|
PHP - Php Edit When Logged In Not Working
hello i am stuck and hoping you can help, i have created this function and its not working correctly, what i am trying to do is
when someone is logged in they get this line of code echo "<a href=\"update-content.php?id=5\">Edit</a> | <a href=\"delete-content.php?id=5\">Delete</a>"; which is ok as i dont want that to work yet and if your not logged in you dont get it. i have added //show when logged in and show not logged in so you know which code i want it to load when at the moment its only loading the not logged in one even if you are. i have looked on google read up on php sites but cant figure out how to do it, so hoping you guys will tell me were i gone wrong and how to correct it, thanks again heres the code. function get_left() { if (isset($_GET['page'])) { $page = $_GET['page']; //Show Page not logged in $sql = "SELECT title,body FROM content WHERE page = '$page' AND location = 'left' AND disabled = 'no' ORDER BY id"; $res = mysql_query($sql) or die (mysql_error()); while($row = mysql_fetch_assoc($res)){ echo '<h1>' . $row['title'] . '</h1>'; echo '<p>' . $row['body'] . '</p>'; } } //show when logged in elseif ($_SESSION['username']&&(isset($_GET['page']))){ $sql = "SELECT title,body FROM content WHERE page = '$page' AND location = 'left' AND disabled = 'no' ORDER BY id"; $res = mysql_query($sql) or die (mysql_error()); while($row = mysql_fetch_assoc($res)){ echo '<h1>' . $row['title'] . '</h1>'; echo '<p>' . $row['body'] . '</p>'; echo "<a href=\"update-content.php?id=5\">Edit</a> | <a href=\"delete-content.php?id=5\">Delete</a>"; } } } Similar TutorialsHai..
currently i am developing client dashboard using php/mysql.Here is my problem i need to create a tab named as notes.Using this tab the logged in users can add a new note or edit his existing note and save as text file.. I am making a login system and I have done it before. ryanweekly.com is the site I am trying to put it on. Here is the script to the home page. Here is the code I am having a problem with: Code: [Select] <?php if (empty($username)) include ("loginbar.php"); if (!empty($username)) include ("logged.php"); ?> Code: [Select] <?PHP $username = $_SESSION['MM_Username']; ?> <?php require_once('Connections/ryanweeklyusers.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } ?> <?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['username'])) { $loginUsername=$_POST['username']; $password=$_POST['password']; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "index.php"; $MM_redirectLoginFailed = "index.php?reg=loger"; $MM_redirecttoReferrer = false; mysql_select_db($database_ryanweeklyusers, $ryanweeklyusers); $LoginRS__query=sprintf("SELECT username, password FROM users WHERE username=%s AND password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $ryanweeklyusers) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = ""; if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();} //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } $ruser = $_REQUEST['Y2User-53201']; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Ryan Weekly</title> <style type="text/css"> body { background-color: #E3E5E2; } </style> <script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script> <link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" /> </head> <style type="text/css"> <!-- body { font-size:12px; font-family:Verdana, Arial, Helvetica, sans-serif; } div#wrapper { width: 80%; background-color:#FFFFFF; margin-top: 50px; margin-bottom: 50px; margin-left: auto; margin-right: auto; padding: 0px; border: thin solid #000000; } div#header { padding: 15px; margin: 0px; text-align: center; } div#nav { width: 25%; padding: 10px; margin-top: 1px; float: left; border: thin solid #000000; } div#main { margin-left: 30%; margin-top: 1px; padding: 10px; border: thin solid #000000; } div#underhead { padding: 15px; margin: 0px; border-top: thin solid #000000; } { ul.nav a:hover, ul.nav a:active, ul.nav a:focus { /* this changes the background and text color for both mouse and keyboard navigators */ background: #6F7D94; color: #FFF; } .content ul, .content ol { padding: 0 15px 15px 40px; /* this padding mirrors the right padding in the headings and paragraph rule above. Padding was placed on the bottom for space between other elements on the lists and on the left to create the indention. These may be adjusted as you wish. */ } /* ~~ The navigation list styles (can be removed if you choose to use a premade flyout menu like Spry) ~~ */ ul.nav { list-style: none; /* this removes the list marker */ border-top: 1px solid #666; /* this creates the top border for the links - all others are placed using a bottom border on the LI */ margin-bottom: 15px; /* this creates the space between the navigation on the content below */ } ul.nav li { border-bottom: 1px solid #666; /* this creates the button separation */ } ul.nav a, ul.nav a:visited { /* grouping these selectors makes sure that your