Problems with adding Form items to My Settings Area

[Xeron7]

Ok, I know a good amount of PHP & MySQL to feel comfortable editing it, but I'm not the best at writing my own code. Anyways...

I'm trying to add 12 options to my settings page. 6 Textboxes and 6 radios. I figured I'd start off with one and once I get get one text to work, then I would add the rest. Problem is, I can't get it to work.

For now I do not want to be able to input this data on registration, only after logging in clicking preferences(unless I have to).

So far I've modified the following files:
/account/details.php
/account/preferences_form.php
/framework/class.wb.php
/framework/class.login.php

I'm not getting any PHP errors, and I already added columns to my database. If I put data directly in database through phpmyadmin, it will display inside the text area. Whenever I click submit, the data gets erased from the text and from the database.

So it can read from the DB correctly, it just can't write to the DB correctly.
Can someone please help, this is setting me back.

PS: I am using WebsiteBaker 2.6.5
the name of the column on my DB is "b_name"
(without quotes of course)

[Xeron7]

my preferences_form.ph p

Code:

<?php

// $Id: preferences_form.php 399 2006-12-24 07:50:44Z Ruebenwurzel $

/*

 WebsiteBaker Project <http://www.websitebaker.org/>
 Copyright (C) 2004-2007, Ryan Djurovich

 WebsiteBaker is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation; either version 2 of the License, or
 (at your option) any later version.

 WebsiteBaker is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License
 along with websitebaker; if not, write to the Free Software
 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

if(!defined('WB_URL')) {
    header('Location: ../index.php');
    exit(0);
}

?>

<h1>&nbsp;<?php echo $HEADING['MY_SETTINGS']; ?></h1>

<form name="user" action="<?php echo WB_URL.'/account/preferences.php'; ?>" method="post" style="margin-bottom: 5px;">
<input type="hidden" name="user_id" value="{USER_ID}" />

<table cellpadding="5" cellspacing="0" border="0" width="97%">
    <td width="140"><?php echo $TEXT['DISPLAY_NAME']; ?>:</td>
    <td class="value_input">
        <input type="text" name="display_name" style="width: 380px;" maxlength="255" value="<?php echo $wb->get_display_name(); ?>" />
    </td>
</tr>
<tr>
    <td><?php echo $TEXT['LANGUAGE']; ?>:</td>
    <td>
        <select name="language" style="width: 380px;">
        <?php
        // Insert language values
        if($handle = opendir(WB_PATH.'/languages/')) {
           while (false !== ($file = readdir($handle))) {
                if($file != '.' AND $file != '..' AND $file != '.svn' AND $file != 'index.php') {
                    // Get language name
                    require(WB_PATH.'/languages/'.$file);
                    // Check if it is selected
                    if(LANGUAGE == $language_code) {
                        ?>
                        <option value="<?php echo $language_code; ?>" selected><?php echo $language_name.' ('.$language_code.')'; ?></option>
                        <?php
                    } else {
                        ?>
                        <option value="<?php echo $language_code; ?>"><?php echo $language_name.' ('.$language_code.')'; ?></option>
                        <?php
                    }
                }
            }
            // Restore language to original file
            require(WB_PATH.'/languages/'.LANGUAGE.'.php');
        }
        ?>
        </select>
    </td>
</tr>
<tr>
    <td><?php echo $TEXT['TIMEZONE']; ?>:</td>
    <td>
        <select name="timezone" style="width: 380px;">
            <option value="-20"><?php echo $TEXT['PLEASE_SELECT']; ?>...</option>
            <?php
            // Insert default timezone values
            require_once(ADMIN_PATH.'/interface/timezones.php');
            foreach($TIMEZONES AS $hour_offset => $title) {
                if($wb->get_timezone() == $hour_offset*60*60) {
                    ?>
                    <option value="<?php echo $hour_offset; ?>" selected><?php echo $title; ?></option>
                    <?php
                } else {
                    ?>
                    <option value="<?php echo $hour_offset; ?>"><?php echo $title; ?></option>
                    <?php
                }
            }
            ?>
        </select>
    </td>
</tr>
<tr>
    <td><?php echo $TEXT['DATE_FORMAT']; ?>:</td>
    <td>
        <select name="date_format" style="width: 98%;">
            <option value="">Please select...</option>
            <?php
            // Insert date format list
            $user_time = true;
            require_once(ADMIN_PATH.'/interface/date_formats.php');
            foreach($DATE_FORMATS AS $format => $title) {
                $format = str_replace('|', ' ', $format); // Add's white-spaces (not able to be stored in array key)
                if($format != 'system_default') {
                    $value = $format;
                } else {
                    $value = '';
                }
                if(DATE_FORMAT == $format AND !isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) {
                    $selected = ' selected';
                } elseif($format == 'system_default' AND isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) {
                    $selected = ' selected';
                } else {
                    $selected = '';
                }
                echo '<option value="'.$value.'"'.$selected.'>'.$title.'</option>';
            }
            ?>>
        </select>
    </td>
</tr>
<tr>
    <td><?php echo $TEXT['TIME_FORMAT']; ?>:</td>
    <td>
        <select name="time_format" style="width: 98%;">
            <option value="">Please select...</option>
            <?php
            // Insert time format list
            $user_time = true;
            require_once(ADMIN_PATH.'/interface/time_formats.php');
            foreach($TIME_FORMATS AS $format => $title) {
                $format = str_replace('|', ' ', $format); // Add's white-spaces (not able to be stored in array key)
                if($format != 'system_default') {
                    $value = $format;
                } else {
                    $value = '';
                }
                if(TIME_FORMAT == $format AND !isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) {
                    $selected = ' selected';
                } elseif($format == 'system_default' AND isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) {
                    $selected = ' selected';
                } else {
                    $selected = '';
                }
                echo '<option value="'.$value.'"'.$selected.'>'.$title.'</option>';
            }
            ?>
        </select>
    </td>
</tr>
<tr>
    <td>
    Business Name:
    </td>
    <td>
    <input type="text name="b_name" style="width: 200px;" maxlength="15" value="<?php echo $wb->get_b_name(); ?>">
    </td>
</tr>
<tr>
    <td>&nbsp;</td>
    <td>
        <input type="submit" name="submit" value="<?php echo $TEXT['SAVE']; ?>" />
        <input type="reset" name="reset" value="<?php echo $TEXT['RESET']; ?>" />
    </td>
</tr>
</table>

