I am building a simple discussion board for a friend (and to practice php). My issue involves the admin adding a new member to the board. He enters the person’s name in add_user.php, which is checked against the current and retired members already in the database and an appropriate message is printed if the name already exists. If not, another textbox appears where he enters the member’s email address for registration. This single-textbox form sends him to another page, add_userB.php, where there is a message about the successful registration and the new member’s name, email address and role (‘user’) is inserted into the database. All this works fine.
But … after the new record, a second record containing only the role (‘user’) is inserted, and I can’t figure out where it is coming from or how to prevent it. Here is the code from my two pages:
add_user.php
<?php
ini_set('error_reporting', E_ALL ^ E_NOTICE);
require_once("inc/session.php");
require_once("inc/connect_db.php");
require_once("inc/functions.php");
include_once("inc/form_functions.php");
confirm_logged_in();
if ($_SESSION['role'] != 'admin') {
redirect_to('main.php');
}
if (isset($_POST['username'])) {
$username = trim(mysql_prep($_POST['username']));
$name_parts = explode(" ", $username);
$first_name = $name_parts[0];
$last_name = $name_parts[1];
$_SESSION['fname'] = $first_name;
$_SESSION['lname'] = $last_name;
}
?>
<?php
include_once("inc/header.php");
?>
<h2>Add New Member</h2>
<p>Please enter the username (first name and last name) of the new member:</p>
<form name="check_user" action="add_user.php" method="post">
<table>
<tr>
<td class="label">Username:</td>
<td><input type="text" name="username" id="username" class="textbox" maxlength="50" value="<?php print("$username"); ?>"/><td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="check_user" id="check" class="button" value="Submit Name" /></td>
</tr>
</table>
</form>
<?php
$query = "SELECT id, first_name, last_name
FROM users
WHERE first_name = '$first_name'
AND last_name = '$last_name' ";
$result = mysql_query($query, $mysql_link);
if (mysql_num_rows($result) == 1) {
$row = mysql_fetch_row($result);
$id = $row[0];
$first_name = $row[1];
$last_name = $row[2];
$query2 = "UPDATE users
SET role = 'user'
WHERE id = '$id' ";
$result2 = mysql_query($query2, $mysql_link);
print("<p class=\\"message\\">$username is either already a member, or is a former member whose status will now be re-activated.</p>
<p class=\\"message\\">You may check the contact information of this member on the <a href=\\"users.php\\">members' contact page</a> and update it if you wish.</p>");
} else if (isset($_POST['username']) && mysql_num_rows($result) == 0) {
?>
<p><?php print $username; ?> is not a registered member yet. To register, enter this person's email address here.</p>
<form name="add_user" action="add_userB.php" method="post" style="margin-left: 75px;">
<table>
<tr>
<td class="label">Email Address:</td>
<td><input type="text" name="email1" id="email" class="textbox" maxlength="100" value="<?php print("$email1"); ?>" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="add_email" id="add_email" class="button" value="Submit Email Address" /></td>
</tr>
</table>
</form>
<?php
}
?>
<p>Return to <a href="main.php">main page</a>.</p>
<?php
include_once("inc/footer.php");
?>
and add_userB.php
<?php
ini_set('error_reporting', E_ALL ^ E_NOTICE);
require_once("inc/session.php");
require_once("inc/connect_db.php");
require_once("inc/functions.php");
include_once("inc/form_functions.php");
confirm_logged_in();
if ($_SESSION['role'] != 'admin') {
redirect_to('main.php');
}
include_once("inc/header.php");
?>
<h2>Add New Member</h2>
<?php
if (isset($_SESSION['fname']) && isset($_SESSION['lname']) && isset($_POST['email1'])) {
$fname = trim(mysql_prep($_SESSION['fname']));
$lname = trim(mysql_prep($_SESSION['lname']));
$email1 = trim(mysql_prep($_POST['email1']));
}
$query = "INSERT INTO users
SET first_name = '$fname',
last_name = '$lname',
email1 = '$email1',
role = 'user' ";
print("<p style=\\"font-weight: bold; color: green;\\">$query</p>");
$result = mysql_query($query, $mysql_link);
?>
<p>An email will be sent to <?php print("$fname $lname"); ?> with a temporary password and an explanation of the forum rules.</p>
<p>Return to <a href="main.php">main page</a>.</p>
<?php
include_once("inc/footer.php");
?>
I have struggled with this for a few hours now, so I’m not taking the easy way out. Could someone please look at my code and tell me what is wrong? Thank you.