|
PHP - Access An Object Created In One Page In Another Page
i have created an object in one page. it has a submit button which upon clicking opens a new page. is it possible to access that created object and its data members in that second page?
here is the code for creating the object in the first page. $viewcart = new Cart(); $viewcart->GetProductCart($user); Similar TutorialsI am a newby using php as the backbone for my web design, with a help from phpFreeks, I have come along way in a short time. Below is a short script of two buttons created with php, how can I use the buttons to link to a new web page (similar to using "href" in html)? I would like to use the php created buttons to keep the general look and feel to my site the same through. In advance, thank you for the support... This is the part in my normal page that shows the buttons: echo "<form action='processButtonsDdr.php' method='POST'> <input type='submit' name='display_button' value='homepage' /> <input type='submit' name='display_button' value='new entry' /> This is a snippet from my two button process page: <?php if($_POST['display_button'] == "home page") { ????????????????? // what do I enter in this area to point the button to another webpage? } else { ????????????????? } ?> Hi, I'm trying to make a gallery, and it more or less works. But I don't like having to load so many images for the user to view.
What happens is I have a very basic method of loading the images into the index file using require.
<?php
foreach (glob("*.jpg") as $filename) {
echo "<div class='itemContainer'><img src='" . $filename . "' class='item' id='" . $filename . "' /></div>";
}
?>
Pretty simple. but it just loads everything in the directory. What I'd like to do is make it so 30 images load, and then it creates a new "div container" and loads the next 30 in. As well as a page counter, and a next and previous button.
I'm not too sure how to control the flow of information from PHP to the index file when using require. Or if this is even the right way of doing it.
My thoughts are sorta like this
$imageCounter = 0;
$newPageStandard = 30;
foreach($imageDir as $image){
// echo image;
$imageCounter++
if($imageCounter == $newPageStandard){
$newPageStandard += $newPageStandard; // increase standard for next page if there are enough images
//create new image container(div)
//somehow re-direct the echo into this new image container
}
// continue echoing images
}
Something Along those lines. Is this at all on the right path, or should I be grabbing all the images, and stuffing them into an multidimensional array and breaking each array into segments of 30? Or perhaps another completely different method? (yeah I dont have a clue what Im doing atm)
Edited by 7blake, 10 November 2014 - 06:37 AM. http://2eastvalleyhomes.expandyourwebpresence.com/ In this site on the right widget the search option opens a new page and directs you off the page. I have created a page not visible on the home page called MLS and I would like the search on the right side to have its information populate in a page I created in my wordpress site, does any one have any suggestions or any ideas for this thank you for any help. I have heard there is a way to convert an html document to pdf with fpdf. I will need to pull information from a database though so it will be a php file instead. Does anyone know of a way to convert a php output to pdf in the same way? I have created a login page, but i want the users to be directed to another page only if the login details are correct. How would i do this?any help is appreciate. Coding for the PHP is below: thank you. Code: [Select] <?php $username = $_POST["username"]; $password = $_POST["password"]; //This if statement asks if the $username variable is set. If it is it executes the php script. Otherwise it echoes the login form. if(isset($username)){ if (!($username == " " && $password == " ")) { $connect = mysql_connect("","","") or die("Couldn't connect!"); mysql_select_db("") or die("Couldn't find db"); $query = mysql_query("SELECT * FROM users WHERE username='$username'"); $row = mysql_fetch_array($query); $numrows = mysql_num_rows($query); $dbusername = $row['username']; $dbpassword = $row['password']; } else { echo ('<div id="username"> <form action="" method="post"/> <font color="red"> Please enter a username and password </font> <table><tr><td> <img src="imgs/Log In/username.png" alt=""/> </td><td> <input type="text" size="30" name="username" style="background-color:transparent;" /> </td></tr></table> <table><tr><td> <img src="imgs/Log In/password.png" alt=""/> </td><td> <input type="password" name="password" size="30" /> </td></tr></table> <form id="submitb" action=""> <input type="submit" value="Log in" /> </form> <p class="register">Not yet a member? <a href="Form.html">Register Here</a>, its Free!