</form>


<h1>&nbsp;<?php echo $HEADING['MY_EMAIL']; ?></h1>

<form name="email" action="<?php echo WB_URL.'/account/preferences.php'; ?>" method="post" style="margin-bottom: 5px;">
<input type="hidden" name="user_id" value="{USER_ID}" />

<table cellpadding="5" cellspacing="0" border="0" width="97%">
<tr>
    <td width="140"><?php echo $TEXT['CURRENT_PASSWORD']; ?>:</td>
    <td>
        <input type="password" name="current_password" style="width: 380px;" />
    </td>
</tr>
<tr>
    <td><?php echo $TEXT['EMAIL']; ?>:</td>
    <td class="value_input">
        <input type="text" name="email" style="width: 380px;" maxlength="255" value="<?php echo $wb->get_email(); ?>" />
    </td>
</tr>

<tr>
    <td>&nbsp;</td>
    <td>
        <input type="submit" name="submit" value="<?php echo $TEXT['SAVE']; ?>" />
        <input type="reset" name="reset" value="<?php echo $TEXT['RESET']; ?>" />
    </td>
</tr>
</table>

</form>


<h1>&nbsp;<?php echo $HEADING['MY_PASSWORD']; ?></h1>

<form name="user" action="<?php echo WB_URL.'/account/preferences.php'; ?>" method="post">
<input type="hidden" name="user_id" value="{USER_ID}" />

<table cellpadding="5" cellspacing="0" border="0" width="97%">
<tr>
    <td width="140"><?php echo $TEXT['CURRENT_PASSWORD']; ?>:</td>
    <td>
        <input type="password" name="current_password" style="width: 380px;" />
    </td>
</tr>
<tr>
    <td><?php echo $TEXT['NEW_PASSWORD']; ?>:</td>
    <td>
        <input type="password" name="new_password" style="width: 380px;" />
    </td>
</tr>
<tr>
    <td><?php echo $TEXT['RETYPE_NEW_PASSWORD']; ?>:</td>
    <td>
        <input type="password" name="new_password2" style="width: 380px;" />
    </td>
</tr>
</tr>
<tr>
    <td>&nbsp;</td>
    <td>
        <input type="submit" name="submit" value="<?php echo $TEXT['SAVE']; ?>" />
        <input type="reset" name="reset" value="<?php echo $TEXT['RESET']; ?>" />
    </td>
</tr>
</table>

</form>

[Xeron7]

My details.php

Code:

<?php

// $Id: details.php 399 2006-12-24 07:50:44Z Ruebenwurzel $

if(!defined('WB_URL')) {
    header('Location: ../pages/index.php');
    exit(0);
}

