|
PHP - Suggestion About Admin And User Index Page..
Hi all,
Can anyone give me some suggestion please. I'm a bit stuck here -- I am trying to build an admin and user log in. Admin: can view and edit, delete and create the page. User: can only create their profile. The problem is: I have almost the same index page for admin and user. I wonder if we can make it one page instead depending on what sort of user it has been log in. Also, the create page also almost similar...I don't know how to work it out as when I use the back button it go back to admin page (as I set it admin_area.php) - Do I have to create two create page as well? Or is there any better way to deal these forms? Login page -> (If admin) -> admin_area.php (can view all of them and page contains: create.php, edit.php and delete.php) Login page -> (If user/member) ->user_area.php (page contains: create their profile only) Any inputs would be helpful. Thanks. Similar Tutorialshello. I need your help please. I'm building logistics website with user panel and admin panel. I've done all login and register forms. now I want to : admin can add package with: tracking number , weight , cost , and declaration form. user can fill declaration form after admin add package to user panel. then admin can see the declared form. is it possible in php? thank you in advance Hi guy's, I'm having problems adjusting a script to add a level (user rights) function. When i login with a admin or normal user it gives a blank page (not redirecting to home.php). It even does'nt return an echo that user / pass is incorrect. I'm breaking my head over this for day's now. Can you help me out? Code: [Select] <?php session_start(); //Login form (index.php) include "db_connect.php"; if(!$_POST['submit']) { ?> <html> <head> <!--[if IE]> <link rel="stylesheet" type="text/css" href="style.css" /> <![endif]--> <![if !IE]> <link rel="stylesheet" type="text/css" href="firefox.css" /> <![endif]> </head> <body> <div id="wrapper"> <div id="header"> <?php include('header.php'); ?> </div> <div class="divider"> <strong>Login</strong> <form method="post" action="index.php"> <div class="formElm"> <label for="username">Klantnummer:</label> <input id="username" type="text" name="username" maxlength="16"> </div> <div class="formElm"> <label for="password">Wachtwoord:</label> <input type="password" name="password" maxlength="16"> </div> <input type="submit" name="submit" value="Login"> </form> </div> <div id="footer"> <?php include('footer.php'); ?> </div> </div> </html> <?php } else { $user = protect($_POST['username']); $pass = protect($_POST['password']); $level = protect($_POST['level']); if($user && $pass && $level) { $pass = md5($pass); //compare the encrypted password $sql1 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='1'"; $sql2 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='9'"; $queryN=mysql_query($sql1) or die(mysql_error()); $queryA=mysql_query($sql2) or die(mysql_error()); if(mysql_num_rows($queryN) == 1) { $resultN = mysql_fetch_assoc($queryN); $_SESSION['id'] = $resultN['id']; $_SESSION['username'] = $resultN['username']; header("location:home.php"); } elseif(mysql_num_rows($queryA) == 1) { $resultA = mysql_fetch_assoc($queryA); $_SESSION['id'] = $resultA['id']; $_SESSION['username'] = $resultA['username']; header("location:home.php"); } else{ echo "Wrong Username or Password"; } } } ?> and the mysql code: Code: [Select] CREATE TABLE `user` ( `id` int(4) unsigned NOT NULL auto_increment, `username` varchar(32) NOT NULL, `password` varchar(32) NOT NULL, `level` int(4) default '1', PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=27 DEFAULT CHARSET=latin1; I am trying to check for an admin user to access the admin panel. I have been playing around try different things and this what I have ended up with in my database table I have a column called usergroup and i do the follow to check for admin user. Code: [Select] $checkAdmin = mysql_query("SELECT * FROM `users` WHERE email='$email' , usergroup = 'admin'"); $adminUser = mysql_num_rows($checkAdmin); if ($adminUser == 0) { echo count($adminUser); die ('You do not have permissions to access this area'); } I do the select statement through phpmyadmin and it comes back with one row. which is basically hat i want to check for. I do have a variable called $email which is getting a value from the email cookie. currently $adminUser Return a value of 10. All of the count() functions is for testing purposes only. I am developing a system that with have 4 different levels of permissions. My question is this. From a structure standpoint, some systems will have the administrators area in one file and the users admin area in another file. Others will have