</p> </div>'); } //check to see if they match if ($username == $dbusername && $password == $dbpassword) { echo "You Are Now Logged In, Welcome To AdobeTuts!"; } else echo ('<div id="username"> <form action="" method="post"/> <div id="new"> <font color="red"> Wrong Username Or Password, Please Try Again </font> </div> <table><tr><td> <img src="imgs/Log In/username.png" alt=""/> </td><td> <input type="text" size="30" name="username" style="background-color:transparent;" /> </td></tr></table> <table><tr><td> <img src="imgs/Log In/password.png" alt=""/> </td><td> <input type="password" name="password" size="30" /> </td></tr></table> <form id="submitb" action=""> <input type="submit" value="Log in" /> </form> <p class="register">Not yet a member? <a href="Form.html">Register Here</a>, its Free!</p> </div>'); } //This next bit echoes the login form unless the $username variable is set. else { echo ('<div id="username"> <form action="" method="post"/> <table><tr><td> <img src="imgs/Log In/username.png" alt=""/> </td><td> <input type="text" size="30" name="username" style="background-color:transparent;" /> </td></tr></table> <table><tr><td> <img src="imgs/Log In/password.png" alt=""/> </td><td> <input type="password" name="password" size="30" /> </td></tr></table> <form id="submitb" action=""> <input type="submit" value="Log in" /> </form> <p class="register">Not yet a member? <a href="imgs/Homepage tuts/Form.php">Register Here</a>, its Free!</p> </div>'); } ?> <?php require_once('upper.php'); $error_msg=''; if(!isset($_COOKIE['LoginIdCookie'])){ if(isset($_POST['submit'])) { require_once('database.php'); $LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId'])); $Password=mysqli_real_escape_string($dbc,trim($_POST['Password'])); if((!empty($LoginId)) && (!empty($Password))){ $query="SELECT * FROM registration WHERE LoginId='$LoginId' AND Password=SHA('$Password') AND Flag='A'"; $result=mysqli_query($dbc,$query) or die('Not Connected'); if(mysqli_num_rows($result)==1) { $row=mysqli_fetch_array($result); setcookie('LoginIdCookie',$row['LoginId']); //$home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index1.php'; header('Location: index1.php'); } else{ echo 'Enter right UserName/Password combination or You may not approved yet. '; echo '<a href="ForgetPassword.php">Can\'t access your account?"</a>'; }} else{ echo' Fill all fields'; } }} ?> <html> <title>Log In</title> <body> <?php if(empty($_COOKIE['LoginIdCookie'])) { echo $error_msg; ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF'] ;?>" > <div class="LoginValidator"> <fieldset> <legend> Log In</legend><table><tr><td> <label for="username">User Name :</label><br/><br/></td> <td><input type="text" name="LoginId"><br/><br/></tr> <td><label for="password">Password :</label></td> <td><head> <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div> <SCRIPT language=Javascript> function capLock(e){ kc = e.keyCode?e.keyCode:e.which; sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false); if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk)) document.getElementById('divMayus').style.visibility = 'visible'; else document.getElementById('divMayus').style.visibility = 'hidden'; } </SCRIPT> </HEAD> <input onkeypress='return capLock(event)' type="password" name="Password"><br/></td></tr></table> <input type="submit" name="submit" value="Login" class="Login_button"> </fieldset> </div> </form> <?php } else{ echo 'You are logged in as '.$_COOKIE['LoginIdCookie']; } require_once('lower.php'); mysqli_close($dbc); ?> HI friends.......... In above code when I enter wrong user name or password, it displays error msg properly but problem is that when i enter right user name and password instead to redirect to index1.php it displays LoginPage again.......... I think cookie is not created as well.......... I can't understand where is problem???????/ please help me.................... Hi again.... I'm working on a project that creates a profile page for the user (i.e. 'username.php') when they register. Because there are two ways to register, through Facebook and through the website itself, there has to be an if statement in this page that it crates as to which ID to use for that user. Because Facebook usernames are not unique, we must identify a user through their OAuth User ID which is a 10 digit number. When a user registers through the website itself, usernames are unique so their profile page can be ID'd by their username. Here's the code that creates that profile page: function createProfile($user) { $userFile = 'users/'.