|
PHP - User Treatment Tests Db Design Help
Hi Guys
I need some help with DB design and implementation of a feature my next website will have. OK so I'm building a system that will warn the current user that the current client needs a certain test before they can have their next treatment. Not all treatments required tests.
So far I have the following tables
user treatment treatmentTest treatmentUser
iduser idtreatment idtreatmentTest idtreatment
idtreatmentTest treatmentTestExpiry iduser
dateOfTreatment (stored in yyyy-mm-dd)
(the treatmentTestExpiry stores how long until the treatment will expire e.g +1 month)
So every time a user comes in for a treatment we log the treatment in the treatmentuser table. This works fine and I can see what treatments the user has had. So certain treatments required a test to be done before the user can have that actual treatment.
What I want is when you view the users profile page it says if they have not had a particular test or a previous test has expired and they will need another. I have no idea how to go about this. Im just wondering if someone could help talk me through it?
Similar Tutorialshi, i have made a website where people resgister their details of them and products. they have to enter the following details in form Name of company name of the product company address email id password mobile number contact and brief details about their company
user can then login with email id and pwd. now after login ..user will get a page where he can upload the photos of products images and their price, so now my question is that when he finishes uploading (|by clicking on upload button) the product images and price text box ..then on final uploaded webspage it should show all other things which he registerd before (company name , mobile number etc) along with images and price...hence the main question that user does not need to enter mobile and address while uploading images and filling proce ..but on the final page it should show mobile and address along with price and images..as user is not going to enter mobile and address again and again as he will have multiple products to upload.
I would appreciate your assistance, there are tons of login scripts and they work just fine. However I need my operators to login and then list their activities for the other operators who are logged in to see and if desired send their clients on the desired activity. I have the login working like a charm and the activities are listed just beautifully. How do I combine the two tables in the MySQL with PHP so the operator Logged in can only make changes to his listing but see the others. FIRST THE ONE script the member logges in here to the one table in MSQL: <?php session_start(); require_once('config.php'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $login = clean($_POST['login']); $password = clean($_POST['password']); if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); if($result) { if(mysql_num_rows($result) == 1) { session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: member-index.php"); exit(); }else { header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> ................................................. ................................ Now I need the person who logged in to the table above to be able to make multiple entries to the table below <? $ID=$_POST['ID']; $title=$_POST['title']; $cost=$_POST['cost']; $activity=$_POST['activity']; $ayear=$_POST['aday']; $aday=$_POST['ayear']; $seats=$_POST['special']; $special=$_POST['seats']; mysql_connect("xxxxxx", "xxx350234427", "========") or die(mysql_error()); mysql_select_db("xxxx") or die(mysql_error()); mysql_query("INSERT INTO `activity` VALUES ('ID','$title', '$cost','$activity', '$aday', '$ayear', '$special', '$seats')"); Print "Your information has been successfully added to the database!" ?> Click <a href="member-profile.php">HERE</a> to return to the main menu <?php ?> Actually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after Hi, so far I have managed to set up a somewhat basic login website with a mysql database backend. Once they have logged on they go to a "main menu" page. What I need to define is that user A sees button A but only that button, etc. (Then of course that same rule would have to apply if they tried to directly go to the page, but I am guessing I can do that in the same way that I currently do to force a login). If anyone has any tutorials or sample code I would much appreciate it. Thanks, Hi, I am getting frustrated beyond belief at the moment with trying to get a very simple script to run, I am using PHP 5.3.3 and MySQL 5.1 on a Win2k8 server with IIS7.5. Basically my script is connecting to a local database, running a single select query, returning those rows and building up a string from them. The problem is that I am receiving complete BS responses from PHP that the access is denied for the user being specified. This is complete rubbish since the user can connect via mysql, sqlyog, ASP.NET MVC without issue but for some bizarre reason it is not working via PHP. The code for the script is here : Code: [Select] <?php $mysql = mysql_connect('127.0.0.1:3306', 'myuser', 'mypass', 'mydatabase'); if (!