|
PHP - Retrieve Only That User Datas
Dear All,
I have login script already. i have two database one is users and another one is reference in both user_name is common. In this if a user login and search the refid means that user datas onle possible to retrieve. for others datas they cant access. i wrote the below code but it display all user datas. kindly help me <?php session_start(); if (!$_SESSION["user_name"]) { // User not logged in, redirect to login page Header("Location: login.php"); / } // Member only content // ... $con = mysql_connect('localhost','root',''); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("login", $con); $user_name = $_POST['user_name']; $query = "select * from reference,users where reference.user_name=users.user_name and reference.refid='$refid'"; $result = mysql_query($query) or trigger_error('MySQL encountered a problem<br />Error: ' . mysql_error() . '<br />Query: ' . $query); while($row = mysql_fetch_array($result)) { echo $row['refid']; echo $row['origin']; echo $row['dest']; echo $row['date']; echo $row['exdate']; echo $row['user_name']; } echo "<p><a href=\"logout.php\">Click here to logout!</a></p>"; ?> <html> <form method="post" action="final.php"> Ref Id:<input type="text" name="refid"> <input type="submit" value="submit" name="submit"> </html> Similar Tutorials
Query About How To Retrieve A Password From The Database And Compare To The One The User Has Entered
This topic has been moved to PHP Applications. http://www.phpfreaks.com/forums/index.php?topic=346715.0 I do not have code yet, i just want a general idea how to get started.
I have a database with +/- 15 columns. 6 people are using this database. Not all columns are relevant for each user.
So my idea was that each user will be able to make his preference by checking checkboxes for each column -> store this in the database so that when he logs in , his preference will be retrieved and used to make the right query.
second question, how do i make the headers so that they are the same als the preferences from the user ?
Just put me on the right track (or if someone has it on the shelf, post the code)
thanks in advance
I am not sure if the title is correct; I tried my best.
I'm a PHP/MySQL beginner and I really need some help.
I have a small script that I am using for sending SMS. I recently added a phonebook. The problem with the phonebook right now is that it's available to all users, i.e. they can all update and delete all rows. What I would like to do is make it so that each user can update and delete only their own contacts.
I have a table call contacts. Inside that table there is first name, last name, company and phonenumber.
How can I accomplish this with PHP & MySQL?
CREATE TABLE IF NOT EXISTS `contacts` ( `contact_id` int(10) NOT NULL AUTO_INCREMENT, `firstname` varchar(255) NOT NULL, `lastname` varchar(255) NOT NULL, `company` varchar(255) NOT NULL, `cell_no` text NOT NULL, PRIMARY KEY (`contact_id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=8 ; CREATE TABLE IF NOT EXISTS `users` ( `user_id` int(11) NOT NULL AUTO_INCREMENT, `users_name` varchar(30) NOT NULL, `uname` varchar(30) NOT NULL, `u_pass` varchar(60) NOT NULL, `utype` varchar(30) NOT NULL, `timezone` varchar(30) NOT NULL, `uapi_user` varchar(30) NOT NULL, `uapi_pass` varchar(60) NOT NULL, PRIMARY KEY (`user_id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=20 ;
<?php
if (isset($_POST['submit'])){
//form has been submitted1
$firstname = trim($_POST['firstname']);
$lastname = trim($_POST['lastname']);
$company = trim($_POST['company']);
$cellno = trim($_POST['cell_no']);
if($firstname == ''){
echo '<div class="alert alert-danger">First Name is not Valid!</div>';
exit;
}elseif($lastname == ''){
echo '<div class="alert alert-danger">Last Name is not Valid!</div>';
exit;
}elseif($company == ''){
echo '<div class="alert alert-danger">Company is not Valid!</div>';
exit;
}elseif($cellno == ''){
echo '<div class="alert alert-danger">Cellphone Number is not Valid!</div>';
exit;
}else{
$query = "Select cell_no from contacts where cell_no = '".$cellno."' ";
$result = mysql_query($query);
if (!mysql_num_rows($result)) {
$sql = "INSERT INTO contacts(firstname, lastname, company, cell_no)
values('{$firstname}','{$lastname}', '{$company}', '{$cellno}')";
$result = mysql_query($sql);
confirm_query($result);
//echo '<div class="alert alert-success">Successfully added.</div>';
//exit;
?>
<script type="text/javascript">
window.location = "contact_list.php";
</script>
<?php
}
else{
echo '<div class="alert alert-danger">Username. already exist!.</div>';
echo '<p><a href="new_contact.php" class="btn btn-success"> Back </a></p>';
exit;
}}
}else{
$firstname = "";
$lastname = "";
$company = "";
$cellno = "";
}
?>
Am a newbie in php. Since I can't insert values to the database with respect to a user Id or with any other token using WHERE clause. I.e "INSERT INTO receipts(date) VALUES(example) where id="**....." If I need to fetch several values of column for a particular user, how do I go about it? Thank you!!! Hi, after following lots of advice and changing to MySqli I am running into a few probs. This is me just probably missing something stupid, I know what I want, but can't figure out what query I should use and where I should place it. All the queries I have tried have failed.