// Get entered values
$display_name = $wb->add_slashes(strip_tags($wb->get_post('display_name')));
$language = $wb->get_post('language');
$timezone = $wb->get_post('timezone')*60*60;
$date_format = $wb->get_post('date_format');
$time_format = $wb->get_post('time_format');
$b_name = $wb->add_slashes(strip_tags($wb->get_post('b_name')));

// Create a javascript back link
$js_back = "javascript: history.go(-1);";

// Update the database
$database = new database();
$query = "UPDATE ".TABLE_PREFIX."users SET display_name = '$display_name', language = '$language', timezone = '$timezone', date_format = '$date_format', time_format = '$time_format', b_name = '$b_name' WHERE user_id = '".$wb->get_user_id()."'";
$database->query($query);
if($database->is_error()) {
    $wb->print_error($database->get_error,'index.php',false);
} else {
    $wb->print_success($MESSAGE['PREFERENCES']['DETAILS_SAVED'], WB_URL.'/account/preferences'.PAGE_EXTENSION);
    $_SESSION['DISPLAY_NAME'] = $display_name;
    $_SESSION['LANGUAGE'] = $language;
    $_SESSION['TIMEZONE'] = $timezone;
    $_SESSION['B_NAME'] = $b_name;
    // Update date format
    if($date_format != '') {
        $_SESSION['DATE_FORMAT'] = $date_format;
        if(isset($_SESSION['USE_DEFAULT_DATE_FORMAT'])) { unset($_SESSION['USE_DEFAULT_DATE_FORMAT']); }
    } else {
        $_SESSION['USE_DEFAULT_DATE_FORMAT'] = true;
        if(isset($_SESSION['DATE_FORMAT'])) { unset($_SESSION['DATE_FORMAT']); }
    }
    // Update time format
    if($time_format != '') {
        $_SESSION['TIME_FORMAT'] = $time_format;
        if(isset($_SESSION['USE_DEFAULT_TIME_FORMAT'])) { unset($_SESSION['USE_DEFAULT_TIME_FORMAT']); }
    } else {
        $_SESSION['USE_DEFAULT_TIME_FORMAT'] = true;
        if(isset($_SESSION['TIME_FORMAT'])) { unset($_SESSION['TIME_FORMAT']); }
    }
}

?>

[Xeron7]

my class.wb

Code:

<?php

// $Id: class.wb.php 406 2006-12-25 01:52:36Z ryan $

/*

 WebsiteBaker Project <http://www.websitebaker.org/>
 Copyright (C) 2004-2007, Ryan Djurovich

 WebsiteBaker is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation; either version 2 of the License, or
 (at your option) any later version.

 WebsiteBaker is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License
 along with websitebaker; if not, write to the Free Software
 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

/*

wb class

This class is the basis for admin and frontend classes.

*/

// Include PHPLIB template class
require_once(WB_PATH."/include/phplib/template.inc");

require_once(WB_PATH.'/framework/class.database.php');

// Include new wbmailer class (subclass of PHPmailer)
require_once(WB_PATH."/framework/class.wbmailer.php");

class wb
{
    // General initialization function 
    // performed when frontend or backend is loaded.
    function wb() {
    }

    // Check whether we should show a page or not (for front-end)
    function show_page($page) {
        // First check if the page is set to private
        if($page['visibility'] == 'private' OR $page['visibility'] == 'registered') {
            // Check if the user is logged in
            if($this->is_authenticated() == true) {
                // Now check if the user has perms to view it
                $viewing_groups = explode(',', $page['viewing_groups']);
                $viewing_users = explode(',', $page['viewing_users']);
                if(is_numeric(array_search($this->get_group_id(), $viewing_groups)) OR is_numeric(array_search($this->get_user_id(), $viewing_users))) {
                    return true;
                } else {
                    return false;
                }
            } else {
                return false;
            }
        } elseif($page['visibility'] == 'public') {
            return true;
        } else {
            return false;
        }
    }

    // Check if the user is already authenticated or not
    function is_authenticated() {
        if(isset($_SESSION['USER_ID']) AND $_SESSION['USER_ID'] != "" AND is_numeric($_SESSION['USER_ID'])) {
            return true;
        } else {
            return false;
        }
    }
    // Modified addslashes function which takes into account magic_quotes
    function add_slashes($input) {
        if ( get_magic_quotes_gpc() || ( !is_string($input) ) ) {
            return $input;
        }
        $output = addslashes($input);
        return $output;
    }

    // Ditto for stripslashes
    function strip_slashes($input) {
        if ( !get_magic_quotes_gpc() || ( !is_string($input) ) ) {
            return $input;
        }
        $output = stripslashes($input);
        return $output;
    }

