From a6f3db10a1b4fa757bd08daaaae20a62ab4919ce Mon Sep 17 00:00:00 2001
From: mauirixxx <mauirixxx@users.noreply.github.com>
Date: Wed, 24 May 2017 23:38:32 -1000
Subject: [PATCH] more session madness

will need to delete commented out lines if all this works
---
 gw-index.php    | 1 -
 gw-insert.php   | 3 ++-
 gw-location.php | 4 +---
 gw-login.php    | 4 ++--
 gw-record.php   | 7 ++++---
 5 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/gw-index.php b/gw-index.php
index e4b4a2f..9a1f23f 100644
--- a/gw-index.php
+++ b/gw-index.php
@@ -1,5 +1,4 @@
 <?php
-// tie everything together from here hopefully, might not even need the connection info?
 session_start();
 if (isset($_SESSION['userid']) && ($_SESSION['access'])){
 	echo 'Proceed to character selection <A HREF="gw-toon.php">here</A><BR>'; //really should automate this
diff --git a/gw-insert.php b/gw-insert.php
index 3fdaf10..b24a7ab 100644
--- a/gw-insert.php
+++ b/gw-insert.php
@@ -5,7 +5,8 @@ $con = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
 $gold = mysqli_real_escape_string($con, $_POST['droppedgold']); //how much gold dropped
 $droptype = mysqli_real_escape_string($con, $_POST['droptype']); //this dictates if the drop was a weapon/rune/material
 $locid = mysqli_real_escape_string($con, $_POST['location']); //this is `treasurelocation`.`treasureid` in the database
-$toonid = mysqli_real_escape_string($con, $_POST['chartoon']); //this is the id of the character doing the hunting
+//$toonid = mysqli_real_escape_string($con, $_POST['chartoon']); //this is the id of the character doing the hunting
+$toonid = $_SESSION['playerid'];
 $treasdate = mysqli_real_escape_string($con, $_POST['treasuredate']);
 if ($droptype == 1){
 	$rarity = mysqli_real_escape_string($con, $_POST['rare']);
diff --git a/gw-location.php b/gw-location.php
index 23df8d1..e26d55e 100644
--- a/gw-location.php
+++ b/gw-location.php
@@ -3,8 +3,6 @@
 session_start();
 include_once 'gw-connect.php';
 $con = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
-//all POST variable data under here
-//$playerid = mysqli_real_escape_string($con, $_POST['playerid']);
 $playerid = $_SESSION['playerid'];
 if ($con->connect_errno > 0){
 	die ('Unable to connect to database [' . $db->connect_errno . ']');
@@ -14,7 +12,7 @@ if (!$resultmap = $con->query($sqlmaploc)){
 	die ('There was an error running the query [' . $con->error . ']');
 }
 echo '<BODY><CENTER><FORM METHOD="POST" ACTION="gw-record.php">';
-echo '<INPUT TYPE="HIDDEN" NAME="playerid" VALUE="' . $playerid . '">';
+//echo '<INPUT TYPE="HIDDEN" NAME="playerid" VALUE="' . $playerid . '">';
 echo '<SELECT NAME="locationid" onchange="this.form.submit()">';
 echo '<OPTION SELECTED DISABLED>Select a map location</OPTION>';
 while ($rowmap = $resultmap->fetch_array()){
diff --git a/gw-login.php b/gw-login.php
index e6674d0..a1b75bb 100644
--- a/gw-login.php
+++ b/gw-login.php
@@ -2,8 +2,8 @@
 session_start();
 include_once 'gw-connect.php';
 $con = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
-$username = mysqli_real_escape_string($con, $_POST['username']); //enable this after username form is built
-$password = mysqli_real_escape_string($con, $_POST['password']); //enable this after password form is built
+$username = mysqli_real_escape_string($con, $_POST['username']);
+$password = mysqli_real_escape_string($con, $_POST['password']);
 $password = md5($password);
 if ($con->connect_errno > 0){
 	die ('Unable to connect to database [' . $db->connect_errno . ']');
diff --git a/gw-record.php b/gw-record.php
index 29955b2..234defa 100644
--- a/gw-record.php
+++ b/gw-record.php
@@ -1,11 +1,12 @@
 <TITLE>What Dropped?</TITLE>
 <BODY>
 <?php
+session_start();
 include_once 'gw-connect.php';
 $con = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
-$toonid = mysqli_real_escape_string($con, $_POST['playerid']); //enable this after character selection is working
-$location = mysqli_real_escape_string($con, $_POST['locationid']); //enable this after location selection is working
-//$location = 4; //delete this line after location selection is finished/working
+//$toonid = mysqli_real_escape_string($con, $_POST['playerid']); //enable this after character selection is working
+$toonid = $_SESSION['playerid'];
+$location = mysqli_real_escape_string($con, $_POST['locationid']);
 $whatdropped = mysqli_real_escape_string($con, $_POST['gwdrop']);
 if ($con->connect_errno > 0){
 	die ('Unable to connect to database [' . $db->connect_errno . ']');