PHP - SESSION PROBLEM - Asked By Olusegun A. on 05-Oct-09 02:43 AM

Hello friends, please i need your help concerning the session problem am having. the problem is that i log into my admin session, i listed all available member in the file named [b]"editaccount.php"[/b]. by clicking the account number of a member, i will be led to [b]"editaccount2.php"[/b] that will display the account information of the member which account number i clicked. but since am having admin session on, how do i pass the member's session that will pass the members information to [b]"editaccount2.php"[/b]. The two pages are below

[b]EDITACCOUN.PHP[/b]
[code]<?php
session_start();
if(empty($_SESSION[admin]))
header("Location:adminlogin.php")
?>
<head>
</head>

<body>
<table width="700" border="0" align="center" cellpadding="20" cellspacing="0" bgcolor="#FFFFCC">
<tr>
<td><!-- InstanceBeginEditable name="content" -->
<table width="100%" border="0" cellpadding="0" cellspacing="5" bgcolor="#006600">
<tr>
<td><span class="style1" style="font-weight: bold">EDIT ACCOUNT </span></td>
</tr>
</table>
<p>To edit any account, click on its Account Number. </p>
<p align="center">

<?php
include("customersinfodb.php");
$check=mysql_query("select * from clients");
$count=mysql_num_rows($check);
?>
<table width="100%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td align="center"width="20%"><span style="font-weight: bold">Account No. </span></td>
<td align="center"width="20%"><span style="font-weight: bold">First Name </span></td>
<td align="center"width="20%"><span style="font-weight: bold">Last Name </span></td>
<td align="center"width="20%"><span style="font-weight: bold">Country</span></td>
<td align="center"width="20%"><span style="font-weight: bold">Reg. Date </span></td>
</tr>
<?php
while($rows=mysql_fetch_array($check)){
$ano=$rows[ano];
$fname=$rows[fname];
$lname=$rows[lname];
$country=$rows[country];
$regdate=$rows[regdate];
$_SESSION[ano]=$ano;
?>
<tr>
<td width="20%" align="center"><a href="editaccount2.php?ano='$ano'"><?php echo $ano ?></a></td>
<td width="20%" align="center"><?php echo $fname ?></td>
<td width="20%" align="center"><?php echo $lname ?></td>
<td width="20%" align="center"><?php echo $country ?></td>
<td width="20%" align="center"><?php echo $regdate ?></td>
</tr>

<?php
}
?>
<hr></table>

<p align="center">&nbsp;</p>
<hr />
<p align="center"><a href="adminportal.php">Back</a> | <a href="Templates/adminlogin.php">Logout</a></p>
<!-- InstanceEndEditable --></td>
</tr>
</table>
</body>
<!-- InstanceEnd --></html>
[/code]



[b]EDITACCOUNT2.PHP[/b]
[code]<?php
session_start();
if(empty($_SESSION[admin]))
header("Location:adminlogin.php")
?>
<head>
</head>

