我刚开始使用php,所以我还是新手,我确实有一个问题。为什么我的adminSearchPage.php无法从loginProcess.php获取会话值,即使会话的所有必要代码都在那里,我试图将连接更改为loginProcess.php页面仍然无法正常工作,如果有人可以帮助我解决这个问题,我真的很感激,对不起我的语法不好。
adminSearchPage.php
<?php
// session begin
session_start();
//connect to database
include "database_conn.php";
//check whether user logged in
if(isset($_SESSION['loggedin'])&& $_SESSION['userName'] == $_SESSION['userName'])
{
}
else
{
echo "please login first!";
die($_SESSION['userName']);
header("refresh:5;url=loginPage.html");
exit();
}
?>
<html>
<head>
<title></title>
<meta charset="utf-8"/>
<link id="pagestyle" href="adminSearchPage.css" rel="stylesheet" type="text/css">
<head>
<body id="background">
<div class="wrapper1">
<nav>
<ul>
<li><a href="homePage.html" accesskey="h">Home</a></li>
<li><a class="active" href="adminEventlist.php" accesskey="v">Events</a></li>
<li><a href="adminSearchPage.php" accesskey="s">Search</a></li>
<li><a href="#" accesskey="b">About us</a></li>
<li><a href="adminLogoutPage.php" accesskey="l">Log out</a></li>
</ul>
</nav>
</div>
<div id="wrapper2">
<table>
<?php
$output1 = '';
$output2 = '';
$error = '';
//search by title
if(isset($_POST['title']))
{
//get value from form
$srTitle = $_POST['title'];
//sql statement
$sqlSrTitle = "SELECT *
FROM te_events,te_category,te_venue
WHERE te_events.catID = te_category.catID AND te_events.venueID = te_venue.venueID AND te_events.eventTitle LIKE '%$srTitle%'";
// query sql statement
$srTitleQuery = mysqli_query($conn,$sqlSrTitle) or DIE (mysqli_error($conn));
$count = mysqli_num_rows($srTitleQuery);
if($count == 0)//for search record unexist in database
{
$error = "there was no search results!";
}
else
{
while($row = mysqli_fetch_array($srTitleQuery))
{
$eID = $row['eventID'];
$eTitle = $row['eventTitle'];
$eCat = $row['catDesc'];
$eVenue = $row['venueName'];
$eLocation = $row['location'];
$ePrice = $row['eventPrice'];
$output2 .= "
<tr>
<th><p>Event ID</p></th>\n
<th><p>Event Title</p></th>\n
<th><p>Event Category</p></th>\n
<th><p>Event Venue</p></th>\n
<th><p>Event Price</p></th>\n
<th><p>Event Location</p></th>\n
</tr>
<tr>
<td><p>$eID</p></td>\n
<td><p>$eTitle</p></td>\n
<td><p>$eCat</p></td>\n
<td><p>$eVenue</p></td>\n
<td><p>$ePrice</p></td>\n
<td><p>$eLocation</p></td>
</tr>\n";
}
}
}
//search by id
if(isset($_POST['eventID']))
{
//get value from form
$srID = $_POST['eventID'];
//sql statement
$sqlSrID = "SELECT *
FROM te_events, te_category, te_venue
WHERE te_events.catID = te_category.catID AND te_events.venueID = te_venue.venueID AND te_events.eventID = '$srID'
";
//query sql statement
$sqlIDQuery = mysqli_query($conn,$sqlSrID) or DIE (mysqli_error($conn));
$count = mysqli_num_rows($sqlIDQuery);
if($count == 0)// for search record unexist in database
{
$error = "there was no search results!";
}
else
{
//get value
while($row = mysqli_fetch_array($sqlIDQuery))
{
$eID = $row['eventID'];
$eTitle = $row['eventTitle'];
$eCat = $row['catDesc'];
$eVenue = $row['venueName'];
$eLocation = $row['location'];
$ePrice = $row['eventPrice'];
$output2 .= "
<tr>
<th><p>Event ID</p></th>\n
<th><p>Event Title</p></th>\n