$result['oauth_uid'].'.php'; $fh = fopen($userFile, 'w') or die("can't open file"); $stringData = "<?php\n" . '$pageowner = "' . $result['oauth_uid'] . '";' . "\n" . 'include "profile.php";' . "\n?>"; fwrite($fh, $stringData); fclose($fh); } $user is the username passed to the function when it's called. Currently that is set to create a line of code in the new profile page ('userid'.php) that looks like this: <?php $pageowner = "100001745088506"; include "profile.php"; ?> I want to add an IF to that page that follows this structu if oauth_provider == facebook { $pageowner = "oauth_uid" } else { $pageowner = username } But I don't know how to write that he $stringData = "<?php\n" . '$pageowner = "' . $result['oauth_uid'] . '";' . "\n" . 'include "profile.php";' . "\n?>"; to make it show up in the page it creates. I want that if statement to be written IN the page that is created. I just don't know the syntax well enough yet to do that. Would somebody help me out or point me in the right direction? Thanks! Ok i am stuck, i created a php script that draws data from a mysql dB into a php page. How can I send the page as the body in email? I do not need to preview the page, but can send it without ever viewing if that helps. When I put my code into a variable it does nothing. Is it caching? Should I load the results into mysql then send?please advise.. I want to make it so public users cant access the index of/ page, how do I do that? Thanks This has been an ongoing issue from the start. When I try to login I enter the username and password and click login, then get taken back to the login page to reenter the same details and the second time I click login I get logged in. Now if I then log out and close window and wait a few seconds, restart again and try to log in, I get in first time. I believe this could be a session issue but I thought unsetting the unset($_SESSION['admin']); would cause the session to be lost and have to start again. I just can not get my head around what is causing it. Can anyone tell me what I might be doing wrong ? I have a redirect to originating page, so if I was to view a previous page within the admin area I have to log in and then once loggeed in it will redirect to the page I was on before. Here are my scripts.
<?php
session_set_cookie_params(0, '/', '.****.com'); session_start(); error_reporting(-1);
define('site_title', 'Admin ');
define('pageTitle', 'Admin ');
$_SESSION['loginRedirect'] = "adminCreateCampaign.php";
include("functions-for-email.php");
$checkAdminStatus = checkAdminStatus($mysqli);
if(!isset($_SESSION['admin']) || $checkAdminStatus == "NOACCESS") {
$_SESSION['error'] = 'You must be logged in to view that page. (el.S1)';
//$_SESSION['loginRedirect'] = "showStats.php";
//echo("You must be logged in to view that page. (el.S1)<br>"); exit;
@mysqli_close($mysqli);
header('Location: ' . adminFullWebAddress . '/index.php'); exit;
} else {
if($_SESSION['admin']['account_type'] != 'admin') {
$_SESSION['error'] = 'You do not have the priviledges to view that page. (el.S2)';
@mysqli_close($mysqli);
header('Location: ' . adminFullWebAddress . '/index.php'); exit;
}
}
?>
<!DOCTYPE>
<html>
<head>
<link href="adminstyle.css" rel="stylesheet" type="text/css" />
<title><?php echo(site_title); ?></title>
</head>
<body>
<div id="container">
<div class="containerInner">
<div id="leftInner100">
<?php // start of leftInner ?>
<?php menu(); ?>
<h1 class="middleTitle">Admin </h1>
<?php
if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; unset($thisError); }
if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; unset($thisSuccess); }
?>
<br><br>
</div><?php // end of leftInner ?>
</div><?php // end of containerInner ?>
<div class="clearfix"></div>
</div><?php // container ?>
</body>
</html>
<?php @mysqli_close($mysqli); ?>
<?php
session_set_cookie_params(0, '/', '.****.com'); session_start(); error_reporting(-1);
include("functions.php");
$checkAdminStatus = checkAdminStatus($mysqli);
//$_SESSION['loginRedirect'] = adminFullWebAddress . "/index.php";
$fromlink4 = isset($_SERVER['REMOTE_ADDR']) ? (gethostbyaddr($_SERVER['REMOTE_ADDR'])) : "empty";
$ipAddress = $_SERVER['REMOTE_ADDR'];
if(isset($_POST['email'])) { $email = $_POST['email']; $email = strip_tags($email); } else { $email = ""; }
if(isset($_POST['pass'])) { $password = $_POST['pass']; $pass = $_POST['pass']; } else { $pass = ""; }
if(isset($_POST['login']) && trim($_POST['login']) == 'Login') {
