|
PHP - Search Php Code To Access Remote Email Account
I am sitting behind a firewall which blocks the http access to all popular free email providers like
hotmail.com gmail.com .... The blocking is done by filtering out the domain names. So I am searching for a way to access the mailbox by a third domain e.g. mydomain123.com (which is under my control). I could imagine that there is a PHP code which can be setup on mydomain123.com which accesses the final hotmail.com mailbox by using POP3 fetches and SMTP sends. Is there such an PHP intermediate code? Peter Similar TutorialsI am working on a web form in PHP which accepts a Paypal Email address from the user. I need to authenticate (validate or check) if the Paypal email address entered is a valid Paypal email account. Please reply. All comments and feedback are welcomed. Thank you! This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=321126.0 The html Form I'm using works successfully with this php code:
<?php
//check if form was sent
if($_POST){
$to = 's@hmail.com';
$subject = 'Form1';
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$headers = $name;
$message .= "\r\n\r\n" . $name;
if( empty($_POST["some_place"]) or $_POST['some_place'] != "glory" )
{
header("HTTP/1.0 403 Forbidden");
}else{
mail( $to, $subject, $message, $email, $headers );
}
header('Location: https://.......com');
exit;
}
?>
The problem is that when the email is received it shows the (from) email address to be my domain account user name @ the server name, like this: Any help or suggested remedy will be appreciated Hey guys, Just lately I have been trying to start a specific project for myself. I started off by designing the pages etc on HTML, and then a friend of mine helped me convert them to PHP.
At the moment, when a user registers to the site, they only require to enter a Username and Password. I would like to add their email to it too, due to adding slightly extra security. It would also be used for future reasons such as sending emails out etc.
I'm not sure about adding this, I know that most likely it is going to be VERY similar to how it already is, but I couldn't seem to get it to work when I tried.
Ill give the coding which I am using for this below (the documents which I believe would need editing) :
Register.php
<?php
require($_SERVER['DOCUMENT_ROOT'] . '/TruckWorld/includes/config.php');
$sOutput .= '<div id="register-body">';
if (isset($_GET['action'])) {
switch (strtolower($_GET['action'])) {
case 'register':
// If the form was submitted lets try to create the account.
if (isset($_POST['username']) && isset($_POST['password'])) {
if (createAccount($_POST['username'], $_POST['password'])) {
$sOutput .= '<h1>Account Created</h1><br />Your account has been created.
You can now login <a href="login.php">here</a>.';
}else {
// unset the action to display the registration form.
unset($_GET['action']);
}
}else {
$_SESSION['error'] = "Username and or Password was not supplied.";
unset($_GET['action']);
}
break;
}
}
// If the user is logged in display them a message.
if (loggedIn()) {
$sOutput .= '<h2>Already Registered</h2>
You have already registered and are currently logged in as: ' . $_SESSION['username'] . '.
<h4>Would you like to <a href="login.php?action=logout">logout</a>?</h4>
<h4>Would you like to go to <a href="index.php">site index</a>?</h4>';
// If the action is not set, we want to display the registration form
}elseif (!isset($_GET['action'])) {
// incase there was an error
// see if we have a previous username
$sUsername = "";
if (isset($_POST['username'])) {
$sUsername = $_POST['username'];
}
$sError = "";
if (isset($_SESSION['error'])) {
$sError = '<span id="error">' . $_SESSION['error'] . '</span><br />';
}
$sOutput .= '<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Truck World - Register</title>
<!-- Core CSS - Include with every page -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="font-awesome/css/font-awesome.css" rel="stylesheet">
<!-- SB Admin CSS - Include with every page -->
<link href="css/sb-admin.css" rel="stylesheet">
</head>
<body>
<div align=center><img src="images/logintitle.png" alt="LoginTitle" /></div>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="login-panel panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Register To Join Truck World!</h3>
</div>
<div class="panel-body">
' . $sError . '
<form name="register" method="post" action="' . $_SERVER['PHP_SELF'] . '?action=register">
<fieldset>
<div class="form-group">
<input class="form-control" placeholder="Username" name="username" type="username" autofocus="">
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="password" type="password" value="">
</div>
<div class="form-group">
<input class="form-control" placeholder="Email" name="email" type="email" value="">
</div>
<!-- Change this to a button or input when using this as a form -->
<input type="submit" class="btn btn-lg btn-success btn-block" name="submit" value="Register" />
<a href="login.php"class="btn btn-lg btn-success btn-block">Login</a>
</fieldset>';
}
$sOutput .= '</div>
</div>
</div>
</div>
</div>
<div align=center><h5><small>Copyright - Lewis Pickles 2014 - All Rights Reserved</small></h5></div>
<!-- Core Scripts - Include with every page -->
<script src="js/jquery-1.10.2.js"></script>
<script src="js/bootstrap.min.js"></script>
<script src="js/plugins/metisMenu/jquery.metisMenu.js"></script>
<!-- SB Admin Scripts - Include with every page -->
<script src="js/sb-admin.js"></script>
</body>
</html>
';
// display our output.