a level of permission with all the different levels of administrative tasks, menus, etc, coming from the database. Is one of these better than the other or does it matter. From a coding standpoint it would be much easier to just have permissions and allow access to user menus and admin pages accordingly. Thanks in advance. Hi guys, Can anyone help me; I have created a registration form (can be use for create or modify) and login form (Admin). What I am trying to do is; once the admin log in he/she can create / register a new user which contains: -Firstname -Surname -Address -Mobile -Dept Name -Username -Password -Repeat Password My DB will look like this: Table PERSONS: id, firstname, surname, address, mobile, dept_id, username, password. Table USER: id, username, password Table DEPT: id, dept_name Can anyone help me how am I going to related the USER table into the PERSONS so when admin register a new user - the data will be created the into database as well as the data can be extracted for modification. Any suggestion? Here are my code: register.php <?php require 'includes/application_top.php'; if (!isset($_POST['name']) && isset($_GET['id'])) { $mode = "Modifying"; // Get data from DB $q = "SELECT * FROM `persons` WHERE `ID` = '".$_GET['id']."'"; $result = mysql_query($q) or die (mysql_error()); $row = mysql_fetch_array($result); $name = $row['firstname']; $surname = $row['surname']; $address = $row['address']; $dept = $row['dept_id']; $mobile = $row['mobile']; }else if (!isset($_POST['name']) && !isset($_GET['id'])) { $mode = "Register"; // Data is empty $name = $surname = $address = $dept = $mobile = ""; } else { $errors = array(); if ($_POST['name'] == "") $errors[] = "Name"; if ($_POST['surname'] == "") $errors[] = "Surname"; if ($_POST['mobile'] == "" || !is_numeric ($_POST['mobile'])) $errors[] = "Mobile No"; if (count($errors)) { $errormsg = "Please fill the blank info:<br/ >".implode('<br />',$errors); $mode = $_POST['mode']; $name = $_POST['name']; $surname = $_POST['surname']; $address = $_POST['address']; $dept = $_POST['dept']; $mobile = $_POST['mobile']; } else { foreach ($_POST as $key => $val) { $_SESSION[$key] = $val; } header("Location: confirmPage.php"); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Modify Document</title> </head> <body> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <?php if (isset($errormsg)) echo "<div id=\"error_message\" style=\"color:red;\">$errormsg</div>"; ?> <div align="center"> <table width="370" border="0"> <h1> <?php echo $mode; ?> A User </h1> <p><font color="orangered" size="+1"><tt><b>*</b></tt></font> indicates a required field</p> <tr> <th width="200" height="35" align="left" scope="row" >First Name <font color="orangered" size="+1"><tt><b>*</b></tt></font> </th> <td width="160"><input type="text" name="name" value="<?php echo $name;?>" size="25"/></td> </tr> <tr> <th height="35" align="left"> Surname <font color="orangered" size="+1"><tt><b>*</b></tt></font> </th> <td> <input type="text" name="surname" value="<?php echo $surname; ?>" size="25"/></td> </tr> <tr> <th height="35" align="left"> Address</th> <td> <input type="text" name="address" value="<?php echo $address; ?>" size="25"/></td> </tr> <tr> <th height="35" align="left"> Choose a username <font color="orangered" size="+1"><tt>*</tt></font></th> <td> <input name="username" type="text" maxlength="100" size="25" /> </td> </tr> <tr> <th height="35" align="left"> Choose a password <font color="orangered" size="+1"><tt><b>*</b></tt></font> </th> <td> <input name="password" type="password" maxlength="100" size="25" /> </td> </tr> <tr> <th height="35" align="left"> Repeat your password <font color="orangered" size="+1"><tt><b>*</b></tt></font> </th> <td> <input name="repeatpassword" type="password" maxlength="100" size="25" /> </td> </tr> <tr> <th height="35" align="left">Department</th> <td> <select name="dept"> <option value="">Select..</option> <?php $data = mysql_query ("SELECT * FROM `dept` ORDER BY `id` DESC") or die (mysql_error()); while($row_dept = mysql_fetch_array( $data )) { ?> <option value="<?php echo $row_dept['id'] ;?>" <?php if($row_dept['id']==$dept){echo ' selected="selected"';}?>> <?php echo $row_dept['dept_name'] ;?> </option> <?php } ?> </select> </td> </tr> <tr> <th height="35" align="left">Mobile</th> <td><input type="text" name="mobile" value="<?php echo $mobile; ?>" size="25"/></td> </tr> <tr> <td align="right" colspan="2"> <hr noshade="noshade" /> </td> </tr> </table> <br/> <a href="index.php"> <input type="button" name="back" value="Back" /></a> <input type="hidden" name="id" value="<?php echo isset($_GET['id']); ?>"> <input type="hidden" name="mode" value="<?php echo $mode; ?