|
PHP - Admin Access Mysql Query
I have a search form. $req is a keyword or an ID number input by user.
As you can see, query checks only for rows where userID matches the current login userID. My question is, how to transform (not independent query for admins) the query to search all rows if user $access is admin (no matter the administrator's own userID). Code: [Select] <?php $userID="something"; (from session) $access="something" (from session / user or admin) $query="SELECT esName, esID, esAddress FROM estates WHERE (esName LIKE '$req' OR esID LIKE '$req') AND userID='$userID'"; mysql_query($query); ?> Thanks in advance Similar TutorialsI am using the following to check that the user is logged on before he/she views pages on my site can I adapt what is here so that only some pages can be viewed by admin only? <?php include("../php/dbconnect.php"); //connects to the database //session code session_start(); //Check if user is authenticated if(!isset($_SESSION['username'])){ //User not logged in, redirect to login page header( "Location: http://webdev/schools/hhs/psy_bookings/" ); } else { //User is logged in, contiue (use session vars to diplay username/email) //echo "'Welcome, {$_SESSION['username']}. You are still logged in. <br />'"; // echo "'Your email address is: {$_SESSION['email']}.'"; }//end of session code ?> is this a good way of doing a simple admin different rights e.g if secret word then go to adminpage.php Code: [Select] session_start(); $captcha = $_POST["captcha"] ; $secretword = $_SESSION["secretword"] ; if (strcmp( $captcha, $secretword )) { // it's a bot } else { // matched -- it's a human } Hello, is there something like this? If mysql record is admin, then a block of code How do I do something like that I have an MS Access Database that resides on the server that I will be hosting the pages I'm building. In my MS Access Database I have a query called "CheckedInEquipment" that I would like to have constantly display on a PHP page. It needs to be 'fluid', so the data is always up to date on the web page. (This is all in a sandbox XAMPP environment). Has anyone done this, can you lead me to examples or push me in the right direction? Carl Here is my code: // Start MySQL Query for Records $query = "SELECT codes_update_no_join_1b" . "SET orig_code_1 = new_code_1, orig_code_2 = new_code_2" . "WHERE concat(orig_code_1, orig_code_2) = concat(old_code_1, old_code_2)"; $results = mysql_query($query) or die(mysql_error()); // End MySQL Query for Records This query runs perfectly fine when run direct as SQL in phpMyAdmin, but throws this error when running in my script??? Why is this??? Code: [Select] You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= new_code_1, orig_code_2 = new_code_2WHERE concat(orig_code_1, orig_c' at line 1 I am trying to make an edit page to edit any of my post...so i designed a manage post page manage-posts.php with the given code: Code: [Select] <?php echo '<form name="frmMain" action="del1.php" method="post" OnSubmit="return onDelete();">'; $objConnect = mysql_connect("hostname","username","password") or die(mysql_error()); $objDB = mysql_select_db("dbname"); $strSQL = "SELECT * FROM text"; $objQuery = mysql_query($strSQL) or die ("Error Query [".$strSQL."]"); echo '<table width="600" border="1">'; echo '<tr>'; echo '<th width="91"> <div align="center">ID</div></th>'; echo '<th width="91"> <div align="center">Date</div></th>'; echo '<th width="91"> <div align="center">Title</div></th>'; echo '<th width="91"> <div align="center">Author</div></th>'; echo '<th width="30"> <div align="center">Edit</div></th>'; echo '<th width="30"> <div align="center">Select</div></th>'; echo '</tr>'; while($objResult = mysql_fetch_array($objQuery)) { ?> <tr> <td><?=$objResult["id"];?></td> <td><?=$objResult["date"];?></td> <td><?=$objResult["title"];?></td> <td><div align="center"><?=$objResult["author"];?></div></td> <td align="center"><a href="edit.php?NewsID=<?php echo $objResult["id"];?>" name="edit">Edit</a></td> <td align="center"><input type="checkbox" name="chkDel[]" value="<?=$objResult["id"];?>"></td> <input type="hidden" name="id" value="<?=$objResult["id"];?>" /> </tr> <? } echo '</table>'; echo '<input type="submit" name="btnDelete" value="Delete">'; echo '</form>'; and i designed another page edit.php to perform deletion of that particular post with the following code " Code: [Select] <?php $objConnect = mysql_connect("hostname","username","pass") or die(mysql_error()); $objDB = mysql_select_db("dbname"); $strSQL = "SELECT * FROM text"; $objQuery = mysql_query($strSQL) or die ("Error Query [".$strSQL."]"); $objResult = mysql_fetch_array($objQuery); ?