|
PHP - Chek User Role And Loggedin Status?
Code what i made so far. Your comments at what should i do differently.
My configs.php
<?php
$userQuery = 'SELECT * FROM users WHERE id = :id';
$user = $db->prepare($userQuery);
$user->bindParam(':id', $_SESSION['userId'], PDO::PARAM_INT);
$user->execute();
$userInfo = $user->fetch(PDO::FETCH_ASSOC);
?>
functions.php
<?php
function loginCheck(){
global $db;
if(isset($_SESSION['userId'], $_SESSION['loginString'])){
$query = 'SELECT username FROM users WHERE id = :id';
$user = $db->prepare($query);
$user->bindParam(':id', $_SESSION['userId'], PDO::PARAM_INT);
$user->execute();
$row = $user->fetch(PDO::FETCH_ASSOC);
if($user->rowCount() == 1){
if(hash('sha512', $row['username'].$_SERVER['HTTP_USER_AGENT']) == $_SESSION['loginString']){
return true;
}else{
return false;
}
}else{
return false;
}
}else{
return false;
}
}
function checkUserRole(){//can be user, admin and moderator
global $userInfo;
if($userInfo['userRole'] == 'admin' or $userInfo['userRole'] == 'moderator'){
return true;
}else{
return false;
}
}
?>
shoutbox.php
Can this be done with one query?
global $db, $userInfo; $sbQuery = 'SELECT * FROM shoutbox ORDER BY dateCreated DESC LIMIT 30'; $sb = $db->query($sbQuery); $usersQuery = 'SELECT * FROM users WHERE shoutBoxBan = "yes"'; $users= $db->query($usersQuery); $usersRow = $users->fetch(PDO::FETCH_ASSOC);
$hiddenAction = '';
while($sbRow = $sb->fetch(PDO::FETCH_ASSOC)){
if(loginCheck() and checkUserRole()){
$hiddenAction = " <a href=\"javascript:;\" onClick=\"deleteMessage('".$sbRow['id']."')\" class=\"shoutBoxDelete\" title=\"Delete\">x</a>";
if($usersRow['username'] == $sbRow['username']){
$hiddenAction .= " <a href=\"javascript:;\" onClick=\"unBan('".$sbRow['username']."')\" class=\"shoutBoxBan\" title=\"Unban\">u</a>";
}else{
if($userInfo['username'] != $sbRow['username']){//admin and moderator cant ban themselves.
$hiddenAction .= " <a href=\"javascript:;\" onClick=\"banUser('".$sbRow['username']."')\" class=\"shoutBoxBan\" title=\"Ban\">o</a>";
$hiddenAction .= " <a href=\"javascript:;\" onClick=\"tempBanUser('".$sbRow['username']."')\" class=\"shoutBoxBan\" title=\"Temp Ban\">ø</a>";
}
}
}
....................................
Similar TutorialsI'm not totally new to php but I'm no guru either. I'm building an intranet and have three seperate user roles, user - manager - admin. There are some menu items I don't want to allow simple users to see. This will expand later to give them different views of a page as well (some can view/others can edit). As it stands the login validation is holding they're user level in $SESSION. To give you an idea take a look at what I'm trying to do: Code: [Select] function usermenu($usermenu) { if($user_level=0) echo ("<ul id="gooeymenu2" class="solidblockmenu"> <li><a href="main.php">Home</a></li> <li><a href="forms.php">Forms</a></li> <li><a href="/support/index.php" target="_new">Support</a></li> <li><a href="documents.php">Documents</a></li> <li><a href="admin/index.php">Admin</a></li> <li><a href="logout.php">Logout</a></li> </ul> <script> gooeymenu.setup({id:'gooeymenu2', selectitem:1, fx:'swing'}) </script>" "); else($user_level=1,2) echo ("<ul id="gooeymenu2" class="solidblockmenu"> <li><a href="main.php">Home</a></li> <li><a href="forms.php">Forms</a></li> <li><a href="/support/index.php" target="_new">Support</a></li> <li><a href="documents.php">Documents</a></li> <li><a href="new.php">New Adviser</a></li> <li><a href="admin/index.php">Admin</a></li> <li><a href="logout.php">Logout</a></li> </ul> <script> gooeymenu.setup({id:'gooeymenu2', selectitem:1, fx:'swing'}) </script>" "); Any help would be great, thanks in advance. Jason I am trying to populate a custom field called "Customer Type" current user role. The custom field is displayed on my checkout page. I tried the below in my functions.php of my child theme and thought it would work but it does nothing. Can anyone tell me what I might be doing wrong?
