asked on

Creating multiple forms in dreamweaver to go to MySQL.

How I do create a form, in Dreamweaver MX, on one page, then continues to another page for part 2 of the form, and part 3 etc.. but the data all shows up as one entry on the MySQL table? I can create one form that works great but when I try to create another page and associate it with the previous form, I cannot do it. I've tried to filter the record set with session, form, and cookie variables but I'm not sure if that is even related to what I am trying to do

ASKER CERTIFIED SOLUTION

rbudj

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

Rurne

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

cfwd

ASKER

I have not been able to get it to work. I am just trying to start by making the username that they log in with be the constant on every page so that it is seen on every page. By that username I would like them to be able to stay in the same session going from form to form but I can't figure it out. Below is the code for my login page then the next page it goes to. I would like it to also show the username on the next page but I don't know how; it will only show the first username listed in the column instead of the one they logged in with which makes me think that the sessions are not working.

The Login page:
<?php require_once('Connections/harveys_connection.php'); ?>
<?php
mysql_select_db($database_harveys_connection, $harveys_connection);
$query_rs_medical_professionals = "SELECT * FROM harvey_registration";
$rs_medical_professionals = mysql_query($query_rs_medical_professionals, $harveys_connection) or die(mysql_error());
$row_rs_medical_professionals = mysql_fetch_assoc($rs_medical_professionals);
$totalRows_rs_medical_professionals = mysql_num_rows($rs_medical_professionals);
?>
<?php
// *** Validate request to login to this site.
session_start();
 
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
  $GLOBALS['PrevUrl'] = $accesscheck;
  session_register('PrevUrl');
}
 
if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "home_med.php";
  $MM_redirectLoginFailed = "loginmed_fail.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_harveys_connection, $harveys_connection);
  
  $LoginRS__query=sprintf("SELECT username, password FROM harvey_registration WHERE username='%s' AND password='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
   
  $LoginRS = mysql_query($LoginRS__query, $harveys_connection) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $GLOBALS['MM_Username'] = $loginUsername;
    $GLOBALS['MM_UserGroup'] = $loginStrGroup;	      
 
    //register the session variables
    session_register("MM_Username");
    session_register("MM_UserGroup");
 
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
 
The next page:
<?php require_once('Connections/harveys_connection.php'); ?>
<?php
//initialize the session
session_start();
 
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
 
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  session_unregister('MM_Username');
  session_unregister('MM_UserGroup');
	
  $logoutGoTo = "loginmed.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
session_start();
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";
 
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 
 
  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}
 
$MM_restrictGoTo = "unauthorized.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php
mysql_select_db($database_harveys_connection, $harveys_connection);
$query_rs_pmdo = "SELECT * FROM harvey_patients";
$rs_pmdo = mysql_query($query_rs_pmdo, $harveys_connection) or die(mysql_error());
$row_rs_pmdo = mysql_fetch_assoc($rs_pmdo);
$totalRows_rs_pmdo = mysql_num_rows($rs_pmdo);
 
mysql_select_db($database_harveys_connection, $harveys_connection);
$query_rs_medical_professionals = "SELECT * FROM harvey_registration";
$rs_medical_professionals = mysql_query($query_rs_medical_professionals, $harveys_connection) or die(mysql_error());
$row_rs_medical_professionals = mysql_fetch_assoc($rs_medical_professionals);
$totalRows_rs_medical_professionals = mysql_num_rows($rs_medical_professionals);
 
// FELIXONE - 2002   SB by Felice Di Stefano - www.felixone.it
session_start();
if (isset($HTTP_POST_VARS['username'])) {$username = $HTTP_POST_VARS['username'];
session_register("username");
}
 
$MM_paramName = ""; 
 
// *** Go To Record and Move To Record: create strings for maintaining URL and Form parameters
// create the list of parameters which should not be maintained
$MM_removeList = "&index=";
if ($MM_paramName != "") $MM_removeList .= "&".strtolower($MM_paramName)."=";
$MM_keepURL="";
$MM_keepForm="";
$MM_keepBoth="";
$MM_keepNone="";
// add the URL parameters to the MM_keepURL string
reset ($HTTP_GET_VARS);
while (list ($key, $val) = each ($HTTP_GET_VARS)) {
	$nextItem = "&".strtolower($key)."=";
	if (!stristr($MM_removeList, $nextItem)) {
		$MM_keepURL .= "&".$key."=".urlencode($val);
	}
}
// add the Form parameters to the MM_keepURL string
if(isset($HTTP_POST_VARS)){
	reset ($HTTP_POST_VARS);
	while (list ($key, $val) = each ($HTTP_POST_VARS)) {
		$nextItem = "&".strtolower($key)."=";
		if (!stristr($MM_removeList, $nextItem)) {
			$MM_keepForm .= "&".$key."=".urlencode($val);
		}
	}
}
// create the Form + URL string and remove the intial '&' from each of the strings
$MM_keepBoth = $MM_keepURL."&".$MM_keepForm;
if (strlen($MM_keepBoth) > 0) $MM_keepBoth = substr($MM_keepBoth, 1);
if (strlen($MM_keepURL) > 0)  $MM_keepURL = substr($MM_keepURL, 1);
if (strlen($MM_keepForm) > 0) $MM_keepForm = substr($MM_keepForm, 1);
?>

Open in new window

Rurne

Be careful. The documentation specifically states not to use session_register() (line 17) and the $_SESSION (line 45) superglobal in unison. Also, you are assigning $accesscheck, $loginUsername, and $loginStrGroup to the $GLOBALS array, but not the $_SESSION array. These will be lost.

