|
PHP - Allowing Users To Edit There Own Page...?
hi i was wondering how i would make a website that allowed a user to login and edit there website ... like im a hoster and they can have a webpage on my server... how would i do this? allow them to create a database , and use all types of code? please help me this is important , if i didnt explain good enough please tell me
Similar TutorialsThere are websites like Soundcloud, Soundclick, MySpace and more.
The Question:
How to not get a law suite as a website owner when copyright protected music or in other words music from the retail has gotten uploaded?
Will moderating it and having it frequently taken down do the job?
I know that the users themselves could get researched too. The site owner could get requested to give out IP addresses. Though, I kept this separately from that question.
I basically would be looking to be safe and not get a law suite.
I would appreciate the suggestions a lot.
My server is Linux/Apache/PHP.
When a file is uploaded, I use PHP's finfo_open to confirm that the file have the correct file extension matches and delete them if it doesn't match. I also which file mimi types and size could be uploaded.
Things I do with the files include:
Upload user's files and store them in some public directory (/var/www/html/users_public_directory/), and allow other users to directly download them.
Upload user's files and store them in some private directory (/var/www/users_private_directory/), and allow other users to download them using X-Sendfile.
Upload user's ZIP files and convert them to PDF files (unzip the ZIP file, and uses Libreoffice and Imagemagick's convert to convert them to PDFs).
From the server's prospective, what are the risks of allowing users to upload files? Are there some file types which are more dangerous to the server? Could they be executed on the server, and if so, how could this be prevented?
I need to know how to allow admin to essentially be "all users" in otherwords, edit everyones profile and not just their own. Tell me what codes would be helpful and i will send them on in. By the way, i do have a script that allows members to edit own profile. I have code written for image uploading, but it doesn't allow multiple images on a single upload, and doesn't re-size. Anyone willing to share a good upload script that will do the following?: -Allow multiple image uploads (10+ per submission), -Re-size images on upload, and -Rename images. Thanks Brett Sir/ma'am,
With the script I'm using to run my website, I've been trying to add an additional feature for the users to add/edit. I'll try to provide as much info as I can, hopefully it'll help.
Here is the code I'm using to display the user's unique info from the db.
<a class="wallet-edit"><?php echo $_SESSION['simple_auth']['INFO']?></a>That displays the user's info from the column 'INFO' perfectly. It's also a js popup to a menu to where I'm hoping to add a single textbox to edit the INFO. The script uses a similar function to edit the password with a popup. I've tried modifying the code to edit the INFO column but it doesn't work. Here is the default code it has to edit the password. I'm not sure if it can be changed to edit another column or needs a new piece of code for that.
// user edit
$('body').on('click', '.username-edit', function() {
$('#modal').html(' ');
var output = '<div class="modal-content"><h5><?php echo lang::get("Change password")?></h5><hr />';
output += '<h5><?php echo lang::get("New password:")?></h5><input type="password" name="password" id="password" value="" class="text ui-widget-content ui-corner-all" />';
output += '<h5><?php echo lang::get("Confirm password:")?></h5><input type="password" name="password2" id="password2" value="" class="text ui-widget-content ui-corner-all" />';
output += '</div>';
output += '<div class="modal-buttons right">';
output += '<button id="confirm-button" type="button" class="nice radius button"><?php echo lang::get("Change")?></button>';
output += '</div>';
output += '<a class="close-reveal-modal"></a>';
$('#modal').append(output);
$('#second_modal').hide();
$('#modal').reveal();
$('#confirm-button').click(function(){
$('#password').css('border-color', '#CCCCCC');
$('#password2').css('border-color', '#CCCCCC');
var password = $('#password').val();
var password2 = $('#password2').val();
if(typeof(password) === 'undefined' || password == ''){
$('#password').css('border-color', 'red');
return false;
}
if(password != password2){
$('#password2').css('border-color', 'red');
return false;
}
password_data = encodeURIComponent(password);
$.post("<?php echo gatorconf::get('base_url')?>", { changepassword: password_data} ).done(function(data) {
// flush
window.location.href = '<?php echo gatorconf::get('base_url')?>';
});
});
});
If the code above can be edited to work with what I'm trying to do, it of course only needs one textbox and doesn't have to be confirmed by a second input.