$user = wp_get_current_user(); $fields['customertype'] = $user;
return $fields; add_filter( 'woocommerce_checkout_fields', 'onboarding_update_fields' ); Edited April 11 by JayXHey Guys/Girls, Thanks for offering to help! I'm currently setting up a small social network for school and I just basically want to know whether the way I'm dealing with in-active users is appropriate and not going to SLOW down my code A LOT, My method is : 3 Functions: Code: [Select] function update_active_user(){ global $connection; global $id; $time = time(); $result3 = mysql_query("UPDATE users5 SET last_update = '$time' WHERE id = '$id'", $connection); } function update_inactive_users(){ global $connection; $time_to_expire = time() - 300; // 300 seconds off the current time $result2 = mysql_query("UPDATE users5 SET online='0' WHERE last_update < $time_to_expire AND online='1'", $connection); } function update_active_users(){ global $connection; $time_to_expire = time() - 300; // 300 seconds off the current time $result2 = mysql_query("UPDATE users5 SET online='1' WHERE last_update > $time_to_expire AND online='0'", $connection); } First function updates the user's field called last_update to the current time (This will only occer when the script loads and the user has done something on my website, it will update their last_update field to current time) Second function sets ALL users that haven't loaded any pages in the last 300 seconds to offline or field online to 0, which obviously means the user is offline Third function sets ALL users that have loaded pages in the last 300 seconds to online if they're offline The reason I'm worried about this is not because it doesn't work, it's working fine at the moment with 2 users, I'm worried when their might be A LOT of users and there are people who are active. My question is : will it make my scripts really slow or be bad for my database in ANY way if I do use these functions for ALL users because each time it searches the table, it is searching ALL users to see if they're active or inactive. I've got a site that requires the user to follow a well-defined workflow, corresponding to a sequence of pages. You'll have the right idea if you think of a store where the user selects items, then chooses a delivery method, then pays (although the site's actual purpose is somewhat different than that). I just tracked down a puzzling logical failu a user followed the workflow up to a certain point, then opened a new browser window, pointed it to the site, and started a second workflow. The site stores information about the user's activities in session variables, and the two windows shared a single session, so the site got tremendously confused about what the user was doing. Given the site's design, visiting the site in two windows at once is a legitimate thing for a user to do. I'm darned if I see how I can accommodate it, though. Other designers must have dealt with this problem many times. What ways of solving it have been found effective? In this case, the simplest and most effective solution would be to create a new session for each window in which the user visits the site. Is there any way to do that? hello all i am building a small forum website for kids to discuss their school work etc. As this website will be assess by my prospect employer for a job as a entry level web apllication developer. The problem is am having this error : Notice: Undefined index: user_name in C:\wamp\www\pennacool_forum\loggedin.php on line 21 when i tried to display the user name in the session of the user who just loggedin. here is the loggedin.php script: Code: [Select] <?php // loggedin.php // The user is redirected here from login.php. session_start(); // Start the session. // If no session value is present, redirect the user: // Also validate the HTTP_USER_AGENT! if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT']) )) { require_once ('includes/login_functions.inc.php'); $url = absolute_url(); header("Location: $url"); exit(); } $page_title = 'Logged In!'; include ('includes/header.html'); // Print a customized message: echo "<h1>Logged In!</h1> <p>You are now logged in, {$_SESSION['user_name']}!</p> <p><a href=\"logout.php\">Logout</a></p>"; include ('includes/footer.html'); ?