|
PHP - Register Page For Both Admin/users
Hi,
I'm very new to php/mysql, but for a project I'm working on I need to create users that are admins, and normal users. The admins would be able to post news stories, and delete user accounts. Whereas the users would just be able to comment on the news stories. I'm just wondering how I would create a normal 'register' page for both, which has the same fields, but somehow creates some people as admins, and others as normal users... with the ability to limit who can become an admin, so not everyone can register as one. I'm not sure how I would achieve this, or even know how to do it. Does anyone know any tutorials or code on how to achieve this? Your help is greatly appreciated, Thanks. Similar TutorialsHi guys, Can anyone help me; I have created a registration form (can be use for create or modify) and login form (Admin). What I am trying to do is; once the admin log in he/she can create / register a new user which contains: -Firstname -Surname -Address -Mobile -Dept Name -Username -Password -Repeat Password My DB will look like this: Table PERSONS: id, firstname, surname, address, mobile, dept_id, username, password. Table USER: id, username, password Table DEPT: id, dept_name Can anyone help me how am I going to related the USER table into the PERSONS so when admin register a new user - the data will be created the into database as well as the data can be extracted for modification. Any suggestion? Here are my code: register.php <?php require 'includes/application_top.php'; if (!isset($_POST['name']) && isset($_GET['id'])) { $mode = "Modifying"; // Get data from DB $q = "SELECT * FROM `persons` WHERE `ID` = '".$_GET['id']."'"; $result = mysql_query($q) or die (mysql_error()); $row = mysql_fetch_array($result); $name = $row['firstname']; $surname = $row['surname']; $address = $row['address']; $dept = $row['dept_id']; $mobile = $row['mobile']; }else if (!isset($_POST['name']) && !isset($_GET['id'])) { $mode = "Register"; // Data is empty $name = $surname = $address = $dept = $mobile = ""; } else { $errors = array(); if ($_POST['name'] == "") $errors[] = "Name"; if ($_POST['surname'] == "") $errors[] = "Surname"; if ($_POST['mobile'] == "" || !is_numeric ($_POST['mobile'])) $errors[] = "Mobile No"; if (count($errors)) { $errormsg = "Please fill the blank info:<br/ >".implode('<br />',$errors); $mode = $_POST['mode']; $name = $_POST['name']; $surname = $_POST['surname']; $address = $_POST['address']; $dept = $_POST['dept']; $mobile = $_POST['mobile']; } else { foreach ($_POST as $key => $val) { $_SESSION[$key] = $val; } header("Location: confirmPage.php"); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Modify Document</title> </head> <body> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <?php if (isset($errormsg)) echo "<div id=\"error_message\" style=\"color:red;\">$errormsg</div>"; ?> <div align="center"> <table width="370" border="0"> <h1> <?php echo $mode; ?> A User </h1> <p><font color="orangered" size="+1"><tt><b>*</b></tt></font> indicates a required field</p> <tr> <th width="200" height="35" align="left" scope="row" >First Name <font color="orangered" size="+1"><tt><b>*</b></tt></font> </th> <td width="160"><input type="text" name="name" value="<?php echo $name;?>" size="25"/></td> </tr> <tr> <th height="35" align="left"> Surname <font color="orangered" size="+1"><tt><b>*</b></tt></font> </th> <td> <input type="text" name="surname" value="<?php echo $surname; ?>" size="25"/></td> </tr> <tr> <th height="35" align="left"> Address</th> <td> <input type="text" name="address" value="<?php echo $address; ?>" size="25"/></td> </tr> <tr> <th height="35" align="left"> Choose a username <font color="orangered" size="+1"><tt>*</tt></font></th> <td> <input name="username" type="text" maxlength="100" size="25" /> </td> </tr> <tr> <th height="35" align="left"> Choose a password <font color="orangered" size="+1"><tt><b>*</b></tt></font> </th> <td> <input name="password" type="password" maxlength="100" size="25" /> </td> </tr> <tr> <th height="35" align="left"> Repeat your password <font color="orangered" size="+1"><tt><b>*</b></tt></font> </th> <td> <input name="repeatpassword" type="password" maxlength="100" size="25" /> </td> </tr> <tr> <th height="35" align="left">Department</th> <td> <select name="dept"> <option value="">Select..</option> <?php $data = mysql_query ("SELECT * FROM `dept` ORDER BY `id` DESC") or die (mysql_error()); while($row_dept = mysql_fetch_array( $data )) { ?> <option value="<?php echo $row_dept['id'] ;?>" <?php if($row_dept['id']==$dept){echo ' selected="selected"';}?>> <?php echo $row_dept['dept_name'] ;?> </option> <?php } ?> </select> </td> </tr> <tr> <th height="35" align="left">Mobile</th> <td><input type="text" name="mobile" value="<?php echo $mobile; ?