$checkEmail = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1");
$checkBanned = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' AND `suspended` = 'Yes' LIMIT 1");
$failedLoginCounter = 0;
if(!$email) {
$thisError = 'Please enter your e-mail address.';
} else if(! $checkEmail->num_rows) {
$thisError = 'Either the email address, password or both were not entered correctly.';
} else if(!$password) {
$thisError = 'Please enter your password.';
} else if($checkBanned->num_rows) {
$thisError = 'Your account has been suspended by Admin.';
} else {
$password = md5($password);
$checkAccount = db_query($mysqli, "SELECT * FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' AND `password` = '" . $mysqli->real_escape_string($password) . "' LIMIT 1");
if($checkAccount->num_rows) {
$saveChanges = db_query($mysqli, "UPDATE `admins` SET `lastlogindatetime` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastAccessSinceLogin` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastloginip` = '" . $mysqli->real_escape_string($ipAddress) . "', `failedLoginCounter` = 0 WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1");
// set lastlogindatetime
$_SESSION['admin'] = $checkAccount->fetch_assoc();
$loginRedirect = isset($_SESSION['loginRedirect']) ? $_SESSION['loginRedirect'] : "";
$_SESSION['success'] = 'You are now logged in. (ok.L2) ' . $loginRedirect;
header('Location: ' . adminFullWebAddress . '/' . $loginRedirect); exit;
} else {
$thisError = 'Your e-mail address and/or password is incorrect.<br>If you still face issues, you can <a href="startresetpw.php">reset your password</a>';
$saveChanges = db_query($mysqli, "UPDATE `admins` SET `failedLoginCounter` = `failedLoginCounter` + 1, `lastloginfailedip` = '" . $mysqli->real_escape_string($ipAddress) . "', `lastlogindatetimeFailed` = '" . $mysqli->real_escape_string(datetimenow) . "' WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1"); // set lastlogindatetimeFailed
}
}
}
if(!isset($_SESSION['admin'])) {
define('site_title', 'Login');
define('pageTitle', 'Login');
} else {
define('site_title', 'Home');
define('pageTitle', 'Home');
}
?>
<!DOCTYPE>
<html>
<head>
<link href="adminstyle.css" rel="stylesheet" type="text/css" />
<title><?php echo(site_title); ?></title>
</head>
<body>
<div id="container">
<div class="containerInner">
<div id="leftInner100">
<?php // start of leftInner ?>
<div id="mainphoto"><?php //specialMessage($mysqli); mainPageImage(""); ?></div>
<div class="clear"></div><?php
if(isset($_SESSION['admin'])) {
menu();
}
if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; }
if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; }
unset($thisError); unset($thisSuccess);
if(!isset($_SESSION['admin'])) { ?>
<div style="width: 100%; margin: 0em auto; text-align: center;">
<form method="POST" action="index.php" style="width: 15em; text-align: center;">
<div class="field"> E-mail Address </div>
<div class="value"> <input type="text" name="email" value="<?php if(isset($_POST['email'])) { echo $email; } ?>" style="width: 12.5em;" title="email"> </div>
<div class="field"> Password<br><span style="font-size: 0.8em;"><?php
if (isset($_POST['pass'])) { echo('<strong style="color: red;">'); } ?>(Please note: your password may be CaSe SeNSitIvE)<?php if (isset($_POST['pass'])) { echo('</strong>'); } ?></span>
</div>
<div class="value"> <input type="password" name="pass" value="" style="width: 12.5em;" title="pass"> </div>
<div><br><input type="submit" name="login" value="Login"> <input type="reset" value="Clear"><br></div>
</form><br>
<div class="clearFloat"></div>
</div>
<?php
} else { ?>logged in<?php } ?>
<br><br>
</div><?php // end of leftInner ?>
</div><?php // end of containerInner ?>
<div class="clearfix"></div>
</div><?php // container ?>
</body>
</html>
<?php
@mysqli_close($mysqli); ?>
functions.php
<?php
define('showOutput', 0);
include("/home/****/db_login_functions.php");
define('db_table_name', 'clientList');
define('mailHost', 'mail.****.com');
define('mailUsername', 'noreply@****.com');
define('mailPW', '****');
define('bounce', 'bounce@****.com');
define('fullDomain', 'https://www.admin.****.com');
define('adminFullWebAddress', 'https://www.admin.****.com');
define('adminEmail', 'admin@****.com');
define('fromEmail', 'noreply@****.com');
define('fromName', 'DO NOT REPLY');
define('REMOTEADDR', isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '');
define('PHPSELF', $_SERVER['PHP_SELF']);
define('HTTPREFERER', isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "not set");
define('unsub', 'https://www.****.com/unsub.php'); define('securityhash', 'abc'); // NEVER change this securityhash.
