I would like to have all variables accessible of the file *handler_login.php* which I include
in the file *handler_question.php*. The *handler_question.php* processes the data from the following form.
My form_question.php
<form method="post" action="handler-question.php">
<p>Title:
<input name="question_title" type="text" cols="92" />
</p>
<p>Question:
<div id="wmd-container" class="resizable-textarea">
<textarea id="input" class="textarea" tabindex="101" rows="15" cols="92" name="question_body" /></textarea>
</div>
</p>
<p>Tags:
<input name="tags" type="text" cols="92" />
</p>
<input type="submit" value="OK" />
</form>
The following file is what the last file includes
My handler_login.php
<?php
// independent variables
$dbHost = "localhost";
$dbPort = 5432;
$dbName = "masi";
$dbUser = "masi";
$dbPassword = "123456";
$conn = "host=$dbHost port=$dbPort dbname=$dbName user=$dbUser password=$dbPassword";
// you can store the username and password to $_SESSION variable
$dbconn = pg_connect($conn);
if(!$dbconn) {
exit;
}
$sql = "SELECT username, passhash_md5, email
FROM users
WHERE username = '{$_POST['username']}'
AND email = '{$_POST['email']}'
AND passhash_md5 = '{$_POST['password']}';";
$result = pg_query($dbconn, $sql);
if(!$result) {
exit;
}
$username = $_POST['username'];
$passhash_md5 = md5($_POST['password']);
// COOKIE setting /*{{{*/
/* $cookie may look like this:
variables
$username = "username"
$passhash_md5 = "password-in-md5"
before md5:
"usernamepasshash_md5"
after md5:
"a08d367f31feb0eb6fb51123b4cd3cb7"
*/
$login_cookie = md5(
$username .
$passhash_md5
);
$sql3 = "SELECT passhash_md5
FROM users
WHERE username=$_POST['username'];";
$password_data_original = pg_query($dbconn, $sql3);
while ($row = pg_fetch_row($data)) {
$password_original = $row[0];
}
$login_cookie_original = md5(
$username .
$password_original
);
// Check for the Cookie
if (isset($_COOKIE['login']) )
{
// Check if the Login Form is the same as the cookie
if ( $login_cookie_original == $login_cookie )
{
header("Location: index.php");
die("logged in");
}
header("Location: index.php");
die("wrong username/password");
}
// If no cookie, try logging them in
else
{
//Get the Data
// we do not want SQL injection so we use pg_escape_string
$sql2 = sprintf("SELECT * from users
WHERE passhash_md5='%s',
pg_escape_string($login_cookie));
$raw_user_list = pg_query($dbconn, $sql2);
if ($user = pg_fetch_row($row_user_list)) {
setcookie ("login", $login_cookie);
header("Location: index.php");
die("logged in");
} else {
header("Location: index.php");
die("wrong username/password");
}
}
pg_close($dbconn);
?>
and finally my handler_question.php where the problem occurs
<?php
include 'handler-login.php'; // This is the problem
$question_body = '{$_POST['question_body']}' // I get an error right from the beginning
$question_title = '{$_POST['question_title']}'
$sql_questions_question_id = "SELECT question_id FROM users
WHERE username = $username;"
// $username comes from handler_login.php
$questions_question_id = pg_query($dbconn, $sql_questions_question_id);
// to get tags to an array
$tags = '{$_POST['question_tags']}';
$tags_trimmed = trim($tags);
$tags_array = explode(",", $tags_trimmed);
// to save the cells in the array to db
$sql_tags_insert = "INSERT INTO tags (tag, questions_question_id)
VALUES (for ($i = 0; $i < count($tags_array); $i++)"
$sql = "SELECT username, passhash_md5, email
FROM users
WHERE username = '{$_POST['username']}'
AND email = '{$_POST['email']}'
AND passhash_md5 = '{$_POST['password']}';";
$result = pg_query($dbconn, $sql);
if(!$result) {
exit;
}
$username = $_POST['username'];
$passhash_md5 = md5($_POST['password']);
pg_close($dbconn);
?>
*How can you have all variables of handler_login.php to be accessible by handler_question.php?*