>" size="25"/></td> </tr> <tr> <td align="right" colspan="2"> <hr noshade="noshade" /> </td> </tr> </table> <br/> <a href="index.php"> <input type="button" name="back" value="Back" /></a> <input type="hidden" name="id" value="<?php echo isset($_GET['id']); ?>"> <input type="hidden" name="mode" value="<?php echo $mode; ?>"> <input type="submit" value="<?php echo ($mode == "Register") ? 'Register' : 'Modify'; ?>"/> </div> </form> </body> </html> I need to know how to allow admin to essentially be "all users" in otherwords, edit everyones profile and not just their own. Tell me what codes would be helpful and i will send them on in. By the way, i do have a script that allows members to edit own profile. hello, so i have a php login area for my clients... when i register a client it sets the user level to 1 admin user level is 9 any user whose level i >9 it redirect loops between the directory www.domain.com/ClientArea/ i changed that users level to 9, to see if it would log in, and it did fine... so i am a bit stuck as to where the problem is? here are some code snippets you'll need to help me if you can:) process.php (where the form is sent) function procLogin(){ global $session, $form; /* Login attempt */ $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember'])); /* Login successful */ if($retval){ header("Location: ../ClientArea/"); } /* Login failed */ else{ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ../ClientArea/?login=failed"); } } session.php (where the magic happens) its inc into the process.php and inc into the index.php of clientarea /** * startSession - Performs all the actions necessary to * initialize this session object. Tries to determine if the * the user has logged in already, and sets the variables * accordingly. Also takes advantage of this page load to * update the active visitors tables. */ function startSession(){ global $database; //The database connection session_start(); //Tell PHP to start the session /* Determine if user is logged in */ $this->logged_in = $this->checkLogin(); /** * Set guest value to users not logged in, and update * active guests table accordingly. */ if(!$this->logged_in){ $this->username = $_SESSION['username'] = GUEST_NAME; $this->userlevel = GUEST_LEVEL; $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time); } /* Update users last active timestamp */ else{ $database->addActiveUser($this->username, $this->time); } /* Remove inactive visitors from database */ $database->removeInactiveUsers(); $database->removeInactiveGuests(); /* Set referrer page */ if(isset($_SESSION['url'])){ $this->referrer = $_SESSION['url']; }else{ $this->referrer = "/"; } /* Set current url */ $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF']; } /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin(){ global $database; //The database connection /* Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){ $this->username = $_SESSION['username'] = $_COOKIE['cookname']; $this->userid = $_SESSION['userid'] = $_COOKIE['cookid']; } /* Username and userid have been set and not guest */ if(isset($_SESSION['username']) && isset($_SESSION['userid']) && $_SESSION['username'] != GUEST_NAME){ /* Confirm that username and userid are valid */ if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){ /* Variables are incorrect, user not logged in */ unset($_SESSION['username']); unset($_SESSION['userid']); return false; } /* User is logged in, set class variables */ $this->userinfo = $database->getUserInfo($_SESSION['username']); $this->username = $this->userinfo['username']; $this->userid = $this->userinfo['userid']; $this->userlevel = $this->userinfo['userlevel']; $this->firstname = $this->userinfo['firstname']; $this->lastname = $this->userinfo['lastname']; $this->company = $this->userinfo['company']; $this->tel = $this->userinfo['tel']; $this->address = $this->userinfo['address']; $this->email = $this->userinfo['email']; return true; } /* User not logged in */ else{ return false; } } /** * login - The user has submitted his username and password * through the login form, this function checks the authenticity * of that information in the database and creates the session. * Effectively logging in the user if all goes well. */ function login($subuser, $subpass, $subremember){ global $database, $form; //The database and form object /* Username error checking */ $field = "user"; //Use field name for username if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Username not entered"); } else{ /* Check if username is not alphanumeric */ if(!eregi("^([0-9a-z])*$", $subuser)){ $form->setError($field, "* Username not alphanumeric"); } } /* Password error checking */ $field = "pass"; //Use field name for password if(!