<th><p>Event Category</p></th>\n
<th><p>Event Venue</p></th>\n
<th><p>Event Price</p></th>\n
<th><p>Event Location</p></th>\n
</tr>
<tr>
<td><p>$eID</p></td>\n
<td><p>$eTitle</p></td>\n
<td><p>$eCat</p></td>\n
<td><p>$eVenue</p></td>\n
<td><p>$ePrice</p></td>\n
<td><p>$eLocation</p></td>
</tr>\n";
}
}
}
//search by category
if(isset($_POST['search']))
{
// get value from search form
$catID = $_POST['category'];
//sql statement for search category
$sqlCat = "SELECT *
FROM te_events,te_venue,te_category
WHERE te_events.venueID = te_venue.venueID AND
te_events.catID = te_category.catID AND te_events.catID = '$catID'";
// query sql statement
$sqlCatQuery = mysqli_query($conn,$sqlCat) or DIE (mysqli_error($conn));
// get value
while($row = mysqli_fetch_array($sqlCatQuery))
{
$eID = $row['eventID'];
$eTitle = $row['eventTitle'];
$eCat = $row['catDesc'];
$eVenue = $row['venueName'];
$eLocation = $row['location'];
$ePrice = $row['eventPrice'];
$output2 .= "
<tr>
<th><p>Event ID</p></th>\n
<th><p>Event Title</p></th>\n
<th><p>Event Category</p></th>\n
<th><p>Event Venue</p></th>\n
<th><p>Event Price</p></th>\n
<th><p>Event Location</p></th>\n
</tr>
<tr>
<td><p>$eID</p></td>\n
<td><p>$eTitle</p></td>\n
<td><p>$eCat</p></td>\n
<td><p>$eVenue</p></td>\n
<td><p>$ePrice</p></td>\n
<td><p>$eLocation</p></td>
</tr>\n";
}
}
//search by price range
if(isset($_POST['search']))
{
$price = $_POST['price'];
if ($price == 0)
{
$error = "";
}
else
{
if ($price == 1)//sql for search price between 0 to 10
{
$sqlPrice = "SELECT *
FROM te_events,te_category,te_venue
WHERE te_events.venueID = te_venue.venueID AND
te_events.catID = te_category.catID AND te_events.eventPrice >= 0 AND te_events.eventPrice <= 10
ORDER BY te_events.eventPrice";
}
elseif ($price == 2)//sql search for price between 10 to 20
{
$sqlPrice = "SELECT *
FROM te_events,te_category,te_venue
WHERE te_events.venueID = te_venue.venueID AND
te_events.catID = te_category.catID AND te_events.eventPrice >= 10 AND te_events.eventPrice <= 20
ORDER BY te_events.eventPrice";
}
elseif ($price == 3)//sql search for price between 20 to 30
{
$sqlPrice = "SELECT *
FROM te_events,te_category,te_venue
WHERE te_events.venueID = te_venue.venueID AND
te_events.catID = te_category.catID AND te_events.eventPrice >= 20 AND te_events.eventPrice <= 30
ORDER BY te_events.eventPrice";
}
elseif ($price == 4)//sql search for price between 30 to 40
{
$sqlPrice = "SELECT *
FROM te_events,te_category,te_venue
WHERE te_events.venueID = te_venue.venueID AND
te_events.catID = te_category.catID AND te_events.eventPrice >= 30 AND te_events.eventPrice <= 40
ORDER BY te_events.eventPrice";
}
elseif ($price == 5)//sql search for price between 40 to 50
{
$sqlPrice = "SELECT *
FROM te_events,te_category,te_venue
WHERE te_events.venueID = te_venue.venueID AND
te_events.catID = te_category.catID AND te_events.eventPrice >= 40 AND te_events.eventPrice <= 50
ORDER BY te_events.eventPrice";
}
elseif ($price == 6)//sql search for price between 50 to 60
{
$sqlPrice = "SELECT *
FROM te_events,te_category,te_venue