    // Escape backslashes for use with mySQL LIKE strings
    function escape_backslashes($input) {
        return str_replace("\\","\\\\",$input);
    }

    function page_link($link){
        // Check for :// in the link (used in URL's) as well as mailto:
        if(strstr($link, '://') == '' AND substr($link, 0, 7) != 'mailto:') {
            return WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
        } else {
            return $link;
        }
    }
    
    // Get POST data
    function get_post($field) {
        if(isset($_POST[$field])) {
            return $_POST[$field];
        } else {
            return null;
        }
    }

    // Get POST data and escape it
    function get_post_escaped($field) {
        $result = $this->get_post($field);
        return (is_null($result)) ? null : $this->add_slashes($result);
    }
    
    // Get GET data
    function get_get($field) {
        if(isset($_GET[$field])) {
            return $_GET[$field];
        } else {
            return null;
        }
    }

    // Get SESSION data
    function get_session($field) {
        if(isset($_SESSION[$field])) {
            return $_SESSION[$field];
        } else {
            return null;
        }
    }

    // Get SERVER data
    function get_server($field) {
        if(isset($_SERVER[$field])) {
            return $_SERVER[$field];
        } else {
            return null;
        }
    }

    // Get the current users id
    function get_user_id() {
        return $_SESSION['USER_ID'];
    }

    // Get the current users group id
    function get_group_id() {
        return $_SESSION['GROUP_ID'];
    }

    // Get the current users group name
    function get_group_name() {
        return $_SESSION['GROUP_NAME'];
    }

    // Get the current users username
    function get_username() {
        return $_SESSION['USERNAME'];
    }

    // Get the current users display name
    function get_display_name() {
        return ($_SESSION['DISPLAY_NAME']);
    }

    // Get the current users email address
    function get_email() {
        return $_SESSION['EMAIL'];
    }

    // Get the current users home folder
    function get_home_folder() {
        return $_SESSION['HOME_FOLDER'];
    }

    // Get the current users timezone
    function get_timezone() {
        if(!isset($_SESSION['USE_DEFAULT_TIMEZONE'])) {
            return $_SESSION['TIMEZONE'];
        } else {
            return '-72000';
        }
    }

    // Validate supplied email address
    function validate_email($email) {
        if(eregi("^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$", $email)) {
            return true;
        } else {
            return false;
        }
    }

    //CUSTOM BIZ FUNCTIONS
    //BIZ FUNCTION: Gets b_name
    function get_b_name() {
        return $_SESSION['B_NAME'];
    }
    // Print a success message which then automatically redirects the user to another page
    function print_success($message, $redirect = 'index.php') {
        global $TEXT;
        $success_template = new Template(ADMIN_PATH.'/interface');
        $success_template->set_file('page', 'success.html');
        $success_template->set_block('page', 'main_block', 'main');
        $success_template->set_var('MESSAGE', $message);
        $success_template->set_var('REDIRECT', $redirect);
        $success_template->set_var('NEXT', $TEXT['NEXT']);
        $success_template->parse('main', 'main_block', false);
        $success_template->pparse('output', 'page');
    }
    
    // Print an error message
    function print_error($message, $link = 'index.php', $auto_footer = true) {
        global $TEXT;
        $success_template = new Template(ADMIN_PATH.'/interface');
        $success_template->set_file('page', 'error.html');
        $success_template->set_block('page', 'main_block', 'main');
        $success_template->set_var('MESSAGE', $message);
        $success_template->set_var('LINK', $link);
        $success_template->set_var('BACK', $TEXT['BACK']);
        $success_template->parse('main', 'main_block', false);
        $success_template->pparse('output', 'page');
        if($auto_footer == true) {
            $this->print_footer();
        }
        exit();
    }

    // Validate send email
    function mail($fromaddress, $toaddress, $subject, $message) {
        $fromaddress = preg_replace('/[\r\n]/', '', $fromaddress);
        $toaddress = preg_replace('/[\r\n]/', '', $toaddress);
        $subject = preg_replace('/[\r\n]/', '', $subject);
        $message = preg_replace('/[\r\n]/', '<br \>', $message);
        
        /* 
        SOME SERVICE PROVIDERS DO NOT SUPPORT SENDING MAIL VIA PHP AS IT DOES NOT PROVIDE SMTP AUTHENTICATION
        NEW WBMAILER CLASS IS ABLE TO SEND OUT MESSAGES USING SMTP WHICH RESOLVE THESE ISSUE
        
        NOTE:
        To use SMTP for sending out mails, you have to specify the SMTP host of your domain
        via the variable "WBMAILER_SMTP_HOST" in the "config.php" file
        If variable is not defined, the WBMAILER class uses the PHP mail() function per default
        
        the mail header is automatically created by PHPMailer and therefore commented out
        UPDATE INTRODUCED BY DOC (C. SOMMER, 22. October 2006)
        */ 
        