links retain their button look even after being visited */ padding: 5px 5px 5px 15px; display: block; /* this gives the link block properties causing it to fill the whole LI containing it. This causes the entire area to react to a mouse click. */ text-decoration: none; background: #8090AB; color: #000; } ul.nav a:hover, ul.nav a:active, ul.nav a:focus { /* this changes the background and text color for both mouse and keyboard navigators */ background: #6F7D94; color: #FFF; } /* ~~ The footer ~~ */ .footer { padding: 10px 0; background: #6F7D94; position: relative;/* this gives IE6 hasLayout to properly clear */ clear: both; /* this clear property forces the .container to understand where the columns end and contain them */ } /* ~~ miscellaneous float/clear classes ~~ */ .fltrt { /* this class can be used to float an element right in your page. The floated element must precede the element it should be next to on the page. */ float: right; margin-left: 8px; } .fltlft { /* this class can be used to float an element left in your page. The floated element must precede the element it should be next to on the page. */ float: left; margin-right: 8px; } .clearfloat { /* this class can be placed on a <br /> or empty div as the final element following the last floated div (within the #container) if the #footer is removed or taken out of the #container */ clear:both; height:0; font-size: 1px; line-height: 0px; } --> </style> <body> <div align="Left"> <p><img src="indexp.png" width="728" height="90" /></p> </div> <div id="underhead"> <?php if (empty($username)) include ("loginbar.php"); if (!empty($username)) include ("logged.php"); ?> <?PHP $justreg = $_REQUEST['reg']; if ($justreg == yes) echo 'Thanks For Registering!'; if ($justreg == loger) echo 'There was an error while tring to log you in.'; if ($justreg == out) echo 'You were logged out!'; ?> </div> <?php include("menu.php"); ?> <div id="main"> <p>Welcome To Ryan Weekly! The all new and improved site!</p> <p>I have a song on itunes!</p> <p> <object width="400" height="160"> <param name="movie" value="http://widget.tunecore.com/swf/tc_run_h_v2.swf?widget_id=62316" /> <param name="allowFullScreen" value="true" /> <param name="allowscriptaccess" value="always" /> <embed src="http://widget.tunecore.com/swf/tc_run_h_v2.swf?widget_id=62316" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="400" height="160"></embed> </object> </p> </div> Ryan Weekly 2009 - 2011 (May 11, 2011 at 6:00PM Is our 3 Year anniversary!) <script type="text/javascript"> var sprytextfield1 = new Spry.Widget.ValidationTextField("sprytextfield1"); var sprytextfield2 = new Spry.Widget.ValidationTextField("sprytextfield2"); </script> </body> </html> on my site: http://www.retroandvintage.co.uk whne you login ast test/test teh search does not work?! search page code Code: [Select] <?php session_start(); include_once("config.php"); $ebits = ini_get('error_reporting'); error_reporting($ebits ^ E_NOTICE); // Check user logged in already: checkLoggedIn("yes"); ?> <!doctype html> <html> <head> <title>Pubs and bars in <? echo $Townsearch;?></title> <meta name="description" content="Pubs, bars and restuarants in <? echo $Townsearch;?>" /> <meta name="keywords" content="<? echo $Townsearch;?>, pubs, bars, food, drink, nightlife" /> <meta name="Content-Language" content="en-gb" /> <meta name="robots" content="FOLLOW,INDEX" /> <meta name="revisit-after" content="2 days" /> <meta name="copyright" content="jbiddulph.com" /> <meta name="author" content="John Biddulph - Professional web site design and development in the south of england mainly worthing and brighton" /> <meta name="distribution" content="Global" /> <meta name="resource-type" content="document" /> <link rel="stylesheet" type="text/css" href="css/reset.css" /> <link rel="stylesheet" type="text/css" href="css/style.css" title="default" /> <link rel="alternate stylesheet" type="text/css" href="css/style1.css" title="1" /> <link rel="alternate stylesheet" type="text/css" href="css/style2.css" title="2" /> <script type="text/javascript" src="js/stylechanger.js"></script> <script type="text/javascript" src="js/jquery-1.2.1.pack.js"></script> <script type="text/javascript"> function lookup(inputString) { if(inputString.length == 0) { // Hide the suggestion box. $('#suggestions').hide(); } else { $.post("rpc.php", {queryString: ""+inputString+""}, function(data){ if(data.length >0) { $('#suggestions').show(); $('#autoSuggestionsList').html(data); } }); } } // lookup function fill(thisValue) { $('#inputString').val(thisValue); setTimeout("$('#suggestions').hide();", 200); } </script> </head> <body> <?php if($messages) { displayErrors($messages); }?> <header> <div id="title"> <h1>My Pub Space <a href="#" onClick="setActiveStyleSheet('default'); return false;"><img src="images/0.gif" width="15" height="15" border="0" alt="css style" /></a> <a href="#" onClick="setActiveStyleSheet('1'); return false;"><img src="images/1.gif" width="15" height="15" border="0" alt="css style" /></a> <a href="#" onClick="setActiveStyleSheet('2'); return false;"><img src="images/2.gif" width="15" height="15" border="0" alt="css style" /></a> <span> <form method="post" class="textbox" action="search.php?rsTown=<? echo $Town ?