>"> <input type="submit" value="<?php echo ($mode == "Register") ? 'Register' : 'Modify'; ?>"/> </div> </form> </body> </html> Login.php Code: [Select] <?php mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("Regis") or die(mysql_error()); if (isset($_POST["sub"])) { $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); $_POST['pass'] = addslashes($_POST['pass']); } $usercheck = $_POST["username"]; $check = mysql_query("SELECT username FROM registration WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Sorry, the username" ." ".$usercheck." ". "is already in use.')</SCRIPT>"); echo ("<SCRIPT LANGUAGE='JavaScript'>setTimeOut(window.location = 'registration.php',1)</script>"); } else if($_POST['username'] && $_POST['pass'] && $_POST['pass2'] ) { $insert = "INSERT INTO registration (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert); echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Registration had been succesfully added :)')</SCRIPT>"); } } ?> <html> <head> <script type="text/javascript"> function a() { var x = document.login.username.value; var y = document.login.pass.value; if(x==""&& y=="") { alert("Please insert all message!"); return false; } if(x=="") { alert("Please insert an username!"); return false; } if(y=="") { alert("Please insert an password!"); return false; } } </script> </head> <body> <table border="0"> <form name="login" method="post" action="form2.php" onsubmit="return a()"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td> <td><input type="text" name="username" maxlength="40"></td></tr> <tr><td>Password:</td> <td><input type="password" name="pass" maxlength="50"></td></tr> <tr><td><input type="submit" name="submit" value="Register"></a></td> <td><input type="submit" name="submit" value="Login"></td></tr> </form> </body></html> form2.php Code: [Select] <?php mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); $message=$_POST['message']; $n=$_POST['username']; if(isset($_POST['submit'])) //if submit button push has been detected { if(strlen($message)>1) { $message=strip_tags($message); $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP $checkforbanned="SELECT IP from ipbans where IP='$IP'"; $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS"); if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list { print "You IP is banned from posting."; } else { $thedate = date("U"); //grab date and time of the post $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$n','$IP','$thedate','$message')"; mysql_query($insertmessage) or die("Could not insert message"); } } } ?> <html> <head> <script type="text/javascript"> function addsmiley(code) { var pretext = document.smile.message.value; this.code = code; document.smile.message.value = pretext + code; } function a() { var x = document.smile.message.value; if(x=="") { alert("Please insert an message!"); return false; } } </script> <style type="text/css"> body{ background-color: #d8da3d } </style> </head> <body> <form name="smile" method="post" action="form2.php" onSubmit="return a()" > Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br> <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" /> <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" /> <input type="hidden" name="username" value="<?php echo $n;?>"> <input type='submit' name='submit' value='Send' class='biasa' ></form> <br> <br> </body> </html> My problem is in login.php in form section, can one form can be used user or admin because just now im doing is for user if user login it goes to form2.php but im want also in the same form if admin the form post to form3.php any way to do that thank you is this a good way of doing a simple admin different rights e.g if secret word then go to adminpage.php Code: [Select] session_start(); $captcha = $_POST["captcha"] ; $secretword = $_SESSION["secretword"] ; if (strcmp( $captcha, $secretword )) { // it's a bot } else { // matched -- it's a human } So if I change the user his data to banned or something he don't change Here is the part of the code: Code: [Select] $userInfo = $db->getuserInfo($_GET['id']); if ($userInfo) { echo '<form action="'.coreLink('admin', 'users').'" method="post"><input type="hidden" name="userID" value="'.$userInfo['ID'].'"><ul class="inputs"> <li> <div style="float:right"><input type="text" name="username" class="input" value="'.$userInfo['username'].'"></div> '.__('Username').'<br /><small>'.__('Nickname of the user').'</small> </li> <li> <div style="float:right"><input type="text" name="pass" class="input" value=""></div> '.__('Change password').'<br /><small>'.__("Fill this input if you want to change it's password").'</small> </li> <li> <div style="float:right"><input type="text" name="email" class="input" value="'.