6 Replies - 718 Views - Last Post: 20 July 2016 - 11:14 AM Rate Topic: -----

#1 tonyal   User is offline

  • D.I.C Head

Reputation: 2
  • View blog
  • Posts: 85
  • Joined: 23-September 14

Admin page and admin log in page issues.

Posted 20 July 2016 - 09:15 AM

Hello, I'm creating an e-commerce site for a project and I'm having some issues with the guide I'm using and some of the code being depreciated. I'm at a point where my customer pages and database is working, but for some reason the admin page and log in page won't work (I get a message saying that page can't be displayed and to make sure address is correct). I'm sure the address is correct, because other things I have saved in the storeAdmin folder will display when I type in their address. I'm not sure if it's a problem with the code being wrong, or a depreciation issue, and was hoping someone could look at my two pages and point me in the right direction or tell me where I went wrong. I'm creating this so admins can log-in and add items - I know I could do that on the server, but I would like for the client to be able to add it like this if they want. Thank you in advanced!

Admin page
<?php
session_start();
if(!isset($_SESSION["manager"])) {
	header("location: admin_login.php");
	exit();	
}
// Be sure to check that this manager session value is in fact in the database
$managerID = preg_replace('#[^0-9]#i',$_SESSION["id"]); // filter everything but numbers and letters
$manager = preg_replace('#[^A-Za-z0-9]#i',$_SESSION["manager"]);
$passwords = preg_replace('#[^A-Za-z0-9]#i',$_SESSION["password"]);
// Run mysql query to be sure that this person is an admin and that their password session var equals the database info
// Connect to the mysql database
include "../storescripts/connect_to_mysql.php";
$sql = mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='password' LIMIT 1"); //query the person
//-----Make sure person exists in database----
$existCount = mysql_num_rows($sql); //count the rows and nums
if ($existCount==0) {//evaluate the count
	echo "Your login session data is not on record in the database.";
	exit();
}
?>

<!DOCTYPE html PUBLIC "-//w3c//DTD XHTML 1.0 Frameset // EN" "http://w3c.org/TR/xhtml/DTD/xhtml1 - frameset.dtd">
<html xmlns = "http://www.w3.org/1999/hxtml" xml: lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>G33k Out Admin Area</title>
<link ref="stylesheet" href="../styles/style.css" type="text/css" media="screen" />
</head>
	
<body>
<div align="center" id="mainWrapper">
	<?php include_once("../template_header.php");?>
    <div id="pageContent">
      <div align="left" style="margin-left: 24px;">
        <h2>Hello store manager, what would you like to do today? </h2>
        <p><a href="inventory_list.php">Manage Inventory</a></p>
        <p><a href="#">Manage Blah Blah</a></p>
      </div>
    </div>
  	<?php include_once("../template_footer.php");?>
</div>
</body>
</html>



And the admin log-in page.
<?php
session_start();
if(!isset($_SESSION["manager"])) {
	header("location: index.php");
	exit();	
}
?>

<?php
// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])) {
	
	$manager = preg_replace('#[^A-Za-z0-9]#i',$_POST[	"username"]); //filters out non numbers and letters
	$password = preg_replace('#[^A-Za-z0-9]#i',$_POST["password"]);
	// Connect to the mysql database
	include "../storescripts/connect_to_mysql.php";
	$sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='password' LIMIT 1"); //query the person
	// ---Make sure person exists in database----
	$existCount = mysql_num_rows($sql); //count the row nums
	if ($existCount == 1) { //evaluate the count
		while($row = mysql_fetch_array($sql)){
			$id = $row["id"];
		}
		$_SESSION["id"] = $id;
		$_SESSION["manager"] = $manager;
		$_SESSION["password"]= $password;
		header("location: index.php");
		exit();
	} else {
	echo 'That information is incorrect, try again.<a href="index.php>Click Here</a>';
	exit();
	}
}
?>

<!DOCTYPE html PUBLIC "-//w3c//DTD XHTML 1.0 Frameset // EN" "http://w3c.org/TR/xhtml/DTD/xhtml1 - frameset.dtd">
<html xmlns = "http://www.w3.org/1999/hxtml" xml: lang="en" lang="en">
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
		<title>Admin Login</title>
        <link rel="stylesheet" href="../styles/style.css" type="text/css" media="screen" />
	</head>
	