>&rsCounty=<? echo $County ?>"> Town/City: <input type="text" size="26" class="searchbox" value="" name="rsTown" id="inputString" onKeyUp="lookup(this.value);" onBlur="fill();" /> <input type="hidden" value="<? echo $County ?>" name="rsCounty" id="inputString" onKeyUp="lookup(this.value);" onBlur="fill();" /> <div class="suggestionsBox" id="suggestions" style="display: none;"> <img src="images/upArrow.png" style="position: relative; top: -36px; left: 105px; z-index:1;" alt="upArrow" /> <div class="suggestionList" id="autoSuggestionsList"> </div> </div> <input type="image" src="images/go.png" height="30" with="30" value="GO" /> </form> </span> </h1> </div> </header> <nav> <ul> <li class="selected"><a href="#">Home</a></li> <li><a href="#">Pubs</a></li> <li><a href="#">Members</a></li> <li><a href="#">Events</a></li> <li><a href="#">Register</a></li> </ul> </nav> <section id="intro"> <header> <h2>Your social guide to going down the pub, online!</h2> </header> <p>Stuck in town with nowhere to go? Not sure if up the road or down the street is best? Need to be somewhere warm, cosy and friendly. Need a drink?....<br />You've come to the right place, mypubspace has it all!</p> <img src="images/pub.jpg" alt="pub" /> </section> <div id="content"> <div id="mainContent"> <section> <article class="blogPost"> <header> <h2>Pubs in <? echo $Town;?>, <? $_SESSION['county'];?></h2> <p>Posted on <time datetime="2009-06-29T23:31+01:00">June 29th 2009</time> by <a href="#">Mads Kjaer</a> - <a href="#comments">3 comments</a></p> </header> <?php $tableName="pubs"; $targetpage = "search.php"; $limit = 20; $query = "SELECT COUNT(*) as num FROM $tableName WHERE rsTown LIKE '$Town%'"; $total_pages = mysql_fetch_array(mysql_query($query)); $total_pages = $total_pages['num']; $stages = 3; $page = $_GET['page']; if($page){ $start = ($page - 1) * $limit; }else{ $start = 0; } // Get page data $query1 = "SELECT * FROM $tableName WHERE rsTown LIKE '$Town%' LIMIT $start, $limit"; $result = mysql_query($query1); // Initial page num setup if ($page == 0){$page = 1;} $prev = $page - 1; $next = $page + 1; $lastpage = ceil($total_pages/$limit); $LastPagem1 = $lastpage - 1; $paginate = ''; if($lastpage > 1) { $paginate .= "<div class='paginate'>"; // Previous if ($page > 1){ $paginate.= "<a href='$targetpage?page=$prev&rsTown=$Town'>previous</a>"; }else{ $paginate.= "<span class='disabled'>previous</span>"; } // Pages if ($lastpage < 7 + ($stages * 2)) // Not enough pages to breaking it up { for ($counter = 1; $counter <= $lastpage; $counter++) { if ($counter == $page){ $paginate.= "<span class='current'>$counter</span>"; }else{ $paginate.= "<a href='$targetpage?page=$counter&rsTown=$Town&rsCounty=$County'>$counter</a>";} } } elseif($lastpage > 5 + ($stages * 2)) // Enough pages to hide a few? { // Beginning only hide later pages if($page < 1 + ($stages * 2)) { for ($counter = 1; $counter < 4 + ($stages * 2); $counter++) { if ($counter == $page){ $paginate.= "<span class='current'>$counter</span>"; }else{ $paginate.= "<a href='$targetpage?page=$counter&rsTown=$Town&rsCounty=$County'>$counter</a>";} } $paginate.= "..."; $paginate.= "<a href='$targetpage?page=$LastPagem1&rsTown=$Town&rsCounty=$County'>$LastPagem1</a>"; $paginate.= "<a href='$targetpage?page=$lastpage&rsTown=$Town&rsCounty=$County'>$lastpage</a>"; } // Middle hide some front and some back elseif($lastpage - ($stages * 2) > $page && $page > ($stages * 2)) { $paginate.= "<a href='$targetpage?page=1&rsTown=$Town&rsCounty=$County'>1</a>"; $paginate.= "<a href='$targetpage?page=2&rsTown=$Town&rsCounty=$County'>2</a>"; $paginate.= "..."; for ($counter = $page - $stages; $counter <= $page + $stages; $counter++) { if ($counter == $page){ $paginate.= "<span class='current'>$counter</span>"; }else{ $paginate.= "<a href='$targetpage?page=$counter&rsTown=$Town&rsCounty=$County'>$counter</a>";} } $paginate.= "..."; $paginate.= "<a href='$targetpage?page=$LastPagem1&rsTown=$Town&rsCounty=$County'>$LastPagem1</a>"; $paginate.= "<a href='$targetpage?page=$lastpage&rsTown=$Town&rsCounty=$County'>$lastpage</a>"; } // End only hide early pages else { $paginate.= "<a href='$targetpage?page=1&rsCounty=$County'>1</a>"; $paginate.= "<a href='$targetpage?page=2&rsCounty=$County'>2</a>"; $paginate.= "..."; for ($counter = $lastpage - (2 + ($stages * 2)); $counter <= $lastpage; $counter++) { if ($counter == $page){ $paginate.= "<span class='current'>$counter</span>"; }else{ $paginate.= "<a href='$targetpage?page=$counter&rsTown=$Town&rsCounty=$County'>$counter</a>";} } } } // Next if ($page < $counter - 1){ $paginate.= "<a href='$targetpage?page=$next&rsTown=$Town&rsCounty=$County'>next</a>"; }else{ $paginate.