;</td>
    <td align="left"><input type="submit" name="btnSubmit" id="btnSubmit" value="Submit" style="width:100px;" />&nbsp;<input type="button" name="btnCancel" id="btnCancel" value="Cancel" onclick="javascript:window.location='productAdmin.php'" style="width:100px;" /></td>
  </tr>

</table>
<br />

<table width="520" border="0" cellspacing="0" cellpadding="5" style=" border:1px solid #666666;">
  <tr>
    <th scope="col" align="left" colspan="6">View Product </th>
  </tr>
  <tr>
    <th scope="col" style="text-align:left;">Product</th>
    <th scope="col" style="text-align:left;">Description</th>
    <th scope="col" style="text-align:left;">Ordering</th>
    <th scope="col" style="text-align:left;">Image</th>
    <th scope="col" style="text-align:left;">Edit</th>
    <th scope="col" style="text-align:left;">Delete</th>
  </tr>
<?php 
	if($rowCount > 0) {
	while($row = mysql_fetch_array($resProduct)) { 
?>  
  <tr>
    <td align="left" width="16%"><?php echo $row['product_name']; ?></td>
    <td align="left" width="34%"><?php echo "Price: $".$row['price']." <br />".$row['description']; ?></td>
    <td align="left" width="12%"><?php echo $row['order_position']; ?></td>
    <td align="left" width="18%"><img src="files/<?php echo $row['filename']; ?>" name="ProductImage" width="60" height="60" /></td>
    <td align="left" width="10%">
	<a href="productAdmin.php?edit=<?php echo $row['id']; ?>&fileName=files/<?php echo $row['filename']; ?>">Edit</a>
	</td>
    <td align="left" width="10%">
	<a href="productAdmin.php?delete=<?php echo $row['id']; ?>">Delete</a>
	</td>
  </tr>
<?php } } else { ?>
  <tr>
    <td colspan="6" align="left">No Product Updated</td>
  </tr>
<?php } if($numRowsDb > $pageRows) {  ?>
		  <tr>
			 <td align="left" colspan="6"><?php echo pager($numRowsDb, "pageNum",$pageRows,3,"", $strParamenter, "productAdmin.php"); ?></td> 
		  </tr>
		<?php } ?>
</table>
</div>

</form>

<br /><br />
	
		</td>
        <td>&nbsp;</td>
      </tr>
    </table>

		
		</td>
      </tr>

      <tr>
        <td colspan="5"  height="24" scope="row">&nbsp;</td>
      </tr>
      <tr>
        <td colspan="5"  height="24" scope="row">&nbsp;</td>
      </tr>
    </table></td>
  </tr>
</table>
<table align="right" width="949" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td colspan="2"><table border="0" cellspacing="0" cellpadding="0">
        <tr>
          <td bgcolor="#FFFFFF" height="10">&nbsp;</td>
        </tr>
        <tr>
          <td class="footer"width="929" height="29"><table align="center" width="900" border="0" cellspacing="0" cellpadding="0">
              <tr>
                <td scope="row"><a href="#">Terms & Conditions</a> | <a href="#">Privacy Policy</a></td>
                <td align="right">Copyright 2009 fooshenergytrial.com. All rights Reserved.</td>
              </tr>
            </table></td>
        </tr>
      </table></td>
  </tr>
  <tr>
    <td class="disclaimer"width="929"><div align="center">These statements have not been reviewed by the Food and Drug Administration. This product is not intended to diagnose, treat, cure, or prevent any disease. SmokeScreen Chewing 
        Gum is not affiliated in any way with WebMD, Google, and The Washington Times. WebMD, Google, and The Washington Times are registered trademarks of their respective owners.</div></td>
    <td width="18">&nbsp;</td>
  </tr>
</table>

</body></html>
                                  I'm guessing that the proper way of doing this is to not duplicate that wp_01 db; based on my limited knowledge of what I'm doing, it was just the direction I took. I'm kinda reverse engineering the site, based on what they've done and the limited guidance I've received from a number of sources. Searching for keywords and links, and changing them accordingly type thing. I'm starting to think that this will create quite a mess in the long run.

                                  What confuses me the most is that page 2 and page 3 in the checkout process have the same name 'orderpage.php' .

                                  This is the process.

                                  Landing page (index.php) >> fill in your address for us to send the free samples to.

                                  Page 2 (orderpage.php) >> fill in your credit card details

                                  Page 3 (also 'orderpage.php' ) >> select any upsells that are of interest to you


                                  It's page 3 that we control with the template that was built for changing pricing/pics/descriptions for the upsell options.


                                  I've still managed to break something though. Page 2 in the /test2 folder isn't working properly. When you fill in your CC details and submit, it redirects you to /test/orderpage.php and you have to enter the CC info again. Then it takes you to page 3 in /test. Working properly, it would have just taken you to page 3 in /test2/orderpage.php

                                  I'm getting closer though.

                                  And learning lots along the way :)

                                  Thanks guys. And thanks Dorm; keep letting me know as I screw up formatting on my posts. I think I got the code tags this time :P.

                                  Andrew

                                    Comment

                                    • TheServant
                                      Recognized Expert Top Contributor
                                      • Feb 2008
                                      • 1168
                                      #10
                                      Glad you're getting there. Even though what you do now may be the long way around, when you make version 2.0, you can map it out and improve. I look at some code I made when I started (beginning of last year) and it was very much the long way around. No doubt by the end of next year I will be yet more efficient.

                                      I had a quick look through the code but nothing jumped out (I was just scanning as there's a lot of code). Check you're URL's, and in all your files and amke sure there aren't any /test/'s that need to be /test2/'s. I suspect that one of the forms that you copied for test2 is still submitting to test.

                                      Post back if you have any more issues, and when you have a more precise bit of code that is broken.

                                        Comment

                                        Previous template Next
                                        Working...