> <input type="hidden" name="id" value="<?=$objResult["id"];?>" /> Title : <br /><input type="text" name="title" size="100" maxlength="100" value="<?=$objResult["title"];?>"/> <br /> Date : <br /><input type="text" name="date" size="20" maxlength="12" id="TextBox" value="<?=$objResult["date"];?>"/> <br /> Author : <br /><input type="text" name="author" size="20" maxlength="100" value="<?=$objResult["author"];?>"/> <br /> <br /> <input type="submit" value="Submit" name="submit" /> </p> </form></fieldset></div> But the problem is that i am not able to get that particular post every time whenever i clicked on the respective post's edit link.. i suppose there is any issue in calling the id from the mysql... kindly suggest solutions... thanks in advance... Im developing a registration script and using godaddy as my host. Im getting "Access denied for user 'headstyle1'@'%' to database 'users'" when running the registration script. Is there some kind of permission I have to set? If you also have any feedback on my code, please do tell me. I wish to improve my coding base. Basically when you fill out the register form, it will check for data, then execute the insert query. But for some reason, the query will NOT insert into the database. In the following code below, I left out the field ID. Doesn't work with it anyways, and I'm not sure it makes a difference. Code: Code: [Select] mysql_query("INSERT INTO servers (username, password, name, type, description, ip, votes, beta) VALUES ($username, $password, $name, $server_type, $description, $ip, 0, 1)"); Full code: Code: [Select] <?php include_once("includes/config.php"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><? $title; ?></title> <meta http-equiv="Content-Language" content="English" /> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" type="text/css" href="style.css" media="screen" /> </head> <body> <div id="wrap"> <div id="header"> <h1><? $title; ?></h1> <h2><? $description; ?></h2> </div> <? include_once("includes/navigation.php"); ?> <div id="content"> <div id="right"> <h2>Create</h2> <div id="artlicles"> <?php if(!$_SESSION['user']) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $name = mysql_real_escape_string($_POST['name']); $server_type = mysql_real_escape_string($_POST['type']); $description = mysql_real_escape_string($_POST['description']); if(!$username || !$password || !$server_type || !$description || !$name) { echo "Note: Descriptions allow HTML. Any abuse of this will result in an IP and account ban. No warnings!<br/>All forms are required to be filled out.<br><form action='create.php' method='POST'><table><tr><td>Username</td><td><input type='text' name='username'></td></tr><tr><td>Password</td><td><input type='password' name='password'></td></tr>"; echo "<tr><td>Sever Name</td><td><input type='text' name='name' maxlength='35'></td></tr><tr><td>Type of Server</td><td><select name='type'> <option value='Any'>Any</option> <option value='PvP'>PvP</option> <option value='Creative'>Creative</option> <option value='Survival'>Survival</option> <option value='Roleplay'>RolePlay</option> </select></td></tr> <tr><td>Description</td><td><textarea maxlength='1500' rows='18' cols='40' name='description'></textarea></td></tr>"; echo "<tr><td>Submit</td><td><input type='submit'></td></tr></table></form>"; } elseif(strlen($password) < 8) { echo "Password needs to be higher than 8 characters!"; } elseif(strlen($username) > 13) { echo "Username can't be greater than 13 characters!"; } else { $check1 = mysql_query("SELECT username,name FROM servers WHERE username = '$username' OR name = '$name' LIMIT 1"); if(mysql_num_rows($check1) < 0) { echo "Sorry, there is already an account with this username and/or server name!"; } else { $ip = $_SERVER['REMOTE_ADDR']; mysql_query("INSERT INTO servers (username, password, name, type, description, ip, votes, beta) VALUES ($username, $password, $name, $server_type, $description, $ip, 0, 1)"); echo "Server has been succesfully created!"; } } } else { echo "You are currently logged in!"; } ?> </div> </div> <div style="clear: both;"> </div> </div> <div id="footer"> <a href="http://www.templatesold.com/" target="_blank">Website Templates</a> by <a href="http://www.free-css-templates.com/" target="_blank">Free CSS Templates</a> - Site Copyright MCTop </div> </div> </body> </html> Hi guys so i want to make page acces to certain ranks. So im thinking for something like this