= "<span class='disabled'>next</span>"; } $paginate.= "</div>"; } echo $total_pages.' Results'; // pagination echo $paginate; ?> <ul> <?php while($row = mysql_fetch_array($result)) { echo '<li>'.$row['rsPubName'].', '.$row['rsTown'].', '.$row['rsCounty'].'</li>'; } $_SESSION['county'] = $row['rsCounty']; ?> </ul> </article> </section> <section id="comments"> <h3>Comments</h3> <article> <header> <a href="#">George Washington</a> on <time datetime="2009-06-29T23:35:20+01:00">June 29th 2009 at 23:35</time> </header> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut.</p> </article> <article> <header> <a href="#">Benjamin Franklin</a> on <time datetime="2009-06-29T23:40:09+01:00">June 29th 2009 at 23:40</time> </header> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut.</p> </article> <article> <header> <a href="#">Barack Obama</a> on <time datetime="2009-06-29T23:59:00+01:00">June 29th 2009 at 23:59</time> </header> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut.</p> </article> </section> <form action="" method="POST" method="post"> <h3>Post a comment</h3> <p> <label for="name">Name</label> <input name="name" id="name" type="text" required /> </p> <p> <label for="email">E-mail</label> <input name="email" id="email" type="email" required /> </p> <p> <label for="website">Website</label> <input name="website" id="website" type="url" /> </p> <p> <label for="comment">Comment</label> <textarea name="comment" id="comment" required></textarea> </p> <p> <input type="submit" value="Post comment" /> </p> </form> </div> <aside> <section> <header> <h3>Members Login Area</h3> </header> <h4>Welcome <? print($_SESSION["rsUser"]); ?></h4> <ul> <li><a href="#">Sign up</a></li> <li><a href="#">Forgot Password</a></li> </ul> </section> <section> <header> <h3>Archives</h3> </header> <ul> <li><a href="#">December 2008</a></li> <li><a href="#">January 2009</a></li> <li><a href="#">February 2009</a></li> <li><a href="#">March 2009</a></li> <li><a href="#">April 2009</a></li> <li><a href="#">May 2009</a></li> <li><a href="#">June 2009</a></li> </ul> </section> </aside> </div> <footer> <div> <section id="about"> <header> <h3>About</h3> </header> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco <a href="#">laboris nisi ut aliquip</a> ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> </section> <section id="blogroll"> <header> <h3>Blogroll</h3> </header> <ul> <li><a href="#">NETTUTS+</a></li> <li><a href="#">FreelanceSwitch</a></li> <li><a href="#">In The Woods</a></li> <li><a href="#">Netsetter</a></li> <li><a href="#">PSDTUTS+</a></li> </ul> </section> <section id="popular"> <header> <h3>Popular</h3> </header> <ul> <li><a href="#">This is the title of a blog post</a></li> <li><a href="#">Lorem ipsum dolor sit amet</a></li> <li><a href="#">Consectetur adipisicing elit, sed do eiusmod</a></li> <li><a href="#">Duis aute irure dolor</a></li> <li><a href="#">Excepteur sint occaecat cupidatat</a></li> <li><a href="#">Reprehenderit in voluptate velit</a></li> <li><a href="#">Officia deserunt mollit anim id est laborum</a></li> <li><a href="#">Lorem ipsum dolor sit amet</a></li> </ul> </section> </div> </footer> </body> </html> I am trying to create a CMS management website, but I can't seem to get the update function to work. Everything else works fine but not the update function. Can anyone please tell me why or what the problem is? I have spent too long trying to fix it and have failed. It is correctly linked to the database when I hit the edit button all i get is UPDATE_CONTENT_FORM($_GET['ID'])?>where the text boxes should be is . Please help, I am really stuck. (sorry about spelling ) code in CMS_Class.php Class modernCMS{
var $host='localhost';
var $username='lmcmanus13';
var $password='k0gl0zfh3g1ccm4v';
var $db='lmcmanus13';
function connect(){
$con = mysql_connect($this->host, $this->username, $this->password);
mysql_select_db($this->db,$con);
}
function get_content($id =''){
if ($id != ""):
$id = mysql_real_escape_string($id);//helps to protect database from beening hacked
$sql = "SELECT * FROM `CMS_Content` WHERE id ='$id'";
else:
$sql = 'SELECT * FROM `CMS_Content` WHERE 1';
endif;
//$query = 'SELECT * FROM `CMS_Content` WHERE 1';
$result = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($result)!=0):
while($row= mysql_fetch_assoc($result)){
echo '<h1><a href="Animals.php?id=' . $row['id'] . '">' . $row['Title'] . '</h1>';
echo '<p>' . $row['Body'] . '</p>';
}
else:
echo '<p> we are sorry there seems to be a problem with your request</p>';
endif;
echo $return='<p><a href ="Animals.php">Back</a></p>';
}
function add_content($_POST){
$Title= mysql_real_escape_string($_POST['Title']);
$Body= mysql_real_escape_string($_POST['Body']);
if(! $Title || ! $Body):
if(!$Title=""):
echo"<p>The Title is required<p>";
endif;
if(!$Body=""):
echo"<p>The Body is required<p>";
echo '<a href="add-content.php">Try Again</a>';
endif;
else:
$sql="INSERT INTO `CMS_Content`(`id`, `Title`, `Body`) VALUES ('null','$_POST[Title]','$_POST[Body]')";
