Learn VBA & Macros in 1 Week!

PHP - Inserting Values From Admin To User Then User Add Value And Admin See It

Full Excel VBA Course - Beginner to Expert

Inserting Values From Admin To User Then User Add Value And Admin See It	View Content

hello. I need your help please. I'm building logistics website with user panel and admin panel. I've done all login and register forms. now I want to : admin can add package with: tracking number , weight , cost , and declaration form. user can fill declaration form after admin add package to user panel. then admin can see the declared form. is it possible in php? thank you in advance

Full Excel VBA Course - Beginner to Expert

Similar Tutorials

How: Admin Register A New User

Admin And User Permissions

Checking For Admin User

Email Sent To Admin When A New User Is Registered

How To Use Sessions To Give A User Admin Different Access????

Suggestion About Admin And User Index Page..

Admin Pannel -> User Data Don't Save

One Login Form Can Differentiate User Or Admin

How To Make The Session Login Both User And Admin Can Be View

Login Script With Level User And Admin Gives Blank Page

Helping With Admin Login And User Login

Table Issue - Multiple Location Values For User Pushes Values Out Of Row Instead Of Wrapping In Cell

Error Code When Inserting A New User To Table

Script Not Inserting All User Input From Array Into Database

User Signup Is Inserting To Mysql But The Passwords Coming Up Wrong, Any Advice?

Help With A Admin Panle

Error On Admin Look-up

Help With My Admin Script Please

Help With Php Admin Login..

Learn VBA & Macros for Excel in 1 Week!

How: Admin Register A New User

Similar Tutorials

Hi guys,

Can anyone help me; I have created a registration form (can be use for create or modify) and login form (Admin). What I am trying to do is; once the admin log in he/she can create / register a new user which contains:

-Firstname
-Surname
-Address
-Mobile
-Dept Name
-Username
-Password
-Repeat Password

My DB will look like this:

Table PERSONS: id, firstname, surname, address, mobile, dept_id, username, password.

Table USER: id, username, password

Table DEPT: id, dept_name

Can anyone help me how am I going to related the USER table into the PERSONS so when admin register a new user - the data will be created the into database as well as the data can be extracted for modification. Any suggestion?

Here are my code:

register.php

<?php

require 'includes/application_top.php';

   if (!isset($_POST['name']) && isset($_GET['id'])) {

      $mode = "Modifying";
      // Get data from DB

        $q = "SELECT * FROM `persons` WHERE `ID` = '".$_GET['id']."'";
        $result = mysql_query($q) or die (mysql_error());
        $row = mysql_fetch_array($result);

        $name = $row['firstname'];
        $surname = $row['surname'];
        $address = $row['address'];
        $dept = $row['dept_id'];
        $mobile = $row['mobile'];

}else if (!isset($_POST['name']) && !isset($_GET['id'])) {

      $mode = "Register";

      // Data is empty

      $name = $surname = $address = $dept = $mobile = "";

    } else {

        $errors = array();
        if ($_POST['name'] == "") $errors[] = "Name";
        if ($_POST['surname'] == "") $errors[] = "Surname";
        if ($_POST['mobile'] == "" || !is_numeric ($_POST['mobile'])) $errors[] = "Mobile No";

        if (count($errors)) {

            $errormsg = "Please fill the blank info:<br/ >".implode('<br />',$errors);

            $mode = $_POST['mode'];
            $name = $_POST['name'];
            $surname = $_POST['surname'];
            $address = $_POST['address'];
            $dept = $_POST['dept'];
            $mobile = $_POST['mobile'];

        } else {
            foreach ($_POST as $key => $val) {

$_SESSION[$key] = $val;

}
            header("Location: confirmPage.php");

        }

    }

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Modify Document</title>
</head>

<body>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
  <?php if (isset($errormsg)) echo "<div id=\"error_message\" style=\"color:red;\">$errormsg</div>"; ?>
  <div align="center">