date_default_timezone_set('Europe/London');
define('datetimenow', date("Y-m-d H:i:s"));
/* check if user is allowed to access a certain page or not. */
function checkAdminStatus($mysqli) { $yesNo = "";
if(isset($_GET['action']) && $_GET['action'] == 'logout') {
unset($_SESSION['admin']);
$_SESSION['success'] = 'You have successfully logged out. (lo.1)';
header('Location: index.php'); exit;
}
if(isset($_SESSION['admin']) ) {
// need to add in code to check if logged in for more than 1 hour, if so log out on next refresh of page.
if ($_SESSION['admin']['lastAccessSinceLogin'] < date( 'Y-m-d H:i:s', strtotime("-5 minutes") )) { unset($_SESSION['admin']);
$_SESSION['error'] = 'You were logged out due to no activity, please login again to view that page. (lo.2)';
header('Location: index.php'); exit;
}
$checkBanned = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($_SESSION['admin']['email']) . "' AND `suspended` = 'Yes' LIMIT 1");
if($checkBanned->num_rows) { $yesNo = "NOACCESS"; //$_SESSION['error'] = 'You must be logged in to view that page.';
} else { $yesNo = "ACCESS"; // if logged in, update `users`.`lastAccessSinceLogin` with current datetime.
$updateLastAccessSinceLogin = db_query($mysqli, "UPDATE `admins` SET `lastAccessSinceLogin` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastloginip` = '" . $mysqli->real_escape_string(REMOTEADDR) . "', `failedLoginCounter` = 0 WHERE `email` = '" . $mysqli->real_escape_string($_SESSION['admin']['email']) . "' LIMIT 1");
$_SESSION['admin']['lastAccessSinceLogin'] = datetimenow;
}
}
return $yesNo;
}
function menu() {
echo('<a href="index.php?action=logout">Log Out</a> ');
echo('
<a href="adminCreateCampaign.php">Create Campaign</a><br><br><br>');
}
?>
.htaccess (within the admin folder)
Header set Access-Control-Allow-Origin "*"
RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
### DON'T DELETE!! Below entry is MUST for your PHP sites like wordpress,joomla and etc to work properly.
suPHP_ConfigPath /home/****/php.ini
.htaccess (within the root folder)
Header set Access-Control-Allow-Origin "*"
RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
### DON'T DELETE!! Below entry is MUST for your PHP sites like wordpress,joomla and etc to work properly.
suPHP_ConfigPath /home/****/php.ini
the php.ini file allow_url_fopen = on allow_irl_include = on date.timezone = Europe/London safe_mode = off upload_max_filesize = 20M post_max_size = 20M upload_tmp_dir = "/home/****/tmp" session.save_path = "/home/****/sessions" session.use_only_cookies = on error_reporting = E_ALL log_errors = On display_errors = Off track_errors = On error_log = "/home/****/errors.log" sendmail_from = "server@****.com"
I have an MS Access Database that resides on the server that I will be hosting the pages I'm building. In my MS Access Database I have a query called "CheckedInEquipment" that I would like to have constantly display on a PHP page. It needs to be 'fluid', so the data is always up to date on the web page. (This is all in a sandbox XAMPP environment). Has anyone done this, can you lead me to examples or push me in the right direction? Carl I have a site, and there is an image with a link to another page, how can I make it so this is the only way to get to that page is by clicking on that image, and not by typing www.mywebsite.com/page.php into the address bar in a browser? Hello, Im making a little script to grab some data from a website but the data loads up a Javascript popup and unless you click the link from the page you came from you get a 404 error. Is there any ways to able me to load up the page using php so i can access some of the data on the page. The page im trying to access has the following code in the head, Does that have anything to do why you cant directly access it? Code: [Select] <META NAME="Robots" CONTENT="index,follow"> Hope this makes sense, If anyone knows a solution i would really appreciate it. Hi guys so i want to make page acces to certain ranks. So im thinking for something like this