> this is the login function: Code: [Select] function check_login($dbc, $user_name = '', $user_pass = '') { $errors = array(); // Initialize error array. // Validate the email address: if (empty($user_name)) { $errors[] = 'You forgot to enter your username.'; } else { $u = mysqli_real_escape_string($dbc, trim($user_name)); } // Validate the password: if (empty($user_pass)) { $errors[] = 'You forgot to enter your password.'; } else { $p = mysqli_real_escape_string($dbc, trim($user_pass)); } if (empty($errors)) { // If everything's OK. // Retrieve the user_id and first_name for that email/password combination: $q = "SELECT user_id, user_email FROM users WHERE user_name='$u' AND user_pass=SHA1('$p')"; $r = @mysqli_query ($dbc, $q); // Run the query. // Check the result: if (mysqli_num_rows($r) == 1) { // Fetch the record: $row = mysqli_fetch_array ($r, MYSQLI_ASSOC); // Return true and the record: return array(true, $row); } else { // Not a match! $errors[] = 'The username and password entered do not match those on file.'; } } // End of empty($errors) IF. // Return false and the errors: return array(false, $errors); } // End of check_login() function. ?> here is the login script: Code: [Select] <?php #login.php if (isset($_POST['submitted'])) { require_once ('includes/login_functions.inc.php'); require_once ('mysqli_connect.php'); list ($check, $data) = check_login($dbc, $_POST['user_name'], $_POST['user_pass']); if ($check) { // OK! // Set the session data:. session_start(); $_SESSION['user_id'] = $data['user_id']; $_SESSION['user_name'] = $data['user_name']; // Store the HTTP_USER_AGENT: $_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']); // Redirect: $url = absolute_url ('loggedin.php'); header("Location: $url"); exit(); } else { // Unsuccessful! $errors = $data; } mysqli_close($dbc); } // End of the main submit conditional. include ('includes/login_page.inc.php'); ?> thanks in advance guys ! How can i play with these role in my database table as you can see here //I have a database table CREATE TABLE users ( id int(10) NOT NULL PRIMARY KEY AUTO_INCREMENT, urole varchar(10) ); in the role column, I have 2 roles first role is only used once but the sound one can be assigned to more than one user, now I want to check my table if the first role is already registered, then we can't register user with that role, also the second role can exist two or more times
//check role, a variable user role has been defined as
$urole = $_POST['urole'];
$check = $connect -> prepare('SELECT * FROM users WHERE urole = ?');
$check -> execute([$urole]); $checkfetch = $check -> fetch();
//I'm stacking here, I want to put $checkfetch['urole'] in rowCount() to be counted but I think this is not a correct way of using rowCount()
if(($checkfetch['urole'] == 'MainAdmin') && ($checkfetch ->rowCount() == 1)) {
echo 'This role can be used by only once!';
}
//another role
if(($checkfetch['urole'] == 'NormalAdmin') && ($checkfetch ->rowCount() < 4)) {
echo 'This role can be used 4 times only!';
}
Hi all,
I am working on a project where i need to implement rbac control. I sthere any library available in codeigniter to extend the functionality. I have started working on codeigniter. i want to implement this in codeigniter. Please some on e guide how to achieve that. how to check roles and permssions.
Hi, I need code that reads from the roles database and then selects which file from these 3 which I want. For example, the user.php file would be loaded if the user has UName = user, Pass = 124, and Roles = User added to the database. But the admin.php and boss.php files would not appear to him.
<?php
session_start();
if(!(isset($_SESSION['User'])))
{
header("Location: index.php");
exit(0);
}
?>
<!DOCTYPE html>
<html>
<body>
<?php
include "config.php";
?>
<!--show for User-->
<?php include 'user.php';?>
<!--show for Admin-->
<?php include 'admin.php';?>
<!--show for Boss-->
<?php include 'boss.php';?>
</body>
</html>
Hello all! So glad I found this forum. I would appreciate some assistance please. I'm working on a filter for a Custom Post Type . I need it to filter the list depending on the user's role. The way this should work is the following...