        /* 
        if ($fromaddress=='') {
            $fromaddress = SERVER_EMAIL;
        }
        
        if(defined('DEFAULT_CHARSET')) { 
            $charset = DEFAULT_CHARSET; 
        } else {
            $charset='utf-8';
        }
        
        $headers  = "MIME-Version: 1.0\n";
        $headers .= "Content-type: text/plain; charset=".$charset."\n";
        $headers .= "X-Priority: 3\n";
        $headers .= "X-MSMail-Priority: Normal\n";
        $headers .= "X-Mailer: websitebaker\n";
        $headers .= "From: ".$fromaddress."\n";
        $headers .= "Return-Path: ".$fromaddress."\n";
        $headers .= "Reply-To: ".$fromaddress."\n";
        $headers .= "\n"; // extra empty line needed??
        
        if (OPERATING_SYSTEM=='windows') {
            //str_replace("\n","\r\n",$headers);
            str_replace("\n","\r\n",$message);
        }    
        
        if(mail($toaddress, $subject, $message, $headers)) {
            return true;
        } else {
            return false;
        }
        */
        
        // create PHPMailer object and define default settings
        $myMail = new wbmailer();
      
        // set user defined from address
        if ($fromaddress!='') {
            $myMail->From = $fromaddress;                           // FROM:
            $myMail->AddReplyTo($fromaddress);                      // REPLY TO:
        }
        
        // define recepient and information to send out
        $myMail->AddAddress($toaddress);                            // TO:
        $myMail->Subject = $subject;                                // SUBJECT
        $myMail->Body = $message;                                   // CONTENT (HTML)
        $myMail->AltBody = strip_tags($message);                    // CONTENT (TEXT)
        
        // check if there are any send mail errors, otherwise say successful
        if (!$myMail->Send()) {
            return false;
        } else {
            return true;
        }
    }

}
?>

[Xeron7]

my class.login.php

Code:

<?php

// $Id: class.login.php 399 2006-12-24 07:50:44Z Ruebenwurzel $

/*

 WebsiteBaker Project <http://www.websitebaker.org/>
 Copyright (C) 2004-2007, Ryan Djurovich

 WebsiteBaker is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation; either version 2 of the License, or
 (at your option) any later version.

 WebsiteBaker is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License
 along with websitebaker; if not, write to the Free Software
 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

/*

Login class

This class will be used to with the login application

*/

// Stop this file from being accessed directly
if(!defined('WB_URL')) {
    header('Location: ../index.php');
    exit(0);
}

define('LOGIN_CLASS_LOADED', true);

// Load the other required class files if they are not already loaded
require_once(WB_PATH."/framework/class.admin.php");