rank1 -> home.php, admins.php So the ranks are in a database with the page names. So now when someone logs in they will get a certain rank. So now i need to make a function that will check if the rank has access to this page. $curPageName = substr($_SERVER["SCRIPT_NAME"],strrpos($_SERVER["SCRIPT_NAME"],"/")+1); This will detect the current page that the logged in person is at now. But now how do i check if the $_SESSION['rank']; (rank1) has the access to get in page admins.php, and obviously to make $_SESSION['rank'];(rank2) redirect from the page admins.php Could someone point me in the right direction? Do i select the ranks and page names from database then put it into a array? Thanks. Quesion: Show each movie in the database on its own page, and give the user links in a "page 1, Page 2, Page 3" - type navigation system. Hint: Use LIMIT to control which movie is on which page. I have provided 3 files: 1st: configure DB, 2nd: insert data, 3rd: my code for the question. I would appreciate the help. I am a noob by the way. First set up everything for DB: <?php //connect to MySQL $db = mysql_connect('localhost', 'root', '000') or die ('Unable to connect. Check your connection parameters.'); //create the main database if it doesn't already exist $query = 'CREATE DATABASE IF NOT EXISTS moviesite'; mysql_query($query, $db) or die(mysql_error($db)); //make sure our recently created database is the active one mysql_select_db('moviesite', $db) or die(mysql_error($db)); //create the movie table $query = 'CREATE TABLE movie ( movie_id INTEGER UNSIGNED NOT NULL AUTO_INCREMENT, movie_name VARCHAR(255) NOT NULL, movie_type TINYINT NOT NULL DEFAULT 0, movie_year SMALLINT UNSIGNED NOT NULL DEFAULT 0, movie_leadactor INTEGER UNSIGNED NOT NULL DEFAULT 0, movie_director INTEGER UNSIGNED NOT NULL DEFAULT 0, PRIMARY KEY (movie_id), KEY movie_type (movie_type, movie_year) ) ENGINE=MyISAM'; mysql_query($query, $db) or die (mysql_error($db)); //create the movietype table $query = 'CREATE TABLE movietype ( movietype_id TINYINT UNSIGNED NOT NULL AUTO_INCREMENT, movietype_label VARCHAR(100) NOT NULL, PRIMARY KEY (movietype_id) ) ENGINE=MyISAM'; mysql_query($query, $db) or die(mysql_error($db)); //create the people table $query = 'CREATE TABLE people ( people_id INTEGER UNSIGNED NOT NULL AUTO_INCREMENT, people_fullname VARCHAR(255) NOT NULL, people_isactor TINYINT(1) UNSIGNED NOT NULL DEFAULT 0, people_isdirector TINYINT(1) UNSIGNED NOT NULL DEFAULT 0, PRIMARY KEY (people_id) ) ENGINE=MyISAM'; mysql_query($query, $db) or die(mysql_error($db)); echo 'Movie database successfully created!'; ?> ******************************************************************** *********************************************************************** second file to load info into DB: <?php // connect to MySQL $db = mysql_connect('localhost', 'root', '000') or die ('Unable to connect. Check your connection parameters.'); //make sure you're using the correct database mysql_select_db('moviesite', $db) or die(mysql_error($db)); // insert data into the movie table $query = 'INSERT INTO movie (movie_id, movie_name, movie_type, movie_year, movie_leadactor, movie_director) VALUES (1, "Bruce Almighty", 5, 2003, 1, 2), (2, "Office Space", 5, 1999, 5, 6), (3, "Grand Canyon", 2, 1991, 4, 3)'; mysql_query($query, $db) or die(mysql_error($db)); // insert data into the movietype table $query = 'INSERT INTO movietype (movietype_id, movietype_label) VALUES (1,"Sci Fi"), (2, "Drama"), (3, "Adventure"), (4, "War"), (5, "Comedy"), (6, "Horror"), (7, "Action"), (8, "Kids")'; mysql_query($query, $db) or die(mysql_error($db)); // insert data into the people table $query = 'INSERT INTO people (people_id, people_fullname, people_isactor, people_isdirector) VALUES (1, "Jim Carrey", 1, 0), (2, "Tom Shadyac", 0, 1), (3, "Lawrence Kasdan", 0, 1), (4, "Kevin Kline", 1, 0), (5, "Ron Livingston", 1, 0), (6, "Mike Judge", 0, 1)'; mysql_query($query, $db) or die(mysql_error($db)); echo 'Data inserted successfully!'; ?