echo $sOutput;
?>
Functions.php (Not sure if this would need editing, I think it might, Correct me if I'm wrong)
<?php
function createAccount($pUsername, $pPassword) {
// First check we have data passed in.
if (!empty($pUsername) && !empty($pPassword)) {
$uLen = strlen($pUsername);
$pLen = strlen($pPassword);
// escape the $pUsername to avoid SQL Injections
$eUsername = mysql_real_escape_string($pUsername);
$sql = "SELECT username FROM users WHERE username = '" . $eUsername . "' LIMIT 1";
// Note the use of trigger_error instead of or die.
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
// Error checks (Should be explained with the error)
if ($uLen <= 4 || $uLen >= 11) {
$_SESSION['error'] = "Username must be between 4 and 11 characters.";
}elseif ($pLen < 6) {
$_SESSION['error'] = "Password must be longer then 6 characters.";
}elseif (mysql_num_rows($query) == 1) {
$_SESSION['error'] = "Username already exists.";
}else {
// All errors passed lets
// Create our insert SQL by hashing the password and using the escaped Username.
$sql = "INSERT INTO users (`username`, `password`) VALUES ('" . $eUsername . "', '" . hashPassword($pPassword, SALT1, SALT2) . "');";
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
if ($query) {
return true;
}
}
}
return false;
}
/***********
string hashPassword (string $pPassword, string $pSalt1, string $pSalt2)
This will create a SHA1 hash of the password
using 2 salts that the user specifies.
************/
function hashPassword($pPassword, $pSalt1="2345#$%@3e", $pSalt2="taesa%#@2%^#") {
return sha1(md5($pSalt2 . $pPassword . $pSalt1));
}
/***********
bool loggedIn
verifies that session data is in tack
and the user is valid for this session.
************/
function loggedIn() {
// check both loggedin and username to verify user.
if (isset($_SESSION['loggedin']) && isset($_SESSION['username'])) {
return true;
}
return false;
}
/***********
bool logoutUser
Log out a user by unsetting the session variable.
************/
function logoutUser() {
// using unset will remove the variable
// and thus logging off the user.
unset($_SESSION['username']);
unset($_SESSION['loggedin']);
return true;
}
/***********
bool validateUser
Attempt to verify that a username / password
combination are valid. If they are it will set
cookies and session data then return true.
If they are not valid it simply returns false.
************/
function validateUser($pUsername, $pPassword) {
// See if the username and password are valid.
$sql = "SELECT username FROM users
WHERE username = '" . mysql_real_escape_string($pUsername) . "' AND password = '" . hashPassword($pPassword, SALT1, SALT2) . "' LIMIT 1";
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
// If one row was returned, the user was logged in!