* Users in roles "formusers1" and "formusers2" can post. Users can only see their own posts. So far I can filter by roles "formusers1" and "formusers2" using `$query->set('author', $current_user->ID);` . However, when try to filter the list for role "formchecker1" I see posts from all roles. What am I doing wrong? Here's the rest of the code. Thanks for checking out!
```
function filter_posts_list($query) {
//MY VARIABLES
//FILTERING
if (current_user_can('formchecker2') && ('edit.php' == $pagenow) && $typenow == 'mycustomcpt' ) {
if ((current_user_can('formusers1') || current_user_can('formusers2')) && ('edit.php' == $pagenow) && $typenow == 'mycustomcpt') { I am wanting to echo one of these 4 statements depending on the 'status' value. Currently it is showing the status value on the 2nd line but not the statement below.. Code: [Select] <li> <strong>Status: </strong><?php more_fields('status') ?> <?php if (more_fields('status')=="Red") echo "Your account is currently undergoing judgement"; elseif (more_fields('status')=="Green") echo "Your account is currently Live"; elseif (more_fields('status')=="Yellow") echo "Your account is currently undergoing site visits"; elseif (more_fields('status')=="Blue") echo "Your account is currently undergoing insolvency/liquidation";?> </li> any help appreciated. Thanks, Jake Hi there, i have code that enables a user to login to my site. I have a player table that consists of: PlayerName, Password and Status. The playername and password is what logs the user in however i want to make it so that when a user logs in it automatically sets that users Status to 1. Can some one point me in the right direction please?? Thanks Code: [Select] <?php if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['textfield'])) { $loginUsername=$_POST['textfield']; $password=$_POST['textfield2']; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "index.php"; $MM_redirectLoginFailed = "fail.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_swb, $swb); $LoginRS__query=sprintf("SELECT PlayerName, Password FROM player WHERE PlayerName=%s AND Password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $swb) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = ""; //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?> Thank you I want to know how can i check wether the user is online on my website or not.... Okay I now have a working extract ZIP archive script. What I am now looking to do is have a loop which checks the percentage complete the extraction is and at 100% (with no erros) carry out a PHP function. The code so far is (and includes comments on how the new function would be placed): $dir = opendir('temp'); while(false !==($file=readdir($dir))){ if(strpos($file, '.zip',1)){ extractupdate($file); } } function extractupdate($file){ $zip=new ZipArchive; if($zip->open('temp/'.$file) == TRUE){ $update=rtrim($file, ".zip"); $zip->extractTo($_SERVER['DOCUMENT_ROOT']."/update/temp/$update"); $zip->close(); echo "Extraction started."; // Place loop here to run untill 100% extraction completed and then run function "intsallupdate($update);" } else { echo "Failed to start extraction."; } } function installupdate($update){ // installupdate() will now shift the files around as necessary. // NB to PHPFREAKS, no assistance with code for installupdate() is required, only the loop. Cheers. } Many thanks in advance. Problem: I'm trying to make it so the array responds to the integer of status in the database. So, to check if it's one, I try this: $get["status"]["1"] = "Message here..."; But, on my result, I'm just getting WWTT - And the value in the database for the ticket is 0. I'm not sure if I'm using the array correctly. My full code: <?php session_start(); include("../includes/mysql.php"); include("../includes/config.php"); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link href="../style.css" rel="stylesheet" type="text/css" /> <title><?php echo $title; ?></title> </head> <body> <div id="container"> <div id="content"> <div id="left"> <div class="menu"> <?php include("../includes/navigation.php"); ?> <div class="menufooter"></div> </div> <?php include("../includes/menu.php"); ?> </div> <div id="middle"> <?php $existing = $_POST['existing']; $query = mysql_query("SELECT COUNT(id),id,status,date,question,title FROM tickets WHERE id='$existing'"); $get = mysql_fetch_assoc($query); if(!