$mysql) { die(mysql_error()); $content = "<nobr></nobr>"; } else { $result = mysql_query('SELECT * FROM tblEventGroup'); $content = "<nobr>"; if ($result) { while($row = mysql_fetch_assoc($result)) { $content .= "<span>"; $content .= $row['GroupName']; $content .= "</span>"; $content .= "<a href=\"../Event/EventSearch?groupid="; $content .= $row['GroupId']; $content .= "\" target=\"_blank\">Book here</a> "; } } mysql_close($mysql); $content .= "</nobr>"; } ?> I cannot for the life of me understand what the problem is, the return error is Access denied for user 'myuser'@'localhost' (using password: YES) Hi guys, I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else. I have got the system to work up as far as: 1/ The user logs in 2/ Once logged in they are re-directed to their own page using 'theirusername.php' Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page. This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working! Please find below the code I am using: LOGIN <?php session_start(); function dbconnect() { $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error()); } ?> <?php if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; $_SESSION['name'] header("Location:" . strtolower($username) . ".php"); } ?> HEADER ON EACH PHP PAGE <?php session_start(); if(!isset($_SESSION['loggedin'])) { die(Access to this page is restricted without a valid username and password); ?> --------------------------------------------------- Am I right in thinking it is something to do with the "loggedin" part? The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php" Any help would be greatly appreciated! Ta Hello, i've got some shop script which has 2 payment modules which i'd like to use for something else, the payment modules only work if the user is logged in though, i tried to make them standalone scripts but that didn't work out too well. So now i decided to go another way and just let everyone have the same session so everyone will be using the same username&password automatically. the index file looks like this: Code: [Select] <?php include('./inc/config.php'); include('./inc/functions.php'); include('./lang/'.$language.'.lng'); $id = addslashes($_REQUEST["id"]); $user = addslashes($_REQUEST["username"]); $pass = addslashes($_REQUEST["password"]); $language = strtolower($language); if(empty($id)) $id =1; $file = mysql_query('SELECT * FROM navi_'.$language.' WHERE id="'.$id.'"'); if(mysql_num_rows($file)>0) $file = mysql_fetch_array($file); else $file = mysql_fetch_array(mysql_query('SELECT * FROM navi_'.$language.' WHERE id="404"')); if(!empty($user) AND !empty($pass)) {$query = mysql_query('SELECT * FROM users WHERE username="'.$user.'" AND pass="'.md6($pass).'"'); if(mysql_num_rows($query) == 1) {$_SESSION[$session_prefix."user"] = ucfirst($user); echo'<meta http-equiv="refresh" content="0; url=index.php?id=8">';} else $error = 'Username oder Passwort ist falsch.';} include('./designe/'.$designe.'/head.tpl'); include('./designe/'.$designe.'/navi.php'); include('./designe/'.$designe.'/middle.tpl'); if(file_exists('./pages/'.$file["file"])) {echo'<h1>'.ucfirst($file["title"]).'</h1>'; include('./pages/'.$file["file"]);} if(!empty($error)) echo '<font color="red">'.$error.'</font>'; include('./designe/'.$designe.'/foot.tpl'); ?> Now i tried alot of things including adding: Code: [Select] session_start(); $_SESSION["username"] = "peter"; $_SESSION["user"] = "peter"; $_SESSION["id"] = "1"; $_SESSION["pass"] = "peter"; $_SESSION["password"] = "peter"; or Code: [Select] $id = "1"; $user = "peter"; $username = "peter"; $pass = "peter"; $password = "peter"; also a combination of both, nothing works, but i don't understand why ? Any help is appreciated. /Edit, i tried adding it to the paymentmodule .php aswell, but no luck. Hallo everybody,
the user is in the table, but i get error (user not found!).
thank you very much for your help
Rafal
<!DOCTYPE html>
<html>
<head>
<title>index</title>
<meta http-EQUIV="CONTENT-LANGUAGE" content="en">
<?php
SESSION_START();
include("abc.php");
$link2 = mysqli_connect("$hoster", "$nameuser", "$password", "$basedata")
or die ("connection error" . mysqli_error($link2));
$email = $_POST["inp_email"];
$pwd = $_POST["inp_pwd"];
if($email && $pwd)
{
$chkuser = mysqli_query("SELECT email FROM $table2 WHERE email = '$email' ");
$chkuserare = mysqli_num_rows($chkuser);
if ($chkuserare !=0)
{
$chkpwd = mysqli_query("SELECT pwd FROM $table2 WHERE email = '$email'");
$pwddb = mysqli_fetch_assoc($chkpwd);
if (md5($pwd) != $pwddb["pwd"])
{
echo "Password is wrong!";
}
else
{
$_SESSION['username'] = $email;
header ('Location:list.php');
}
}
else
{
echo "user not found!";
}
}
else
{
echo "enter your Email and Password!";
}
mysqli_close($link2);
?>
</head>
<body style="font-family: arial;margin: 10; padding: 0" bgcolor="silver">
<font color="black">
<br>
<form action="index.php" method="post">
<b>Login</b><br><br>
<table width="100%">
<tr><td>
Email:<br><input type="text" name="inp_email" style="width:98%; padding: 4px;"><br>
Password:<br><input type="password" name="inp_pwd" style="width:98%; padding: 4px;"><br>
<br>
<input type="submit" name="submit" value="Login" style="width:100%; padding: 4px;">
</td></tr>
</table>
</form>
</font>
</body>
</html>
Hallo everybody,
i have the following code.
but i get allways this error while the user exist in the database.