> ************************************************************** **************************************************************** MY CODE FOR THE QUESTION: <?php $db = mysql_connect('localhost', 'root', '000') or die ('Unable to connect. Check your connection parameters.'); mysql_select_db('moviesite', $db) or die(mysql_error($db)); //get our starting point for the query from the URL if (isset($_GET['offset'])) { $offset = $_GET['offset']; } else { $offset = 0; } //get the movie $query = 'SELECT movie_name, movie_year FROM movie ORDER BY movie_name LIMIT ' . $offset . ' , 1'; $result = mysql_query($query, $db) or die(mysql_error($db)); $row = mysql_fetch_assoc($result); ?> <html> <head> <title><?php echo $row['movie_name']; ?></title> </head> <body> <table border = "1"> <tr> <th>Movie Name</th> <th>Year</th> </tr><tr> <td><?php echo $row['movie_name']; ?></td> <td><?php echo $row['movie_year']; ?></td> </tr> </table> <p> <a href="page.php?offset=0">Page 1</a>, <a href="page.php?offset=1">Page 2</a>, <a href="page.php?offset=2">Page 3</a> </p> </body> </html> I am using the debug_backtrace() php function to prevent direct access to admin files.
i simply place the code below at the top of a page eg config.php and direct access via the browser is prevented.
Is it a safe practice or is there a better way of doing it?
<?php
debug_backtrace() || die ("Direct access to this resource is forbidden");
?>
Thanks
Below is the screenshots and script for user page level access i have used it for one of my old projects. Code is working as it was intended. But it needs to be improvised. Users table
pages table , which has all the pages and links
Access level table. which has user id from users table and page id from pages table (for which user has access)
Once the user is created, admin gives access to the user on page basis, the permissions.php page looks like this The modules
Menus inside the modules
Pages in each menu
Here is my code for permission.php
<div id="demo2-html">
<ul id="demo2" class="mnav">
<li><a href="#">Sales</a>
<ul>
<li><a href="#">Lead</a>
<ul>
<table class="table table-bordered table-striped table-hover">
<?php
$s1 = mysqli_query($con, "SELECT pages.page_id as pid, pages.code, pages.page,
pages.href, access_level.aid, access_level.page_id as pgid,
access_level.user_id
FROM pages
LEFT JOIN access_level ON (pages.page_id=access_level.page_id
AND access_level.user_id=".$user."
) WHERE pages.code='led'") or die(mysqli_error($con));
while($s2 = mysqli_fetch_array($s1)) { ?>
<tr><li><td><?php echo $s2['page']; ?> </td><td><input type="checkbox" name="sn[]" value="<?php echo $s2['pid']; ?>" <?php if($s2['pgid'] === $s2['pid']) echo 'checked="checked"';?> />
<input type="hidden" value="<?php echo $s2['pid']; ?>" name="page_id[<?php echo $s2['pgid']; ?>]">
</td></li></tr>
<?php } ?>
</table>
</ul>
</li>
<li><a href="#">Customer</a>
<ul>
<table class="table table-bordered table-striped table-hover">
<?php
$s1 = mysqli_query($con, "SELECT pages.page_id as pid, pages.code, pages.page,
pages.href, access_level.aid, access_level.page_id as pgid,
access_level.user_id
FROM pages
LEFT JOIN access_level ON (pages.page_id=access_level.page_id
AND access_level.user_id=".$user."