$result = mysql_query($sql) or die(mysql_error());
echo "<meta http-equiv='refresh' content='0;url=added.php'>";
endif;
}
function manage_content (){
echo '<div id ="manage">';
$sql = 'SELECT * FROM `CMS_Content`';
$result = mysql_query($sql) or die(mysql_error());
while ($row = mysql_fetch_assoc($result)):
echo '<h1><a id=' . $row['id'] . '">' . $row['Title'] . '</h1>'
?>
<div>
<span ><a href="update-content.php?id=<?php= echo= $row['id']?>">Edit</a>|<a href="?delete=<?php echo $row['id']; ?>">Delete</a></a></span>
</div>
<?php
endwhile;
echo '</div>';//closes the manages div
}
Function delete_content($id){
if(!$id){
return false;
}else{
$id=mysql_real_escape_string($id);
$sql="DELETE FROM CMS_Content WHERE id='$id'";
$result = mysql_query($sql) or die(mysql_error());
echo "<meta http-equiv='refresh' content='0;url=deleted.php'>";
}
function update_content_form($id) {
$id = mysql_real_escape_string($id);
$sql = "SELECT * FROM CMS_Content WHERE id = '$id'";
$res = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($res)
?>
<form action="Animals.php" method="post" >
<input type="hidden" name="update" value="true" />
<input type="hidden" name="id" value="<?php=$row['id']?>" />
<div>
<label for="title">Title:</label>
<input type="text" name="Title" id="Title" value="<?php=$row['Title']?>" />
</div>
<div>
<label for="body">Body:</label>
<textarea name="body" id="body" rows="8" cols="40"><?php=$row['Body']?></textarea>
</div>
<input type="submit" name="submit" value="Update content" />
</form>
<?php
function update_content($p) {
$title = mysql_real_escape_string($s['title']);
$body = mysql_real_escape_string($s['body']);
$id = mysql_real_escape_string($p['id']);
if(!$title | !$body):
if(!$title):
echo "<p>The Title is Required</p>";
endif;
if(!$body):
echo "<p>The body is Required</p>";
endif;
echo '<p><a href=" update_content.php?id=' . $id . '">Try Again</a></p>';
else:
$sql = "UPDATE CMS_Content SET title = '$title', body = '$body' WHERE id = '$id'";
$res = mysql_query($sql) or die(mysql_error());
echo "Updated Successfully!";
endif;
}
}
}//end of class
}
?>
code in Animals.php<h1> Our Animals </h1> <ul> <li><a href="manage-content.php">Manage Content</a></li> <li><a href="add-content.php">Add Content</a></li> </ul> <?php if(isset($_POST['add'])): $obj->add_content($_POST); elseif(isset($_POST['update'])): $obj->update_content_form($_POST); endif; ?> Code in update-content.php <h1> Our Animals j,j</h1> <h1> Update Content </h1> <?=$obj->update_content_form($_GET['id']) ?> Edited by Ch0cu3r, 10 December 2014 - 11:47 AM. Added code tags Alright, so I'm fairly new to PHP coding and I still have a ton to learn, so it's not surprising that I ran into a problem pretty quickly. I've setup a database and even managed to scrap together a SIMPLE member management system. All of it works, but I still need one thing. A lot of sites I visit which allow users to signup have this at the top; Login or Register. Nothing huge, just in the corner, know what I mean? I was wondering how I do this? Also, after someone logs in, how do I change that to show "You are logged in as [username] and then a logout option? Hi guys, Have a wierd scenario where my brain is simply refusing to think. I have small script which let's a user log in through a login screen. Thats ok. I can check whether the user is already logged in the same machine through sessions. My requirement is : I need to restrict the same username logging in from multiple computers at any one given time. In other words, a user can not use two machines to login at the same time. Can someone please suggest a method to solve this scenario. Your help is very much appreciated. Cheers Elabuwa Hi guys, Im building a website for a company http://www.eminence-logistics.co.uk and the client wants a log in system which im having problems with. The registration system is all working fine. If you go to the website you can see where the login form is. Now when the user isn't logged in i need the form to show, but when the user IS logged in i would like a message replacing the form saying welcome, along with a log out button. How do i do this? Thankyou very much Enlighten Hello all, This has probably been asked before but I couldn't find through search. And I'm pretty sure is not possible, but... Is there a way of displaying the windows logged on user? or get the name of the compter? as I know I can get the ip address. The reason I ask. Each user has their own network account but on occasion we need to log on a user as a generic account we have. And I want to check if it's this user accessing the page so different options etc can be displayed. I could use the computer name to check this as we log all activity. I could then query the log using the comp name to find logged on user. Unfortunately the log does not hold ip, which would seem obvious but it doesn't Many Thanks Hi i am wondering how i can redirect someone that's not logged in?