  <table width="370" border="0">
    <h1> <?php echo $mode; ?> A User </h1>
     <p><font color="orangered" size="+1"><tt><b>*</b></tt></font>
  indicates a required field</p>
      <tr>
        <th width="200" height="35" align="left" scope="row" >First Name

<font color="orangered" size="+1"><tt><b>*</b></tt></font>

</th>
        <td width="160"><input type="text" name="name" value="<?php echo $name;?>" size="25"/></td>
      </tr>

    <tr>
       <th height="35" align="left">  Surname

<font color="orangered" size="+1"><tt><b>*</b></tt></font>

   </th>
        <td>
        <input type="text" name="surname" value="<?php echo $surname; ?>" size="25"/></td>
      </tr>

    <tr>
      <th height="35" align="left">  Address</th>
        <td>

<input type="text" name="address" value="<?php echo $address; ?>" size="25"/></td>
</tr>

<tr>
       <th height="35" align="left">
           Choose a username <font color="orangered" size="+1"><tt>*</tt></font></th>
       <td>
           <input name="username" type="text" maxlength="100" size="25" />        </td>
   </tr>

   <tr>
       <th height="35" align="left">
           Choose a password

<font color="orangered" size="+1"><tt><b>*</b></tt></font>

   </th>
       <td>
           <input name="password" type="password" maxlength="100" size="25" />             </td>
   </tr>

   <tr>
       <th height="35" align="left">
        Repeat your password

<font color="orangered" size="+1"><tt><b>*</b></tt></font>

</th>
       <td>
           <input name="repeatpassword" type="password" maxlength="100" size="25" />               </td>
   </tr>

    <tr>
      <th height="35" align="left">Department</th>
        <td>

        <select name="dept">
            <option value="">Select..</option>

<?php

    $data = mysql_query ("SELECT * FROM `dept` ORDER BY `id` DESC") or die (mysql_error());
    while($row_dept = mysql_fetch_array( $data )) {

?>
        <option value="<?php echo $row_dept['id'] ;?>" <?php if($row_dept['id']==$dept){echo ' selected="selected"';}?>>
        <?php echo $row_dept['dept_name'] ;?>        </option>

<?php
   }
?>
        </select>        </td>
    </tr>

    <tr>
      <th height="35" align="left">Mobile</th>
        <td><input type="text" name="mobile" value="<?php echo $mobile; ?>" size="25"/></td>
    </tr>

<tr>
       <td align="right" colspan="2">
           <hr noshade="noshade" />

</td>
</tr>

  </table>
  <br/>

  <a href="index.php">
    <input type="button" name="back" value="Back" /></a>

    <input type="hidden" name="id" value="<?php echo isset($_GET['id']); ?>">
    <input type="hidden" name="mode" value="<?php echo $mode; ?>">

    <input type="submit" value="<?php echo ($mode == "Register") ? 'Register' : 'Modify'; ?>"/>

  </div>
</form>

</body>
</html>

Admin And User Permissions

Similar Tutorials

I am developing a system that with have 4 different levels of permissions. My question is this. From a structure standpoint, some systems will have the administrators area in one file and the users admin area in another file. Others will have a level of permission with all the different levels of administrative tasks, menus, etc, coming from the database.

Is one of these better than the other or does it matter. From a coding standpoint it would be much easier to just have permissions and allow access to user menus and admin pages accordingly.

Thanks in advance.

Checking For Admin User

Similar Tutorials

I am trying to check for an admin user to access the admin panel.

I have been playing around try different things and this what I have ended up with

in my database table I have a column called usergroup and i do the follow to check for admin user.

Code: [Select]
$checkAdmin = mysql_query("SELECT * FROM `users` WHERE email='$email' , usergroup = 'admin'");

$adminUser = mysql_num_rows($checkAdmin);

if ($adminUser == 0)
{
echo count($adminUser);
die ('You do not have permissions to access this area');

}

I do the select statement through phpmyadmin and it comes back with one row. which is basically hat i want to check for. I do have a variable called $email which is getting a value from the email cookie.

currently $adminUser Return a value of 10.