class login extends admin {
    function login($config_array) {
        // Get language vars
        global $MESSAGE;
        $this->wb();
        // Get configuration values
        $this->USERS_TABLE = $config_array['USERS_TABLE'];
        $this->GROUPS_TABLE = $config_array['GROUPS_TABLE'];
        $this->username_fieldname = $config_array['USERNAME_FIELDNAME'];
        $this->password_fieldname = $config_array['PASSWORD_FIELDNAME'];
        $this->remember_me_option = $config_array['REMEMBER_ME_OPTION'];
        $this->max_attemps = $config_array['MAX_ATTEMPS'];
        $this->warning_url = $config_array['WARNING_URL'];
        $this->login_url = $config_array['LOGIN_URL'];
        $this->template_dir = $config_array['TEMPLATE_DIR'];
        $this->template_file = $config_array['TEMPLATE_FILE'];
        $this->frontend = $config_array['FRONTEND'];
        $this->forgotten_details_app = $config_array['FORGOTTEN_DETAILS_APP'];
        $this->max_username_len = $config_array['MAX_USERNAME_LEN'];
        $this->max_password_len = $config_array['MAX_PASSWORD_LEN'];
        if (array_key_exists('REDIRECT_URL',$config_array))
            $this->redirect_url = $config_array['REDIRECT_URL'];
        else
            $this->redirect_url = '';
        // Get the supplied username and password
        if ($this->get_post('username_fieldname') != ''){
            $username_fieldname = $this->get_post('username_fieldname');
            $password_fieldname = $this->get_post('password_fieldname');
        } else {
            $username_fieldname = 'username';
            $password_fieldname = 'password';
        }
        $this->username = $this->add_slashes(strtolower($this->get_post($username_fieldname)));
        $this->password = $this->get_post($password_fieldname);
        // Figure out if the "remember me" option has been checked
        if($this->get_post('remember') == 'true') {
            $this->remember = $this->get_post('remember');
        } else {
            $this->remember = false;
        }
        // Get the length of the supplied username and password
        if($this->get_post($username_fieldname) != '') {
            $this->username_len = strlen($this->username);
            $this->password_len = strlen($this->password);
        }
        // If the url is blank, set it to the default url
        $this->url = $this->get_post('url');
        if ($this->redirect_url!='') {
            $this->url = $this->redirect_url;
        }        
        if(strlen($this->url) < 2) {
            $this->url = $config_array['DEFAULT_URL'];
        }
        if($this->is_authenticated() == true) {
            // User already logged-in, so redirect to default url
            header('Location: '.$this->url);
            exit();
        } elseif($this->is_remembered() == true) {
            // User has been "remembered"
            // Get the users password
            $database = new database();
            $query_details = $database->query("SELECT * FROM ".$this->USERS_TABLE." WHERE user_id = '".substr($_COOKIE['REMEMBER_KEY'], 0, 11)."' LIMIT 1");
            $fetch_details = $query_details->fetchRow();
            $this->username = $fetch_details['username'];
            $this->password = $fetch_details['password'];
            // Check if the user exists (authenticate them)
            if($this->authenticate()) {
                // Authentication successful
                header("Location: ".$this->url);
                exit(0);
            } else {
                $this->message = $MESSAGE['LOGIN']['AUTHENTICATION_FAILED'];
                $this->increase_attemps();
            }
        } elseif($this->username == '' AND $this->password == '') {
            $this->message = $MESSAGE['LOGIN']['BOTH_BLANK'];
            $this->increase_attemps();
        } elseif($this->username == '') {
            $this->message = $MESSAGE['LOGIN']['USERNAME_BLANK'];
            $this->increase_attemps();
        } elseif($this->password == '') {
            $this->message = $MESSAGE['LOGIN']['PASSWORD_BLANK'];
            $this->increase_attemps();
        } elseif($this->username_len < $config_array['MIN_USERNAME_LEN']) {
            $this->message = $MESSAGE['LOGIN']['USERNAME_TOO_SHORT'];
            $this->increase_attemps();
        } elseif($this->password_len < $config_array['MIN_PASSWORD_LEN']) {
            $this->message = $MESSAGE['LOGIN']['PASSWORD_TOO_SHORT'];
            $this->increase_attemps();
        } elseif($this->username_len > $config_array['MAX_USERNAME_LEN']) {
            $this->message = $MESSAGE['LOGIN']['USERNAME_TOO_LONG'];
            $this->increase_attemps();
        } elseif($this->password_len > $config_array['MAX_PASSWORD_LEN']) {
            $this->message = $MESSAGE['LOGIN']['PASSWORD_TOO_LONG'];
            $this->increase_attemps();
        } else {
            // Check if the user exists (authenticate them)
            $this->password = md5($this->password);
            if($this->authenticate()) {
                // Authentication successful
                //echo $this->url;exit();
                header("Location: ".$this->url);
                exit(0);
            } else {
                $this->message = $MESSAGE['LOGIN']['AUTHENTICATION_FAILED'];
                $this->increase_attemps();
            }
        }
    }
    
    // Authenticate the user (check if they exist in the database)
    function authenticate() {
        // Get user information
        $database = new database();
        $query = "SELECT * FROM ".$this->USERS_TABLE." WHERE username = '".$this->username."' AND password = '".$this->password."' AND active = '1'";
        $results = $database->query($query);
        $results_array = $results->fetchRow();
        $num_rows = $results->numRows();
        if($num_rows) {
            $user_id = $results_array['user_id'];
            $this->user_id = $user_id;
            $_SESSION['USER_ID'] = $user_id;
            $_SESSION['GROUP_ID'] = $results_array['group_id'];
            $_SESSION['USERNAME'] = $results_array['username'];
            $_SESSION['DISPLAY_NAME'] = $results_array['display_name'];
            $_SESSION['EMAIL'] = $results_array['email'];
            $_SESSION['HOME_FOLDER'] = $results_array['home_folder'];
            //CUSTOM BIZ ADDITIONS
            $_SESSION['B_NAME'] = $results_array['b_name'];
            //END CUSTOM