WHERE te_events.venueID = te_venue.venueID AND
te_events.catID = te_category.catID AND te_events.eventPrice >= 50 AND te_events.eventPrice <= 60
ORDER BY te_events.eventPrice";
}
// query the sql statement
$sqlPriceQuery = mysqli_query($conn,$sqlPrice) or DIE (mysqli_error($conn));
// get value
while ($row = mysqli_fetch_array($sqlPriceQuery))
{
$eID = $row['eventID'];
$eTitle = $row['eventTitle'];
$eCat = $row['catDesc'];
$eVenue = $row['venueName'];
$eLocation = $row['location'];
$ePrice = $row['eventPrice'];
$output2 .= "
<tr>
<th><p>Event ID</p></th>\n
<th><p>Event Title</p></th>\n
<th><p>Event Category</p></th>\n
<th><p>Event Venue</p></th>\n
<th><p>Event Price</p></th>\n
<th><p>Event Location</p></th>\n
</tr>\n
<tr>
<td><p>$eID</p></td>\n
<td><p>$eTitle</p></td>\n
<td><p>$eCat</p></td>\n
<td><p>$eVenue</p></td>\n
<td><p>$ePrice</p></td>\n
<td><p>$eLocation</p></td>
</tr>\n";
}
}
}
?>
</table>
<form action="adminSearchPage.php" method="POST" value="search">
<table>
<caption><h3>Search Event<h3></caption>
<tr><td>Event Title</td>
<td><input type="text" value="" name="title" placeholder="search events..."></input></td>
</tr>
<tr>
<td>Event ID</td>
<td><input type="text" value="" name="eventID" placeholder="search event ID..."></input></td>
</tr>
<tr>
<td>Event Price</td>
<td>
<?php
echo "<select name=\"price\">\n";
echo "<option value=\"0\">Select range of price...</option>\n";
echo "<option value=\"1\">0.0 - 10.00</option>\n";
echo "<option value=\"2\">10.0 - 20.00</option>\n";
echo "<option value=\"3\">20.0 - 30.00</option>\n";
echo "<option value=\"4\">30.0 - 40.00</option>\n";
echo "<option value=\"5\">40.0 - 50.00</option>\n";
echo "<option value=\"6\">50.0 - 60.00</option>\n";
echo "</select>";
?>
</td>
</tr>
<tr>
<td>Event Category</td>
<td><?php
$sqlCategory ="SELECT * FROM te_category ORDER BY 1";//sql statement
$rsCategory = mysqli_query($conn,$sqlCategory) or DIE (mysqli_error($conn));//sql query
$sqlMatchCat ="SELECT catID FROM te_events ORDER BY 1";//sql statement
$sqlMatchCatQuery = mysqli_query($conn,$sqlMatchCat) or DIE (mysqli_error($conn));//sql match query
echo"<select name=\"category\" >\n";
echo"<option value=\"0\">select category...</option>\n";
while($row = mysqli_fetch_array($rsCategory))
{ // populate select item
$catID = $row['catID'];
$catDesc = $row['catDesc'];
// get each certificate record
if($catID == $sqlMatchCatQuery)
{ echo "<option value =\"$catID\" selected>$catDesc</option>\n"; }
else
{ echo "<option value =\"$catID\">$catDesc</option>\n"; }
}
echo "</select>\n";
mysqli_free_result($rsCategory);// remove result set
?>
</td>
</tr>
<tr>
<td>Event Date</td>
<td>
</td>
</tr>
<tr>
<td><input name="search" type="submit" value="search"></input></td>
</tr>
</table>
<table>
<?php
echo "$output1";
echo "$output2";
echo "$error";
?>
</table>
</form>
</div>
<div class="wrapper1">
<nav>
<ul>
<li><a href="homePage.html" accesskey="h">Home</a></li>
<li><a class="active" href="adminEventlist.php" accesskey="v">Events</a></li>
<li><a href="adminSearchPage.php" accesskey="s">Search</a></li>
<li><a href="#" accesskey="b">About us</a></li>