$userInfo['email'].'"></div> '.__('Email').'<br /><small>'.__('Email of the user').'</small> </li> <li> <div style="float:right"><input type="text" name="api" class="input" value="'.$userInfo['api'].'"></div> '.__('API Code').'<br /><small>'.__('Used to access through the API').'</small> </li> <li> <div style="float:right"><select class="input" name="status" style="width:311px">'; foreach (array('ok'=>__('Active'), 'nc'=>__('Not confirmed'), 'banned'=>__('Banned')) as $key=>$long) { echo '<option value="'.$key.'"'; if ($key == $userInfo['status']) echo ' selected'; echo '>'.$long.'</option>'; } echo '</select> </div> '.__('Status').'<br /><small>'.__('It can be active, banned..').'</small> </li> <li> <fieldset id="shorters" style="border: 1px solid #ddd;-moz-border-radius:2px;-webkit-border-radius:2px"><legend>'.__('Profile').'</legend><br /><div style="padding-left:40px;margin-bottom:20px;width:110px">'; $avatar = getAvatar($userInfo['ID'], '48'); if (!$userInfo['gravatar'] && ($avatar != $jk->base."static/img/avatar/default_note.png")) echo '<div style="float:right;font-size:.8em"><input type="checkbox" name="avatar"> <img src="'.$jk->base.'static/img/trash.gif"></div>'; echo '<img src="'.getAvatar($userInfo['ID'], '48').'" style="border: 1px solid #ddd"></div> <ul> <li> <div style="float:right"><input type="text" name="profile_name" class="input" value="'.$userInfo['realname'].'"></div> '.__('Name').'<br /><small>'.__('Real name of the user').'</small> </li> <li> <div style="float:right"><input type="text" name="profile_web" class="input" value="'.$userInfo['profile']['url'].'"></div> '.__('Website').'<br /><small>'.__('Website of the user').'</small> </li> <li> <div style="float:right"><input type="text" name="profile_location" class="input" value="'.$userInfo['location'].'"></div> '.__('Location').'<br /><small>'.__('Location of the user').'</small> </li> <li> <div style="float:right"><input type="text" name="profile_bio" class="input" value="'.$userInfo['profile']['bio'].'"></div> '.__('Bio').'<br /><small>'.__('Description of the user').'</small> </li> </ul></fieldset> </li> <li> <div style="float:right"><select class="input" name="language" style="width:311px">'; foreach (return_languages() as $short=>$lang) { echo '<option value="'.$short.'"'; if ($short == $userInfo['language']) echo ' selected'; echo '>'.$lang.'</option>'; } echo '</select> </div> '.__('Language').'<br /><small>'.__('Language of the user').'</small> </li> <li> <div style="float:right"><select class="input" name="theme" style="width:311px">'; foreach ($jk->allowed_themes as $theme) { echo '<option value="'.$theme.'"'; if ($theme == $userInfo['theme']) echo ' selected'; echo '>'.$theme.'</option>'; } echo '</select> </div> '.__('Theme').'<br /><small>'.__('Skin of Jisko').'</small> </li> <li> <div style="float:right"><input type="text" name="invitations" class="input" value="'.$userInfo['invitations'].'"></div> '.__('Number of invitations').'<br /><small>'.__('Number of invitations that the user has').'</small> </li> <li> <div style="float:right"><input type="text" name="openid" class="input" value="'.$userInfo['openid'].'"></div> '.__('OpenID').'<br /><small>'.__('Used to access Jisko trough an OpenID account').'</small> </li> <li> <div style="float:right"><input type="text" name="facebook" class="input" value="'.$userInfo['facebook'].'"></div> '.__('Facebook ID').'<br /><small>'.__('Used to access Jisko trough a Facebook account').'</small> </li> </ul> <br /><input type="submit" value="'.__('Save').'"><br /><br /></form>'; } else header('Location: '.coreLink('admin', 'users')); } Login.php Code: [Select] <?php session_start(); mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); $username = $_POST['username']; $password = $_POST['pass']; if (isset($_POST["submit"])) { $log = "SELECT * FROM regis WHERE username = '$username'"; $login = mysql_query($log); $row = mysql_fetch_array($login); $number = mysql_num_rows($login); if ($number > 0) { $_SESSION['username'] = $row['username']; $_SESSION['userlevel'] = $row['userlevel']; if($_SESSION['userlevel']==1) { $_SESSION['is_logged_in'] == 1; header("Location: form2.php"); } else if($_SESSION['userlevel']== 0) { $_SESSION['is_logged_in'] == 1; header("Location: registration.php"); } } Registration.php Code: [Select] <?php echo 'Welcome:' .$_SESSION['is_logged_in'];?> form2.php Code: [Select] <?php session_start(); if (empty($_SESSION['is_logged_in'])) { header("Location:chatframe.php"); die(); // just to make sure no scripts execute } ?