            // Run remember function if needed
            if($this->remember == true) {
                $this->remember($this->user_id);
            }
            // Set language
            if($results_array['language'] != '') {
                $_SESSION['LANGUAGE'] = $results_array['language'];
            }
            // Set timezone
            if($results_array['timezone'] != '-72000') {
                $_SESSION['TIMEZONE'] = $results_array['timezone'];
            } else {
                // Set a session var so apps can tell user is using default tz
                $_SESSION['USE_DEFAULT_TIMEZONE'] = true;
            }
            // Set date format
            if($results_array['date_format'] != '') {
                $_SESSION['DATE_FORMAT'] = $results_array['date_format'];
            } else {
                // Set a session var so apps can tell user is using default date format
                $_SESSION['USE_DEFAULT_DATE_FORMAT'] = true;
            }
            // Set time format
            if($results_array['time_format'] != '') {
                $_SESSION['TIME_FORMAT'] = $results_array['time_format'];
            } else {
                // Set a session var so apps can tell user is using default time format
                $_SESSION['USE_DEFAULT_TIME_FORMAT'] = true;
            }
            // Get group information
            $query = "SELECT * FROM ".$this->GROUPS_TABLE." WHERE group_id = '".$this->get_session('GROUP_ID')."'";
            $results = $database->query($query);
            $results_array = $results->fetchRow();
            $_SESSION['GROUP_NAME'] = $results_array['name'];
            // Set system permissions
            if($results_array['system_permissions'] != '') {
                $_SESSION['SYSTEM_PERMISSIONS'] = explode(',', $results_array['system_permissions']);
            } else {
                $_SESSION['SYSTEM_PERMISSIONS'] = array();
            }
            // Set module permissions
            if($results_array['module_permissions'] != '') {
                $_SESSION['MODULE_PERMISSIONS'] = explode(',', $results_array['module_permissions']);
            } else {
                $_SESSION['MODULE_PERMISSIONS'] = array();
            }
            // Set template permissions
            if($results_array['template_permissions'] != '') {
                $_SESSION['TEMPLATE_PERMISSIONS'] = explode(',', $results_array['template_permissions']);
            } else {
                $_SESSION['TEMPLATE_PERMISSIONS'] = array();
            }
            // Update the users table with current ip and timestamp
            $get_ts = mktime();
            $get_ip = $_SERVER['REMOTE_ADDR'];
            $query = "UPDATE ".$this->USERS_TABLE." SET login_when = '$get_ts', login_ip = '$get_ip' WHERE user_id = '$user_id'";
            $database->query($query);
        }
        // Return if the user exists or not
        return $num_rows;
    }     
    // Increase the count for login attemps
    function increase_attemps() {
        if(!isset($_SESSION['ATTEMPS'])) {
            $_SESSION['ATTEMPS'] = 0;
        } else {
            $_SESSION['ATTEMPS'] = $this->get_session('ATTEMPS')+1;
        }
        $this->display_login();
    }
    
    // Function to set a "remembering" cookie for the user
    function remember($user_id) {
        $remember_key = '';
        // Generate user id to append to the remember key
        $length = 11-strlen($user_id);
        if($length > 0) {
            for($i = 1; $i <= $length; $i++) {
                $remember_key .= '0';
            }
        }
        // Generate remember key
        $remember_key .= $user_id.'_';
        $salt = "abchefghjkmnpqrstuvwxyz0123456789";
        srand((double)microtime()*1000000);
        $i = 0;
        while ($i <= 10) {
            $num = rand() % 33;
            $tmp = substr($salt, $num, 1);
            $remember_key = $remember_key . $tmp;
            $i++;
        }
        $remember_key = $remember_key;
        // Update the remember key in the db
        $database = new database();
        $database->query("UPDATE ".$this->USERS_TABLE." SET remember_key = '$remember_key' WHERE user_id = '$user_id' LIMIT 1");
        if($database->is_error()) {
            return false;
        } else {
            // Workout options for the cookie
            $cookie_name = 'REMEMBER_KEY';
            $cookie_value = $remember_key;
            $cookie_expire = time()+60*60*24*30;
            // Set the cookie
            if(setcookie($cookie_name, $cookie_value, $cookie_expire, '/')) {
                return true;
            } else {
                return false;
            }
        }
    }
    
    // Function to check if a user has been remembered
    function is_remembered() {
        if(isset($_COOKIE['REMEMBER_KEY']) AND $_COOKIE['REMEMBER_KEY'] != '') {
            // Check if the remember key is correct
            $database = new database();
            $check_query = $database->query("SELECT user_id FROM ".$this->USERS_TABLE." WHERE remember_key = '".$_COOKIE['REMEMBER_KEY']."' LIMIT 1");
            if($check_query->numRows() > 0) {
                $check_fetch = $check_query->fetchRow();
                $user_id = $check_fetch['user_id'];
                // Check the remember key prefix
                $remember_key_prefix = '';
                $length = 11-strlen($user_id);
                if($length > 0) {
                    for($i = 1; $i <= $length; $i++) {
                        $remember_key_prefix .= '0';
                    }
                }
                $remember_key_prefix .= $user_id.'_';
                $length = strlen($remember_key_prefix);
                if(substr($_COOKIE['REMEMBER_KEY'], 0, $length) == $remember_key_prefix) {
                    return true;
                } else {
                    return false;
                }
            } else {
                return false;
            }
        } else {
            return false;
        }
    }
    