$subpass){ $form->setError($field, "* Password not entered"); } /* Return if form errors exist */ if($form->num_errors > 0){ return false; } /* Checks that username is in database and password is correct */ $subuser = stripslashes($subuser); $result = $database->confirmUserPass($subuser, md5($subpass)); /* Check error codes */ if($result == 1){ $field = "user"; $form->setError($field, "* Username or password incorrect"); } else if($result == 2){ $field = "pass"; $form->setError($field, "* Username or password incorrect"); } /* Return if form errors exist */ if($form->num_errors > 0){ return false; } /* Username and password correct, register session variables */ $this->userinfo = $database->getUserInfo($subuser); $this->username = $_SESSION['username'] = $this->userinfo['username']; $this->userid = $_SESSION['userid'] = $this->generateRandID(); $this->userlevel = $this->userinfo['userlevel']; /* Insert userid into database and update active users table */ $database->updateUserField($this->username, "userid", $this->userid); $database->addActiveUser($this->username, $this->time); $database->removeActiveGuest($_SERVER['REMOTE_ADDR']); /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his username, * and one to hold his random value userid. It expires by the time * specified in constants.php. Now, next time he comes to our site, we will * log him in automatically, but only if he didn't log out before he left. */ if($subremember){ setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH); setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH); } /* Login completed successfully */ return true; } I'am trying to make the page show the errors in the same page under the register button, but it always disable all the forms and show the error by it self. my code: Quote <?php ob_start(); session_start(); include_once "functions.php"; connect(); if(!$_POST['submit']){ echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n"; echo "<form method=\"post\" action=\"register.php\">\n"; echo "<tr><td colspan=\"2\" align=\"center\">Registration Form</td></tr>\n"; echo "<tr><td>Username</td><td><input type=\"text\" name=\"name\" maxLength=14></td></tr>\n"; echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\" maxLength=14></td></tr>\n"; echo "<tr><td>Confirm</td><td><input type=\"password\" name=\"passconf\" maxLength=14></td></tr>\n"; echo "<tr><td>E-Mail</td><td><input type=\"text\" name=\"email\" maxLength=24></td></tr>\n"; echo "<tr><td>Question</td><td><input type=\"text\" name=\"idnumber\" maxLength=14></td></tr>\n"; echo "<tr><td>Answer</td><td><input type=\"text\" name=\"phone\" maxLength=14></td></tr>\n"; echo "<form method=\"post\" action=\"captcha.php\">\n"; echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n"; echo "<tr><td>Type The Letters You See Below Into the Box</td></tr>\n"; echo "<tr><td align=\"center\"><img src=\"image.php\"></td></tr>\n"; echo "<tr><td align=\"center\"><input type=\"text\" name=\"image\"></td></tr>\n"; echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"Register\"></td></tr>\n"; echo "</form></table>\n"; }else { $errors = array(); $name = protect($_POST['name']); $password = protect($_POST['password']); $confirm = protect($_POST['passconf']); $email = protect($_POST['email']); $phone = protect($_POST['idnumber']); $ownerReply = protect($_POST['phone']); $image = $_POST['image']; if($image == $_SESSION['string']){}else{ $errors[] = "Wrong Captcha!"; }ob_end_flush(); if(!$name){ $errors[] = "Username is not defined!"; } if(!$password){ $errors[] = "Password is not defined!"; } if($password){ if(!$confirm){ $errors[] = "Confirmation password is not defined!"; } } if(!$email){ $errors[] = "E-mail is not defined!"; } if(!$idnumber){ $errors[] = "Security Question is not defined!"; } if(!$phone){ $errors[] = "Security Answer is not defined!"; } if($name){ if(!ctype_alnum($name)){ $errors[] = "Username can only contain numbers and letters!"; } $range = range(8,14); if(!in_array(strlen($name),$range)){ $errors[] = "Username must be between 8 and 14 characters!"; } } if($password && $confirm){ if($password != $confirm){ $errors[] = "Passwords do not match!"; } $range = range(10,14); if(!in_array(strlen($password),$range)){ $errors[] = "Password must be between 10 and 14 characters!"; } } if($email){ $checkemail = "/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i"; if(!preg_match($checkemail, $email)){ $errors[] = "E-mail is not valid, must be name@server.tld!"; } } if($idnumber){ if(!ctype_alnum($phone)){ $errors[] = "Securty Question can only contain numbers and letters!"; } $range = range(8,14); if(!in_array(strlen($idnumber),$range)){ $errors[] = "Securty Question must be between 8 and 14 characters!"; } } if($phone){ if(!ctype_alnum($phone)){ $errors[] = "Securty Answer can only contain numbers and letters!"; } $range = range(8,14); if(!in_array(strlen($phone),$range)){ $errors[] = "Securty Answer must be between 8 and 14 characters!"; } } if($email){ $sql2 = "SELECT * FROM `account` WHERE `email`='".