rank1 -> home.php, admins.php So the ranks are in a database with the page names. So now when someone logs in they will get a certain rank. So now i need to make a function that will check if the rank has access to this page. $curPageName = substr($_SERVER["SCRIPT_NAME"],strrpos($_SERVER["SCRIPT_NAME"],"/")+1); This will detect the current page that the logged in person is at now. But now how do i check if the $_SESSION['rank']; (rank1) has the access to get in page admins.php, and obviously to make $_SESSION['rank'];(rank2) redirect from the page admins.php Could someone point me in the right direction? Do i select the ranks and page names from database then put it into a array? Thanks. Hi guys, I have a for loop, that queries my database, sometimes, close to 240 times, I want to minmise the DB access - what would be ideal is if I can query a result set, such as this.. Code: [Select] $result = mysql_query($sql,$con); Is it possible for me to now run a query on $result. Such as Code: [Select] select * from sometable where age >= '24' So, rather than access the DB over and over again, I just query the result set, which will be much faster. Any ideas on this one guys? Cheers Zain Hey all, I am in a situation where database management system needs to be up and running very quickly, which would store records of addresses possibly from all the properties in a particular US state. But it would only be 1 US state, not all. These records need to be updated and retrieved for particular campaigns. The programming solution (e.g. PHP) would need to be able to import csv files generated from excel and match the records in the database in order to know which fields to update. It seems like a lot of work to do this from scratch using PHP in the short-term, given time limitations. Hence, I was considering using Microsoft Access as a front end in the interim and then when time is available writing a web-based PHP/MySql application using HTML, CSS, and JavaScript front end to allow users to easily perform data entry. Does anyone think this is a smart course of action? Ideally a web PHP app would be more robust, but considering it needs to be done from scratch, it would be time consuming. There's no right or wrong answer for this. I'm just looking for opinions. Thanks for any response. I have a site with a members area that uses sessions. I migrated my DB from MySQL 4 to 5. Now my login page does not work. Please help. Member Login Page: Code: [Select] <?php session_name ('name'); ini_set ('session.use_cookies', 0); session_start(); ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link href="css/style.css" rel="stylesheet" type="text/css" /> <script type="text/javascript" src="js/swfobject/swfobject.js"></script> <script type="text/javascript"> var flashvars = {}; flashvars.xml = "config.xml"; flashvars.font = "font.swf"; var attributes = {}; attributes.wmode = "transparent"; attributes.id = "slider"; swfobject.embedSWF("cu3er.swf", "cu3er-container", "960", "400", "9", "expressInstall.swf", flashvars, attributes); </script> <link href="css/menu.css" rel="stylesheet" type="text/css" /> <style type="text/css"> #apDiv1 { position:absolute; left:592px; top:75px; width:552px; height:53px; z-index:1; } a:visited { color: #5D4580; } a:hover { color: #FFF; } a:active { color: #5D4580; } </style> </head> <body> <div class="main"> <div class="blok_header"> <div class="header"> <div class="rss"><strong>P</strong></div> <div class="clr"></div> <div class="logo"><a href="index.html"><img src="images/logo.jpg" width="211" height="88" border="0" alt="" class="one" /></a></div> <div class="menu"> <ul id="css3menu"> <li class="topfirst"><a href="index.html" title="Home">Home</a></li> <li><a href="#" title=""><span>Omega Psi Phi</span></a> <ul> <li><a href="founders.html" title="Fraternity Founders">Fraternity Founders</a></li> <li><a href="omegahistory.html" title="Fraternity History">Fraternity History</a></li> <li><a href="programs.html" title="Mandated Programs">Mandated Programs</a></li> <li><a href="links.html" title="Links">Links</a></li> </ul> </li> <li><a href="#" title="Phi Gamma Chapter"><span>Phi Gamma Chapter</span></a> <ul> <li><a href="history.html" title="Phi Gamma History">Phi Gamma History</a></li> <li><a href="lineage.html" title="Phi Gamma Lineage">Phi Gamma Lineage</a></li> <li><a href="dedication.html" title="Dedication">Dedication</a></li> <li><a href="calendar.html" title="Calendar">Calendar</a></li> <li><a href="photogallery.html" title="Photo Gallery">Photo Gallery</a></li> <li><a href="members/login.php" title="Member Login">Member Login</a></li> <li><a href="roster.html" title="Chapter Roster">Chapter Roster</a></li> </ul> </li> <li><a href="members/login.php" title="Member Login">Member Login</a></li> <li class="toplast"><a href="contact.html" title="Contact Info.">Contact Info.