if using sessions - then calling session start is essential -
it helps for validation, and eliminates the need for a switch statement.
i.e.
PHP Code:
<?php
/*
* edit groups
*/
session_start();
require_once 'DB.php';
require_once '../config.inc' ;
require_once (INCLUDES_DIR . 'template.inc');
require_once (INCLUDES_DIR . 'functions.inc');
require_once (INCLUDES_DIR . 'csv.inc');
$smarty = new PasTVTemplate();
$smarty->showHeader('Group Edit');
if($_SESSION['isAdmin'] == 1) {
$connect = DB::connect($db);
if(DB::isError($connect))
die($connect->getMessage());
if(!empty($_POST['group_name'])) {
...
which simply starts the session if not already started - isAdmin is set if and only if the user is an admin (when user information is pulled from db after successful login)
and if $_POST is set, then the group name is added to the database if it doesn't already exist.
login.php looks like this (realised I've just left out a rather large chunk of "stuff")
PHP Code:
<?php
/**
* Login.php
*/
session_start();
require_once "DB.php";
require_once "../config.inc" ;
require_once (INCLUDES_DIR . "template.inc");
require_once (INCLUDES_DIR . 'functions.inc');
$connect = DB::connect($db);
if(DB::isError($connect))
die($connect->getMessage());
//add error handling code.
$smarty = new PasTVTemplate();
if(empty($_POST)) {
$smarty->showHeader('PasTV :: User Registration');
$smarty->display('login.tpl');
} else {
$passwd = sha1($_POST['password']);
$query = "SELECT uid, fname, lname, email, admin
FROM users
WHERE email = '{$_POST['email']}'
AND password = '{$passwd}'";
$result = $connect->query($query);
if(DB::isError($connect))
die($result->getMessage());
if($row = $result->fetchRow(DB_FETCHMODE_ASSOC)) {
session_unset();
session_register('uid');
session_register('email');
session_register('uid');
if($row['admin'] == 1) {
session_register('isAdmin');
$_SESSION['isAdmin'] = $row['admin'];
}
$_SESSION['username'] = $row['fname'] . " " . $row['lname'];
$_SESSION['email'] = $row['email'];
$_SESSION['uid'] = $row['uid'];
loadPage(INDEX_PAGE);
}
else {
$smarty->assign($_POST);
$smarty->showHeader('PasTV :: User Registration');
$smarty->display('login.tpl') ;
}
}
$smarty->display('footer.tpl');
?>