Please help! Thanks!
Hai..
currently i am developing client dashboard using php/mysql.Here is my problem i need to create a tab named as notes.Using this tab the logged in users can add a new note or edit his existing note and save as text file.. Hi can anyone please help me, I have to create a edit page that retrieves information from a list so that a user can change the text. The page looks fine but when I enter data in the fields and update it leaves the page as it was retrieved. I am a beginner! My code looks like this: Code: [Select] <form method = "get" action = "edit.php"> <?php //check to see if user is logged on session_start(); if (!(isset($_SESSION['login']) && $_SESSION['login'] != "")) { header ("Location:login.php"); } include('connect.php'); //connection details to database in a connect.php page $product_id = $_GET['product_id']; $query = "SELECT * FROM products WHERE product_id = '$product_id'"; $result = mysql_query($query); while($row = mysql_fetch_array($result)){ $product_id = $row['product_id']; echo "<table>"; echo "<tr>"; echo "<td><input name = 'product_id' type = 'hidden' value ='$row[product_id]'></td>"; echo "</tr>"; echo "<tr>"; echo "<td>Product Name:</td><td><input name = 'pname' type = 'text' value ='$row[product_name]'></td>"; echo "</tr>"; echo "<tr>"; echo "<td>Product Range:</td><td><input name = 'prange' type = 'text' value ='$row[product_range]'></td>"; echo "</tr>"; echo "<tr>"; echo "<td>Product Price:</td><td><input name = 'pprice' type = 'text' value ='$row[product_price]'></td>"; echo "</tr>"; echo "<tr>"; echo "<td><input type = 'submit' name = 'Submit' value = 'Update'></td>"; echo "</tr>"; echo "</table>"; } //if form was submitted if ($_SERVER['REQUEST_METHOD'] == 'POST'){ //get values from fields $productname = $_POST['pname']; $range = $_POST['prange']; $price1 = $_POST['pprice']; $price = (int)$price1; if ($productname == "" || $range == "" || $price == "" ) { $errorMessage .= "Please fill in all text boxes"; } else { $errorMessage = ""; } $query = "UPDATE products SET product_name = '$productname', product_range = '$range', product_price = '$price' WHERE product_id = '$product_id'"; $result = mysql_query($query); print "<br> $productname from range $range with a price of $price has been updated!"; } ?> Thank you in advance! So I'm working on a php page that can edit a .txt-file. This is what I'v got so far: Code: [Select] <?php if (isset($_POST['submit'])) { $stringData = stripslashes($_POST['sf']); file_put_contents("huisrekening.txt", $stringData); header('Location: quaestor.php?a=update'); } ?> Huisrekening: <form action="" method="post"> <textarea name="sf" cols="100" rows="20"> <?php $theData = file_get_contents("huisrekening.txt"); echo $theData; ?></textarea> <br /> <input type="submit" name="submit" value="Update" /> </form> <?php if ($_GET['a'] == 'update') { echo ''; $myFile = "huisrekening.txt"; $fh = fopen($myFile, 'r'); $theData = fgets($fh); fclose($fh); echo $theData; } ?> Problem: each time I hit the Update button an extra line appears in the .txt-file. :-( Does anybody know what I did wrong? I was looking at various tutorials on the net to help me create an edit profile page for my site but the ones I tried wouldn't work... What changes would I have to make to this: (register.php) <?php include ('header.php'); ?></center> <div class=content> <?php if(!empty($_POST['username']) && !empty($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $email = mysql_real_escape_string($_POST['email']); $location = mysql_real_escape_string($_POST['location']); $website = mysql_real_escape_string($_POST['website']); $about = mysql_real_escape_string($_POST['about']); $checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'"); if(mysql_num_rows($checkusername) == 1) { echo "<b>Error</b>"; echo "Sorry, that username is taken. Please go back and try again.</p>"; } else { $registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress, Location, Website, About) VALUES('".$username."', '".$password."', '".$email."', '".