$existing) { echo ' <div class="post"> <div class="postheader"><h1>Error</h1></div> <div class="postcontent"> <p>You have not enetered in a ticket ID. Please go back and do so.</p> </div> <div class="postfooter"></div> </div> '; } elseif($get['COUNT(id)'] < 1) { echo ' <div class="post"> <div class="postheader"><h1>Error</h1></div> <div class="postcontent"> <p>The ticket ID you are trying to use doesnt exist. Please go back or submit another ticket.</p> </div> <div class="postfooter"></div> </div> '; } else { $get["status"]["0"] = "Waiting for support..."; $get["status"]["1"] = "Waiting for user..."; $get["status"]["2"] = "Ticket Closed..."; $get["status"]["3"] = "Ticket Opened..."; echo ' <div class="post"> <div class="postheader"><h1>View Ticket Status - ID '. $get["id"] .'</h1></div> <div class="postcontent"> <p>Title: '. $get["title"] .' - Posted on: '. $get["date"] .'</p> <p>Ticket Status: '. $get["status"] .'</p> <p>Question: '. nl2br($get["question"]) .'</p> </div> <div class="postfooter"></div> </div> '; } ?> </div> </div> </div> </body> </html> Hello, I have a webpage that runs some php code to control electrical devices. One part of it controls outside lights. Another part controls an electric door striker. I keep expanding the functionality of it and need to change one pin of the port without affecting the others. So far I use a different port for each function but I am out of ports so I need to use the different pins of the parallel port. I am using a linux ubuntu server. From my php webpage I issue this command: <?php exec("/home/setSerialSignal /dev/ttyS0 0 0"); ?> which controls the lights using the serial port. I can control 2 pins but I can't check the status of them so if I make a change to one pin it cancels the other. For another one I use the parallel port with this command: <?php exec("/home/parashell 0x378 1"); ?> which turns on pin #2 of the parallel port. Parashell has an executable called "pin". If you type the command "pin 0x378" it will return a value for the status of the parallel port. "1" for example which tells me that pin #2 is on. Is there a way to pass this value to a php variable? I am looking to be able to read the status of the port and make changes to just the pin I want. Lets say pin #2 is on and I want to turn pin #3 on. I would have to issue <?php exec("/home/parashell 0x378 2"); ?> to turn pin #3 on, but that would turn off pin #2. If I could pass the "1" from the "pin" command I could add it to the "2" and give it the command with a variable as "3". Thanks in advance for any help you can give. I hope I explained it ok and didn't confuse everyone. Hi, I need to know the delete status of an email. I can able to make the Read status, but whether there is any tricks that we can make in order to know the status of our email (deleted from our users) Any help !! Ty JO hello when i try to get the checkbox status from my class i get only those who checked i send the &_POST to my class. how should i get also the values of checkboxes which not selected? Hello I recently got a "to many connection" error on my site, and want to know if anyone here knows a few codes that will show how many connection currently are in use (maybe even what files that creates them). I found I can use "Threads_connected" to show current open connections, but no info on how to write the code or where to pu the file. I hope you can show my what to do So i have a online status available and when the user logs in i insert a new row in a table so the user is online and when the user logs out i delete it so the users goes offline.. but when the user leaves the computer and has the website open he will get logged out after some time of inactivity and the row saying that the user is online will remain there and wont be deleted.. how can i remove the row by the time the session is removed due to inactivity? I dont have any code done till now because im still trying to find out how to do it.. thanks. I got this code off of this forum Code: [Select] <?php $ip="{$_GET['ip']}"; $port="{$_GET['port']}"; header('Content-type: image/png'); if(!$sock=@fsockopen($ip,"$port", $num, $error, 5)) { readfile('image/offline.png'); } else { readfile('image/online.png'); } ?>I'm able to check the status by going to Code: [Select] http://domain.com/statuscheck.php?ip=google.com&port=80 and it works fine. But I would like to show the status on my index.html page without having to click on a link. Is there anyway Please help. thank you in Advance. |
|||||||