$email."'"; $res2 = mysql_query($sql2) or die(mysql_error()); if(mysql_num_rows($res2) > 0){ $errors[] = "The e-mail address you supplied is already in use of another user!"; } } if(count($errors) > 0){ foreach($errors AS $error){ echo $error . "<br>\n"; } }else { $sql4 = "INSERT INTO `account` (`name`,`password`,`email`,`idnumber`,`phone`) VALUES ('".$name."','".md5($password)."','".$email."','".$idnumber."','".$phone."')"; $res4 = mysql_query($sql4) or die(mysql_error()); echo "You have successfully registered with the username <b>".$name."</b> and the password of <b>".$password."</b>!"; } } ?> Direct link to the register page in case you didn't understand what i mean. http://hebrithco.com/server/bew/ Hi nothing seems to work! No error messages appear and no data enters my database! Can people please help me please! Needs to be solved by today! Thanks <?php //connect to db $connect = mysql_connect("l", "", ""); mysql_select_db("", $connect); //if submit button gets pressed if(isset($_POST['submit'])){ //Grab data from the form $username = preg_replace('#[^A-Za-z0-9]#i','', $_POST['username']); // filter everything but letters and numbers $firstname = preg_replace('#[^A-Za-z]#i', '', $_POST['firstname']); // filter everything but Letters $lastname = preg_replace('#[^A-Za-z]#i', '', $_POST['lastname']); // filter everything but Letters $phone = preg_replace('#[^0-9]#i', '', $_POST['phone']); // filter everything but numbers $address= preg_replace('#[^A-Za-z]#i', '', $_POST['address']); // filter everything but Letters $postcode= preg_replace('#[^A-Za-z]#i', '', $_POST['postcode']); // filter everything but Letters $town= preg_replace('#[^A-Za-z]#i', '', $_POST['town']); // filter everything but Letters $housenumber= preg_replace('#[^0-9]#i', '', $_POST['housenumber']); // filter everything but numbers $b_m = preg_replace('#[^0-9]#i', '', $_POST['birth_month']); // filter everything but numbers $b_d = preg_replace('#[^0-9]#i', '', $_POST['birth_day']); // filter everything but numbers $b_y = preg_replace('#[^0-9]#i', '', $_POST['birth_year']); // filter everything but numbers $email1 = mysql_real_escape_string (stripslahes (strip_tags($_POST['email1']))); $email2 = mysql_real_escape_string (stripslahes (strip_tags($_POST['email2']))); $pass1 = md5(mysql_real_escape_string (stripslahes (strip_tags($_POST['pass1'])))); $pass2 = stripslashes(strip_tags($_POST['pass2'])); $emailCHecker = mysql_real_escape_string($email1); $emailCHecker = str_replace("`", "", $emailCHecker); // Database duplicate username check setup for use below in the error handling if else conditionals $sql_uname_check = mysql_query("SELECT username FROM member WHERE username='$username'"); $uname_check = mysql_num_rows($sql_uname_check); // Database duplicate e-mail check setup for use below in the error handling if else conditionals $sql_email_check = mysql_query("SELECT email FROM member WHERE email='$emailCHecker'"); $email_check = mysql_num_rows($sql_email_check); // Convert Birthday to a DATE field type format(YYYY-MM-DD) out of the month, day, and year supplied $dateofbirth = "$b_y-$b_m-$b_d"; //If any errors have been found, DO NOT register the member, and instead, redisplay the form } if (!isset($username) || !isset($firstname) || !isset ($lastname) || !isset($address) || !isset($postcode) || !isset($town) || !isset($b_m) || !isset($b_d) || !isset($b_y) || !isset($email1) || !isset($email2) || !isset($pass1) || !isset($pass2)) { $errorMsg = 'ERROR: You did not submit the following required information:<br /><br />'; if(!isset($username)){ $errorMsg .= ' * User Name<br />'; } if(!isset($firstname)){ $errorMsg .= ' * First Name<br />'; } if(!isset($lastname)){ $errorMsg .= ' * Last Name<br />'; } if(!isset($address)){ $errorMsg .= ' * Address<br />'; } if(!isset($postcode)){ $errorMsg .= ' * postcode<br />'; } if(!isset($town)){ $errorMsg .= ' * town<br />'; } if(!isset($b_m)){ $errorMsg .= ' * Birth Month<br />'; } if(!isset($b_d)){ $errorMsg .= ' * Birth Day<br />'; } if(!isset($b_y)){ $errorMsg .= ' * Birth year<br />'; } if(!isset($email1)){ $errorMsg .= ' * Email Address<br />'; } if(!isset($email2)){ $errorMsg .= ' * Confirm Email Address<br />'; } if(!isset($pass1)){ $errorMsg .= ' * Login Password<br />'; } if(!isset($pass2)){ $errorMsg .= ' * Confirm Login Password<br />'; } if ($email1!= $email2){ $errorMsg.='ERROR: Your email fields below do not match<br />'; } if ($pass1!= $pass2){ $errorMsg.='ERROR: Your password fields below do not match<br />'; } if(strlen($username)<6){ $errorMsg.="<u>ERROR:</u><br/>Your User Name is too short. 6-20 characters please. <br/>"; } if(strlen($username)>20){ $errorMsg.="<u>ERROR:</u><br/>Your User Name is too long. 6-20 characters please. <br/>"; } if($username_check>0){ $errorMsg.