$location."', '".$website."', '".$about."')"); if($registerquery) { echo "<b>Success!</b>"; echo "Your account was successfully created. Please click<a href=\"index.php\"> here </a>to login."; } else { echo "<b>Error</b>"; echo "<p>Sorry, your registration failed. Please go back and try again.</p>"; } } } else { ?> <b>Register</b> <br><br> Please enter your details below to register. <br><br> <form method="post" action="register.php" name="registerform" id="registerform"> <table width=700px border=0 cellspacing=10><tr><td valign=top><table border=0> <b>Required Information:</b><br><br> <tr><td> <b>Username:</b> </td><td> <input type="text" name="username" id="username" /> </td></tr><tr><td> <b>Password:</b> </td><td> <input type="password" name="password" id="password" /> </td></tr><tr><td> <b>Email Address:</b> </td><td> <input type="text" name="email" id="email" /> </td></tr></table></td><td valign=top> <table border=0> <b>Optional Information:</b><br><br> <tr><td> <b>Location:</b> </td><td> <input type="text" name="location" id="location"> </td></tr><tr><td> <b>Your Website:</b> </td><td> <input type="text" name="website" id="website"> </tr></td><tr><td valign=top> <b>Short About:</b> </td><td> <textarea name="about" id="about" rows="10" cols="20"></textarea> </td></tr></td> </table> </td></tr> </table> <input type="submit" name="register" id="register" value="Register" class=btn /> </form> <?php } ?> </div> <?php include ('footer.php'); ?> an edit profile page? I use this as the template because its damn near the same script, just with a few alterations... I know the obvious things the bit I struggle with is selecting the database then inserting new information?...I keep getting my variables/queries messed up when I rewrite it to create a edit profile page. Cheers, i have a mysql db, i have a form that i use to post data to db. i would like to have visitors to my site be able to post to db as well, but they would have to be registered and have their own profile. when logged in they could see and edit their own space and content that they posted to mysql. how would i go about creating something like this? can someone point me in the right direction ? thank you. So, I'm designing a website (who isn't?) and I created the basic framework for a users page from a tutorial I found. Using some previous knowledge I managed to make it display a few custom fields that are defined by the user. Everything works fine as is, but now I want to do a few things to it that I have not the slightest clue how to even begin... Here is my user page code so far... and oh yes I'm using WordPress which is why I made it check manually for page status in my Page.php file. <?php if ( is_page('Users')) { echo "<ul id=\"UsersList\">"; /* First we set how we'll want to sort the user list. You could sort them by: ------------------------ * ID - User ID number. * user_login - User Login name. * user_nicename - User Nice name ( nice version of login name ). * user_email - User Email Address. * user_url - User Website URL. * user_registered - User Registration date. */ $szSort = "user_nicename"; /* Now we build the custom query to get the ID of the users. */ $aUsersID = $wpdb->get_col( $wpdb->prepare("SELECT $wpdb->users.ID FROM $wpdb->users ORDER BY %s ASC", $szSort )); /* Once we have the IDs we loop through them with a Foreach statement. */ foreach ( $aUsersID as $iUserID ) : /* We use get_userdata() function with each ID. */ $user = get_userdata( $iUserID ); /* Here we finally print the details wanted. Check the description of the database tables linked above to see all the fields you can retrieve. To echo a property simply call it with $user->name_of_the_column. */ if($user->user_login != "Unknown") // don't show the placeholder for [unknown] author { echo '<a href="">' . get_avatar( $iUserID, $size = '45', $border='0') . '</a>'; echo '<li>' . ucwords( strtolower( $user->user_login ) ) . '</li>'; if($user->favorite_player != "") { echo '<li>' . $user->favorite_player . '</li>'; } if($user->player_name != "") { echo '<li>' . $user->player_name . '</li>'; } } /* The strtolower and ucwords part is to be sure the full names will all be capitalized. */ endforeach; // end the users loop. echo "</ul>"; }; ?