    // Display the login screen
    function display_login() {
        // Get language vars
        global $MESSAGE;
        global $MENU;
        global $TEXT;
        // If attemps more than allowed, warn the user
        if($this->get_session('ATTEMPS') > $this->max_attemps) {
            $this->warn();
        }
        // Show the login form
        if($this->frontend != true) {
            require_once(WB_PATH.'/include/phplib/template.inc');
            $template = new Template($this->template_dir);
            $template->set_file('page', $this->template_file);
            $template->set_block('page', 'mainBlock', 'main');
            if($this->remember_me_option != true) {
                $template->set_var('DISPLAY_REMEMBER_ME', 'none');
            } else {
                $template->set_var('DISPLAY_REMEMBER_ME', '');
            }
            $template->set_var(array(
                                            'ACTION_URL' => $this->login_url,
                                            'ATTEMPS' => $this->get_session('ATTEMPS'),
                                            'USERNAME' => $this->username,
                                            'USERNAME_FIELDNAME' => $this->username_fieldname,
                                            'PASSWORD_FIELDNAME' => $this->password_fieldname,
                                            'MESSAGE' => $this->message,
                                            'INTERFACE_DIR_URL' =>  ADMIN_URL.'/interface',
                                            'MAX_USERNAME_LEN' => $this->max_username_len,
                                            'MAX_PASSWORD_LEN' => $this->max_password_len,
                                            'WB_URL' => WB_URL,
                                            'FORGOTTEN_DETAILS_APP' => $this->forgotten_details_app,
                                            'TEXT_FORGOTTEN_DETAILS' => $TEXT['FORGOTTEN_DETAILS'],
                                            'TEXT_USERNAME' => $TEXT['USERNAME'],
                                            'TEXT_PASSWORD' => $TEXT['PASSWORD'],
                                            'TEXT_REMEMBER_ME' => $TEXT['REMEMBER_ME'],
                                            'TEXT_LOGIN' => $TEXT['LOGIN'],
                                            'TEXT_HOME' => $TEXT['HOME'],
                                            'PAGES_DIRECTORY' => PAGES_DIRECTORY,
                                            'SECTION_LOGIN' => $MENU['LOGIN']
                                            )
                                    );
            if(defined('DEFAULT_CHARSET')) {
                $charset=DEFAULT_CHARSET;
            } else {
                $charset='utf-8';
            }
            
            $template->set_var('CHARSET', $charset);    
                                    
                                    
            $template->parse('main', 'mainBlock', false);
            $template->pparse('output', 'page');
        }
    }
    
    // Warn user that they have had to many login attemps
    function warn() {
        header('Location: '.$this->warning_url);
        exit(0);
    }
    
}

?>

[Xeron7]

help anyone?
mods?

can anyone that successfully did this tell me how?
i've searched all over the forum and found nothing that works...

[kweitzel]

After having had a quick look at you code, I think the issue might be the variables in the UPDATE SQL Statement.

I would echo those variables before updating them into the DB. This way you can verify their content before writing them into the DB.

cheers

Klaus

[Xeron7]

thanks for the help..

I'm implementing a system where people can register their local business on my website. So what I'm going to do, is just make a form where they submit the info. Then I check all of the pending applications on a site. Then the sites that are marked accepted get will in my business directory.

I'll make it so it puts all of this info on a seperate table in the database.

[kweitzel]

It might be easier then to create a new Module for it instead of modifying the existing forms. This way you can keep the whole WB Part updateable. The way you choose to do it now, you can not update WB without reimplementing your code.

Anyway, let us know, how you are getting on with it ...

cheers

Klaus

[Xeron7]

i've got to take a few days off from making my website because of school
i have loads of work to do because i was sick...

either wednesday or thursday i will probably write up the psuedocode then i'll begin actual coding on the weekend.

[Tzvook]

It might be easier then to create a new Module for it instead of modifying the existing forms. This way you can keep the whole WB Part updateable. The way you choose to do it now, you can not update WB without reimplementing your code.

Anyway, let us know, how you are getting on with it ...

cheers

Klaus

I too am really interested in adding a field or two to the page preferences (to track google adsense for different pages with ad numbers)

Hope someone done it b4 .... wasn't found in the forums )