="<u>ERROR:</u><br/> Your User Name is already in use inside of our system. Please try another.<br/>"; } if($email_check >0){ $errorMsg.="<u>ERROR:</u><br/>Your Email address is already in use inside of our system. Please use another.<br/>"; } } else{ mysql_query("INSERT INTO member (username, firstname, lastname, email, password, dateofbirth, phone, lastlogin) VALUES('$username','$firstname','$lastname','$email1','$password', '$dateofbirth','$phone', now())") or die (mysql_error()); $sql = mysql_query("INSERT INTO address (address, postcode, town, housenumber) VALUES('$adress','$postcode,'$town','$housenumber'") or die (mysql_error()); mysql_close(); Echo "Welcome to my site, $username! You may now <a href=\"index.php\">login</a>."; } ?> I installed phpbb to my site; however i didn't like it so i deleted it. Now my register.php (which hasn't been changed and worked before the phpbb install) will not post data to my database. If someone can help me fix this problem id be most thankful. Hello Coddy Guys,im trying to do simple website creator Maybe i don't have Disease Centres probably do not have the imagination to do or something else. I wan't to do. when member is registered and he got template that chosed in registration. how to create new folder with users template. Maybe you got it. Thanks. hello, I have created a website which has to incorporate administration features. I hjave been trying to do this for a couple of days and any help will be much appreciated. I have a login screen (form) when the user enters their username and password they are brought to the homepage.php. Is there anyway to redirect the administrator (username=admin) to a different page from all ordinary members? e.g. deletemember.php Thanks hi! i dont know if the query below from mysql is slowing down the page or i have not written it properly: It is very slow, even when you limit the results to 100 . Thanks in advance.. Code: [Select] SELECT `tbl_business`.`appformno`, " _ & "`tbl_business`.`pobox`, `tbl_business`.`plotno`, `tbl_business`.`postalcode`, " _ & "`tbl_business`.`zonecode`, `tbl_business`.`ne`, `tbl_activities`.`act_code`, " _ & "`tbl_activity_codes`.`approved_fee`, `tbl_payment_status`.`status`, " _ & "`tbl_business`.`company`, `tbl_activity_codes`.`description` " _ & "FROM (`citycouncil`.`tbl_activity_codes` `tbl_activity_codes` " _ & "LEFT JOIN (`citycouncil`.`tbl_business` `tbl_business` " _ & "LEFT JOIN `citycouncil`.`tbl_activities` `tbl_activities` " _ & "ON `tbl_business`.`appformno`=`tbl_activities`.`appformno`) " _ & "ON `tbl_activity_codes`.`act_code`=`tbl_activities`.`act_code`) " _ & "LEFT JOIN `citycouncil`.`tbl_payment_status` `tbl_payment_status` " _ & "ON `tbl_activities`.`id`=`tbl_payment_status`.`activity_id` " _ & "WHERE tbl_business.appformno LIKE '%" & strFormNo & "%' " _ & "AND tbl_business.bid LIKE '%" & strBizIdNo & "%'" _ & " AND `tbl_business`.`contperson` LIKE '%" & strContPerson & "%' " _ & "AND `tbl_business`.`zonecode` LIKE '%" & strZoneCode & "%' " _ & " AND `tbl_activities`.`act_code` LIKE '%" & strBizActCode & "%' " _ & "AND `tbl_business`.`roadstreet` LIKE '%" & strStreet & "%' " _ & " AND `tbl_business`.`company` LIKE '%" & strBizName & "%' " _ & "AND `tbl_business`.`building` LIKE '%" & strBuilding & "%' " _ & "ORDER BY `tbl_business`.`appformno` I am trying to make an admin page for a client using the rich text editor CKeditor. I have the standard page set up to get it's content with a php include of an html file. This html files is also used to preload the content into the CKeditor. What I need to know is how to get the CKeditor to change the html file so it will load into the page. The admin page is located at www.wisconsincrosscountry.org/admin the html content is located at www.wisconsincrosscountry.org/phpContent/Content-test.html the page that the changes should appear on www.wisconsincrosscountry.org/testing.php I don't have much experience in php, so any help is greatly appreciated. Hello: Seeking some input, please. I use single-pages in my admin panel to update and maintain each corresponding page on the front end. Code: [Select] ADMIN = FRONT END a_Home.php = Home.php a_About.php = About.php Etc... The code is the same for each page, except I have to rename the TABLE everytime I make a new page: Code: [Select] <?php include('../include/myConn.php'); //contains your mysql connection and table selection include('../include/myCodeLib.php'); include('include/myCheckLogin.php'); include('include/myAdminNav.php'); include('ckfinder/ckfinder.php'); include('ckeditor/ckeditor.php'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $myTitle = mysql_real_escape_string($_POST['myTitle']); $myDesc = mysql_real_escape_string($_POST['myDesc']); $myHeader = mysql_real_escape_string($_POST['myHeader']); $mySubHeader = mysql_real_escape_string($_POST['mySubHeader']); $myPageData = mysql_real_escape_string($_POST['myPageData']); $sql = " UPDATE myTestimonials SET myTitle = '$myTitle', myDesc = '$myDesc', myHeader = '$myHeader', mySubHeader = '$mySubHeader', myPageData = '$myPageData' "; mysql_query($sql) && mysql_affected_rows() ?