> Problem one: This does NOT sort my name, despite the tutorial's insistence that it will. I have not even a guess as to why this is. Problem two: I would like to either sort this list into two columns or paginate it or both but I am not sure how to do either. Problem three: I want to insert some static text between the echo '<li>' and the . $user->player_name . '</li>'; so that it reads: o Player Name: USER'S VARIABLE ' PLAYER NAME' HERE Yes that 'o' is supposed to be the list item dot. I know how strings work, I just can't get my attempts to work out syntax-wise. Any help would be greatly appreciated! Tutorials, answers, suggestions, examples, anything. The extent of my previous coding knowledge is several years of UnrealScript, so you can see why this simple thing is baffling me. Frankly I'm surprised this much of it works. Afternoon All. I wish to re-direct users to a 404 error page on my site if an article does not exist in my database. Here's my code: $SQL = "SELECT headline FROM news WHERE news_id=".mysql_real_escape_string($_GET['news_id']); $result = mysql_query($SQL) OR die(mysql_error()); $num = mysql_num_rows($result); //** Check that the entry exists otherwise send to error page if ($num > 0) { $row = mysql_fetch_array($result); $headline = $row['headline']; } else { echo "Why is this printed? - I should be leaving this page?"; header("Location: error.php"); exit; } Now the wierd thing is that when I enter a news_id for a value that does not exist it prints the message Why is this printed? - I should be leaving this page? so it's actually going to the ELSE statement which is good, but surely it should not do this as I ask the page to re-direct? Thank you My validation Code: [Select] <?php if(!isset($_POST['submit'])) { if(!isset($_GET["id"])) { me_redirect_to("staff.php"); } } ?> is redirecting me even if my $_POST['submit'] is set here's the full code Code: [Select] <?php require_once("includes/connection.php"); ?> <?php require_once("includes/functions.php"); ?> <?php require("includes/header.php"); ?> <?php require("includes/navbar.php"); ?> <?php require("staff_sidebar.php"); ?> <?php if(!isset($_POST['submit'])) { if(!isset($_GET["id"])) { me_redirect_to("staff.php"); } } ?> <?php if(!isset($_POST['submit'])) { if(!is_numeric($_GET["id"])) { me_redirect_to("staff.php"); } } ?> <?php if(isset($_GET['id'])); { $i = 0; $edit_proj_id = $_GET['id']; $edit_query = "Select proj_name, content from rec_projects where proj_id = {$edit_proj_id}"; $edit_result = mysql_query($edit_query, $connection); $num = mysql_num_rows($edit_result); if($num != 1) { me_redirect_to("staff.php"); } $edit_proj_name = mysql_result($edit_result,$i,"proj_name"); $edit_content = mysql_result($edit_result,$i,"content"); } ?> <div id="content"> <h1>Edit Subject</h1><br> <?php if(isset($_POST['submit'])) { $proj_name = me_mysql_prep(trim($_POST['proj_name'])); $proj_content = me_mysql_prep($_POST['proj_content']); if(empty($_POST['proj_name'])) { $empty_name = array('Project Name Cannot Be Empty'); } if(empty($_POST['proj_content'])) { $empty_content = array('Content Cannot Be Empty'); } if(isset($empty_name) && isset($empty_content)) { $error_merge = array_merge($empty_name, $empty_content); } else if(isset($empty_name)) { $error_merge = array_merge($empty_name); } else if(isset($empty_content)) { $error_merge = array_merge($empty_content); } else { $error_merge = array(); } if(!empty($error_merge)) { foreach($error_merge as $error) { echo "<span class=\"error_validation\">*". $error . "<br></span>"; } } else { $query = "UPDATE rec_projects SET proj_name='{$proj_name}', content='{$proj_content}' where proj_id = {$edit_proj_id}"; if($result = mysql_query($query,$connection)) { me_redirect_to("edited_project.php?edited=1"); } else { echo "Can\'t edit the project: ". mysql_error() . ""; } } echo "<br><br>"; } ?