User not found!
what do i do wrong?
thank you very much for your help
Rafal
<html>
<head>
<?php
$connection = mysql_connect("db.xyz.com", "username", "password")
or die ("connection fehler");
mysql_select_db("db0123456789")
or die ("database fehler");
$email = $_POST["inp_email"];
$pwd = $_POST["inp_pwd"];
if($email && $pwd)
{
$chkuser = mysql_query("SELECT email FROM gbook WHERE email = '($email)' ");
$chkuserare = mysql_num_rows($chkuser);
echo $email;
echo $pwd;
if ($chkuserare !=0)
{
$chkpwd = mysql_query("SELECT pwd FROM gbook WHERE email = '($email)' ");
$pwddb = mysql_fetch_assoc($chkpwd);
if ($pwd != $pwddb["pwd"])
{
echo "password is wrong!";
}
else
{
echo "login successed";
}
}
else
{
echo "User not found!";
}
}
else
{
echo "Pleas enter your email and password!";
}
mysql_close($connection);
?>
</head>
<body>
<form action="login.php" method="post">
Email <input type="text" name="inp_email"><br>
Password <input type="text" name="inp_pwd"><br>
<input type="submit" name="submit" value="login">
</form>
</body>
</html>
Edited by rafal, 21 September 2014 - 04:33 PM. Hello I have a question in regards to design. No need for example code just of how to approach the problem. Issues and things that cannot change because they are part of the situation. 1. Cannot use any database like oracle, MySQL, or SQLite 2. The server does not run PHP5 3. The students do not have a unique field and cant have one because they have not my employers have not decided on one. Here is the problem: I have to make a form with the following fields first name last name comments date I have stored the fields in a text file. However, how can I relate date to the comment without having duplicates records? For example. Lets suppose my boss asked me can you look up the comments that the counselor made in july 10 2010. My answer: One must have duplicate records of each instance of a comment. Am I wrong? Okay, not sure what exactly I need but I need to store data in a MySQL database. The financial data for each user has to be stored for each day. I.e. User 1 has 20 financial data columns say (rent, maintenance, wages, shopping... etc). I need to store each of those separately so they can be displayed in a report. There is more than one user. Most likely a couple of hundred users although it needs to work for up to a few thousand users. Also, each user's daily financial data has to be stored against the date of that data so the user can see the change in finances between day X and day Y for example. So far my best idea has been to create a table for each user and then in that table store the financial data in the columns against the date as the primary key. Does anyone have a better way for this or should I do this? Hi All, I currently have a ticketqueue that show's all tickets assigned to a group of people, but split into personal queues, but the way that I wrote it, means that it needs manually updating if a specific person leaves/joins the department. For example, to get the queue details, I use the following query: Code: [Select] $username1 = mssql_query("select id,subject,body,priority from queue where assignedto = username1";) $username2 = mssql_query("select id,subject,body,priority from queue where assignedto = username2";) I have repeated this code for all of the users in our team. Which seams a waste, as I have all the information on our team stored in a DB called "sysadminusers". Is there an array I could use that would look at all the usernames in the table, and then repeat the query for me? I would also need this array to display the results on the page, currently I use the following: Code: [Select] while($username1_tickets = mssql_fetch_assoc($username1)){ echo $username1_tickets['id'],$username1_tickets['subject']$username1_tickets['body'],$username1_tickets['priority'];} while($username2_tickets = mssql_fetch_assoc($username2)){ echo $username2_tickets['id'],$username2_tickets['subject']$username2_tickets['body'],$username2_tickets['priority'];} I am just looking for some design advice and code examples that would help me tidy up my code for this page, it seams a lot of code for quite a simple page. Thanks Matt Hi, For the last few years on my website I have been using FluxBB/PunBB's login script which basically just stores a cookie with their user ID and their password hash. This is fine except if the database got leaked anyone can login as anyone else providing they have their hash. I'm trying to be more secure about this now. Can someone explain a better process to me please? I was thinking of storing sessions with a unique hash in an 'active_sessions' table and providing they have a cookie with that hash they are granted that session? If someone uses a different IP to what that session was created with it's deleted? I'm new to all of this so any advice would be great. I want this to be secure. Hi guys, I don't know if I'm over complicating things here and cannot see the wood for the trees, but I seem to have got myself confused. What I'm simply trying to do is get teamName and teamresults of a team from a database. The code will perhaps explain better than I can (note I haven't included the DB class which is fine).
class TeamCollection {
protected $database;
protected $teamid;
protected $team_name;
// pass db by dependency injection...