	<body>
    <div align="center" id="mainWrapper">
	<?php include_once("../template_header.php");?>
    <div id="pageContent">
      <div align="left" style="margin-left: 24px;">
        <h2>Please Log In To Manage the Store</h2>
        <form id="form1" name="form1" method="post" action="admin_login.php">
        User Name<br />
        <input name="username" type="text" id="username" size="40" />
        <br /><br />
        Password<br />
        <input name="password" type="password" id="password" size="40" />
        <br /><br /><br />
        <input type="submit" name="button" id="button" value="Log In" />
        </form>
        <p>&nbsp;</p>
      </div>
    </div>
  	<?php include_once("../template_footer.php");?>
</div>
	</body>
</html>



Is This A Good Question/Topic? 0
  • +

Replies To: Admin page and admin log in page issues.

#2 astonecipher   User is offline

  • Enterprise Software Architect
  • member icon

Reputation: 3150
  • View blog
  • Posts: 11,954
  • Joined: 03-December 12

Re: Admin page and admin log in page issues.

Posted 20 July 2016 - 10:21 AM

First and foremost,
$_SESSION["password"]);

Never do this. The password should never be stored in a session, ever.

Another, I don't understand why you are filtering everything. Passwords should not have that kind of limitation regardless.

And then there was,

Quote

Warning: preg_replace() expects at least 3 parameters, 2 given


Lastly, are you getting a 500 code error or just 'page cannot be found'?
Was This Post Helpful? 0
  • +
  • -

#3 tonyal   User is offline

  • D.I.C Head

Reputation: 2
  • View blog
  • Posts: 85
  • Joined: 23-September 14

Re: Admin page and admin log in page issues.

Posted 20 July 2016 - 10:36 AM

I'm getting a page cannot be found error.
I'm following a youtube tutorial, so I'm just basically typing what they type and changing stuff that no longer works. I might just try to find another one, but I haven't really found any resources that show start-to-finish making a complete e-commerce site with admin controls. Thank you for pointing out that the password shouldn't be limited and stored!

This post has been edited by astonecipher: 20 July 2016 - 10:43 AM
Reason for edit:: No need to quote the post above yours, there is a big reply button further down.

Was This Post Helpful? 0
  • +
  • -

#4 astonecipher   User is offline

  • Enterprise Software Architect
  • member icon

Reputation: 3150
  • View blog
  • Posts: 11,954
  • Joined: 03-December 12

Re: Admin page and admin log in page issues.

Posted 20 July 2016 - 10:46 AM

PHP and MySQL Web Development (4th Edition) This book is pretty cheap used, and the new version is being ready to be released.
Was This Post Helpful? 1
  • +
  • -

#5 tonyal   User is offline

  • D.I.C Head

Reputation: 2
  • View blog
  • Posts: 85
  • Joined: 23-September 14

Re: Admin page and admin log in page issues.

Posted 20 July 2016 - 11:04 AM

Thank you, I will definitely get that. One more question, if you don't mind, I just noticed that the instructor wants us to use .csv files to create the database, is that feasible with an e-commerce site? I obtained permission to make one - since it wasn't an available option for type of project (I thought it would be good for my portfolio). It seems like using the phpMyAdmin to create the tables would be easier.

Thank you again!

This post has been edited by astonecipher: 20 July 2016 - 11:08 AM
Reason for edit:: removed previous quote

Was This Post Helpful? 0
  • +
  • -

#6 astonecipher   User is offline

  • Enterprise Software Architect
  • member icon

Reputation: 3150
  • View blog
  • Posts: 11,954
  • Joined: 03-December 12

Re: Admin page and admin log in page issues.

Posted 20 July 2016 - 11:09 AM

There is a quick reply further down, there is no need to quote the reply above yours.


You can use a csv to load a database. It is easier in fact, you just import the values in. More complicated versions may require a quick script to parse the values to their respective columns.
Was This Post Helpful? 1
  • +
  • -

#7 tonyal   User is offline

  • D.I.C Head

Reputation: 2
  • View blog
  • Posts: 85
  • Joined: 23-September 14

Re: Admin page and admin log in page issues.

Posted 20 July 2016 - 11:14 AM

Ah, ok. Thanks for being so helpful! :)
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1