> <table> <tr><td> </td></tr> </table> <table> <form action="edit_project.php" method="post" name="add_subject"> <tr> <td>Project Name:</td> <td><input type="text" size="50" name="proj_name" value="<?php echo $edit_proj_name; ?>"></td> </tr> <tr> <td>Content:</td> <td><textarea cols="70" rows="20" name="proj_content"><?php echo $edit_content; ?></textarea></td> </tr> <tr> <td></td> <td><input type="submit" value="Edit Project" name="submit" id="submit" size="30"></td> </tr> </form> </table> </div> <?php require("includes/footer.php"); ?> It's suppose to be executing the mysql edit query but it's bypassing my validation. I wonder what the problem is.. MySQL Version: 5.5.20 (<-- This is my WAMPServer version to test my program, my hosting has 5.1 though) PHP Version: 5.3.10 (My Hosting says its PHP 5 but not sure what version, i know its not the newest) What im trying to do is have my site have a page like "www.mysite.com/data.php?user=Nicholas&country=USA" Thing is, i dont know what to add in my data.php source code to make it work like that. What im trying to achieve is for my users to sign up for my page but I DO NOT want to add my MySQL user and pass in the page where it can be cracked and hacked. When the user goes to the page, a script will automatically put the user and country and then the page will automatically add the user and his country to the MySQL table on my database. Im also making a program that will work like this and that will have a higher chances of being hacked if i add my MySQL info into the program in order to add data. Can someone please provide me of a sample source i can try? I will not only be adding user and country but i want to test this out. Thanks! Hi, I'm very new to php/mysql, but for a project I'm working on I need to create users that are admins, and normal users. The admins would be able to post news stories, and delete user accounts. Whereas the users would just be able to comment on the news stories. I'm just wondering how I would create a normal 'register' page for both, which has the same fields, but somehow creates some people as admins, and others as normal users... with the ability to limit who can become an admin, so not everyone can register as one. I'm not sure how I would achieve this, or even know how to do it. Does anyone know any tutorials or code on how to achieve this? Your help is greatly appreciated, Thanks. I am trying to make a login and direct for my clients. I have all the login stuff working but can't figure out how to redirect specific clients to their pages only. Any help anyone can offer would be great. Code: [Select] <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Hi, I have a restricted area for my work's company. This is an area where registered users with their own user name and password can access to download technical documents etc. I am hearing some reports that users will have to login twice to get to the area - This happens in Chrome, IE 7/8 and some Firefox's. It has only happened to me once or twice. Does anyone know why this may be? Here is the HTML code from the login form on the index page: Code: [Select] <form name="login_form" method="post" action="log.php?action=login"> <p>Login:<br /> <input type="text" name="user" /> </p> <p>Password: <br /><input type="password" name="pwd" /> </p> <p class="submit"> <input type="submit" value="Submit" name="submit" class="submit" /> </p> </form> Here is the log.php File: (personal connection details edited) Code: [Select] <?php $hostname = "IP:3306"; $username = "user"; $password = "password"; $database = "db_name"; $link = MYSQL_CONNECT($hostname,$username,$password); mysql_select_db($database); ?> <?php session_name("MyWebsiteLogin"); session_start(); if($_GET['action'] == "login") { $conn = mysql_connect("IP:3306","user","password"); $db = mysql_select_db("db_name"); //Your database name goes in this field. $name = $_POST['user']; $ip=$_SERVER['REMOTE_ADDR']; $country = file_get_contents('http://api.hostip.info/country.php?ip='.