if (mysql_num_rows($query) == 1) {
$row = mysql_fetch_assoc($query);
$_SESSION['username'] = $row['username'];
$_SESSION['loggedin'] = true;
return true;
}
return false;
}
?>
The Database for the email is as follows:
Edited by Lewis2212, 06 August 2014 - 10:20 AM. Hi, i have tried everything i can think of to get this to work correctly. What is below here, is what i have last tried to work with..: basically the script allows the use to register an email account on a cpanel domain. Everything works perfectly but then i added a option for banned words now i cant get the script to work.. basically what happens is: the user creates an email account, if the account is not a banned word and does not exist, then the message echoes success, and the $_Post values are also entered into the database under the users name. and the email is also created with the $f fopen if success the email form also does not show.. so only one email per user.. i just cant get it to work with the banned words included.. what to note:: this is a function in a function.. $bannedemailwords='customerinformation,custinfo,customerinfo,custtext,custsupport,customersupport,admin,accounts'; $bannedmail=explode(',', $bannedemailwords); $bannedmail = array_unique($bannedmail); sort($bannedmail); foreach($bannedmail as $noemail) //the selected username if ($Config['enablemyemailapp_enable'] == '0' && $_POST['cfg_enablemyemailappaddress_enable'] !== $noemaill && $_POST['cfg_enablemyemailappaddressdomain_enable'] !== 'Select a domain'){ $cpuser = 'ausername'; $cppass = 'apassword'; $cpdomain = 'adomain'; $cpskin = 'askin'; $epass = 'somepassword'; $equota = 'somequota'; $euser = $_POST['cfg_enablemyemailappaddress_enable']; $epass = $_POST['emailspassword_enable']; $edomain = $_POST['cfg_enablemyemailappaddressdomain_enable']; if (!empty($euser) && $euser !=='nomail') while(true) { $f = fopen ("http://$cpuser:$cppass@$cpdomain:2082/frontend/$cpskin/mail/doaddpop.html?email=$euser&domain=$edomain&password=$epass"a=$equota", "r"); if (!$f) { $enablemyemailapp_enable = '0'; $enablemyemailappaddress_enable = 'Replace with a Name'; $enablemyemailappaddressdomain_enable = 'Select a domain'; $msgemail = 'The email '.$euser.'@'.$edomain.' is a restricted email account.'; break; } $enablemyemailapp_enable = '1'; $enablemyemailappaddress_enable = $_POST['cfg_enablemyemailappaddress_enable']; $enablemyemailappaddressdomain_enable = $_POST['cfg_enablemyemailappaddressdomain_enable']; $msgemail ='<center><font color="#ff0033">Your Email '.$euser.'@'.$edomain.' has been created.</font></center>'; while (!feof ($f)) { $line = fgets ($f, 1024); if (ereg ("already exists", $line, $out)) { $enablemyemailapp_enable = '0'; $enablemyemailappaddress_enable = 'Replace with a Name'; $enablemyemailappaddressdomain_enable = 'Select a domain'; $msgemail ='<center><font color="#ff0033">The email account '.$euser.'@'.$edomain.' already exists.</font></center><br><center>Please try again!</center>'; break; } } echo $msgemail; $_POST['cfg_enablemyemailapp_enable']= $enablemyemailapp_enable; $_POST['cfg_enablemyemailappaddress_enable']=$enablemyemailappaddress_enable; $_POST['cfg_enablemyemailappaddressdomain_enable']=$enablemyemailappaddressdomain_enable; @fclose($f); break; } } I need Delete Duplicate Email Records That Are Attached To One Account But Can Be Found In Multiple Accounts I have a table, consumer_mgmt. It collects consumer information from various forms. These forms are available through different pages that are part of a business package. A business can offer these signups to gather names and emails from consumers for various types of specials they may offer. So a consumer my be in the consumer_mgmt table 5, 10, 15 times for that particular business. But, that consumer may be in the consumer_mgmt table multiple times for a different business. So multiple times for multiple businesses. I need to remove duplicates for each business account so the consumer is only the consumer_mgmt only once for each business. There are approximately 15,000 rows currently in the consumer_mgmt table. I'm not sure where to begin on the logic. Since there are multiple business accounts that the emails are attached to, would one have to build a case for each loop? Hi all, Here i have a serious problem. I want to sought it out using PHP and MySQL only. I have a form includes fields of customer id and Account type( stored in a jump menu and includes 6 different types of accounts) <style type="text/css"> <!