It also looks like you're using register_globals; I'd recommend against this. Where are you getting the value for $accesscheck?

Here's how I'd revise the code with the given information. I'm still a bit leary as to where some of these uninitialized variables are coming from, but that's a separate issue.

I'm also seeing a bunch of seemingly unecessary "?><?php" segments all over your code. Are these all new pages, or simply chunks of logic within the same file? How many files are we supposed to be working with?

<?php 
 
require_once 'Connections/harveys_connection.php';
 
mysql_select_db($database_harveys_connection, $harveys_connection);
$query_rs_medical_professionals = 'SELECT * FROM harvey_registration';
$rs_medical_professionals = mysql_query($query_rs_medical_professionals, $harveys_connection) or die(mysql_error());
$row_rs_medical_professionals = mysql_fetch_assoc($rs_medical_professionals);
$totalRows_rs_medical_professionals = mysql_num_rows($rs_medical_professionals);
 
// *** Validate request to login to this site.
session_start();
 
$loginFormAction = $_SERVER['PHP_SELF'];
if (!empty($accesscheck)) {
  $_SESSION['PrevUrl'] = $accesscheck;
}
 
if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = '';
  $MM_redirectLoginSuccess = 'home_med.php';
  $MM_redirectLoginFailed = 'loginmed_fail.php';
  $MM_redirecttoReferrer = false;
  
  $LoginRS__query=sprintf('SELECT username, password FROM harvey_registration WHERE username="%s" AND password="%s"',
    mysql_real_escape_string(get_magic_quotes_gpc() ? stripslashes($loginUsername) : $loginUsername), 
    mysql_real_escape_string(get_magic_quotes_gpc() ? stripslashes($password) : $password)); 
   
  $LoginRS = mysql_query($LoginRS__query, $harveys_connection) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;        
 
 
    if (!empty($_SESSION['PrevUrl'])) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];  
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
 
The next page:
<?php require_once 'Connections/harveys_connection.php';
//initialize the session
session_start();
 
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if (!empty($_SERVER['QUERY_STRING'])) {
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
 
if ($_GET['doLogout']=="true") {
  //to fully log out a visitor we need to clear the session varialbles
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
        
  $logoutGoTo = 'loginmed.php';
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
 
$MM_authorizedUsers = '';
$MM_donotCheckaccess = 'true";
 
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 
 
  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}
 
$MM_restrictGoTo = "unauthorized.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php
mysql_select_db($database_harveys_connection, $harveys_connection);
$query_rs_pmdo = "SELECT * FROM harvey_patients";
$rs_pmdo = mysql_query($query_rs_pmdo, $harveys_connection) or die(mysql_error());
$row_rs_pmdo = mysql_fetch_assoc($rs_pmdo);
$totalRows_rs_pmdo = mysql_num_rows($rs_pmdo);
 
mysql_select_db($database_harveys_connection, $harveys_connection);
$query_rs_medical_professionals = "SELECT * FROM harvey_registration";
$rs_medical_professionals = mysql_query($query_rs_medical_professionals, $harveys_connection) or die(mysql_error());
$row_rs_medical_professionals = mysql_fetch_assoc($rs_medical_professionals);
$totalRows_rs_medical_professionals = mysql_num_rows($rs_medical_professionals);
 
// FELIXONE - 2002   SB by Felice Di Stefano - www.felixone.it
session_start();
if (isset($HTTP_POST_VARS['username'])) {$username = $HTTP_POST_VARS['username'];
session_register("username");
}
 
$MM_paramName = ""; 
 
// *** Go To Record and Move To Record: create strings for maintaining URL and Form parameters
// create the list of parameters which should not be maintained
$MM_removeList = "&index=";
if ($MM_paramName != "") $MM_removeList .= "&".strtolower($MM_paramName)."=";
$MM_keepURL="";
$MM_keepForm="";
$MM_keepBoth="";
$MM_keepNone="";
// add the URL parameters to the MM_keepURL string
reset ($HTTP_GET_VARS);
while (list ($key, $val) = each ($HTTP_GET_VARS)) {
        $nextItem = "&".strtolower($key)."=";
        if (!stristr($MM_removeList, $nextItem)) {
                $MM_keepURL .= "&".$key."=".urlencode($val);
        }
}
// add the Form parameters to the MM_keepURL string
if(isset($HTTP_POST_VARS)){
        reset ($HTTP_POST_VARS);
        while (list ($key, $val) = each ($HTTP_POST_VARS)) {
                $nextItem = "&".strtolower($key)."=";
                if (!stristr($MM_removeList, $nextItem)) {
                        $MM_keepForm .= "&".$key."=".urlencode($val);
                }
        }
}
// create the Form + URL string and remove the intial '&' from each of the strings
$MM_keepBoth = $MM_keepURL."&".$MM_keepForm;
if (strlen($MM_keepBoth) > 0) $MM_keepBoth = substr($MM_keepBoth, 1);
if (strlen($MM_keepURL) > 0)  $MM_keepURL = substr($MM_keepURL, 1);
if (strlen($MM_keepForm) > 0) $MM_keepForm = substr($MM_keepForm, 1);
?>

Open in new window

cfwd

ASKER

Dreamweaver wrote all that stuff with the $accesscheck. I don't know anything about code. I tried your code but it must have some typos because it did not work. I have extensions that do different functions which is why you see so many "?><?php" . These extensions write the code for me but they create a new php section each time. Would you be willing to look at what you gave me again and see there are any typos? Thanks

cfwd

ASKER

Nevermind I got it working...thanks