I just need a query that gets the $current_stored_password from the password field on the database, to confirm the last check
elseif
($current_password !== $current_stored_password) {
include 'includes/overall/header.php';
echo $current_password . ' AND ' . $_POST['current_password'] . ' Password and password again do not match';
include 'includes/overall/header.php';
}
Here is the whole script.
<?php
session_start();
error_reporting(0);
//ini_set('display_errors', '1');
require( 'database.php' );
$username = $_SESSION['loggedinuser'];
$current_stored_password = $_SESSION['password'];
$current_password = $_POST['current_password'];
$password = mysqli_real_escape_string($con, md5( $_POST['password']));
$password_again = mysqli_real_escape_string($con, md5( $_POST['password_again']));
// Run checks
if (isset($_POST['current_password'], $_POST['password'], $_POST['password_again'])) {
if( strlen( $_POST['current_password'] ) < 8 )
{
include('includes/overall/header.php');
echo "Password Must Be 8 or More Characters.";
include('includes/overall/footer.php');
}
elseif( strlen( $_POST['password'] ) < 8 )
{
include('includes/overall/header.php');
echo "Password Must Be 8 or More Characters.";
include('includes/overall/footer.php');
}
elseif
( strlen( $_POST['password_again'] ) < 8 )
{
include('includes/overall/header.php');
echo "Password Must Be 8 or More Characters.";
include('includes/overall/footer.php');
}
elseif
($password !== $password_again) {
include 'includes/overall/header.php';
echo ' Password and password again do not match';
include 'includes/overall/header.php';
}
elseif
($current_password !== $current_stored_password) {
include 'includes/overall/header.php';
echo $current_password . ' AND ' . $_POST['current_password'] . ' Password and password again do not match';
include 'includes/overall/header.php';
} else {
// Define a query to run
$query = "UPDATE `user` SET `password` = '$password' WHERE `username` = '$username'";
// Query the database
$result = mysqli_query($con,$query);
// Check if the query failed
if( !$result )
{
die('There was a problem executing the query ('.$query.'):<br>('.mysqli_errno($con).') '.mysqli_error($con));
}
else {
include 'includes/overall/header.php';
echo 'Password has been changed';
include 'includes/overall/footer.php';
}
}
}
// Close the connection
mysqli_close($con);
?>
At the moment the message displayed when the form is submitted is
echo $current_password . ' AND ' . $_POST['current_password'] . ' Password and password again do not match';How do I retrieve the password from the database to compare against the current password entered by the user? Any help is much appreciated. PS. Yes I know I have repeated code and that md5 is not secure, but I am just building onto a template I got and will be making changes to shorten the code and secure the password soon i am a newbie.. From my tables, what code should i put to put into my site? in text.. guys please help, i have an array(52,51,52) here i want to insert first & last elements into DB, not second one does not follows the series another array (52,52,53) in this case insert first 2 elements into DB since last element does not follow the series. how is this possible? Hi, I have setup a standard contact form that sends an email using php "mail" function in my new website. Today, I received an email from a potential client through my website. However, unfortunately, I did not receive the user's email address because (as I discovered after wards), there was a syntax problem in the function, so all I received is their name and message. I am certain that the user has entered their email address because the form has validation, it just didn't send me the address so I have no way to contact that client... Is there a way to retrieve the lost email address from the server somehow? Thanks in advance Hello everybody, I have found a lot of amazing advises and codes to improve on my existing codes. It seems to be an awesome site. I actually came from a background of Application programming, however I have just recently pick up a project in php. The project is about database integration, where I have to integrate 5 supplier's existing data who have different attributes into one. (each suppliers have about 30k data) I really need help and advises on how should I do the script. Here's the details, All the suppliers uses different data file, such as CSV and .xls. I am finding a way to integrate all the 5 files into one database(mysql/phpmyadmin) so it could be listed out in a shopping cart or catalog in future. However, I am unfamiliar with php, so please advice on how can i go about fixing this problem. The first problem is that each individual suppliers uses a different attributes name, for example Supplier 1 uses : SupplierName, SupplierID, SupplierAddress, Status Inside the status, the supplier uses data such as, Good, Excellent, Great while Supplier 2 uses : SName, SID, SAddress, Status and inside this supplier, the status data that are being uses is G, Ex, Gr. How can I set a consistancy on the data and converting all the properties into one so I can import this data into a proper database such as mysql/phpmyadmin. Please help, thanks in advance I'm very beginner with arrays.... i KNOW, databases exist, it's more easy.. I can't use a database.. I have to use, this.. or similar.. that doesn't requiring a database engine... So... that array...