-- body,td,th { font-size: 18px; font-weight: bold; } --> </style> <p><img src="../images/mahapitiya 1.jpg" width="1024" height="139" /></p> <form id="form1" name="form1" method="post" action=""> <label> <input type="submit" name="button" id="button" value="Logout" /> </label> </form> <p> </p> <form action="" method="post" name="form2" id="form2" onsubmit="return Validate();"> <fieldset> <legend class="cap">Create an Account</legend> <table width="75%" border="0" cellspacing="0" cellpadding="5" align="center"> <tr> <td> </td> <td class="title02"> </td> <td> </td> <td> </td> </tr> <tr height="30"> <td width="10%"> </td> <td width="25%" class="title02" align="left">Customer ID</td> <td width="55%" class="attribute1" align="left"><input type="text" name="customer_id" class="attribute1" /></td> <td width="10%"> </td> </tr> <tr height="30"> <td> </td> <td width="25%" class="title02" align="left">Account Type</td> <td width="55%" align="left" bgcolor="#FFFFFF" class="attribute1"><select name="account_type" id="jumpMenu" > <option selected="selected"></option> <option>Savings Investment</option> <option>Shakthi</option> <option>Surathal</option> <option>Abhimani Plus</option> <option>Yasasa Certificates</option> <option>Fixed Deposits</option> </select> </td> <td width="10%"> </td> </tr> </table> <p align="center"> </p> <p align="center"> <input type="submit" onclick="return Validate();" name="submit" value="Submit" class="attribute1" /> <input type="reset" name="reset" value="Reset" class="attribute1" /> <label> <input type="submit" name="button2" id="button2" value="Help" /> </label> </p> </fieldset> </td> <td width="5%"> </td> </tr> <tr> <td> </td> <td> </td> <td> </td> </tr> <tr> <td> </td> <td align="center"> </td> <td> </td> </tr> <tr> <td> </td> <td><font color="red" size="1" ></font></td> <td> </td> </tr> </table> </form> <p> </p> <script language = "Javascript"> function Validate() { if (document.form2.customer_id.value == '') { alert('Please enter the valid customer id!'); return false; } else if ( document.form2.account_type.selectedIndex == '' ) { alert ( "Please select an account type!." ); return false; } return true; } </script> There are 6 different types of tables exist in my database representing 6 different types of accounts.Each and every table there is a field called "account number" which is auto incremented.When user clicks on submit button i want account number to be opened based on selected account type. How this could be done? Thanks, Heshan. Code: [Select] <?php if(date('w') == 0) $str = 'today'; else $str = 'last sunday'; $timestamp = strtotime($str); //echo $timestamp; echo "<img src='brn_masthead.gif' width='500' /><br /><table border='1'><tr>"; echo "<tr><td align='center' width='140'><b>Sunday</b></td><td align='center' width='140'><b>Monday</b></td><td align='center' width='140'><b>Tuesday</b></td><td align='center' width='140'><b>Wednesday</b></td> <td align='center' width='140'><b>Thursday</b></td><td align='center' width='140'><b>Friday</b></td><td align='center' width='140'><b>Saturday</b></td></tr><tr>"; $j = 0; for($i = 0; $i < 14; $i++) { $thisdate = date('Y-m-d', $timestamp + ($i * (60 * 60 * 24))); ?> I've looked into mktime and checked the manual, but can't find anything that seems to work inside the loop. Thanks! Actually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after How does a web server, with a database connect to the emails it receives? How does the web server get the contents of the emails it receives so I can parse it? Thanks I have a PHP application and am trying to allow users to import contacts from their favorite email systems. Right now, I'm targeting yahoo, gmail and hotmail - facebook friends would also be interesting. I'll need to allow users to log in, of course, and then have all of their contacts pulled into my application. From there, I'll present them to the user and allow them to pick which ones they want to email about my application. The important part is that I need to have control over what happens to the contact list to control certain aspects of my application. So, here are my questions: > Is CURL the right method to use to do this? > Are there practical examples available that I can use and where might I find them? > What things would I need to be aware of and prepare for regarding security/hacking since I'm accessing remote sites? Thanks for your guidance. I am trying to get a php script on a remote server to execute on my server but im