</a></li> </ul> </div> </div> <div class="clr"></div> <div class="body"> <div class="body_bg"> <h2>Member's Only </h2> <?php if ($_SESSION['membername'] != null) { // print "<META HTTP-EQUIV='Refresh' content='0;URL=updatemember.php'>"; echo "You are already logged in. Please wait to be redirected to the members page, or <a href=\"members.php\">click here</a> if you are not automatically redirected. User name for the session is ".$_SESSION['username'].", the member name is ".$_SESSION['membername']; print "<META HTTP-EQUIV='Refresh' content='5;URL=members.php'>"; //header("Location: members.php"); //exit; } else { ?> <form name="admin" method="post" action="userlogon.php"> <table width="891" border="0" cellspacing="5" cellpadding="5"> <tr> <td height="80" colspan="2" align="left"><p>Please enter you username and password. Don't remember your password, <u><strong><a href="password.php">click here</a></strong></u><strong><a href="password.php"></a></strong>.</td> <td width="360" rowspan="5" align="center" valign="middle"><img src="images/login_image.jpg" width="239" height="314" /></td> </tr> <tr> <td width="257" height="38" align="right"><p><strong>Username:</strong></td> <td width="224" align="left"><input type="text" name="username"></td> </tr> <tr> <td height="38" align="right"><p><strong>Password:</strong></td> <td align="left"><input type="password" name="password"></td> </tr> <tr> <td height="34"> </td> <td align="left"><input type="submit" class="yellowbutton" name="submit" value="Sign In"></td> </tr> <tr> <td colspan="2"><p>To register for a username and password with Phi Gamma, please <u><strong><a href="register.php">click here</a></strong></u><strong><a href="password.php"></a></strong>.</td> </tr> </table> </form> <?php } ?> <p> </p> <div class="clr"></div> </div> <div class="clr"></div> </div> </div> <div class="footer"> <div class="footer_resize"> <p class="center"> <a href="index.html">Home</a> | <a href="contact.html">Contact</a> </p> <div class="clr"></div> </div> <div class="clr"></div> </div> </body> </html> After the credentials are entered the user is returned back to the login page and NOT the member's page. This is the userlogon.php page: Code: [Select] <?php $link = mysql_connect('localhost:/tmp/mysql5.sock', 'dbuser', 'dbpw'); if (!$link) { die('Could not connect: ' . mysql_error()); } //mysql_close($link); if (!mysql_select_db('db_name', $link)) { echo 'Could not select database'; exit; } $username = $HTTP_POST_VARS["username"]; $password = $HTTP_POST_VARS["password"]; $member_id = ''; $role = ''; $firstname = ''; // Formulate Query // This is the best way to perform a SQL query // For more examples, see mysql_real_escape_string() $query = sprintf("SELECT users.member_id, users.username, users.password, users.role, FROM users join members on users.member_id = members.member_id WHERE users.username ='%s' AND users.password='%s'", mysql_real_escape_string($username), mysql_real_escape_string($password)); // Perform Query $result = mysql_query($query); // Check result // This shows the actual query sent to MySQL, and the error. Useful for debugging. if (!$result) { $message = 'Invalid query: ' . mysql_error() . "\n"; $message .= 'Whole query: ' . $query; die($message); } // Use result // Attempting to print $result won't allow access to information in the resource // One of the mysql result functions must be used // See also mysql_result(), mysql_fetch_array(), mysql_fetch_row(), etc. while ($row = mysql_fetch_assoc($result)) { $member_id = $row['member_id']; $username = $row['username']; $role = $row['role']; } if ($member_id != ''){ session_start(); $_SESSION['membername'] = $username; $_SESSION['username'] = $username; $_SESSION['memberid'] = $member_id; $_SESSION['role'] = $role; print "<META HTTP-EQUIV='Refresh' content='0;URL=members.php'>"; } else { print "<META HTTP-EQUIV='Refresh' content='0;URL=memberlogin.php'>"; } // Free the resources associated with the result set // This is done automatically at the end of the script mysql_free_result($result); ?