> <script language="JavaScript"> alert("This page was updated!"); location.href = "a_Testimonials.php"; </script> <?php } $query=mysql_query("SELECT * FROM myTestimonials") or die("Could not get data from db: ".mysql_error()); while($result=mysql_fetch_array($query)) { $myTitle=$result['myTitle']; $myDesc=$result['myDesc']; $myHeader=$result['myHeader']; $mySubHeader=$result['mySubHeader']; $myPageData=$result['myPageData']; } ?> <!DOCTYPE HTML> <html> <head> <meta name="author" content="MontyTheWebmaster.com" /> <meta charset="ISO-8859-1" /> <title>Admin Area</title> <?php echo spAdminLinks(); ?> </head> <body> <div id="siteContainer"> <div id="topContainer"> <?php echo spAdminTopMenu(); ?> </div> <div id="topMenuContainer"> <div id="topMenu"> <?php echo spAdminMenu(); ?> </div> </div> <div id="contentContainer"> <div id="mainContent"> <h1>Editing: Testimonials</h1> <p> <form method="post" action="<?php echo $PHP_SELF;?>"> <input type="hidden" name="POSTBACK" value="EDIT"> <div style="float: left; width: 120px; margin-right: 30px;"> Page Title: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="myTitle"><?php echo $myTitle; ?></textarea> </div> <div style="clear: both;"><br /></div> <div style="float: left; width: 120px; margin-right: 30px;"> Page Description: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="myDesc"><?php echo $myDesc; ?></textarea> </div> <div style="clear: both;"><br /></div> <div style="float: left; width: 120px; margin-right: 30px;"> Page Header: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="myHeader"><?php echo $myHeader; ?></textarea> </div> <div style="clear: both;"><br /></div> <div style="float: left; width: 120px; margin-right: 30px;"> Page SubHeader: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="mySubHeader"><?php echo $mySubHeader; ?></textarea> </div> <div style="clear: both;"><br /></div> Page Content:<br /> <textarea cols="80" id="myPageData" name="myPageData"><?php echo $myPageData; ?></textarea> <script type="text/javascript"> CKEDITOR.replace( 'myPageData', { filebrowserBrowseUrl : 'ckfinder/ckfinder.html', filebrowserImageBrowseUrl : 'ckfinder/ckfinder.html?Type=Images', filebrowserFlashBrowseUrl : 'ckfinder/ckfinder.html?Type=Flash', filebrowserUploadUrl : 'ckfinder/core/connector/php/connector.php?command=QuickUpload&type=Files', filebrowserImageUploadUrl : 'ckfinder/core/connector/php/connector.php?command=QuickUpload&type=Images', filebrowserFlashUploadUrl : 'ckfinder/core/connector/php/connector.php?command=QuickUpload&type=Flash' } ); </script> <br /> <input type="submit" value="Submit" /> </form> </p> </div> <div style="clear: both;"></div> </div> <div id="footerContainer"> <?php echo spAdminFooter(); ?> </div> </div> </body> </html> What I am curious about is how can I take this page and make it so I can add a new page, delete a page, etc. all from just one page like above? And on the frontend, what would be the best way to display the data in a search engine friendly way (i.e. without QueryStrings like MyPage.php?id=2 Hi all, Can anyone give me some suggestion please. I'm a bit stuck here -- I am trying to build an admin and user log in. Admin: can view and edit, delete and create the page. User: can only create their profile. The problem is: I have almost the same index page for admin and user. I wonder if we can make it one page instead depending on what sort of user it has been log in. Also, the create page also almost similar...I don't know how to work it out as when I use the back button it go back to admin page (as I set it admin_area.php) - Do I have to create two create page as well? Or is there any better way to deal these forms? Login page -> (If admin) -> admin_area.php (can view all of them and page contains: create.php, edit.php and delete.php) Login page -> (If user/member) ->user_area.php (page contains: create their profile only) Any inputs would be helpful. Thanks. Hi guy's, I'm having problems adjusting a script to add a level (user rights) function. When i login with a admin or normal user it gives a blank page (not redirecting to home.php). It even does'nt return an echo that user / pass is incorrect. I'm breaking my head over this for day's now. Can you help me out? Code: [Select] <?php session_start(); //Login form (index.php) include "db_connect.php"; if(!$_POST['submit']) { ?> <html> <head> <!--[if IE]> <link rel="stylesheet" type="text/css" href="style.css" /> <![endif]--> <![if !IE]> <link rel="stylesheet" type="text/css" href="firefox.css" /> <![endif]> </head> <body> <div id="wrapper"> <div id="header"> <?php include('header.php'); ?