having problems getting it to work, and i am not sure if it is even feasible i have had a look on google but i cant find much information on it. This is what i have tried up to now I saved a php script as a txt file on y remote server. then used file_get_contents on my home server $curl_scraped_page = file_get_contents('http://www.remote_server.com/script.txt'); the content of the txt file was $sum = 1+1; then i tried to echo $sum on the home server but i did not work can anyone point me in the right direction or is what i am trying to do even feasible? Thanks in advanced Is anyone running PHP storm on Windows and debugging their PHP code on a remote Linux box? I ask because I am contemplating buying PHPStorm. What opinions I have read on this configuration say it doesn't work well. I have code to search a database of members, I can search by lastname but having a little problem. I want to be able to search by lastname starting with the first letter. (ie: a or b or c or d and so on). As it is right now I can only search by first letter of last name if I add % to the search (ie: a% b% c%) will give me all members with the last names starting with the approiate letter designation. I'm not sure how to handle this, any help would be appreciated. Thanks. Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title></title> </head> <body> <center><table cellspacing="10" cellpadding="10" width="750" border="0"> <h4>Search</h4> <form name="search" method="post" action="<?php $PHP_SELF?>"> Seach for: <input type="text" name="find" /> in <Select NAME="field"> <Option VALUE="lname">Last Name</option> <input type="hidden" name="searching" value="yes" /> <input type="submit" name="search" value="Search" /> </form> <?php // check to see if anything is posted if (isset($_POST['find'])) {$find = $_POST['find'];} if (isset($_POST['searching'])) {$searching = $_POST['searching'];} if (isset($_POST['field'])) {$field = $_POST['field'];} //This is only displayed if they have submitted the form if (isset($searching) && $searching=="yes") { echo "<h4>Results</h4><p>"; // If they did not enter a search term we give them an error if (empty($find)) { echo "<p>You forgot to enter a search term"; exit; } // Otherwise we connect to our Database mysql_connect("localhost", "root", "1910") or die(mysql_error()); mysql_select_db("cmc_member") or die(mysql_error()); // We preform a bit of filtering $find = strtoupper($find); $find = strip_tags($find); $find = trim ($find); // Now we search for our search term, in the field the user specified $results = mysql_query("SELECT * FROM members WHERE upper($field) LIKE'$find'"); // And we display the results if($results && mysql_num_rows($results) > 0) { $i = 0; $max_columns = 3; while($row = mysql_fetch_array($results)) { // make the variables easy to deal with extract($row); // open row if counter is zero if($i == 0) echo "<tr>"; // make sure we have a valid product ALIGN='CENTER' if($fname != "" && $fname != null) echo "<td ALIGN='CENTER'><FONT COLOR='red'><b>$fname $lname</b></FONT><br> $address <br> $city $state $zip <br>$phone<br><a href=\"mailto: $email\">$email</a><br></td>"; // increment counter - if counter = max columns, reset counter and close row if(++$i == $max_columns) { echo "</tr>"; $i=0; } // end if } // end while } // end if results // clean up table - makes your code valid! if($i < $max_columns) { for($j=$i; $j<$max_columns;$j++) echo "<td> </td>"; } //This counts the number or results - and if there wasn't any it gives them a little message explaining that $anymatches = mysql_num_rows($results); if ($anymatches == 0) { echo "Sorry, but we can not find an entry to match your query<br><br>"; } //And we remind them what they searched for echo "<b>Searched For:</b> " .$find; } ?> </tr> </table></center> </body> </html> hi everyone i was wondering if anyone has any idea how i can make my php links look like this "wwwDOTmysiteDOTcom/xxx.php?s=account" right now they look like this "wwwDOTmysiteDOTcom/account.php" thanks... Hi guys, I am making a bot which only scrapes the source code of the site AFTER logging into the site.The script to login is : Code: [Select] <?php $username="xxx"; $password="iwonttellyou"; $url="http://internet.com/login.php"; $cookie="cookie.txt"; $postdata = "name=".$username."&password=".