|
PHP - Restricting Access To Admin Only
I am using the following to check that the user is logged on before he/she views pages on my site can I adapt what is here so that only some pages can be viewed by admin only?
<?php include("../php/dbconnect.php"); //connects to the database //session code session_start(); //Check if user is authenticated if(!isset($_SESSION['username'])){ //User not logged in, redirect to login page header( "Location: http://webdev/schools/hhs/psy_bookings/" ); } else { //User is logged in, contiue (use session vars to diplay username/email) //echo "'Welcome, {$_SESSION['username']}. You are still logged in. <br />'"; // echo "'Your email address is: {$_SESSION['email']}.'"; }//end of session code ?> Similar TutorialsHere is my situation. I have an exam application built in Flash, where after the taker is finished and submits their scores a record is created in MySQL in a log table. Basically there is a column called attempt which is populated with a 1 after they have successfully finished the exam. When this column has a 1, the user is locked out and cannot access the exam when they try and login. The Flash part was built a while back in AS3 and is very cumbersome to try and figure out and make changes, so I have been trying to improve some things on the PHP/MySQL end. What I have now is a php based login which uses if else statements to determine if a user has passed and if they have not uses a DELETE statement to delete their log record and thus they regain access to taking the exam. Code below. <?php if(($pcnt[$i]*100) > 89) { echo "<span class='green'>you did great!</span>"; } else { $query_delete = "DELETE FROM log_March2011 USING log_March2011 INNER JOIN roster_March2011 WHERE log_March2011.user_id =roster_March2011.user_id AND roster_March2011.user_id = '{$_SESSION['user_id']}'"; //echo $query_delete; //for debugging test $result_delete = mysql_query($query_delete) or trigger_error('Query failed: ' .mysql_error()); //$num = mysql_affected_rows($db); if ($result_delete) { echo "<span class='red'>Please review missed questions/sections below</span><br />You can now retake the exam"; }// end if else { echo "No record of taking exam"; } //end else } ?> what I would like to do to improve the application is to be able to implement a set number of attempts allowed before the user is disallowed to take the exam again, but not sure how to implement this or is even possible? I have a search form. $req is a keyword or an ID number input by user. As you can see, query checks only for rows where userID matches the current login userID. My question is, how to transform (not independent query for admins) the query to search all rows if user $access is admin (no matter the administrator's own userID). Code: [Select] <?php $userID="something"; (from session) $access="something" (from session / user or admin) $query="SELECT esName, esID, esAddress FROM estates WHERE (esName LIKE '$req' OR esID LIKE '$req') AND userID='$userID'"; mysql_query($query); ?> Thanks in advance is this a good way of doing a simple admin different rights e.g if secret word then go to adminpage.php Code: [Select] session_start(); $captcha = $_POST["captcha"] ; $secretword = $_SESSION["secretword"] ; if (strcmp( $captcha, $secretword )) { // it's a bot } else { // matched -- it's a human } I have a search code for my site and I want to narrow the scope of the search with a drop down that will allow users to pick a state, ( the sql table includes a state field ) or set the script so that i will only search for results for a particular state. In the sql select I have tried every way of using WHERE venue_state='NY' but it will not work. I would really rather allow the users to select a state from a dropdown and then enter the search term - city, zip or venue name. Thank you for looking Code: [Select] <?php include('config.db.php'); $find = trim($_GET['find']); $field = $_GET['field']; if($find && $field) { // we have search form submitted // check for values to prevent sql injection $valid_fields = array("venue_zip", "venue_city" , "show_name"); if(!in_array($field, $valid_fields)) die("Error: Invalid field!"); $rpp = 10; // results per page $adjacents = 4; $page = intval($_GET["page"]); if(!$page) $page = 1; $reload = $_SERVER['PHP_SELF'] . "?find=" . urlencode($find) . "&field=" . urlencode($field); echo "<h4>Search Results for $find</h4>\n"; $find = addslashes($find); $result = mysql_query("SELECT *, DATE_FORMAT(`start_date`, '%b %e, %Y') AS s_date FROM craft_shows WHERE $field LIKE '%$find%'"); if(mysql_num_rows($result) == 0) { echo "<p>0 matches found.