array ( ); I search by the element [#][0].. in the +250 some will contain the same infos and I would like to make them point to the element containing the info instead of repeating it and have to update at 3-4 places when it's time. Like what it's in "10" also good for "ten", "dix" and "diez"... anyway to make that simple? by reference or...??? I'm crying.. last time I used arrays... Turbo Pascal.. at school... or was it Turbo C++ 3.0?? Maybe it was with cobol... well it was the good ol' time of the 90s!
Thanks!
-TRP-
I hav a php page which takes data from the db.But the problem i am facing is for a particular fild in database ,i have long data,which i need to b displayed in a wordwrap way eg my data is " Description need a site for school gave order on 12-10-2010 work started on 12-10-2010 " this shuld be displayed as "Description need a site for school gave order on 12-10-2010 work started on 12-10-2010" Description is the field in the database and rest of them are the datas in it guys, please help i have table with datas like speed of vehicle, position e.t.c from morning 8 a.m. to 8 p.m. I need to get these details, but after every 15 minutes i.e. after selecting datas at 8 a.m. it shd select datas @ 8.15 a.m. then 8.30 a.m. hw can i write a mysql query for this ? or a PHP approach is appreciated hi, i have made a website where people resgister their details of them and products. they have to enter the following details in form Name of company name of the product company address email id password mobile number contact and brief details about their company
user can then login with email id and pwd. now after login ..user will get a page where he can upload the photos of products images and their price, so now my question is that when he finishes uploading (|by clicking on upload button) the product images and price text box ..then on final uploaded webspage it should show all other things which he registerd before (company name , mobile number etc) along with images and price...hence the main question that user does not need to enter mobile and address while uploading images and filling proce ..but on the final page it should show mobile and address along with price and images..as user is not going to enter mobile and address again and again as he will have multiple products to upload.
I would appreciate your assistance, there are tons of login scripts and they work just fine. However I need my operators to login and then list their activities for the other operators who are logged in to see and if desired send their clients on the desired activity. I have the login working like a charm and the activities are listed just beautifully. How do I combine the two tables in the MySQL with PHP so the operator Logged in can only make changes to his listing but see the others. FIRST THE ONE script the member logges in here to the one table in MSQL: <?php session_start(); require_once('config.php'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $login = clean($_POST['login']); $password = clean($_POST['password']); if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); if($result) { if(mysql_num_rows($result) == 1) { session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: member-index.php"); exit(); }else { header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> ................................................. ................................ Now I need the person who logged in to the table above to be able to make multiple entries to the table below <? $ID=$_POST['ID']; $title=$_POST['title']; $cost=$_POST['cost']; $activity=$_POST['activity']; $ayear=$_POST['aday']; $aday=$_POST['ayear']; $seats=$_POST['special']; $special=$_POST['seats']; mysql_connect("xxxxxx", "xxx350234427", "========") or die(mysql_error()); mysql_select_db("xxxx") or die(mysql_error()); mysql_query("INSERT INTO `activity` VALUES ('ID','$title', '$cost','$activity', '$aday', '$ayear', '$special', '$seats')"); Print "Your information has been successfully added to the database!" ?> Click <a href="member-profile.php">HERE</a> to return to the main menu <?php ?> Actually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after Hi, so far I have managed to set up a somewhat basic login website with a mysql database backend. Once they have logged on they go to a "main menu" page. What I need to define is that user A sees button A but only that button, etc. (Then of course that same rule would have to apply if they tried to directly go to the page, but I am guessing I can do that in the same way that I currently do to force a login). If anyone has any tutorials or sample code I would much appreciate it. Thanks, Hi guys, I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else. I have got the system to work up as far as: 1/ The user logs in 2/ Once logged in they are re-directed to their own page using 'theirusername.php' Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page. This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working! Please find below the code I am using: LOGIN <?php session_start(); function dbconnect() { $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error()); } ?