Hi,
I am creating ch9/admin/authors/form.html.php however, when going to the url, the system is pulling my ‘root’ password and indicating that
Notice: Undefined variable: roles in C:\xampp\htdocs\xampp\test\karen\9\admin\authors\form.html.php on line 25
I have even created a sub ‘account administrator’ ‘root’ role in the system, plus copied and pasted the code directly from GitHub.
Advice?
thx
Karen
Could you please post the code?
Well, obviously there’s something on line 25 that is not quite right… There’s not much that we can do without reading the code.
I do not understand what you mean with a sub ‘account administrator’ ‘root’ though. Do you mean that you have created a second admin account also with the name of root?
Hi karentutor1, welcome to the forum
The error message line is in
.../admin/authors/form.html.php
<?php for ($i = 0; $i < count($roles); $i++): ?>
The $roles variable is an array that is defined in
.../admin/authors/index.php
if (isset($_GET['add']))
...
foreach ($result as $row)
{
$roles[] = array(
'id' => $row['id'],
'description' => $row['description'],
'selected' => FALSE);
}
include 'form.html.php';
exit();
...
if (isset($_POST['action']) and $_POST['action'] == 'Edit')
...
foreach ($result as $row)
{
$roles[] = array(
'id' => $row['id'],
'description' => $row['description'],
'selected' => in_array($row['id'], $selectedRoles));
}
include 'form.html.php';
exit();
You can not go directly to the URL, it needs to be “included” into the index page
Ok, great thanks. Yes, - it was simply that I had not yet worked far enough through the material. I was wondering why it was ‘roles’ and not ‘role’ as defined in the access.inc.php script. I had not yet added those scripts to the index page.
So, my takeaway from your comments is that I had just not worked through the book material far enough. When I look at your code, it appears that seems to be the case.
I have finished that now. It is ‘working’. Sort of…
However,when I go to the page, the default comes up with (I believe) my Xampp email / pass pre-loaded into the Email & Password Fields.
I have tried ‘entering’ the new system using a password / email combo and even manually set up new users with passwords in the MySQL database (author administrator) etc. But, to no avail. It just keeps loading the login page.
It is not granting entry? For some reason, it just keeps reloading the login form.
I suspect that it may have something to do with my Xampp or perhaps users in MySQL. But, I am not sure.
Any suggestions? Here are, I believe, all the relevant codes.
thanks
Karen
ps - here are the codes:
ADMIN/AUTHORS/INDEX.PHP
<?php
include_once '../includes/magicquotes.inc.php';
require_once '../includes/access.inc.php';
if (!userIsLoggedIn())
{
include '../login.html.php';
exit();
}
if (!userHasRole('Account Administrator'))
{
$error = 'Only Account Administrators may access this page.';
include '../accessdenied.html.php';
exit();
}
if (isset($_GET['add']))
{
include '../includes/db.inc.php';
$pageTitle = 'New Author';
$action = 'addform';
$name = '';
$email = '';
$id = '';
$button = 'Add author';
// Build the list of roles
try
{
$result = $pdo->query('SELECT id, description FROM role');
}
catch (PDOException $e)
{
$error = 'Error fetching list of roles.';
include 'error.html.php';
exit();
}
foreach ($result as $row)
{
$roles[] = array(
'id' => $row['id'],
'description' => $row['description'],
'selected' => FALSE);
}
include 'form.html.php';
exit();
}
if (isset($_GET['addform']))
{
include '../includes/db.inc.php';
try
{
$sql = 'INSERT INTO author SET
name = :name,
email = :email';
$s = $pdo->prepare($sql);
$s->bindValue(':name', $_POST['name']);
$s->bindValue(':email', $_POST['email']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error adding submitted author.';
include 'error.html.php';
exit();
}
$authorid = $pdo->lastInsertId();
if ($_POST['password'] != '')
{
$password = md5($_POST['password'] . 'ijdb');
try
{
$sql = 'UPDATE author SET
password = :password
WHERE id = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':password', $password);
$s->bindValue(':id', $authorid);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error setting author password.';
include 'error.html.php';
exit();
}
}
if (isset($_POST['roles']))
{
foreach ($_POST['roles'] as $role)
{
try
{
$sql = 'INSERT INTO authorrole SET
authorid = :authorid,
roleid = :roleid';
$s = $pdo->prepare($sql);