All of the count() functions is for testing purposes only.

Email Sent To Admin When A New User Is Registered

Similar Tutorials

How To Use Sessions To Give A User Admin Different Access????

Similar Tutorials

is this a good way of doing a simple admin different rights e.g if secret word then go to adminpage.php

Code: [Select]
session_start();
$captcha = $_POST["captcha"] ;
$secretword = $_SESSION["secretword"] ;

if (strcmp( $captcha, $secretword )) {
// it's a bot
}
else {
// matched -- it's a human
}

Suggestion About Admin And User Index Page..

Similar Tutorials

Hi all,

Can anyone give me some suggestion please. I'm a bit stuck here -- I am trying to build an admin and user log in.

Admin: can view and edit, delete and create the page.
User: can only create their profile.

The problem is: I have almost the same index page for admin and user. I wonder if we can make it one page instead depending on what sort of user it has been log in. Also, the create page also almost similar...I don't know how to work it out as when I use the back button it go back to admin page (as I set it admin_area.php) - Do I have to create two create page as well? Or is there any better way to deal these forms?

Login page -> (If admin) -> admin_area.php (can view all of them and page contains: create.php, edit.php and delete.php)

Login page -> (If user/member) ->user_area.php (page contains: create their profile only)

Any inputs would be helpful.

Thanks.

Admin Pannel -> User Data Don't Save

Similar Tutorials

So if I change the user his data to banned or something he don't change
Here is the part of the code:
Code: [Select]
$userInfo = $db->getuserInfo($_GET['id']);
if ($userInfo) {
echo '<form action="'.coreLink('admin', 'users').'" method="post"><input type="hidden" name="userID" value="'.$userInfo['ID'].'"><ul class="inputs">
<li>
<div style="float:right"><input type="text" name="username" class="input" value="'.$userInfo['username'].'"></div>
'.__('Username').'<br /><small>'.__('Nickname of the user').'</small>
</li>
<li>
<div style="float:right"><input type="text" name="pass" class="input" value=""></div>
'.__('Change password').'<br /><small>'.__("Fill this input if you want to change it's password").'</small>
</li>
<li>
<div style="float:right"><input type="text" name="email" class="input" value="'.$userInfo['email'].'"></div>
'.__('Email').'<br /><small>'.__('Email of the user').'</small>
</li>
<li>
<div style="float:right"><input type="text" name="api" class="input" value="'.$userInfo['api'].'"></div>
'.__('API Code').'<br /><small>'.__('Used to access through the API').'</small>
</li>
<li>
<div style="float:right"><select class="input" name="status" style="width:311px">';
foreach (array('ok'=>__('Active'), 'nc'=>__('Not confirmed'), 'banned'=>__('Banned')) as $key=>$long) {
echo '<option value="'.$key.'"';
if ($key == $userInfo['status']) echo ' selected';
echo '>'.$long.'</option>';
}
echo '</select>
</div>