$password; $ch = curl_init(); curl_setopt ($ch, CURLOPT_URL, $url); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"); curl_setopt ($ch, CURLOPT_TIMEOUT, 60); curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 0); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_COOKIEJAR, $cookie); curl_setopt ($ch, CURLOPT_REFERER, $url); curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata); curl_setopt ($ch, CURLOPT_POST, 1); $result = curl_exec ($ch); echo $result; ?> I can see different SESSION ID's in cookie.txt everytime i compile this code, which makes me believe its working.However what next? How should i go to that site again, already logged in and scrape the data ? Some suggestions would be nice. Hey All, I will be marketing a simple php script shortly and would like to Obfuscate my code and have it check to see if the person is running the script on the proper domain, much like other Purchased Scripts, you have to buy licenses and some are limited to a Per Domain basis. Could I use cURL to run a script on another server (mine) that takes the URL it came from, and a variable "the auth key" and check if the person is using the script on the proper domain? If the domain and auth key don't match in the DB i would return a message saying invalid key or something, else continue to execute the script. <?php //authkey would be defined in config file $authkey = "769870afhljkzxf90436"; $curl_handle=curl_init(); curl_setopt($curl_handle,CURLOPT_URL,"http://example.com/page.php?authkey=$authkey"); curl_setopt($curl_handle,CURLOPT_CONNECTTIMEOUT,2); curl_setopt($curl_handle,CURLOPT_RETURNTRANSFER,1); $buffer = curl_exec($curl_handle); curl_close($curl_handle); if (empty($buffer)) { print "Sorry, AuthServ is performing maintenance.....<p>"; } else { print $buffer; } ?> Is there a smarter way to do this? I don't have an extra 300 bucks to use something like ioncube, just looking for a general proper direction on going about this as I am totally clueless. thanks I have a weird kind of problem. I uploaded all upload-directories through FTP which have 777 permissions and owner name 'abc' This means I can access all of them through the codes. But while creating files inside those full permitted directories, the compiler complains for access denied. Meanwhile, a different directory is created with same name whose owner is 'apache' itself and the previous directory is lost. Then I cannot change the permissions of that directory through FTP. I don't if it is apache server's problem itself or not. Or is it a way to define user while creating/editing/deleting files and directories through php code itself? To access MySql tables from PHP, I use the PHP code and the function below. If I make these changes, would this code work for SQL Server 2008? mysql_fetch_array to mssql_fetch_array mysql_connect to mssql_connect mysql_select_db to mssql_select_db mysql_query to mssql_query PHP code -------------------------------------------------------------------------------- $sql = "SELECT mast_id FROM district_mast WHERE mast_district = '".$dist_num."'"; $result = func_table_access($sql); $rows = mysql_fetch_array($result); Function -------------------------------------------------------------------------------- FUNCTION func_table_access($sql) { $db = "aplustutoru"; $host = "localhost"; $user = "root"; $pass = ""; IF (!($conn=mysql_connect($host, $user, $pass))) { PRINTF("error connecting to DB by user = $user and pwd=$pass"); EXIT; } $db3 = MYSQL_SELECT_DB($db,$conn) or die("Unable to connect to local database"); IF ($sql <> "justopendb") { $result = MYSQL_QUERY($sql) OR DIE ("Can not run query because ". MYSQL_ERROR()); RETURN $result; } } Below is the screenshots and script for user page level access i have used it for one of my old projects. Code is working as it was intended. But it needs to be improvised. Users table
pages table , which has all the pages and links
Access level table. which has user id from users table and page id from pages table (for which user has access)
Once the user is created, admin gives access to the user on page basis, the permissions.php page looks like this The modules
Menus inside the modules
Pages in each menu
Here is my code for permission.php
<div id="demo2-html">
<ul id="demo2" class="mnav">
<li><a href="#">Sales</a>
<ul>
<li><a href="#">Lead</a>
<ul>
<table class="table table-bordered table-striped table-hover">
<?php
$s1 = mysqli_query($con, "SELECT pages.page_id as pid, pages.code, pages.page,
pages.href, access_level.aid, access_level.page_id as pgid,
access_level.user_id
FROM pages
LEFT JOIN access_level ON (pages.page_id=access_level.page_id
AND access_level.user_id=".$user."
