Hi everyone, Im a PHP/MySQL beginner and I really need some help for the following code (I apologize for the length of it, please bear with me!).
I have 3 tables of data in my MSQL database with about 150 users in total.
user: Which has the user name, email, password etc
thismonth_results: has 25 fields of numerical data, all are populated.
previousmonth_results: this is a duplicate table of 'thismonth_results' with different figures, all fields are populated.
(Only the ‘user_id’ field(primary key) links all of these tables. I will replace thismonth and previousmonth with the actual name of the months when the time comes (this program will only run for one year) but for the sake of this exercise I’ll stick to thismonth/previousmonth.)
What I have setup below is a login code which verifies the user, then if successful, redirects to them to report.php and displays the figures (ie vec_actual, vec_achieved etc) from the ‘thismonth_results’ table of the database. This is working fine.
What I am trying to do, however, is set up another link within the user’s session which shows figures from the ‘previousmonth_results’ table instead.
I tried creating a page like this by duplicating and renaming the report.php to report-previous.php and inserting a new query based on the login one, with the 'previousmonth_results' replacing the 'thismonth_results' tables in the code but with no luck.
Any suggestions or changes of approach would be most welcome :)
Thanks in advance
Login code below:
<?php # login.php
require_once ('./includes/config.inc.php');
ob_start();
session_start();
if (!isset($page_title)) {
$page_title = 'User Login';
}
if (isset($_POST['submitted'])) { // Check if the form has been submitted.
require_once ('/mydatabase/mysql_connect.php');
if (!empty($_POST['email'])) {
$e = escape_data($_POST ['email']);
} else {
echo '<p><font color="#be0f34"size="+1"> You forgot to enter your email address!
</font></p>';
$e = FALSE;
}
if (!empty($_POST['pass'])) {
$p = escape_data($_POST ['pass']);
} else {
$p = FALSE;
echo '<p><font color="#be0f34"size="+1"> You forgot to enter your password!
</font></p>';
}
if ($e && $p) { // If everything's OK.
$query = "SELECT user.user_id, user.dealer_code, user.dealer_name, user.dp_firstname, user.dp_surname, thismonth_results.vec_actual, thismonth_results.vec_target, thismonth_results.vec_achieved, thismonth_results.vec_variance, thismonth_results.payout
FROM user, thismonth_results WHERE (user.email='$e' AND user.pass=SHA('$p'))
AND user.user_id = thismonth_results.user_id";
$result = mysql_query ($query) or trigger_error("Query: $query\n <br />MySQL Error: " . mysql_error());
if (@mysql_num_rows($result) == 1) { // A match was made.
// Register the values & redirect.
$row = mysql_fetch_array ($result,MYSQL_NUM);
mysql_free_result($result);
mysql_close();
$_SESSION['payout'] = $row[31];
$_SESSION['vec_variance'] = $row[10];
$_SESSION['vec_achieved'] = $row[9];
$_SESSION['vec_target'] = $row[8];
$_SESSION['vec_actual'] = $row[7];
$_SESSION['dp_surname'] = $row[4];
$_SESSION['dp_firstname'] = $row[3];
$_SESSION['dealer_name'] = $row[2];
$_SESSION['dealer_code'] = $row[1];
$_SESSION['user_id'] = $row[0];
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
if ((substr($url, -1) == '/') OR(substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // Chop off the slash.
}
$url .= '/report.php';
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
} else { // No match was made.
echo '<p><font color="#be0f34"size="+1">The password and usernam details are incorrect</font></p>';
}
} else {
echo '<p><font color="#be0f34"size="+1">Please try again.</font></p>';
}
mysql_close();
}
?>
<p>To see your results and payout figures, please log in below:</p>
<form action="login.php"method="post">
<fieldset>
<p><label for="email">Email Address:</label><input type="text" name="email" size="25" maxlength="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /></p>
<p><label for="pass">Password:</label> <input type="password" name="pass" size="25" maxlength="20" /></p>
<p><div align="center"><input type="submit" name="submit" value="Login" /></div>
<input type="hidden" name="submitted" value="TRUE" /></p><br />
</fieldset>
</form>
<?php // Flush the buffered output.
ob_end_flush();?>
Below is the report page code.
<?php # report.php
require_once ('./includes/config.inc.php');
ob_start();
session_start();
if (!isset($page_title)) {
$page_title = 'Report';
}
if (!isset($_SESSION['dealer_code'])) {
$url = 'http://' . $_SERVER['HTTP_HOST']
. dirname($_SERVER['PHP_SELF']);
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // Chop off the slash.
}
$url .= '/login.php';
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
}
?>
<h1>Dealer Report</h1>
<?php // Welcome the user (by name if they are logged in).
echo '<span class="tablehead">Dealer:';
if (isset($_SESSION['dealer_code'])) {
echo " {$_SESSION['dealer_name']} ";
}
echo '</span>';
?>
<br /><br />
<?php echo " {$_SESSION['dp_firstname']} " . " {$_SESSION['dp_surname']}<br> ";?>
<?php echo " {$_SESSION['bdm_firstname']} " . " {$_SESSION['bdm_surname']}<br> ";?>
<?php
$myPayout = $_SESSION['payout'];
echo number_format( $myPayout );
?>
<h1>June Figures</h1>
<?php echo " {$_SESSION['vec_target']} <br> "; ?>
<?php echo " {$_SESSION['vec_actual']} <br> "; ?>
<?php echo " {$_SESSION['vec_achieved']} <br> "; ?>
<?php echo " {$_SESSION['vec_variance']} <br> "; ?>
<?php // Flush the buffered output.
ob_end_flush();?>