> </div> <div class="divider"> <strong>Login</strong> <form method="post" action="index.php"> <div class="formElm"> <label for="username">Klantnummer:</label> <input id="username" type="text" name="username" maxlength="16"> </div> <div class="formElm"> <label for="password">Wachtwoord:</label> <input type="password" name="password" maxlength="16"> </div> <input type="submit" name="submit" value="Login"> </form> </div> <div id="footer"> <?php include('footer.php'); ?> </div> </div> </html> <?php } else { $user = protect($_POST['username']); $pass = protect($_POST['password']); $level = protect($_POST['level']); if($user && $pass && $level) { $pass = md5($pass); //compare the encrypted password $sql1 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='1'"; $sql2 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='9'"; $queryN=mysql_query($sql1) or die(mysql_error()); $queryA=mysql_query($sql2) or die(mysql_error()); if(mysql_num_rows($queryN) == 1) { $resultN = mysql_fetch_assoc($queryN); $_SESSION['id'] = $resultN['id']; $_SESSION['username'] = $resultN['username']; header("location:home.php"); } elseif(mysql_num_rows($queryA) == 1) { $resultA = mysql_fetch_assoc($queryA); $_SESSION['id'] = $resultA['id']; $_SESSION['username'] = $resultA['username']; header("location:home.php"); } else{ echo "Wrong Username or Password"; } } } ?> and the mysql code: Code: [Select] CREATE TABLE `user` ( `id` int(4) unsigned NOT NULL auto_increment, `username` varchar(32) NOT NULL, `password` varchar(32) NOT NULL, `level` int(4) default '1', PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=27 DEFAULT CHARSET=latin1; i have a mysql db, i have a form that i use to post data to db. i would like to have visitors to my site be able to post to db as well, but they would have to be registered and have their own profile. when logged in they could see and edit their own space and content that they posted to mysql. how would i go about creating something like this? can someone point me in the right direction ? thank you. Afternoon All. I wish to re-direct users to a 404 error page on my site if an article does not exist in my database. Here's my code: $SQL = "SELECT headline FROM news WHERE news_id=".mysql_real_escape_string($_GET['news_id']); $result = mysql_query($SQL) OR die(mysql_error()); $num = mysql_num_rows($result); //** Check that the entry exists otherwise send to error page if ($num > 0) { $row = mysql_fetch_array($result); $headline = $row['headline']; } else { echo "Why is this printed? - I should be leaving this page?"; header("Location: error.php"); exit; } Now the wierd thing is that when I enter a news_id for a value that does not exist it prints the message Why is this printed? - I should be leaving this page? so it's actually going to the ELSE statement which is good, but surely it should not do this as I ask the page to re-direct? Thank you So, I'm designing a website (who isn't?) and I created the basic framework for a users page from a tutorial I found. Using some previous knowledge I managed to make it display a few custom fields that are defined by the user. Everything works fine as is, but now I want to do a few things to it that I have not the slightest clue how to even begin... Here is my user page code so far... and oh yes I'm using WordPress which is why I made it check manually for page status in my Page.php file. <?php if ( is_page('Users')) { echo "<ul id=\"UsersList\">"; /* First we set how we'll want to sort the user list. You could sort them by: ------------------------ * ID - User ID number. * user_login - User Login name. * user_nicename - User Nice name ( nice version of login name ). * user_email - User Email Address. * user_url - User Website URL. * user_registered - User Registration date. */ $szSort = "user_nicename"; /* Now we build the custom query to get the ID of the users. */ $aUsersID = $wpdb->get_col( $wpdb->prepare("SELECT $wpdb->users.ID FROM $wpdb->users ORDER BY %s ASC", $szSort )); /* Once we have the IDs we loop through them with a Foreach statement. */ foreach ( $aUsersID as $iUserID ) : /* We use get_userdata() function with each ID. */ $user = get_userdata( $iUserID ); /* Here we finally print the details wanted. Check the description of the database tables linked above to see all the fields you can retrieve. To echo a property simply call it with $user->name_of_the_column. */ if($user->user_login != "Unknown") // don't show the placeholder for [unknown] author { echo '<a href="">' . get_avatar( $iUserID, $size = '45', $border='0') . '</a>'; echo '<li>' . ucwords( strtolower( $user->user_login ) ) . '</li>'; if($user->favorite_player != "") { echo '<li>' . $user->favorite_player . '</li>'; } if($user->player_name != "") { echo '<li>' . $user->player_name . '</li>'; } } /* The strtolower and ucwords part is to be sure the full names will all be capitalized. */ endforeach; // end the users loop. echo "</ul>"; }; ?