) WHERE pages.code='led'") or die(mysqli_error($con));
while($s2 = mysqli_fetch_array($s1)) { ?>
<tr><li><td><?php echo $s2['page']; ?> </td><td><input type="checkbox" name="sn[]" value="<?php echo $s2['pid']; ?>" <?php if($s2['pgid'] === $s2['pid']) echo 'checked="checked"';?> />
<input type="hidden" value="<?php echo $s2['pid']; ?>" name="page_id[<?php echo $s2['pgid']; ?>]">
</td></li></tr>
<?php } ?>
</table>
</ul>
</li>
<li><a href="#">Customer</a>
<ul>
<table class="table table-bordered table-striped table-hover">
<?php
$s1 = mysqli_query($con, "SELECT pages.page_id as pid, pages.code, pages.page,
pages.href, access_level.aid, access_level.page_id as pgid,
access_level.user_id
FROM pages
LEFT JOIN access_level ON (pages.page_id=access_level.page_id
AND access_level.user_id=".$user."
) WHERE pages.code='cst'") or die(mysqli_error($con));
while($s2 = mysqli_fetch_array($s1)) { ?>
<tr><li><td><?php echo $s2['page']; ?> </td><td><input type="checkbox" name="sn[]" value="<?php echo $s2['pid']; ?>" <?php if($s2['pgid'] === $s2['pid']) echo 'checked="checked"';?> />
<input type="hidden" value="<?php echo $s2['pid']; ?>" name="page_id[<?php echo $s2['pgid']; ?>]">
</td></li></tr>
<?php } ?>
</table>
</ul>
</li>
//code goes for all the other modules
</ul>
</li>
</ul>
</div>
<input type="hidden" name="user" value="<?php echo $user; ?>" />
<div class="row" align="center">
<input type="submit" name="submit" class="btn btn-success" value="Save" />
</form>
// form Submission
if(isset($_POST['submit']))
{
$user = $_POST['user'];
$sql = "DELETE FROM access_level WHERE user_id = ".$user."";
$query = mysqli_query($con, $sql) or die (mysqli_error($con));
foreach($_POST['sn'] as $sn)
{
$sql = "insert into access_level (page_id, user_id) values (".$sn.", ".$user.")";
$query = mysqli_query($con, $sql) or die (mysqli_error($con));
}
if($query)
{
header("location:users.php?access=1");
}
}
So against each user i am storing all the page ids here. When i edit any of the users, it deletes all the records and again insers new records. Which i feel is not a proper way to do. And in codewise also, i am redirecting the user to no_access.php (as below) page if the user do not have access.
<?php
ob_start();
include("connect.php");
include("admin_auth.php");
$q1 = basename($_SERVER['REQUEST_URI'], '?' . $_SERVER['QUERY_STRING']);
$q2 = $_SERVER['REQUEST_URI'];
$var1 = "/".$q1;
$qa_path=explode('/', $q2);
$right_path = $qa_path[2].$var1;
$parsedUrl = parse_url($q2);
$curdir = dirname($_SERVER['REQUEST_URI'])."/";
$m4 = "select p.page_id, p.code, p.page, p.href, al.aid, al.page_id, al.user_id FROM pages p INNER JOIN access_level al ON p.page_id=al.page_id WHERE al.user_id=".$_SESSION['user_id']."";
$m5 = mysqli_query($con, $m4) or die (mysqli_error($con));
while($nk1 = mysqli_fetch_array($m5)) {
$href1[] = ($nk1['href']); }
if(in_array($right_path, $href1)) {
echo "<script type='text/javascript'> document.location = ".BASE_URL."/".$right_path."</script>";
}
else
{
echo "<script type='text/javascript'> document.location = '../no_access.php' </script>";
exit();
}
?>
I need help in improve and better/effective (structural) way to do this both in database and php script. |
|||||||