> <?php if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; $_SESSION['name'] header("Location:" . strtolower($username) . ".php"); } ?> HEADER ON EACH PHP PAGE <?php session_start(); if(!isset($_SESSION['loggedin'])) { die(Access to this page is restricted without a valid username and password); ?> --------------------------------------------------- Am I right in thinking it is something to do with the "loggedin" part? The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php" Any help would be greatly appreciated! Ta Hi, I am getting frustrated beyond belief at the moment with trying to get a very simple script to run, I am using PHP 5.3.3 and MySQL 5.1 on a Win2k8 server with IIS7.5. Basically my script is connecting to a local database, running a single select query, returning those rows and building up a string from them. The problem is that I am receiving complete BS responses from PHP that the access is denied for the user being specified. This is complete rubbish since the user can connect via mysql, sqlyog, ASP.NET MVC without issue but for some bizarre reason it is not working via PHP. The code for the script is here : Code: [Select] <?php $mysql = mysql_connect('127.0.0.1:3306', 'myuser', 'mypass', 'mydatabase'); if (!$mysql) { die(mysql_error()); $content = "<nobr></nobr>"; } else { $result = mysql_query('SELECT * FROM tblEventGroup'); $content = "<nobr>"; if ($result) { while($row = mysql_fetch_assoc($result)) { $content .= "<span>"; $content .= $row['GroupName']; $content .= "</span>"; $content .= "<a href=\"../Event/EventSearch?groupid="; $content .= $row['GroupId']; $content .= "\" target=\"_blank\">Book here</a> "; } } mysql_close($mysql); $content .= "</nobr>"; } ?> I cannot for the life of me understand what the problem is, the return error is Access denied for user 'myuser'@'localhost' (using password: YES) I have a variable $form in the code below what I cant figure out how do it is call it and get the information it has out so I can display the errors: Code: [Select] function login($subuser, $subpass, $subremember){ global $database, $form; //The database and form object /* Username error checking */ $field = "user"; //Use field name for username if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Username not entered"); } else{ /* Check if username is not alphanumeric */ if(!preg_match("^([0-9a-z])*$^i", $subuser)){ $form->setError($field, "* Username not alphanumeric"); } } if ($database->usernameBanned($subuser)) { $form->setError($field, "*Your Account has been banned"); } /* Password error checking */ $field = "pass"; //Use field name for password if(!$subpass){ $form->setError($field, "* Password not entered"); } /* Return if form errors exist */ if($form->num_errors > 0){ return false; } /* Checks that username is in database and password is correct */ $subuser = stripslashes($subuser); $result = $database->confirmUserPass($subuser, md5($subpass)); /* Check error codes */ if($result == 1){ $field = "user"; $form->setError($field, "* Username not found"); } else if($result == 2){ $field = "pass"; $form->setError($field, "* Invalid password"); } /* Return if form errors exist */ if($form->num_errors > 0){ return false; } Hello, I have a booking system which has time and date fields and if someone tries to book, for example, on 01/01/2011 at 09:00, when this slot is already taken, an error would be produced - which is fine. However I'm not sure in telling them what hours are available. There are 9 available times: 09,10,11,12,13,14,15,16,17:00. I will need to perform an sql query to gather all the times on the inputted date, I'm guessing a for loop would be the most efficient way? The only way I could think of is using multiple IF queries, for example: Code: [Select] <?php $sql = "SELECT `Hour` FROM `jobs` WHERE `Hour` = '09:00:00' AND Day ='$Day' AND Month ='$Month' AND Year ='$Year'"; $result = mysql_query($sql); if(mysql_num_rows($result) > 0){ $09Available = 'n'; // Time not available }else{ $09Available = 'y'; } $sql = "SELECT `Hour` FROM `jobs` WHERE `Hour` = '10:00:00' AND Day ='$Day' AND Month ='$Month' AND Year ='$Year'"; $result = mysql_query($sql); if(mysql_num_rows($result) > 0){ $10Available = 'n'; // Time not available }else{ $10Available = 'y'; } $sql = "SELECT `Hour` FROM `jobs` WHERE `Hour` = '11:00:00' AND Day ='$Day' AND Month ='$Month' AND Year ='$Year'"; $result = mysql_query($sql); if(mysql_num_rows($result) > 0){ $11Available = 'n'; // Time not available }else{ $11Available = 'y'; } ?> etc. etc.. How would I go about creating a more efficient method? Thank you, Jack. |
|||||||