> Problem one: This does NOT sort my name, despite the tutorial's insistence that it will. I have not even a guess as to why this is. Problem two: I would like to either sort this list into two columns or paginate it or both but I am not sure how to do either. Problem three: I want to insert some static text between the echo '<li>' and the . $user->player_name . '</li>'; so that it reads: o Player Name: USER'S VARIABLE ' PLAYER NAME' HERE Yes that 'o' is supposed to be the list item dot. I know how strings work, I just can't get my attempts to work out syntax-wise. Any help would be greatly appreciated! Tutorials, answers, suggestions, examples, anything. The extent of my previous coding knowledge is several years of UnrealScript, so you can see why this simple thing is baffling me. Frankly I'm surprised this much of it works. I am trying to make a login and direct for my clients. I have all the login stuff working but can't figure out how to redirect specific clients to their pages only. Any help anyone can offer would be great. Code: [Select] <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> hi i was wondering how i would make a website that allowed a user to login and edit there website ... like im a hoster and they can have a webpage on my server... how would i do this? allow them to create a database , and use all types of code? please help me this is important , if i didnt explain good enough please tell me MySQL Version: 5.5.20 (<-- This is my WAMPServer version to test my program, my hosting has 5.1 though) PHP Version: 5.3.10 (My Hosting says its PHP 5 but not sure what version, i know its not the newest) What im trying to do is have my site have a page like "www.mysite.com/data.php?user=Nicholas&country=USA" Thing is, i dont know what to add in my data.php source code to make it work like that. What im trying to achieve is for my users to sign up for my page but I DO NOT want to add my MySQL user and pass in the page where it can be cracked and hacked. When the user goes to the page, a script will automatically put the user and country and then the page will automatically add the user and his country to the MySQL table on my database. Im also making a program that will work like this and that will have a higher chances of being hacked if i add my MySQL info into the program in order to add data. Can someone please provide me of a sample source i can try? I will not only be adding user and country but i want to test this out. Thanks! Hi, I have a restricted area for my work's company. This is an area where registered users with their own user name and password can access to download technical documents etc. I am hearing some reports that users will have to login twice to get to the area - This happens in Chrome, IE 7/8 and some Firefox's. It has only happened to me once or twice. Does anyone know why this may be? Here is the HTML code from the login form on the index page: Code: [Select] <form name="login_form" method="post" action="log.php?action=login"> <p>Login:<br /> <input type="text" name="user" /> </p> <p>Password: <br /><input type="password" name="pwd" /> </p> <p class="submit"> <input type="submit" value="Submit" name="submit" class="submit" /> </p> </form> Here is the log.php File: (personal connection details edited) Code: [Select] <?php $hostname = "IP:3306"; $username = "user"; $password = "password"; $database = "db_name"; $link = MYSQL_CONNECT($hostname,$username,$password); mysql_select_db($database); ?> <?php session_name("MyWebsiteLogin"); session_start(); if($_GET['action'] == "login") { $conn = mysql_connect("IP:3306","user","password"); $db = mysql_select_db("db_name"); //Your database name goes in this field. $name = $_POST['user']; $ip=$_SERVER['REMOTE_ADDR']; $country = file_get_contents('http://api.hostip.info/country.php?ip='.$ip); $q_user = mysql_query("SELECT * FROM customer WHERE username='$name'"); ?> <?php $insert_query = ("INSERT INTO login(username, ip, country) VALUES ('$name','$ip','$country');"); mysql_query($insert_query) or die('Error, insert query failed'); ?> <?php if(mysql_num_rows($q_user) == 1) { $query = mysql_query("SELECT * FROM customer WHERE username='$name'"); $data = mysql_fetch_array($query); if($_POST['pwd'] == $data['password']) { session_register("name"); header("Location: http://#/download/index.php?un=$name"); // This is the page that you want to open if the user successfully logs in to your website. exit; } else { header("Location: login.php?login=failed&cause=".urlencode('Wrong Password')); exit; } } else { header("Location: login.php?login=failed&cause=".urlencode('Invalid User')); exit; } } ?> Any help or ideas would be greatly appreciated. |
|||||||