public function __construct(Database $database) {
$this->database = $database;
}
public function getTeam($teamid){
$this->team_id = $teamid;
$this->database->query("SELECT team_name, nickname, founded FROM club WHERE team_id=:teamid");
$this->database->bind(':teamid', $this->team_id);
// spawn a new Team object if query is valid, if not throw exception and end via try/catch...
if ($result = $this->database->single()) {
return new Team($result); // create new Team passing $result to Team constructor
}
else {
throw new exception ('No Valid Team returned');
}
}
public function getResults($teamid){
$this->team_id = $teamid;
$this->database->query("SELECT result FROM results WHERE team_id=:teamid");
$this->database->bind(':teamid', $this->team_id);
// If a Team has valid results, return array of match scores..
if ($scores = $this->database->results()) {
return $scores;
}
else {
throw new exception ('No Valid Team Results to return');
}
}
} //end class
// Team is abstracted from DB
class Team {
private $team_name;
private $result;
private $scores;
public function __construct(array $result) {
$this->team_name = $result['team_name'];
}
public function getName() {
$this->team_name;
}
public function getResults(array $scores) {
foreach ($scores as $row){
echo $row;
}
}
}
// implementation
$team_id =9; // passed variable..
$database = new Database($server,$db_type); // create db..
$database->connect(); // connect to db..
$collection = new TeamCollection($database); // pass live DB link to TeamCollection Class
try {
$team = $collection->getTeam($team_id); // try and spawn a valid Team Object..
echo $name = $team->getName(); // If so lets return a Team name
$scores = $team->getResults($team_id); // Now try and get Team Results..
$display_results = $scores->getResults($scores); // Display results by passing them to Team class to
}
catch (Exception $e) {
Echo 'Exception Thrown: ' . $e->getMessage();
}
My basic difficulty is where to put the getResults method and how to use it? I'm fine spawning a new Team as required, but is my logic for then moving on to getResults sound? I was trying to abstract my Team class from having any database association at all. Is this a wise approach or just not required? Am I overcomplicating the issue or missing something? Can anyone help? I guess my difficulty is between connecting classes and objects in the best manner. Thanks in advance.
Edited by mich2004, 19 May 2014 - 06:48 AM. This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=357188.0 Hi there,
This may not be the correct space to post this - but I'm very new to all this.
I've created a page that will run a php script to output a query. I would then like to send that same query via email - however from a design perspective I don't think the correct process is to click 'submit' to view the query and then 'submit' to send the result via email?
Can you please advise on some design solutions regarding this issue?
Thanks!
I have a php file, call it "mypage.php" it makes come calculations, create 5 different arrays, and creates a table by using the arrays. I found simpleXML to create XMLs easily. I want to make an xml file by using the contents of mypage.php. I want to do that with an argument like that "mypage?type=xml" I'm aware that i should use "$_GET" or "$_POST" But where should i put the php code in page, so when i use argument "xml" it will create an xml file. When i don't give argument it will create an html type file. Or should i use another php that includes mypage.php?? And get arrays from that file? Thank you. Hi all! I'm a real noob and this is my first time making a website and I haven't hosted it yet. I'm trying to make a website that is fast and secure. My pages look something like this. Code: [Select] <?php include("header.php");include("sidebar.php"); ?> HTML CODES <?php include("footer.php"); ?> 1. Are these php files cached after their first load? When I go to another page, those parts seem to stay still. 2. Is this code secure? And now I'm starting to make product pages which will be around 40 pages. So I'm considering something like this... Code: [Select] <?php include("header.php");include("sidebar.php"); ?> <a href="index.php?page=a">Page A</a> <?php $page = $_GET['page']; if (file_exists('pages/'.$page.'.php')) { include('pages/'.$page.'.php'); } ?> <?php include("footer.php"); ?> 3. Is it better to make every page like this since it will load header, sidebar, footer only once? 4. How should I protect from the user input data, by making an array of allowed files or by prohibiting "." and "/" ? Thank you in advance. sorry guys its been a long day and this is an extreme newbie question but for whatever reason right now I cant wrap my head around the concept right now... say for instance one wanted to make a db for job postings, where one could go and see many different categories etc etc. Would you create a table "jobs" and then create rows for the types ie) Accounting, Business, Customer Service, etc. - or would those be all seperate tables as well? Cause im just thinking of the INSERT INTO query, and say I wanted to add a job but I only wanted to add one to the Customer service portion of the jobs table...thats why im curious if everything should be different tables so you could just do INSERT INTO customer_service etc etc and then have all of the persons names/creditials there? OR is it possible to create a table within a table? or am I simply going nuts here? lol. thanks I have designed a database for my institute. Here I have attached my design for better understanding.
I am expecting your reviews who are professional for the database design.
Thank You.
Attached Files
Database Design for Institute Registration.jpg 61.29KB
0 downloads |
|||||||