</p>"; } else { echo "<table class='table7' cellpadding='2'>"; echo "<tr><td> </td><td><strong>Date</strong></td><td><strong>Show Name</strong></td><td><strong>City</strong></td><td><strong>Attendance</strong></td></tr>"; echo "<tr><td colspan='5'><hr class=\"hr2\"></td></tr>"; // count total number of appropriate listings: $tcount = mysql_num_rows($result); // count number of pages: $tpages = ($tcount) ? ceil($tcount/$rpp) : 1; // total pages, last page number $count = 0; $i = ($page-1)*$rpp; while(($count<$rpp) && ($i<$tcount)) { mysql_data_seek($result,$i); $row = mysql_fetch_array($result); $id = $row['id']; echo "<tr><td>"; echo "<a href=\"/show_submits/show_detail.php?id=$id\">Details</a>"; echo "</td><td>"; echo $row['s_date']; echo "</td><td>"; echo $row['show_name']; echo "</td><td>"; echo $row['venue_city']; echo "</td><td>"; echo $row['venue_state']; echo "</td></tr>"; echo "<tr><td colspan='5'><hr class=\"hr3\"></td></tr>"; $i++; $count++; } echo "</table><br>"; function paginate_one($reload, $page, $tpages) { $firstlabel = "First"; $prevlabel = "Prev"; $nextlabel = "Next"; $lastlabel = "Last"; $out = "<div class=\"pagin\">\n"; // first if($page>1) { $out.= "<a href=\"" . $reload . "\">" . $firstlabel . "</a>\n"; } else { $out.= "<span>" . $firstlabel . "</span>\n"; } // previous if($page==1) { $out.= "<span>" . $prevlabel . "</span>\n"; } elseif($page==2) { $out.= "<a href=\"" . $reload . "\">" . $prevlabel . "</a>\n"; } else { $out.= "<a href=\"" . $reload . "&page=" . ($page-1) . "\">" . $prevlabel . "</a>\n"; } // current $out.= "<span class=\"current\">Page " . $page . " of " . $tpages . "</span>\n"; // next if($page<$tpages) { $out.= "<a href=\"" . $reload . "&page=" .($page+1) . "\">" . $nextlabel . "</a>\n"; } else { $out.= "<span>" . $nextlabel . "</span>\n"; } // last if($page<$tpages) { $out.= "<a href=\"" . $reload . "&page=" . $tpages . "\">" . $lastlabel . "</a>\n"; } else { $out.= "<span>" . $lastlabel . "</span>\n"; } $out.= "</div>"; return $out; } echo paginate_one($reload, $page, $tpages, $adjacents); } } ?> So I have a very simple for loop that I am populating a list with levels and exp required to achieve the next level. I have been using a sandbox to test my output and have also created an excel sheet to replicate the data to verify the content. This code was not mine from the beginning and in creating the spreadsheet I discovered the flaw. Below is the code I am trying to fix:
function experience($L, $pres = 0) {
$a = 0;
$end = 0;
for ($x = 1; $x < $L; ++$x) {
$a += $x * round($x + 5 * pow(4, ($x / 300)));
}
if ($x > 199) {
$a += $x * round($x + 7 * pow(4, ($x / 290)));
}
if ($x > 399) {
$a += $x * round($x + 11 * pow(4, ($x / 280)));
}
if ($x > 599) {
$a += $x * round($x + 19 * pow(4, ($x / 270)));
}
if ($x > 799) {
$a += $x * round($x + 35 * pow(4, ($x / 260)));
}
if ($x > 999) {
$a += $x * round($x + 67 * pow(4, ($x / 250)));
}
return round($a / 1.25);
}
Below is the troubleshooting I am attempting to do (Modified and simplified for and while loop):
//for loop
$no = 200;
$a = 0;
for ($x = 1; $x < $no; ++$x) {
$a += $x + 1;
}
if ($no > 199) {
$a += $x + 2;
}
echo $a;
//while loop
$no = 200;
$a = 0;
$x = 1;
while (($x - 1) < $no) {
$a += $x * round($x + 5 * pow(4, ($x / 300)));
$x++;
if ($x > 199) {
$a += $x * round($x + 7 * pow(4, ($x / 290)));
}
}
echo $a;
Upon request I can also provide snipets of the excel sheet. So the gist of what the issue I am having is this. Between level 199 and 200 the iteration of the loop is running one extra time through the initial formula. As you can tell at level 200, 400, 600, 800 and 1000 I want this formula to change so that it simplifies the amount of exp required to achieve the next level. I can not for the life of me figure out how to restrict the loop while still allowing the values 200 up to run through it for the first 199 iterations. The output I should get from the primary code for levels 199 through 201 are as follows: 199 = 200 = 201 = At level 199 I am good but for whatever reason it runs one additional iteration at the level 1-199 formula and then moves on to the 200 level formula messing up the values. Any and all help is much appreciated. I am a novice hobbyist at best and have been doing this for many, many years now but sometimes I get stumped. I chalk it up to lack of proper training and time to really be serious with it. Thanks in advance....NICON I assume this can be done somehow w/ PHP. How would I create a page which only displays based on detection of certain IP addresses and if the certain IP address is not detected, then redirects to a not allowed page. I have a list of the IP addresses to allow. Thanks in advance! hello. I need your help please. I'm building logistics website with user panel and admin panel. I've done all login and register forms. now I want to : admin can add package with: tracking number , weight , cost , and declaration form. user can fill declaration form after admin add package to user panel. then admin can see the declared form. is it possible in php? thank you in advance just wandering if this can be done and if so do you know were i can read about this or have any suggestion? i have a database with all are clients data that we store in it. I can now let them log into a php search screen that they can pull data from and see what we have stored. I would like to restrict what info they can pull by the user name they log in with, so they are not pulling other client info when they do the search. the user database and company database are two different ones. they search by box number and i would like to restrict what it pulls up by company name depending on if the user logged in has rites to that company info. so if jane doe logged in and she was a member of soso company when she did a box search she would only see what was from soso company instead of how it is now it pulls from soso, DD, and all the company's. Thanks in advance Hi, I have a web site that sells both video and images. The full versions are located securely behind a paywall, however in a bid to get visitors to purchase them and to promote the members offering I have trailer videos of 30 seconds to one minute and four free images per imageset. I want to be able to restrict the number of images a visitor can view for free to 12 and the number of videos a visitor can play to 5. With a little graphic/overlay notifying the user when they have exceeded their free play/preview limit. I have been advised that a tracking cookie and php if statement would be the way to go to achieve this. I have got a cookie that is successfully logging views that is written to on a free preview link as an onclick function. I have tried writing some php if code that will have the normal thumbnail or video divs display as usual if the views recorded in the cookie are below 12 or five, respectively, and have a not allowed, please subscribe div that would show over the thumbnails or video divs should the number of views exceed the threshold. My PHP code does not seem to be working at all, I have ran it through an online syntax checker - corrected the mistakes and now it's supposed to be working but opts to display nothing instead of either if argument. Videos then become a whole other problem because at the moment I have no other way to track the view/visit other than to count the loading of the video summary page with the free player as the preview, whether or not the clip is played - ideally I would like the view to be counted when the video begins to play. But I have no idea how to write to the cookie from Flash (is that even possible?) Any help would be greatly appreciated. Hey, So i have an admin.php page that lists all of the users in the database and im wondering how i can add functions so the administrator can delete / ban the user from the webpage i'm not sure on how you would select the user?
Hey, in a nutshell the only thing in admin.php is the ability to moderate unapproved images, however, once approved, the "Approve Delete" links are still on screen. How it works is a user uploads an image, the filename is added to mysql and the image is added to uploads/ once I Approve an image, the image is then moved to img/ to display on the index.php (to prevent porn and anything that doesn't belong to the general public). I know what's happening, because I've got while loops to display the image while looping through the mysql database, so once the image is moved, the links are still on screen, displaying an "Approve Delete" for every image in the database. Also another thing that happens is the images on index.php are blank until approved. How can I work around this? Here is the index.php when an image hasn't been approved: http://www.xodiac.net/1.png And here is the admin.php displaying Approve and Delete once an image has been approved: http://www.xodiac.net/2.png Hello, Do you know where I can download a nice looking PHP admin dashboard for free? Thanks in advance for the help So i got my login down and the cookies, kinda set up my problem is how do i make the admin panle save the true/false in the string in settings.php id like do do it with a drop down menu to enable/disable it. any help? Code download Hi, I am new here 🙂 I have been learning PHP and am currently working on my own OOP MVC CMS. I am up to the stage where I would like to start working on the admin area, but I am not sure how best to organise things. Should I create admin specific Controllers and Models? In Views, should I create a sub directory Admin, and place all admin view templates within it? Are there any good books on OOP/MVC you would recommend?