$s->bindValue(':authorid', $authorid);
$s->bindValue(':roleid', $role);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error assigning selected role to author.';
include 'error.html.php';
exit();
}
}
}
header('Location: .');
exit();
}
if (isset($_POST['action']) and $_POST['action'] == 'Edit')
{
include '../includes/db.inc.php';
try
{
$sql = 'SELECT id, name, email FROM author WHERE id = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error fetching author details.';
include 'error.html.php';
exit();
}
$row = $s->fetch();
$pageTitle = 'Edit Author';
$action = 'editform';
$name = $row['name'];
$email = $row['email'];
$id = $row['id'];
$button = 'Update author';
// Get list of roles assigned to this author
try
{
$sql = 'SELECT roleid FROM authorrole WHERE authorid = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $id);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error fetching list of assigned roles.';
include 'error.html.php';
exit();
}
$selectedRoles = array();
foreach ($s as $row)
{
$selectedRoles[] = $row['roleid'];
}
// Build the list of all roles
try
{
$result = $pdo->query('SELECT id, description FROM role');
}
catch (PDOException $e)
{
$error = 'Error fetching list of roles.';
include 'error.html.php';
exit();
}
foreach ($result as $row)
{
$roles[] = array(
'id' => $row['id'],
'description' => $row['description'],
'selected' => in_array($row['id'], $selectedRoles));
}
include 'form.html.php';
exit();
}
if (isset($_GET['editform']))
{
include '../includes/db.inc.php';
try
{
$sql = 'UPDATE author SET
name = :name,
email = :email
WHERE id = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->bindValue(':name', $_POST['name']);
$s->bindValue(':email', $_POST['email']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error updating submitted author.';
include 'error.html.php';
exit();
}
if ($_POST['password'] != '')
{
$password = md5($_POST['password'] . 'ijdb');
try
{
$sql = 'UPDATE author SET
password = :password
WHERE id = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':password', $password);
$s->bindValue(':id', $_POST['id']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error setting author password.';
include 'error.html.php';
exit();
}
}
try
{
$sql = 'DELETE FROM authorrole WHERE authorid = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error removing obsolete author role entries.';
include 'error.html.php';
exit();
}
if (isset($_POST['roles']))
{
foreach ($_POST['roles'] as $role)
{
try
{
$sql = 'INSERT INTO authorrole SET
authorid = :authorid,
roleid = :roleid';
$s = $pdo->prepare($sql);
$s->bindValue(':authorid', $_POST['id']);
$s->bindValue(':roleid', $role);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error assigning selected role to author.';
include 'error.html.php';
exit();
}
}
}
header('Location: .');
exit();
}
if (isset($_POST['action']) and $_POST['action'] == 'Delete')
{
include '../includes/db.inc.php';
// Delete role assignments for this author
try
{
$sql = 'DELETE FROM authorrole WHERE authorid = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error removing author from roles.';
include 'error.html.php';
exit();
}
// Get jokes belonging to author
try
{
$sql = 'SELECT id FROM joke WHERE authorid = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error getting list of jokes to delete.';
include 'error.html.php';
exit();
}
$result = $s->fetchAll();
// Delete joke category entries
try
{
$sql = 'DELETE FROM jokecategory WHERE jokeid = :id';
$s = $pdo->prepare($sql);
// For each joke
foreach ($result as $row)
{
$jokeId = $row['id'];
$s->bindValue(':id', $jokeId);
$s->execute();
}
}
catch (PDOException $e)
{
$error = 'Error deleting category entries for joke.';
include 'error.html.php';
exit();
}
// Delete jokes belonging to author
try
{
$sql = 'DELETE FROM joke WHERE authorid = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error deleting jokes for author.';
include 'error.html.php';
exit();
}
// Delete the author
try
{
$sql = 'DELETE FROM author WHERE id = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error deleting author.';
include 'error.html.php';
exit();
}
header('Location: .');
exit();
}
// Display author list
include '../includes/db.inc.php';
try
{
$result = $pdo->query('SELECT id, name FROM author');
}
catch (PDOException $e)
{
$error = 'Error fetching authors from the database!';
include 'error.html.php';
exit();
}
foreach ($result as $row)
{