> <?php mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); $message=$_POST['message']; $a=$_SESSION['username']; if(isset($_POST['submit'])) //if submit button push has been detected { if(strlen($message)>1) { $message=strip_tags($message); $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP $checkforbanned="SELECT IP from ipbans where IP='$IP'"; $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS"); if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list { print "You IP is banned from posting."; } else { $thedate = date("U"); //grab date and time of the post $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$a','$IP','$thedate','$message')"; mysql_query($insertmessage) or die("Could not insert message"); } } } ?> <html> <head> <script type="text/javascript"> function addsmiley(code) { var pretext = document.smile.message.value; this.code = code; document.smile.message.value = pretext + code; } function a() { var x = document.smile.message.value; if(x=="") { alert("Please insert an message!"); return false; } } </script> <style type="text/css"> body{ background-color: #d8da3d } </style> </head> <body> <form name="smile" method="post" action="form2.php" onSubmit="return a()" > Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br> <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" /> <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" /> <input type='submit' name='submit' value='Send' class='biasa' ></form> <br> <br> </body> </html> In this registration.php when im called back its appear nothing im means the number is not showing and the login code even im had also put the "$_SESSION['is_logged_in'] == 1;" outside if else userlevel statement and then i put $d= $_SESSION['is_logged_in'] == 1; and im echoing back but it is nothing im thinks something wrong in session is login and also still it cannot redirect to admin -form2.php when session is login in is 1 hello, I have created a website which has to incorporate administration features. I hjave been trying to do this for a couple of days and any help will be much appreciated. I have a login screen (form) when the user enters their username and password they are brought to the homepage.php. Is there anyway to redirect the administrator (username=admin) to a different page from all ordinary members? e.g. deletemember.php Thanks Hello: Seeking some input, please. I use single-pages in my admin panel to update and maintain each corresponding page on the front end. Code: [Select] ADMIN = FRONT END a_Home.php = Home.php a_About.php = About.php Etc... The code is the same for each page, except I have to rename the TABLE everytime I make a new page: Code: [Select] <?php include('../include/myConn.php'); //contains your mysql connection and table selection include('../include/myCodeLib.php'); include('include/myCheckLogin.php'); include('include/myAdminNav.php'); include('ckfinder/ckfinder.php'); include('ckeditor/ckeditor.php'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $myTitle = mysql_real_escape_string($_POST['myTitle']); $myDesc = mysql_real_escape_string($_POST['myDesc']); $myHeader = mysql_real_escape_string($_POST['myHeader']); $mySubHeader = mysql_real_escape_string($_POST['mySubHeader']); $myPageData = mysql_real_escape_string($_POST['myPageData']); $sql = " UPDATE myTestimonials SET myTitle = '$myTitle', myDesc = '$myDesc', myHeader = '$myHeader', mySubHeader = '$mySubHeader', myPageData = '$myPageData' "; mysql_query($sql) && mysql_affected_rows() ?> <script language="JavaScript"> alert("This page was updated!"); location.href = "a_Testimonials.php"; </script> <?php } $query=mysql_query("SELECT * FROM myTestimonials") or die("Could not get data from db: ".mysql_error()); while($result=mysql_fetch_array($query)) { $myTitle=$result['myTitle']; $myDesc=$result['myDesc']; $myHeader=$result['myHeader']; $mySubHeader=$result['mySubHeader']; $myPageData=$result['myPageData']; } ?> <!DOCTYPE HTML> <html> <head> <meta name="author" content="MontyTheWebmaster.com" /> <meta charset="ISO-8859-1" /> <title>Admin Area</title> <?php echo spAdminLinks(); ?> </head> <body> <div id="siteContainer"> <div id="topContainer"> <?php echo spAdminTopMenu(); ?> </div> <div id="topMenuContainer"> <div id="topMenu"> <?php echo spAdminMenu(); ?> </div> </div> <div id="contentContainer"> <div id="mainContent"> <h1>Editing: Testimonials</h1> <p> <form method="post" action="<?php echo $PHP_SELF;?>"> <input type="hidden" name="POSTBACK" value="EDIT"> <div style="float: left; width: 120px; margin-right: 30px;"> Page Title: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="myTitle"><?php echo $myTitle; ?></textarea> </div> <div style="clear: both;"><br /></div> <div style="float: left; width: 120px; margin-right: 30px;"> Page Description: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="myDesc"><?php echo $myDesc; ?