more session madness

will need to delete commented out lines if all this works

gw-index.php

@@ -1,5 +1,4 @@
 <?php
-// tie everything together from here hopefully, might not even need the connection info?
 session_start();
 if (isset($_SESSION['userid']) && ($_SESSION['access'])){
 	echo 'Proceed to character selection <A HREF="gw-toon.php">here</A><BR>'; //really should automate this

gw-insert.php

@@ -5,7 +5,8 @@ $con = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
 $gold = mysqli_real_escape_string($con, $_POST['droppedgold']); //how much gold dropped
 $droptype = mysqli_real_escape_string($con, $_POST['droptype']); //this dictates if the drop was a weapon/rune/material
 $locid = mysqli_real_escape_string($con, $_POST['location']); //this is `treasurelocation`.`treasureid` in the database
-$toonid = mysqli_real_escape_string($con, $_POST['chartoon']); //this is the id of the character doing the hunting
+//$toonid = mysqli_real_escape_string($con, $_POST['chartoon']); //this is the id of the character doing the hunting
+$toonid = $_SESSION['playerid'];
 $treasdate = mysqli_real_escape_string($con, $_POST['treasuredate']);
 if ($droptype == 1){
 	$rarity = mysqli_real_escape_string($con, $_POST['rare']);

gw-location.php

@@ -3,8 +3,6 @@
 session_start();
 include_once 'gw-connect.php';
 $con = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
-//all POST variable data under here
-//$playerid = mysqli_real_escape_string($con, $_POST['playerid']);
 $playerid = $_SESSION['playerid'];
 if ($con->connect_errno > 0){
 	die ('Unable to connect to database [' . $db->connect_errno . ']');
@@ -14,7 +12,7 @@ if (!$resultmap = $con->query($sqlmaploc)){
 	die ('There was an error running the query [' . $con->error . ']');
 }
 echo '<BODY><CENTER><FORM METHOD="POST" ACTION="gw-record.php">';
-echo '<INPUT TYPE="HIDDEN" NAME="playerid" VALUE="' . $playerid . '">';
+//echo '<INPUT TYPE="HIDDEN" NAME="playerid" VALUE="' . $playerid . '">';
 echo '<SELECT NAME="locationid" onchange="this.form.submit()">';
 echo '<OPTION SELECTED DISABLED>Select a map location</OPTION>';
 while ($rowmap = $resultmap->fetch_array()){

gw-login.php

@@ -2,8 +2,8 @@
 session_start();
 include_once 'gw-connect.php';
 $con = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
-$username = mysqli_real_escape_string($con, $_POST['username']); //enable this after username form is built
-$password = mysqli_real_escape_string($con, $_POST['password']); //enable this after password form is built
+$username = mysqli_real_escape_string($con, $_POST['username']);
+$password = mysqli_real_escape_string($con, $_POST['password']);
 $password = md5($password);
 if ($con->connect_errno > 0){
 	die ('Unable to connect to database [' . $db->connect_errno . ']');

gw-record.php

@@ -1,11 +1,12 @@
 <TITLE>What Dropped?</TITLE>
 <BODY>
 <?php
+session_start();
 include_once 'gw-connect.php';
 $con = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
-$toonid = mysqli_real_escape_string($con, $_POST['playerid']); //enable this after character selection is working
-$location = mysqli_real_escape_string($con, $_POST['locationid']); //enable this after location selection is working
-//$location = 4; //delete this line after location selection is finished/working
+//$toonid = mysqli_real_escape_string($con, $_POST['playerid']); //enable this after character selection is working
+$toonid = $_SESSION['playerid'];
+$location = mysqli_real_escape_string($con, $_POST['locationid']);
 $whatdropped = mysqli_real_escape_string($con, $_POST['gwdrop']);
 if ($con->connect_errno > 0){
 	die ('Unable to connect to database [' . $db->connect_errno . ']');