Hi all, Does anyone know of an effective way of find out whether a user is still logged in and they haven't left? Sam What are the different ways you can keep a User "logged in"? From what I *vaguely* recall from a year or two ago when I read a whole hoard of PHP books, you commonly use cookies and sessions. But I'm asking this more from an OOP standpoint than a PHP standpoint. Let's say I have a User record in my database, and a User comes along and attempts to log in. In OOP terms, I would think you'd call some class to help log them in, and upon successfully logging in, you would "load" the User object into memory and set the "LoggedIn" field to "True". Then as long as that field was set in their object, they could surf all over the place and do things like change their account and buy things. Is that how you would do it in OOP? TomTees Hi. I'm new to php. I created a register, log in, welcome, and log out page for my site. They are all working accordingly. I'm having one problem that I can't seem to fix. I would like to stay logged in as I navigate other pages of my site. Everytime i click on a link to another page within my site I get logged out. I know this issue might pertain to using session but thats all I was able to find using google search. Can anyone help? Much appreciated. Hi all,
My company has a php site on wordpress that i’m trying to add google AD tracking to. Now, on the live site, when i’m logged into word-press and run the page, I can see the triggers firing fine on Tag assistant, if i un-comment the alerts, they also fire. When i log out of word-press and hit the page, nothing happens at all. No alerts, no google triggers, nothing in the php is running? Any ideas whats going on ?
<script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'AW-1234567897'); <?php $url = $_SERVER['REQUEST_URI']; if ($url =="/thankyou/") { print " gtag('event', 'conversion', {'send_to': 'AW-1234567897/1234567897', 'value': 1.0, 'currency': 'GBP' }); "; print " gtag('event', 'conversion', {'send_to': 'AW-1234567897/1234567897'}); "; //Print "alert('OK');"; //Print "alert('" . $url . "');"; } ?> </script>
tia Dave Hi there,
I've been searching the internet for the best way to check if the user has been logged in. Some codes have security breaches. So I'm not sure where to start.
Here's what I've come up with:
The user logs in and is checked whether he/she is a valid user, if not return false and if true carry on and create session, I read the post that Jacques1 made about session feedback and implemented what he said. After that the session variables are assigned and then the user id, session_id and a unique identifier to check against on each page load are inserted into a database and then the user is logged in.
Here's my code: (please note this is in a class and only shows the login function)
function Login($username, $password)
{
try
{
$db = new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME.";charset=utf8", DB_USERNAME, DB_PASSWORD);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
}
catch(PDOException $ex)
{
echo "Unable to connect to DB";
error_log($ex->getMessage());
}
try
{
$User_Info = $db->prepare("SELECT * FROM users WHERE username=:username");
$User_Info->bindValue(":username", $username, PDO::PARAM_STR);
$User_Info->execute();
$Info = $User_Info->fetchAll(PDO::FETCH_ASSOC);
$salt = $Info['salt'];
$password = $salt . $password;
$password = $this->CreateHash($password);
$unique_key = $this->GenerateRandom();
$unique_key = $this->CreateHash($unique_key);
$Check_User = $db->prepare("SELECT * FROM users WHERE username=:username AND password=:password");
$Check_User->bindValue(":username", $username, PDO::PARAM_STR);
$Check_User->bindValue(":password", $password, PDO::PARAM_STR);
$Check_User->execute();
if($Check_User->rowCount() > 0)
{
while($row = $Check_User->fetchAll(PDO::FETCH_ASSOC))
{
session_destroy();
session_start();
$_SESSION = array();
session_regenerate_id(true);
$_SESSION['username'] = $row['username'];
$session_id = session_id();
$user_id = $row['id'];
$Check_Logged_In = $db->prepare("DELETE FROM logged_in_users WHERE user_id=:userid");
$Check_Logged_In->bindValue(":user_id", $user_id, PDO::PARAM_STR);
$Check_Logged_In->execute();
$has_changed = $Check_Logged_In->rowCount();
if($has_changed > 0)
{
$Logged_In = $db->prepare("INSERT INTO logged_in_users (id, user_id, session_id, unique_key) VALUES (NULL, :user_id, :session_id, :unique_key)");
$Logged_In->bindValue(":user_id", $user_id, PDO::PARAM_STR);
$Logged_In->bindValue(":session_id", $session_id, PDO::PARAM_STR);
$Logged_In->bindValue(":unique_key", $unique_key, PDO::PARAM_STR);
$Logged_In->execute();
$affected_rows = $Logged_In->rowCount();
if($affected_rows > 0)
{
return true;
}
}
return false;
}
}
return false;
}
catch(PDOException $ex)
{
echo "Unable to complete query";
error_log($ex->getMessage());
}
}
Thanks