$authors[] = array('id' => $row['id'], 'name' => $row['name']);
}
include 'authors.html.php';
FORM.HTML.PHP
<?php include_once '../includes/helpers.inc.php'; ?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title><?php htmlout($pageTitle); ?></title>
</head>
<body>
<h1><?php htmlout($pageTitle); ?></h1>
<form action="?<?php htmlout($action); ?>" method="post">
<div>
<label for="name">Name: <input type="text" name="name"
id="name" value="<?php htmlout($name); ?>"></label>
</div>
<div>
<label for="email">Email: <input type="text" name="email"
id="email" value="<?php htmlout($email); ?>"></label>
</div>
<div>
<label for="password">Set password: <input type="password"
name="password" id="password"></label>
</div>
<fieldset>
<legend>Roles:</legend>
<?php for ($i = 0; $i < count($roles); $i++): ?>
<div>
<label for="role<?php echo $i; ?>"><input type="checkbox"
name="roles[]" id="role<?php echo $i; ?>"
value="<?php htmlout($roles[$i]['id']); ?>"<?php
if ($roles[$i]['selected'])
{
echo ' checked';
}
?>><?php htmlout($roles[$i]['id']); ?></label>:
<?php htmlout($roles[$i]['description']); ?>
</div>
<?php endfor; ?>
</fieldset>
<div>
<input type="hidden" name="id" value="<?php
htmlout($id); ?>">
<input type="submit" value="<?php htmlout($button); ?>">
</div>
</form>
</body>
</html>
ADMIN/INCLUDES/ACCESS.INC.PHP
<?php
function userIsLoggedIn()
{
if (isset($_POST['action']) and $_POST['action'] == 'login') // first let's check if the user is logged in
{
if (!isset($_POST['email']) or $_POST['email'] == '' or !isset($_POST['password']) or $_POST['password'] == '')
{
$GLOBALS['loginError'] = 'Please fill in both fields';
return FALSE;
}
$password = md5($_POST['password'] . 'ijdb'); // THIS IS WHERE password BECOMES $password
if (databaseContainsAuthor($_POST['email'], $password))
{
session_start();
$_SESSION['loggedIn'] = TRUE;
$_SESSION['email'] = $_POST['email'];
$_SESSION['password'] = $password;
return TRUE;
}
else
{
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['email']);
unset($_SESSION['password']);
$GLOBALS['logginError'] = 'The specified email address or password was incorrect.';
return FALSE;
}
}
IF (isset($_POST['action']) and $_POST['action'] = 'logout')
{
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['email']);
unset($_SESSION['password']);
header('Location: ' . $_POST['goto']);
exit();
}
session_start();
if (isset($_SESSION['loggedIn']))
{
return databaseContainsAuthor($_SESSION['email'], $_SESSION['password']);
}
}
function databaseContainsAuthor($email, $password)
{
include 'db.inc.php';
try
{
$sql = 'SELECT COUNT(*) FROM author WHERE email= :email AND password = :password';
$s = $pdo->prepare($sql);
$s->bindValue(':email', $email);
$s->bindValue(':password', $password);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error searching for author';
include 'error.html.php';
exit();
}
$row = $s->fetch();
if ($row[0]>0)
{
return TRUE;
}
else
{
return FALSE;
}
}
function userHasRole($role)
{
include 'db.inc.php';
try
{
$sql = "SELECT COUNT(*) FROM author
INNER JOIN authorrole ON author.id = authorid
INNER JOIN role ON roleid = role.id
WHERE email = :email AND role.id = :roleId";
$s = $pdo->prepare($sql);
$s->bindValue(':email', $_SESSION['email']);
$s->bindValue(':roleId', $role);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error searching for author roles.';
include 'error.html.php';
exit();
}
$row = $s->fetch();
if ($row[0] > 0)
{
return TRUE;
}
else
{
return FALSE;
}
}
ps- I have been fine with everything working until this point in the book
ps - apologies for the formatting - I just copied and pasted the material in and it seems to have picked up and formatted it rather strangely.
Also, a quick aside that the username / pass code combination preloaded onto the login form is ‘root’ with a **** password.
Which also does not let me ‘enter’.
thx
Karen
Off Topic:
Apologies for our anti-Spam plug-in mistakenly quarantining your post, @karentutor1. We’re still “training” it, and it seems to have some weird ideas about what constitutes Spam.
To post code here, you can highlight your code, then use the </> button in the editor window, which will format it.
Or you can place three backticks ``` (top left key on US/UK keyboards) on a line before your code, and three on a line after your code. I find this approach easier, but unfortunately some European and other keyboards don’t have that character.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.