<body>
<table width="700" border="0" align="center" cellpadding="20" cellspacing="0" bgcolor="#FFFFCC">
<tr>
<td><!-- InstanceBeginEditable name="content" -->
<?php
$admin=$_SESSION[admin];
?>
<table width="100%" border="0" cellpadding="0" cellspacing="5" bgcolor="#006600">
<tr>
<td><span class="style1" style="font-weight: bold">CHANGE ACCOUNT INFO </span></td>
</tr>
</table>
<p align="left">You must be careful because any changes made to the below information will affect the Account Holder's Information.</p>
<p align="center">
<?php
if(!empty($_POST[Submit]))
{
include("customersinfodb.php");
$ano=$_SESSION[ano];
$_GET[ano]=$ano;
$check=mysql_query("select * from clients where ano='$ano'");
while($look=mysql_fetch_array($check))
{
$ano=$look[ano];
$fname=$look[fname];
$mname=$look[mname];
$lname=$look[lname];
$address=$look[address];
$address2=$look[address2];
$city=$look[city];
$state=$look[state];
$country=$look[country];
$pcode=$look[pcode];
$gender=$look[gender];
$pno=$look[pno];
$pno2=$look[pno2];
$atype=$look[atype];
$currency=$look[currency];
$status=$look[status];
}
$nfname=$_POST[fname];
$nmname=$_POST[mname];
$nlname=$_POST[lname];
$naddress=$_POST[address];
$naddress2=$_POST[address2];
$ncity=$_POST[city];
$nstate=$_POST[state];
$ncountry=$_POST[country];
$npcode=$_POST[pcode];
$ngender=$_POST[gender];
$npno=$_POST[pno];
$npno2=$_POST[pno2];
$natype=$_POST[atype];
$ncurrency=$_POST[currency];
$nstatus=$_POST[status];
$update=mysql_query("update clients set fname='$nfname', mname='$nmname', lname='$nlname', address='$naddress', address2='$naddress2', city='$ncity', state='$nstate', country='$ncountry', pcode='$npcode', gender='$ngender', pno='$npno', pno2='$npno2', atype='$natype', currency='$ncurrency', status='$nstutas' where ano='$ano'");
if(!$upload)
echo "The Information is not updated, try again.<br>";
else
echo "The Information is updated successfully.<br>";
}
?>
</p>
<form id="form1" name="form1" method="post" action="<?php echo $_SESSION['PHP_SELF'] ?>">
<table width="100%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td width="36%"><div align="right" class="style15">Account Nubmer: </div></td>
<td width="64%"><label><?php echo $ano ?></label></td>
</tr>
<tr>
<td><div align="right"><span class="style15">First Name:</span></div></td>
<td width="64%"><input name="fname" type="text" id="fname" value="<?php echo $fname ?>" size="40" maxlength="20" /></td>
</tr>
<tr>
<td><div align="right" class="style15">Middle Name: </div></td>
<td><input name="mname" type="text" id="mname" value="<?php echo $mname ?>" size="40" maxlength="20" /></td>
</tr>
<tr>
<td><div align="right" class="style15">Last Name: </div></td>
<td><input name="lname" type="text" id="lname" value="<?php echo $lname ?>" size="40" maxlength="20" /></td>
</tr>
<tr>
<td><div align="right" class="style15">Address 1: </div></td>
<td><input name="address" type="text" id="address" value="<?php echo $address ?>" size="40" maxlength="100" /></td>
</tr>
<tr>
<td><div align="right" class="style15">Address 2:</div></td>
<td><input name="address2" type="text" id="address2" value="<?php echo $address2 ?>" size="40" maxlength="100" /></td>
</tr>
<tr>
<td><div align="right" class="style15">City:</div></td>
<td><input name="city" type="text" id="city" value="<?php echo $city ?>" size="40" maxlength="50" /></td>
</tr>
<tr>
<td><div align="right" class="style15">State:</div></td>
<td><input name="state" type="text" id="state" value="<?php echo $state ?>" size="40" maxlength="50" /></td>
</tr>
<tr>
<td><div align="right" class="style15">Country:</div></td>
<td><input name="country" type="text" id="country" value="<?php echo $country ?>" size="40" maxlength="50" /></td>
</tr>
<tr>
<td><div align="right">Gender:</div></td>
<td>Male:
<label>
<input name="gender" type="radio" value="Male" />
</label>
Female:
<label>
<input name="gender" type="radio" value="Female" />
</label></td>
</tr>
<tr>
<td><div align="right" class="style15">Post Code: </div></td>
<td><input name="pcode" type="text" id="pcode" value="<?php echo $pcode ?>" size="40" maxlength="5" /></td>
</tr>
<tr>
<td><div align="right" class="style15">Mobile Phone Number: </div></td>
<td><input name="pno" type="text" id="pno" value="<?php echo $pno ?>" size="40" maxlength="50" /></td>
</tr>
<tr>
<td><div align="right"><span class="style15">Home Phone Number:</span></div></td>
<td><input name="pno2" type="text" id="pno2" value="<?php echo $pno2 ?>" size="40" maxlength="50" /></td>
</tr>
<tr>
<td><div align="right" class="style15">Account Type: </div></td>
<td><label>
<select name="atype" id="atype">
<option value="" selected="selected"></option>
<option value="Savings">Savings</option>
<option value="Check">Check</option>
<option value="Money Market">Money Market</option>
</select>
</label></td>
</tr>
<tr>
<td><div align="right" class="style16">Currency:</div></td>
<td><select name="currency" id="currency">
<option value="" selected="selected"></option>
<option value="Dollars">Dollars</option>
<option value="Pounds">Pounds</option>
<option value="Euro">Euro</option>
</select></td>
</tr>
<tr>
<td><div align="right">Account Status: </div></td>
<td><label>
<select name="status" id="status">
<option value="" selected="selected"></option>
<option value="Active">Active</option>
<option value="Suspended">Suspended</option>
</select>
</label></td>
</tr>

<tr>
<td>&nbsp;</td>
<td><label>
<input type="submit" name="Submit" value="Update" />
</label>
<label>
<input type="reset" name="Submit2" value="Reset" />
</label></td>
</tr>
</table>
</form>
<hr />
<p align="center"><a href="editaccount.php">Back</a> | <a href="adminlogout.php">Logout</a></p>
<!-- InstanceEndEditable --></td>
</tr>
</table>
</body>
<!-- InstanceEnd --></html>
[/code]

Please help me out with necessary adjustment.
Regards

If editaccount.php uses session variables, then you made a design mistake

Robbe Morris replied to Olusegun A. on 05-Oct-09 06:06 AM

You can't pass "session" around.  Your edit account page should accept a querystring variable, retrieve the record from the database, show it, let you alter it, and then save it back to the database.  You should use "your" session to validate that an admin is performing this tasks or that the signed in user is the same as the userid in your querystring.