Any help would be greatly appreciated! <?php $host="localhost"; // Host name $username="user"; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name=""; // Table name mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $barcodeID=$_POST['barcode']; echo $barcodeID; $barcodeID = stripslashes($barcodeID); $barcodeID = mysql_real_escape_string($barcodeID); $sql="SELECT * FROM $tbl_name WHERE BarcodeID='$barcodeID'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); $count=mysql_num_rows($result); if($count==1){ $_SESSION['barcode'] = $barcodeSession; $_SESSION['userlevel'] = $row['Priority']; if($row['userlevel'] == "Admin") { header("location:AdminSection.php"); }else{ header("location:index.php"); } header("location:LoggedIn.php"); } else { header("location:index.php"); } ?> when the script has been run, I want it to redirect to either the user page or admin page depending on their priority level. if Priority field == "Admin" then go to admin page. Can you see anything missing? Thank You Hey guys, I've set up a database with a login and logout script for my site.. There is a TINYINT value called admin and it either equals 1 or 0 depending on whether the user is an admin or not.. The registration script works perfectly to create the table value and the login script works fine for the site.. The question I had was if I wanted to add a link to the bottom of every page that said: Go to Administration Panel and make it only viewable by ADMINS I figured this little script would work.. Here would be the end of the page: Code: [Select] <br /> <center>Copyright © 2010 <a href="http://www.website.com">www.WEBSITE.com</a></center> <?php include('includes/start_admincheck.php'); ?> <center><a href="<?php echo $homedir .'admin.php'; ?>">Go to Administration Panel</a></center> <?php include('includes/end_admincheck.php'); ?> </body> </html> Inside start_admincheck.php I have: (NOTE: $cUsername refers to a setcookie and $cAdmin does as well.. They are defined on my Variable page included at the top.) Code: [Select] <?php include('variables/variables.php'); ?> <?php mysql_connect("$mysql_hostname", "$mysql_username", "$mysql_password") or die(mysql_error()); mysql_select_db("$mysql_database") or die(mysql_error()); if(isset($cUsername)) { $check = mysql_query("SELECT * FROM users WHERE username = '$cUsername'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if (($cAdmin == 1) && ($info['admin'] == 1)) { ?> And this is the end_admincheck.php Code: [Select] <?php include('variables/variables.php'); ?> <?php } else die(); } } else die(); ?> ?> I get this Parse error thrown at the bottom of the page: Code: [Select] Parse error: syntax error, unexpected $end in /*******/includes/start_admincheck.php on line 15 Naturally I would checkout line 15 in start_admincheck.php, but normally when I get an $end error it is the last line of the code and leaves me lost.. Something I'm missing guys? As always, thanks in advance Hello I am trying to add an IF statement to my login script so that if the username entered is 'admin' it directs to 'adminpage.php Here is my script: <?php include ("connection.php"); session_start(); // Collect data from form and save in variables //See if any info was submitted $Username = $_GET['Username']; //Clean data - trim space $Username = trim ( $Username); //Check its ok - if not then add an error message to the error string if (empty($Username)) $errorString = $errorString."<br>Please supply Username."; //See if any info was submitted $Password = $_GET['Password']; //Clean data - trim space $Password = trim ( $Password); //Check its ok - if not then add an error message to the error string if (empty($Password)) $errorString = $errorString."<br>Please supply Password."; // Query to search the user table $query= "SELECT * FROM Users WHERE Username='$Username' AND Password='$Password'"; // Run query through connection $result = mysql_query ($query); $row = mysql_fetch_assoc($result); // if rows found set authenticated user to the user name entered if (mysql_num_rows($result) > 0) { $_SESSION["authenticatedUser"] = $Username; $_SESSION['UserID'] = $row['UserID']; // Relocate to the logged-in page header("Location: loggedon.php"); } else // login failed redirect back to login page with error message { $_SESSION["message"] = "Could not connect as $Username " ; header("Location: login.php"); } ?> Thank you I get this error: Code: [Select] Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\user\user.php on line 5 code: user.php: Code: [Select] <?php $get = (isset($_GET['id'])); //this means that user.php?id=1 would mean $get = 1. Note: This is not SQL Inject protected. $users = mysql_query("SELECT * FROM users WHERE id='".$get."'"); while ($row = mysql_fetch_array($users)) { echo ' Id = '.$row['id'].' Name = '.$row['name'].' Username = '.$row['username'].' Password = '.$row['password'].' Reg. on = '.$row['date'].' '; } ?> <html> <body> <form action='user.php' method='GET'> Username: <input type='text' value=''> <input type='submit' value='submit'> </form> <?php //what goes here? ?> </body> </html> Hallo I have a problem.
This is my code:
<?php include 'connect.php';
?>
<html>
<head>
<title>Admin Insert page!</title>
</head>
<body>
<?php
error_reporting(-1);ini_set('display_errors',1);
if (isset($_POST['submit'])){
$name = $_POST['name'];
$password = $_POST['password'];
$result = mysql_query("SELECT * FROM users WHERE user='$name' AND password='$password'");
$num = mysql_num_rows($result);
if($num == 0){
echo "Bad login, go <a href='login.php'>back</a>";
}else{
session_start();
$_SESSION['name'] = $name;
header("Location: admin.php");
}
}else{
?>
<form action='login.php' methody='post'>
Username: <input type='text' name='name'/><br />
Password: <input type='password' name='password'/><br />
<input type='submit' name='submit' value='Login' />
</body>
</html>
I try to use console to find the problem but I didn't....
I know that there is some problem with $num
Can somebody help me?
Thank you.
Edited by Artur, 19 October 2014 - 12:11 PM. Hey all, I'm using cakephp and it asks me a question and I'm not sure what to put in, because I don't necessarily know the consequences of what I put in: Code: [Select] Would you like to create the methods for admin routing? (y/n) [y] > y You need to enable Configu :write('Routing.admin','admin') in /app/config/core.php to use admin routing. What would you like the admin route to be? Example: www.example.com/admin/controller What would you like the admin route to be? [admin] > Thanks for response |
|||||||