innercproductions
asked on
PHP Code problems... please check for errors - or post better code
I'm having trouble with the following code working correctly.
It keeps showing the information in the "logged in" area without having to be logged in.
I don't have anyone else to check it for errors.
Can anyone help?
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -------
<?
session_start(); // start session.
//Includes the header which also includes the variables file
require('inc_header.php');
// custom error function
function custom_die($errormsg) {
print $errormsg;
require("inc_footer.php");
exit();
} // end of custom_die function
// checks to see if the managers account number and password are set
if(!isset($manageracctnum) | !isset($manageracctpass)) {
// the below area is displayed when logged in......
?>
logged in.....
<br />
This is display when the user has logged in.
<?
include('inc_footer.php');
// the above area is displayed when logged in...
exit();
}
// register account number and password as session variables
session_register("managera cctnum");
session_register("managera cctpass");
$db = mysql_connect($database_ho st, $database_username, $database_password) or die ($database_couldnotconnect );
mysql_select_db($database_ name,$db);
$query = "SELECT managerpassword FROM $companytable_name WHERE companynumber = '$manageracctnum'";
$result = mysql_query($query) or custom_die($database_error inquery);
$fetch_em = mysql_fetch_array($query);
$numrows = mysql_num_rows($query);
if($numrows != "0" & $managerpassword == $fetch_em["manageracctpass "]) {
$valid_user = 1;
}
else {
$valid_user = 0;
}
if (!($valid_user)) {
session_unset(); // Unset session variables.
session_destroy(); // End Session we created earlier.
// escape from php mode.
?>
<div class="error">
Incorrect login information, please try again.
<br>
You must login to access the Manager Administration Area.
</div>
<form action="<?=$_SERVER['PHP_S ELF']?><?i f($_SERVER ['QUERY_ST RING']>' '){echo '?'.$_SERVER['QUERY_STRING '];}?>" method="POST">
<table cellpadding="5" cellspacing="5"><tr>
<td valign="top">
Manager Account Number ( 6 characters ):
<br>
<input type="text" name="manageracctnum" size="30" tabindex="1" maxlength="5">
</td><td valign="top">
Password:
<br>
<input type="password" name="manageracctpass" size="30" tabindex="2" maxlength="20">
</td><td valign="bottom">
<input type="submit" value="Login" tabindex="3">
</td>
</tr>
<tr>
<td align="left" valign="top" colspan="3">
</td>
</tr>
</table>
</form>
<?
include ("inc_footer.php");
?>
<?
exit();
}
?>
It keeps showing the information in the "logged in" area without having to be logged in.
I don't have anyone else to check it for errors.
Can anyone help?
--------------------------
<?
session_start(); // start session.
//Includes the header which also includes the variables file
require('inc_header.php');
// custom error function
function custom_die($errormsg) {
print $errormsg;
require("inc_footer.php");
exit();
} // end of custom_die function
// checks to see if the managers account number and password are set
if(!isset($manageracctnum)
// the below area is displayed when logged in......
?>
logged in.....
<br />
This is display when the user has logged in.
<?
include('inc_footer.php');
// the above area is displayed when logged in...
exit();
}
// register account number and password as session variables
session_register("managera
session_register("managera
$db = mysql_connect($database_ho
mysql_select_db($database_
$query = "SELECT managerpassword FROM $companytable_name WHERE companynumber = '$manageracctnum'";
$result = mysql_query($query) or custom_die($database_error
$fetch_em = mysql_fetch_array($query);
$numrows = mysql_num_rows($query);
if($numrows != "0" & $managerpassword == $fetch_em["manageracctpass
$valid_user = 1;
}
else {
$valid_user = 0;
}
if (!($valid_user)) {
session_unset(); // Unset session variables.
session_destroy(); // End Session we created earlier.
// escape from php mode.
?>
<div class="error">
Incorrect login information, please try again.
<br>
You must login to access the Manager Administration Area.
</div>
<form action="<?=$_SERVER['PHP_S
<table cellpadding="5" cellspacing="5"><tr>
<td valign="top">
Manager Account Number ( 6 characters ):
<br>
<input type="text" name="manageracctnum" size="30" tabindex="1" maxlength="5">
</td><td valign="top">
Password:
<br>
<input type="password" name="manageracctpass" size="30" tabindex="2" maxlength="20">
</td><td valign="bottom">
<input type="submit" value="Login" tabindex="3">
</td>
</tr>
<tr>
<td align="left" valign="top" colspan="3">
</td>
</tr>
</table>
</form>
<?
include ("inc_footer.php");
?>
<?
exit();
}
?>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.