Multiple session variables from login page

Thanks Snakeyez02,

I have searched the posts and other sites etc. and i did get the lines of code you have presented. I can get the Username to pass over as MM_Username but when add a single line to the code to try to grab the password:

$_SESSION['pass'] = $_POST['password'];

I get this error:

Notice: Undefined index: password in /var/www/html/toyo_support_site/index_support_en_bak2.php on line 76

If i try to enter this code inside of any of DW's log in user code i get this error message and have to revert to an older version:

If i try to simply insert the sessions variables on their own like this:

<?php

$_SESSION['username1'] = $_POST['username'];

$_SESSION['password1'] = $_POST['password'];

?>

I get the same sort of error but for both lines:

Notice: Undefined index: username in /var/www/html/toyo_support_site/index_support_en_bak2.php on line 78

Notice: Undefined index: password in /var/www/html/toyo_support_site/index_support_en_bak2.php on line 79

Now Dreamweaver must be capturing the password somehow and storing that data to use for the User Authentication - Rrestrict access to page. On the receiving page my recordset is as follows. Is there something i can add here to simply capture teh password information?

<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
} ?>

<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;   
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$colname_rsSession = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_rsSession = $_SESSION['MM_Username'];
}
mysql_select_db($database_toyosupport, $toyosupport);
$query_rsSession = sprintf("SELECT * FROM entry WHERE Name = %s", GetSQLValueString($colname_rsSession, "text"));
$rsSession = mysql_query($query_rsSession, $toyosupport) or die(mysql_error());
$row_rsSession = mysql_fetch_assoc($rsSession);
$totalRows_rsSession = mysql_num_rows($rsSession);
?>

Sorry I have been trying everything to hopefully come accross the right formula here but I am not doing well. Any help is very much appreciated.

The undefined index is because the variable is not set.  PHP requires that you make sure a variable is defined before using it for any other function.  The "isset" function will do just that on a variable.  In VB terms it would be like trying to use a variable that you did not define with a "dim" statement first.

DW does use its own method for a login behavior to allow it to be edited via a GUI, and so that it can be edited later.  By editing the code, DW is stating that it can no longer help you and wants you to revert to its original code.  Unfortunately it is a little bit unflexible in that sense, but it does it for good reason and did do it with ASP as well.  If your login needs go beyond DW, it may be time to just code some of the elements yourself because to me, it sounds like you have the understand of the programming that is necessary to accomplish your task and DW is holding you back with its proprietary code. 

Hi SnakEyez02,

I get what you are saying and can understand why Dreamweaver would be set in its ways at times. And i hope I didn't mislead you in thinking I know what i am doing because at times I haven't a clue! What is it they say, "better to be quiet and have people think you are stupid than speak up and remove all doubt!" Here is where I probably remove all doubt. I am definately trying my best to understand the coding but I am not a coder. In most cases I am in awe as to how much you guys know but in my case working with web sites is only part of my function so I tend to scramble along as best as I can.

Now I did try to add my own code to start a new session and of course I received a whole slew of errors one being that a session has already been started. I tried using the Adobe forum on session vaiables and could not get it to work. Yes, I need to learn more about PHP which I guess I am putting the cart before the horse here but just need to get past this part to get something up there to keep some people happy.

In ASP it was an easy thing to make a session work but our new server is Linux and I have lot's to catch up on with PHP .

Now are you suggesting thatI should start from scratch and not use teh DW login server behavior and start from scratch? If so could you point me to aplace that would have a good tutorial on how to do this? This would be a great help ... and of course stop me from using yet another old cliche!

>And instead of your "Request" as you used in ASP,

>it would be much more secure to limit where the data is

It's also a good idea not to use it that way in ASP. Use the FORM or QUERYSTRING collections instead of the generic Request("blahblah")

Hi bregent, when i first read your reply I went "duh, why didn;t i think of that" I did give it a try but the information is not transfering over for some reason so i get a blank where I put a test echo.

<?php echo $row_rsSUPPORTLOGIN['Password']; ?>

Here is my recordset

<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;   
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$pass_rsSUPPORTLOGIN = "-1";
if (isset($_POST['password'])) {
  $pass_rsSUPPORTLOGIN = $_POST['password'];
}
$user_rsSUPPORTLOGIN = "-1";
if (isset($_POST['user'])) {
  $user_rsSUPPORTLOGIN = $_POST['user'];
}
mysql_select_db($database_toyosupport, $toyosupport);
$query_rsSUPPORTLOGIN = sprintf("SELECT * FROM entry WHERE Password = %s AND entry.Name = %s", GetSQLValueString($pass_rsSUPPORTLOGIN, "text"),GetSQLValueString($user_rsSUPPORTLOGIN, "text"));
$rsSUPPORTLOGIN = mysql_query($query_rsSUPPORTLOGIN, $toyosupport) or die(mysql_error());
$row_rsSUPPORTLOGIN = mysql_fetch_assoc($rsSUPPORTLOGIN);
$totalRows_rsSUPPORTLOGIN = mysql_num_rows($rsSUPPORTLOGIN);
?>

Having said this, if I get this to work then wouldn't I have to then create a session at this point to continue the information tansfering from page to page?