Hi, I want have this code (below), how would I check if a user is logged in? I want to make it so they can only see 500 chars, or the full thing if they're logged in. Thanks! Code: [Select] public function __construct( $data=array() ) { if ( isset( $data['id'] ) ) $this->id = (int) $data['id']; if ( isset( $data['publicationDate'] ) ) $this->publicationDate = (int) $data['publicationDate']; if ( isset( $data['title'] ) ) $this->title = preg_replace ( "/[^\.\,\-\_\'\"\@\?\!\:\$ a-zA-Z0-9()]/", "", $data['title'] ); if ( isset( $data['summary'] ) ) $this->summary = preg_replace ( "/[^\.\,\-\_\'\"\@\?\!\:\$ a-zA-Z0-9()]/", "", $data['summary'] ); if ( isset( $data['content'] ) ) $this->content = $data['content']; if ( isset( $data['tags'] ) ) $this->tags = $data['tags']; } Please help with my register page: http://www.retroandvintage.co.uk/register.php after someone has registered they are stuck on reg_script.php and don't get redirected back to main.php being already logged in?! here is my code: Code: [Select] <?php session_start(); include_once("config.php"); //include_once("functions.php"); require_once('captcha/recaptchalib.php'); $privatekey = "6Ldhhr4SAAAAAKFoL2INOZV0_VuF6_z3OwDjVFNn"; $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { // What happens when the CAPTCHA was entered incorrectly die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." . "(reCAPTCHA said: " . $resp->error . ")"); } else { // Your code here to handle a successful verification $rsPostCode = $_POST['rsPostCode']; $rsGender = $_POST['rsGender']; $rsUser = $_POST['rsUser']; $rsPass = $_POST['rsPass']; $rsEmail = $_POST['rsEmail']; $rsMobile = $_POST['rsMobile']; $rsAge = $_POST['rsAge']; $sql = "INSERT INTO members_copy (RSPOSTCODE, RSGENDER, RSUSER, RSPASS, RSEMAIL, RSMOBILE, RSAGE) VALUES ('$rsPostCode', '$rsGender', '$rsUser', '$rsPass', '$rsEmail', '$rsMobile', '$rsAge');"; //echo $sql; mysql_query($sql); $ebits = ini_get('error_reporting'); error_reporting($ebits ^ E_NOTICE); /* Login script: This script does the following: Checks that the user is NOT already logged in - if they are they are redirected to the members page by the 'checkLoggedIn()' function. Checks if the login form has been submitted - if so, the 'login' and 'password' fields are checked to ensure they are of the correct format and length. If there are any problems here an error is added to the $messages array and then the script executes the 'doIndex()' function - this function basically outputs the main 'index' page for this script - ie the login form. If there are no problems with the previous step, the 'login' and 'password' field data is passed to the 'checkPass' function to check that an entry exists in the 'users' table for that login/password pair. If nothing is returned from the 'checkPass()' function, an error is added to the $messages array and the 'doIndex()' function is called as above. If a row of data is returned from the 'users' table, the data is passed to the 'cleanMemberSession()' function - which initializes session variables and logs the user in. The user is then forwarded to the members page. If the form hasn't yet been submitted, then the 'doIndex()' function is called and the login page is displayed. */ // Check user not logged in already: checkLoggedIn("no"); // Page title: $title="Member Login Page"; // if $submit variable set, login info submitted: if(isset($_POST["Register"])) { // // Check fields were filled in // // login must be between 4 and 15 chars containing alphanumeric chars only: field_validator("rsUser", $_POST["rsUser"], "alphanumeric", 4, 15); // password must be between 4 and 15 chars - any characters can be used: field_validator("rsPass", $_POST["rsPass"], "string", 4, 15); // if there are $messages, errors were found in validating form data // show the index page (where the messages will be displayed): if($messages){ doIndex(); // note we have to explicity 'exit' from the script, otherwise // the lines below will be processed: exit; } // OK if we got this far the form field data was of the right format; // now check the user/pass pair match those stored in the db: /* If checkPass() is successful (ie the login and password are ok), then $row contains an array of data containing the login name and password of the user. If checkPass() is unsuccessful however, $row will simply contain the value 'false' - and so in that case an error message is stored in the $messages array which will be displayed to the user. */ if( !($row = checkPass($_POST["rsUser"], $_POST["rsPass"])) ) { // login/passwd string not correct, create an error message: $messages[]="Incorrect login/password, try again"; } /* If there are error $messages, errors were found in validating form data above. Call the 'doIndex()' function (which displays the login form) and exit. */ if($messages){ doIndex(); exit; } /* If we got to this point, there were no errors - start a session using the info returned from the db: */ cleanMemberSession($row["rsUser"], $row["rsPass"]); // and finally forward user to members page (populating the session id in the URL): header("Location: main.php"); /* This function displays the default 'index' page for this script. This consists of just a simple login form for the user to submit their username and password. */ } } ?> In the site I am making, the client wants one account for everyone (don't ask me why, it's a long, silly reason) And I'm wondering how I would configure mySQL to deal with that (I asked this in the mySQL area) and in PHP (For you guys ) what would I need to put in order for this to work. I'm very new with PHP and mySQL, so please forgive the nooby question. *EDIT* the admins have their own username and psw for adding, deleting, and editing articles. and that works. But all users that register will have this set user and psw displayed to them. I want to make it so they have to log in to see an article. Sites such as this one often show the logged on users and guests.