></textarea> </div> <div style="clear: both;"><br /></div> <div style="float: left; width: 120px; margin-right: 30px;"> Page Header: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="myHeader"><?php echo $myHeader; ?></textarea> </div> <div style="clear: both;"><br /></div> <div style="float: left; width: 120px; margin-right: 30px;"> Page SubHeader: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="mySubHeader"><?php echo $mySubHeader; ?></textarea> </div> <div style="clear: both;"><br /></div> Page Content:<br /> <textarea cols="80" id="myPageData" name="myPageData"><?php echo $myPageData; ?></textarea> <script type="text/javascript"> CKEDITOR.replace( 'myPageData', { filebrowserBrowseUrl : 'ckfinder/ckfinder.html', filebrowserImageBrowseUrl : 'ckfinder/ckfinder.html?Type=Images', filebrowserFlashBrowseUrl : 'ckfinder/ckfinder.html?Type=Flash', filebrowserUploadUrl : 'ckfinder/core/connector/php/connector.php?command=QuickUpload&type=Files', filebrowserImageUploadUrl : 'ckfinder/core/connector/php/connector.php?command=QuickUpload&type=Images', filebrowserFlashUploadUrl : 'ckfinder/core/connector/php/connector.php?command=QuickUpload&type=Flash' } ); </script> <br /> <input type="submit" value="Submit" /> </form> </p> </div> <div style="clear: both;"></div> </div> <div id="footerContainer"> <?php echo spAdminFooter(); ?> </div> </div> </body> </html> What I am curious about is how can I take this page and make it so I can add a new page, delete a page, etc. all from just one page like above? And on the frontend, what would be the best way to display the data in a search engine friendly way (i.e. without QueryStrings like MyPage.php?id=2 I am trying to make an admin page for a client using the rich text editor CKeditor. I have the standard page set up to get it's content with a php include of an html file. This html files is also used to preload the content into the CKeditor. What I need to know is how to get the CKeditor to change the html file so it will load into the page. The admin page is located at www.wisconsincrosscountry.org/admin the html content is located at www.wisconsincrosscountry.org/phpContent/Content-test.html the page that the changes should appear on www.wisconsincrosscountry.org/testing.php I don't have much experience in php, so any help is greatly appreciated. Hi, I'm very new to php/mysql, but for a project I'm working on I need to create users that are admins, and normal users. The admins would be able to post news stories, and delete user accounts. Whereas the users would just be able to comment on the news stories. I'm just wondering how I would create a normal 'register' page for both, which has the same fields, but somehow creates some people as admins, and others as normal users... with the ability to limit who can become an admin, so not everyone can register as one. I'm not sure how I would achieve this, or even know how to do it. Does anyone know any tutorials or code on how to achieve this? Your help is greatly appreciated, Thanks. Hi guys, Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!" Any suggestion and help would be appreciated. Thanks. login.php <?php //Assigned varibale $error_msg as empty //$error_msg = ""; session_start(); $error_msg = ""; if (isset($_POST['submit'])) { if ($a_username = "admin" && $a_password = "123") { //Define $_POST from form text feilds $username = $_POST['username']; $password = $_POST['password']; //Add some stripslashes $username = stripslashes($username); $password = stripslashes($password); //Check if usernmae and password is good, if it is it will start session if ($username == $a_username && $password == $a_password) { session_start(); $_SESSION['session_logged'] = 'true'; $_SESSION['session_username'] = $username; //Redirect to admin page header("Location: admin_area.php"); } } $username = (isset($_POST['username'])) ? $_POST['username'] : ''; $password = (isset($_POST['password'])) ? $_POST['password'] : ''; if($username && $password) { $connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!"); mysql_select_db("friendsdb") or die ("Couldn't find the DB"); $query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'"); $numrows = mysql_num_rows($query); if ($numrows != 0){ while ($row = mysql_fetch_array($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } //Check to see if they are match! if ($username == $dbusername && md5($password) == $dbpassword) { header ("Location: user_area.php"); $_SESSION['username'] = $username; } else $error_msg = "Incorrect password!"; //code of login }else $error_msg = "That user does not exist!"; //echo $numrows; } else $error_msg = "Please enter a username and password!"