> It worked fine before the migration??? Anyone know where the problem is? Please help me to solve this error Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in C:\wamp\www\shop-script-free\includes\database\mysql.php on line 13 Warning: mysql_get_server_info() expects parameter 1 to be resource, boolean given in C:\wamp\www\shop-script-free\includes\database\mysql.php on line 14 Access denied for user 'SYSTEM'@'localhost' (using password: NO) Thanks you very much This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=333523.0 I'm restarting this under a new subject b/c I learned some things after I initially posted and the subject heading is no longer accurate. What would cause this behavior - when I populate session vars from a MYSQL query, they stick, if I populate them from an MSSQL query, they drop. It doesn't matter if I get to the next page using a header redirect or a form submit. I have two session vars I'm loading from a MYSQL query and they remain, the two loaded from MSSQL disappear. I have confirmed that all four session vars are loading ok initially and I can echo them out to the page, but when the application moves to next page via redirect or form submit, the two vars loaded from MSSQL are empty. Any ideas? hello. I need your help please. I'm building logistics website with user panel and admin panel. I've done all login and register forms. now I want to : admin can add package with: tracking number , weight , cost , and declaration form. user can fill declaration form after admin add package to user panel. then admin can see the declared form. is it possible in php? thank you in advance Hi, I am getting frustrated beyond belief at the moment with trying to get a very simple script to run, I am using PHP 5.3.3 and MySQL 5.1 on a Win2k8 server with IIS7.5. Basically my script is connecting to a local database, running a single select query, returning those rows and building up a string from them. The problem is that I am receiving complete BS responses from PHP that the access is denied for the user being specified. This is complete rubbish since the user can connect via mysql, sqlyog, ASP.NET MVC without issue but for some bizarre reason it is not working via PHP. The code for the script is here : Code: [Select] <?php $mysql = mysql_connect('127.0.0.1:3306', 'myuser', 'mypass', 'mydatabase'); if (!$mysql) { die(mysql_error()); $content = "<nobr></nobr>"; } else { $result = mysql_query('SELECT * FROM tblEventGroup'); $content = "<nobr>"; if ($result) { while($row = mysql_fetch_assoc($result)) { $content .= "<span>"; $content .= $row['GroupName']; $content .= "</span>"; $content .= "<a href=\"../Event/EventSearch?groupid="; $content .= $row['GroupId']; $content .= "\" target=\"_blank\">Book here</a> "; } } mysql_close($mysql); $content .= "</nobr>"; } ?> I cannot for the life of me understand what the problem is, the return error is Access denied for user 'myuser'@'localhost' (using password: YES) Hello... First I should explain what is wrong. I have a database with a table called subs... Within this table I have a unique field called ID, then a fields called member, date(unix timestamp) amount, month, year... HOWEVER for each month and year there is several entries all with different date stamps. How can I extract the entry with the most recent date??? However there is a catch. I want to view payments made since a certain date but only one per month... Below is my code... I thnk I need to add or change something slightly but i am fairly new to PHP and am totally stuck... MANY THANKS IN ADVANCE!!! Code: [Select] [php]$query="SELECT * FROM records WHERE section='B' OR section='C' OR section='S' order by section, surname"; $result=mysql_query($query); for ($row=0;$row<mysql_num_rows($result);$row++){ $forename=mysql_result($result,$row,'forename'); $surname=mysql_result($result,$row,'surname'); $id=mysql_result($result,$row,'id'); $ref="19nx".$id.substr($forename,0,2).substr($surname,0,2); $section=mysql_result($result,$row,'section'); $giftAid=mysql_result($result,$row,'giftAid'); if ($giftAid>1){$day=date('d',$giftAid);$month=date('m',$giftAid);$year=date('y',$giftAid);}else{$day="";$month="";$year="";} $giftAidName=mysql_result($result,$row,'giftAidName'); $giftAidComment=mysql_result($result,$row,'giftAidComment'); $subdate=mktime(0,0,0,$submonth,$subday,$subyear); $query="SELECT * FROM subs WHERE member='$id' AND date>$subdate Order BY id DESC"; $subResult=mysql_query($query); $subs=""; for($ss=0;$ss<mysql_num_rows($subResult);$ss++){ $amount=mysql_result($subResult,$ss,'amount'); if ($amount==""){$amount='25';} $date=date("M/Y",mysql_result($subResult,$ss,'date')); $subs=$subs."<a title='$date' alt='$date'>$amount</a>,"; }[/php] This outputs a line of results which is right except it shows 2 or 3 for april, 3 or 4 for may anthoer 2 or 3 for june etc... I hope someone gets my drift! hi dudes how do i write a mysql query with 3 columns, where the first column is 'year', the second is 'month' (integer) and the third is 'day' (integer), ordered by desc, but with an extra quirk, where if any of the three columns is zero (which means there is no data for that date column - assume i have a year and a month, but no day)? my code looks like the following Code: [Select] ORDER BY exhib_date_year DESC, exhib_date_month DESC, exhib_date_day DESC |
|||||||