<li><a href="adminLogoutPage.php" accesskey="l">Log out</a></li>
</ul>
</nav>
</div>
</body>
</html>
loginProcess.php
<?php
ini_set("session.save_path", $_SERVER["DOCUMENT_ROOT"] . "/../sessionData");
// session begin
session_start();
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Login Process</title>
<link id="pagestyle" href="loginProcess.css" rel="stylesheet" type="text/css">
<meta charset="utf-8">
</head>
<body id="background">
<div id="wrapper2">
<?php
$userName = filter_has_var(INPUT_POST,'userName') ? $_POST['userName']: null;
$passWD = filter_has_var(INPUT_POST,'pwd') ? $_POST['pwd'] : null;
// sanitize part, saniziting data input from user
$userName = trim($userName);
$userName = filter_var($userName, FILTER_SANITIZE_STRING,FILTER_FLAG_NO_ENCODE_QUOTES);
$userName = filter_var($userName, FILTER_SANITIZE_SPECIAL_CHARS);
$passWD = trim($passWD);
$passWD = filter_var($passWD, FILTER_SANITIZE_STRING,FILTER_FLAG_NO_ENCODE_QUOTES);
$passWD = filter_var($passWD, FILTER_SANITIZE_SPECIAL_CHARS);
//database connection
include 'database_conn.php';
//SQL statement for user login
//query the te_users database table to get the passwordHash for username entered by user in login process
$sqlUser = "SELECT passwordHash FROM te_users WHERE username = ?";
//Query sql statement
$sqlUserStmt = mysqli_prepare($conn,$sqlUser);
//bind the entered $userName to prepare statement, s is the datatype
mysqli_stmt_bind_param($sqlUserStmt,"s",$userName);
//execute query
mysqli_stmt_execute($sqlUserStmt);
// get passwordHash form the query results for entered username and store it in the variable indicated
mysqli_stmt_bind_result($sqlUserStmt,$passWDHash);
//check if a record returned by the query
$errorList = array();
if(empty($userName))
{
echo "<p>Please enter the user name</p>\n";
header("refresh:2;url=loginPage.html");
echo "you will be redirected to login form within 3 seconds";
}
if(empty($passWD))
{
echo "<p>Please enter the Password</p>\n";
header("refresh:2;url=loginPage.html");
echo "you will be redirected to login form within 3 seconds";
}
else
{
if (mysqli_stmt_fetch($sqlUserStmt))
{
//declare variable
$_SESSION['userName'] = $userName;
$_SESSION['loggedin'] = true;
// check password
if(password_verify($passWD,$passWDHash))
{
$_SESSION['loggedin'] = true;
echo "<p>hello! <p>\n";
}
else
{
$_SESSION['loggedin'] = false;
echo "<p>Password incorrect!</p>\n";
header("refresh:2;url=loginPage.html");
echo "you will be redirected to login form within 3 seconds";
}
}
else
{
echo "<p>User doesn't exist!</p>\n";
header("refresh:2;url=loginPage.html");
echo "you will be redirected to login form within 3 seconds";
}
}
//closing statement
// closing connection
mysqli_stmt_close($sqlUserStmt);
mysqli_close($conn);
// print out wellcome when admin log in
if((isset($_SESSION['userName'])) && ($_SESSION['loggedin'] = true))
{
echo "<p>Welcome home ". $_SESSION['userName'] ."</p>\n";
header("refresh:2;url=adminEventlist.php");
}
$_SESSION['userName'] = $_SESSION['userName'];
$_SESSION['loggedin'] = $_SESSION['loggedin'];
?>
</div>
</body>
</html>