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Page</title> </head> <body> <br /> <?php require "header.php"; ?><br /> <div align="center"> <table width="200" border="1"> <?php // If $error_msg not equal to emtpy then display error message if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?> <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> <!--form action="login_a.php" method="post"--> Username: <input type="text" name="username" /><br /><br /> Password: <input type="password" name="password" /><br /><br /> <input type="submit" name = "submit" value="Log in" /> </form> <p> </p> Register a <a href="register.php">New User</a> </table> </div> </body> </html> Hi guys, I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else. I have got the system to work up as far as: 1/ The user logs in 2/ Once logged in they are re-directed to their own page using 'theirusername.php' Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page. This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working! Please find below the code I am using: LOGIN <?php session_start(); function dbconnect() { $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error()); } ?> <?php if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; $_SESSION['name'] header("Location:" . strtolower($username) . ".php"); } ?> HEADER ON EACH PHP PAGE <?php session_start(); if(!isset($_SESSION['loggedin'])) { die(Access to this page is restricted without a valid username and password); ?> --------------------------------------------------- Am I right in thinking it is something to do with the "loggedin" part? The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php" Any help would be greatly appreciated! Ta hi i need help an idea how can i separate members from admins since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something) how what i want to do is separate members and admins because admin need more rights to do now i have idea but dont know will it work like that what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work? and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag? Hello, I am coding a new game, but rather than having links like /usersonline.php i would like to have game.php?page=usersonline I have never done this before so I'm looking for a quick heads up on the basics if possible. Thanks in advance. Brad Hi Guys, Quick question. I'm trying to get my head around how I would check that a user has reached a certain page from another page. So for example, the workflow through my site is something like the following: user registers a verification email is sent user clicks the link within the verification email to complete the sign up process user logs in and ONLY on a successful login will the following happen: checks are made to see if account has been verified if user has been verified, go to main menu if user has not been activated his account then he goes to a page that says account has not been activated The bit i'm struggling to get my head around is this... the user should only reach the page 'account has not been activated' page from the login page. If that page was called confirm-account.php. What can i do to stop a random person typing something along the lines of www.mywebsite.com/confirm-account.php and getting straight onto that page? or even upon the registration process if the user is taken to a page that says an email has been sent, how would i stop a random person just typing the url straight to that page and bypassing the pages I would expect them to have gone through before reaching that?? Cheers How Hello. I am attempting to display content from a database to a web page. I have SELECT * etc to do this, plus the menu that should be displayed has links to pages. This would display text to the page depending on the link, for this to work I use the id of the page ($Get['id']). Following advice (not code), I have attempted the following:
<!DOCTYPE html>
<html>
<?php include 'includes/headsection.php'; ?>
<body>
<?php
// query database
if (!empty($_GET['id']) && (intval($_GET['id']) == $_GET['id'])) {
$pdo_statement = $conn->prepare("SELECT * FROM pages WHERE id=:id ORDER BY id ASC");
$pdo_statement->execute(['id' => $_GET['id']]);
$result = $pdo_statement->fetchAll();
}
?>
<!-- topMenu -->
<table id="topMenu">
<tr>
<td><h1 class="siteName">Site name</h1></td>
<td>
<?php
if(!empty($result)) {
foreach($result as $row) {
?>
<a href="index.php?id=<?php echo $row['id']; ?>"><?php echo $row['menuheader']; ?></a>
<?php }
}
?>
</td>
</tr>
</table>
This issue is that the top menu (home, etc), does not appear, and there are no errors to suggest what I have done wrong. Any help will be appreciated. I include a picture of what I mean. There should be Home | other | etc...
|
|||||||