'.__('Status').'<br /><small>'.__('It can be active, banned..').'</small>
</li>
<li>
<fieldset id="shorters" style="border: 1px solid #ddd;-moz-border-radius:2px;-webkit-border-radius:2px"><legend>'.__('Profile').'</legend><br /><div style="padding-left:40px;margin-bottom:20px;width:110px">';
$avatar = getAvatar($userInfo['ID'], '48');
if (!$userInfo['gravatar'] && ($avatar != $jk->base."static/img/avatar/default_note.png")) echo '<div style="float:right;font-size:.8em"><input type="checkbox" name="avatar"> <img src="'.$jk->base.'static/img/trash.gif"></div>';
echo '<img src="'.getAvatar($userInfo['ID'], '48').'" style="border: 1px solid #ddd"></div>
<ul>
<li>
<div style="float:right"><input type="text" name="profile_name" class="input" value="'.$userInfo['realname'].'"></div>
'.__('Name').'<br /><small>'.__('Real name of the user').'</small>
</li>
<li>
<div style="float:right"><input type="text" name="profile_web" class="input" value="'.$userInfo['profile']['url'].'"></div>
'.__('Website').'<br /><small>'.__('Website of the user').'</small>
</li>
<li>
<div style="float:right"><input type="text" name="profile_location" class="input" value="'.$userInfo['location'].'"></div>
'.__('Location').'<br /><small>'.__('Location of the user').'</small>
</li>
<li>
<div style="float:right"><input type="text" name="profile_bio" class="input" value="'.$userInfo['profile']['bio'].'"></div>
'.__('Bio').'<br /><small>'.__('Description of the user').'</small>
</li>
</ul></fieldset>
</li>
<li>
<div style="float:right"><select class="input" name="language" style="width:311px">';
foreach (return_languages() as $short=>$lang) {
echo '<option value="'.$short.'"';
if ($short == $userInfo['language']) echo ' selected';
echo '>'.$lang.'</option>';
}
echo '</select>
</div>
'.__('Language').'<br /><small>'.__('Language of the user').'</small>
</li>
<li>
<div style="float:right"><select class="input" name="theme" style="width:311px">';
foreach ($jk->allowed_themes as $theme) {
echo '<option value="'.$theme.'"';
if ($theme == $userInfo['theme']) echo ' selected';
echo '>'.$theme.'</option>';
}
echo '</select>
</div>
'.__('Theme').'<br /><small>'.__('Skin of Jisko').'</small>
</li>
<li>
<div style="float:right"><input type="text" name="invitations" class="input" value="'.$userInfo['invitations'].'"></div>
'.__('Number of invitations').'<br /><small>'.__('Number of invitations that the user has').'</small>
</li>
<li>
<div style="float:right"><input type="text" name="openid" class="input" value="'.$userInfo['openid'].'"></div>
'.__('OpenID').'<br /><small>'.__('Used to access Jisko trough an OpenID account').'</small>
</li>
<li>
<div style="float:right"><input type="text" name="facebook" class="input" value="'.$userInfo['facebook'].'"></div>
'.__('Facebook ID').'<br /><small>'.__('Used to access Jisko trough a Facebook account').'</small>
</li>
</ul>
<br /><input type="submit" value="'.__('Save').'"><br /><br /></form>';
}
else header('Location: '.coreLink('admin', 'users'));
}