) WHERE pages.code='cst'") or die(mysqli_error($con));
while($s2 = mysqli_fetch_array($s1)) { ?>
<tr><li><td><?php echo $s2['page']; ?> </td><td><input type="checkbox" name="sn[]" value="<?php echo $s2['pid']; ?>" <?php if($s2['pgid'] === $s2['pid']) echo 'checked="checked"';?> />
<input type="hidden" value="<?php echo $s2['pid']; ?>" name="page_id[<?php echo $s2['pgid']; ?>]">
</td></li></tr>
<?php } ?>
</table>
</ul>
</li>
//code goes for all the other modules
</ul>
</li>
</ul>
</div>
<input type="hidden" name="user" value="<?php echo $user; ?>" />
<div class="row" align="center">
<input type="submit" name="submit" class="btn btn-success" value="Save" />
</form>
// form Submission
if(isset($_POST['submit']))
{
$user = $_POST['user'];
$sql = "DELETE FROM access_level WHERE user_id = ".$user."";
$query = mysqli_query($con, $sql) or die (mysqli_error($con));
foreach($_POST['sn'] as $sn)
{
$sql = "insert into access_level (page_id, user_id) values (".$sn.", ".$user.")";
$query = mysqli_query($con, $sql) or die (mysqli_error($con));
}
if($query)
{
header("location:users.php?access=1");
}
}
So against each user i am storing all the page ids here. When i edit any of the users, it deletes all the records and again insers new records. Which i feel is not a proper way to do. And in codewise also, i am redirecting the user to no_access.php (as below) page if the user do not have access.
<?php
ob_start();
include("connect.php");
include("admin_auth.php");
$q1 = basename($_SERVER['REQUEST_URI'], '?' . $_SERVER['QUERY_STRING']);
$q2 = $_SERVER['REQUEST_URI'];
$var1 = "/".$q1;
$qa_path=explode('/', $q2);
$right_path = $qa_path[2].$var1;
$parsedUrl = parse_url($q2);
$curdir = dirname($_SERVER['REQUEST_URI'])."/";
$m4 = "select p.page_id, p.code, p.page, p.href, al.aid, al.page_id, al.user_id FROM pages p INNER JOIN access_level al ON p.page_id=al.page_id WHERE al.user_id=".$_SESSION['user_id']."";
$m5 = mysqli_query($con, $m4) or die (mysqli_error($con));
while($nk1 = mysqli_fetch_array($m5)) {
$href1[] = ($nk1['href']); }
if(in_array($right_path, $href1)) {
echo "<script type='text/javascript'> document.location = ".BASE_URL."/".$right_path."</script>";
}
else
{
echo "<script type='text/javascript'> document.location = '../no_access.php' </script>";
exit();
}
?>
I need help in improve and better/effective (structural) way to do this both in database and php script. Long story short, I have a class that does some data verification and session management. In order to do some of this verification, it needs a database connection. I am using the MDB2 class; here is a sample of the constructor's code: this is a snippet of code from My Class. // FUNCTIONS function __construct() { /* other code here */ // set up our datbase connection global $dsn; // must use global as to include the one *from* the settings.php include $mdb2 =& MDB2::singleton($dsn); if (PEAR::isError($mdb2)) { die("<H1> THERE WAS AN ERROR </H1>" . $mdb2->getMessage()); } echo("SESSION CLASS: if you see this, then we're goood!"); // some very crude debugging, please ignore this! } Now, i have another function within this same class: public static function data_validateUserName($safeUserName){ // build the query $q = "SELECT uName FROM Users WHERE username = '$safeUserName'"; $result = $this->$mdb2->query($q); if($result->numRows() >= 1){ // there is 1 or more hits for a username, it is not available! return false; } else if ($result->numRows() < 1){ // there is less than 1 row with that username, we're golden! return ture; } } Inside the constructor, i have correctly set up a MDB2 object. I was able to run some queries and other things on it *inside* the constructor. Because of this, i know that it's settings are correct and it is fully working. However, when i try to use that $mdb2 object inside this other method, i get all sorts of errors about that being a bad reference to an object that essentially does not exist. Now, i tried searching here, and didn't get much help, so apologies. If you've got a link to a similar question, then please post that with a brief explanation of what you searched for to get it... Also, the php.net manual is not very helpful about the scope of objects in this particular setup... so please know that i did pour over that before posting here. Thanks for your time, all. ***** EDIT ****** I've thought about doing it another way: Each function is passed in a reference to the MDB2 object as an argument instead of relying on the one that is *suposed to be* built in to the actual class it's self. Would this be better / more secure / more efficient?! How do I access an object on different pages? I created object "A" on pageone.php and I need to access it on pagetwo.php. How do I do that? TomTees |
|||||||