I have no reason to need to do so, but am curious on how this is accomplished.
For users, yes, you've authenticated them and logged them on regardless of IP address, but how do you know they didn't just close their browser?
For guests, are they just using IP address? And still, how do you know when they leave?
PS. How should I include an image in a post like I did? What I did was first attach a file, and then edit the post to include that file as an image. Couldn't seem to include an image off my local PC. Not a better way?
Attached Files
Capture.PNG 4.13KB
0 downloads Hi, I'm trying to display a user review system allowing user's to vote. This works fine, but I'm trying to user php to only display the rating system if the user is logged in and display alternate text if they are not. I am getting the following error: Parse error: syntax error, unexpected T_ELSE in XXXXXX on line 182 Here's the code: Code: [Select] <?php if ($_SESSION['username']){ $query = mysql_query("SELECT * FROM locations WHERE name = '$location'"); while($row = mysql_fetch_array($query)) { $rating = (int)$row[rating] ?> <div class="floatleft"> <div id="rating_<?php echo $row[id]; ?>"> <span class="star_1"><img src="fivestars/star_blank.png" alt="" <?php if($rating > 0) { echo"class='hover'"; } ?> /></span> <span class="star_2"><img src="fivestars/star_blank.png" alt="" <?php if($rating > 1.5) { echo"class='hover'"; } ?> /></span> <span class="star_3"><img src="fivestars/star_blank.png" alt="" <?php if($rating > 2.5) { echo"class='hover'"; } ?> /></span> <span class="star_4"><img src="fivestars/star_blank.png" alt="" <?php if($rating > 3.5) { echo"class='hover'"; } ?> /></span> <span class="star_5"><img src="fivestars/star_blank.png" alt="" <?php if($rating > 4.5) { echo"class='hover'"; } ?> /></span> </div> </div> <div class="star_rating"> (Rated <strong><?php echo $rating; ?></strong> Stars) </div> <div class="clearleft"> </div> } } <?php else { echo "Log in to review"; } ?> Thanks in advance for any help. I'm sure it's something trivial but I can't see it! I have a problem which I've been trying to fix for a while now with htmlentities. I've written my own small cms which is available for the public, and recently I recieved a report that it's vulnerable to an XSS attack: http://host/editText.php?fieldname=slogan&content=slogan<img src=x onerror=alert("XSS")> This vulnerability only works if the user is logged in. I want to secure it anyway to give the security companies contacting me about this a break. I've been rolling around the internet trying to find a simple answer how to prevent this XSS attack with HTMLENTITIES. I've even tried writing my own solutions with the htmlentities and it doesn't seem to solve the problem/stop the attack. I'm thinking something like htmlEntities($content); //but again, this won't do the job. Here's the editText.php Code: [Select] <?php session_start(); function getSlug( $page ) { $page = strip_tags( $page ); preg_match_all( "/([a-z0-9A-Z-_]+)/", $page, $matches ); $matches = array_map( "ucfirst", $matches[0] ); $slug = implode( "-", $matches ); return $slug; } $fieldname = $_REQUEST['fieldname']; $encrypt_pass = @file_get_contents("files/password"); if ($_COOKIE['wondercms']!=$encrypt_pass) { echo "You must login before using this function!"; exit; } $content = rtrim(stripslashes($_REQUEST['content'])); // if to only allow specified tags if($fieldname=="title") $content = strip_tags($content); else $content = strip_tags($content,"<audio><source><embed><iframe><p><h1><h2><h3><h4><h5><h6><a><img><u><i><em><strong><b><strike><center><pre>"); $content = trim($content); $content = nl2br($content); if(!$content) $content = "Please be sure to enter some content before saving. Just type anything in here."; $content = preg_replace ("/%u(....)/e", "conv('\\1')", $content); if($fieldname>0 && $fieldname<4) $fname = "attachment$fieldname"; else $fname = $fieldname; $file = @fopen("files/$fname.txt", "w"); if(!$file) { echo "<h2 style='color:red'>*** ERROR *** unable to open content_$fieldname</h2><h3>But don't panic!</h3>". "Please set the correct read/write permissions to the files folder.<br/> Find the /files/ folder and CHMOD it to 751.<br /><br /> If this still gives you problems, open up the /files/ folder, select all files and CHMOD them to 640.<br /><br /> If this doesn't work, contact me <a href='http://krneky.com/en/contact'>right here</a>."; exit; } fwrite($file, $content); fclose($file); echo $content; // convert udf-8 hexadecimal to decimal function conv($hex) { $dec = hexdec($hex); return "&#$dec;"; } ?> There are only 3 files altogether, if someone needs index I'll post that too. |
|||||||