One Login Form Can Differentiate User Or Admin

Similar Tutorials

Login.php

Code: [Select]
<?php
    mysql_connect("localhost","root") or die(mysql_error());
    mysql_select_db("Regis") or die(mysql_error());

     if (isset($_POST["sub"]))
     {
        $_POST['pass'] = md5($_POST['pass']);
      if (!get_magic_quotes_gpc())
       {
        $_POST['username'] = addslashes($_POST['username']);
        $_POST['pass'] = addslashes($_POST['pass']);
      }

       $usercheck = $_POST["username"];

       $check = mysql_query("SELECT username FROM registration WHERE username = '$usercheck'") or die(mysql_error());

       $check2 = mysql_num_rows($check);
        //if the name exists it gives an error
     if ($check2 != 0)
     {
      echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Sorry, the username" ." ".$usercheck." ". "is already in use.')</SCRIPT>");
      echo ("<SCRIPT LANGUAGE='JavaScript'>setTimeOut(window.location = 'registration.php',1)</script>");

     }

      else if($_POST['username'] && $_POST['pass'] && $_POST['pass2'] )
     {
      $insert = "INSERT INTO registration (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')";
      $add_member = mysql_query($insert);
      echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Registration had been succesfully added :)')</SCRIPT>");
     }

     }

?>

<html>
<head>
<script type="text/javascript">
function a()
{
var x = document.login.username.value;
var y = document.login.pass.value;

if(x==""&& y=="")
{
alert("Please insert all message!");
return false;
}
if(x=="")
{
alert("Please insert an username!");
return false;
}
if(y=="")
{
alert("Please insert an password!");
return false;
}
}
</script>
</head>
<body>
<table border="0">
<form name="login" method="post" action="form2.php" onsubmit="return a()">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td>
<td><input type="text" name="username" maxlength="40"></td></tr>
<tr><td>Password:</td>
<td><input type="password" name="pass" maxlength="50"></td></tr>
<tr><td><input type="submit" name="submit" value="Register"></a></td>
<td><input type="submit" name="submit" value="Login"></td></tr>
</form>
</body></html>

form2.php

Code: [Select]
<?php
mysql_connect("localhost","root") or die(mysql_error());
mysql_select_db("cute") or die(mysql_error());
$message=$_POST['message'];
$n=$_POST['username'];

if(isset($_POST['submit'])) //if submit button push has been detected

{

   if(strlen($message)>1)
   {
      $message=strip_tags($message);
      $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP
      $checkforbanned="SELECT IP from ipbans where IP='$IP'";
      $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS");

    if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list
    {
     print "You IP is banned from posting.";
    }

    else
    {
     $thedate = date("U"); //grab date and time of the post
     $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$n','$IP','$thedate','$message')";
     mysql_query($insertmessage) or die("Could not insert message");
    }
   }
}

?>
<html>
<head>
<script type="text/javascript">
function addsmiley(code)
{
var pretext = document.smile.message.value;
this.code = code;
document.smile.message.value = pretext + code;
}

function a()
{
var x = document.smile.message.value;
if(x=="")
{
alert("Please insert an message!");
return false;
}

}

</script>
<style type="text/css">
body{ background-color: #d8da3d }
</style>
</head>
<body>
<form name="smile" method="post" action="form2.php" onSubmit="return a()" >
Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br>
<img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" />
<img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" />
<input type="hidden" name="username" value="<?php echo $n;?>">
<input type='submit' name='submit' value='Send' class='biasa' ></form>

<br> <br>
</body>
</html>

My problem is in login.php in form section, can one form can be used user or admin because just now im doing is for user if user login it goes to form2.php but im want also in the same form if admin the form post to form3.php any way to do that thank you

How To Make The Session Login Both User And Admin Can Be View

Similar Tutorials

Login.php

Code: [Select]
<?php
    session_start();
    mysql_connect("localhost","root") or die(mysql_error());
    mysql_select_db("cute") or die(mysql_error());
    $username = $_POST['username'];
    $password = $_POST['pass'];
    if (isset($_POST["submit"]))
    {
     $log = "SELECT * FROM regis WHERE username = '$username'";
     $login = mysql_query($log);
     $row = mysql_fetch_array($login);
     $number = mysql_num_rows($login);
     if ($number > 0)
     {

        $_SESSION['username'] = $row['username'];
        $_SESSION['userlevel'] = $row['userlevel'];


        if($_SESSION['userlevel']==1)
       {
        $_SESSION['is_logged_in'] == 1;
        header("Location: form2.php");
       }
        else if($_SESSION['userlevel']== 0)
       {
         $_SESSION['is_logged_in'] == 1;
         header("Location: registration.php");
       }
     }

Registration.php

Code: [Select]
<?php
echo 'Welcome:' .$_SESSION['is_logged_in'];?>
form2.php

Code: [Select]
<?php
session_start();
if (empty($_SESSION['is_logged_in']))
{
header("Location:chatframe.php");
die();     // just to make sure no scripts execute
}
?>
<?php
mysql_connect("localhost","root") or die(mysql_error());
mysql_select_db("cute") or die(mysql_error());
$message=$_POST['message'];
$a=$_SESSION['username'];

if(isset($_POST['submit'])) //if submit button push has been detected

{

   if(strlen($message)>1)
   {
      $message=strip_tags($message);
      $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP
      $checkforbanned="SELECT IP from ipbans where IP='$IP'";
      $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS");

    if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list
    {
     print "You IP is banned from posting.";
    }

    else
    {
     $thedate = date("U"); //grab date and time of the post
     $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$a','$IP','$thedate','$message')";
     mysql_query($insertmessage) or die("Could not insert message");
    }
   }
}