$ip); $q_user = mysql_query("SELECT * FROM customer WHERE username='$name'"); ?> <?php $insert_query = ("INSERT INTO login(username, ip, country) VALUES ('$name','$ip','$country');"); mysql_query($insert_query) or die('Error, insert query failed'); ?> <?php if(mysql_num_rows($q_user) == 1) { $query = mysql_query("SELECT * FROM customer WHERE username='$name'"); $data = mysql_fetch_array($query); if($_POST['pwd'] == $data['password']) { session_register("name"); header("Location: http://#/download/index.php?un=$name"); // This is the page that you want to open if the user successfully logs in to your website. exit; } else { header("Location: login.php?login=failed&cause=".urlencode('Wrong Password')); exit; } } else { header("Location: login.php?login=failed&cause=".urlencode('Invalid User')); exit; } } ?> Any help or ideas would be greatly appreciated. Hi There I am trying to create a page that edit mysql database from a php page. I can get the edit page to show the orginal information but it wont update the data in the mysql database. I am sure I have entered everything right. If anyone could help with this I would greatly appreciated <?php include("dbconnect.php"); if(isset($_POST['submit'])) { // Set global variables to easier names // and prevent sql injection and apostrophe to break the db. $ProductName = mysql_escape_string($_POST['ProductName']); $ProductText = mysql_escape_string($_POST['ProductText']); $ProductImage = mysql_escape_string($_POST['ProductImage']); $ProductPrice = mysql_escape_string($_POST['ProductPrice']); $result = mysql_query("UPDATE Product SET ProductName='$ProductName', ProductText='$ProductText', ProductImage='$ProductImage', ProductPrice='$ProductPrice' WHERE ID='$ID' ",$dbconnect); echo "<b>Thank you! Product UPDATED Successfully!<br>You'll be redirected to View Page after (2) Seconds"; echo "<meta http-equiv=Refresh content=2;url=view.php>"; echo "$ProductName <br> $ProductText <br> $ProductImage <br> $ProductPrice"; } elseif(isset($_GET['ID'])) { $result = mysql_query("SELECT * FROM Product WHERE ID='$_GET[ID]' ",$dbconnect); while($myrow = mysql_fetch_assoc($result)) { $ProductName = $myrow["ProductName"]; $ProductText= $myrow["ProductText"]; $ProductImage = $myrow["ProductImage"]; $ProductPrice = $myrow["ProductPrice"]; ?> <br> <h3>::Edit Product</h3> <form method="post" action="<?php echo $PHP_SELF ?>"> <input type="hidden" name="ID" value="<? echo $myrow['ID']?>"> Product Name: <input name="ProductName" size="40" maxlength="255" value="<? echo $ProductName; ?>"><br> Product Text: <textarea name="ProductText" rows="7" cols="30"><? echo $ProductText; ?></textarea><br> Product Image: <textarea name="ProductImage" rows="7" cols="30"><? echo $ProductImage; ?></textarea><br> Product Price: <textarea name="ProductPrice" rows="7" cols="30"><? echo $ProductPrice; ?></textarea><br> <input type="submit" name="submit" value="Update Product"> </form> <? }//end of while loop }//end else ?> Hi there, I have updated a webpage and it appears that some users are still seeing the older version of the page. Is there a way I can force the user's version of the page to display the latest content on the page? I have see I can add some meta tags which control the cache, but my site relies quite heavily on cookies, so I guess clearing the cache would reset/have an effect on the cookies? Does anyone have any ideas on how I can make users always see the latest content? Thanks! I have a Yahtzee system Code: [Select] session_start(); $_SESSION['Yahtzee']['totaltime'] =time(); echo $_SESSION['Yahtzee']['totaltime']; Now, Long STORY Short when somone finishes playing the Yahtzee, I update there username with the score they had, and I want to update how long they have been playing, and it will be for "Total Time Playing globally" no matter how many games. If I do this session and echo it out, it echo's out the time, but I need it to echo out seconds instead so I can just add that to my totaltime field in my database each time they finished a game. |
|||||||