?>
<html>
<head>
<script type="text/javascript">
function addsmiley(code)
{
var pretext = document.smile.message.value;
this.code = code;
document.smile.message.value = pretext + code;
}

function a()
{
var x = document.smile.message.value;
if(x=="")
{
alert("Please insert an message!");
return false;
}

}

</script>
<style type="text/css">
body{ background-color: #d8da3d }
</style>
</head>
<body>
<form name="smile" method="post" action="form2.php" onSubmit="return a()" >
Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br>
<img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" />
<img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" />
<input type='submit' name='submit' value='Send' class='biasa' ></form>

<br> <br>
</body>
</html>
In this registration.php when im called back its appear nothing im means the number is not showing and the login code even im had also put the "$_SESSION['is_logged_in'] == 1;" outside if else userlevel statement and then i put $d= $_SESSION['is_logged_in'] == 1; and im echoing back but it is nothing im thinks something wrong in session is login

and also still it cannot redirect to admin -form2.php when session is login in is 1

Login Script With Level User And Admin Gives Blank Page

Similar Tutorials

Hi guy's,

I'm having problems adjusting a script to add a level (user rights) function. When i login with a admin or normal user it gives a blank page (not redirecting to home.php). It even does'nt return an echo that user / pass is incorrect. I'm breaking my head over this for day's now. Can you help me out?

Code: [Select]
<?php
session_start();

//Login form (index.php)

include "db_connect.php";
if(!$_POST['submit'])
{
?>

<html>
<head>

<![if !IE]>
<link rel="stylesheet" type="text/css" href="firefox.css" />
<![endif]>
</head>
<body>
<div id="wrapper">
<div id="header">
<?php include('header.php'); ?>
</div>
<div class="divider">

<strong>Login</strong>
<form method="post" action="index.php">

<div class="formElm">
<label for="username">Klantnummer:</label>
<input id="username" type="text" name="username" maxlength="16">
</div>

<div class="formElm">
<label for="password">Wachtwoord:</label>
<input type="password" name="password" maxlength="16">
</div>

<input type="submit" name="submit" value="Login">
</form>

</div>
<div id="footer">
<?php include('footer.php'); ?>
</div>
</div>
</html>

<?php
}
else
{
  $user = protect($_POST['username']);
  $pass = protect($_POST['password']);
  $level = protect($_POST['level']);

if($user && $pass && $level)
{
$pass = md5($pass); //compare the encrypted password
$sql1 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='1'";
$sql2 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='9'";
$queryN=mysql_query($sql1) or die(mysql_error());
$queryA=mysql_query($sql2) or die(mysql_error());

if(mysql_num_rows($queryN) == 1)
    {
      $resultN = mysql_fetch_assoc($queryN);
  $_SESSION['id'] = $resultN['id'];
      $_SESSION['username'] = $resultN['username'];
header("location:home.php");
    }
    elseif(mysql_num_rows($queryA) == 1)
    {
      $resultA = mysql_fetch_assoc($queryA);
  $_SESSION['id'] = $resultA['id'];
      $_SESSION['username'] = $resultA['username'];
header("location:home.php");
}

else{
echo "Wrong Username or Password";
}
}
}
?>
and the mysql code:

Code: [Select]
CREATE TABLE `user` (
`id` int(4) unsigned NOT NULL auto_increment,
`username` varchar(32) NOT NULL,
`password` varchar(32) NOT NULL,
`level` int(4) default '1',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=27 DEFAULT CHARSET=latin1;

Helping With Admin Login And User Login

Similar Tutorials

Hi guys,

Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!"

Any suggestion and help would be appreciated.
Thanks.

login.php

<?php

//Assigned varibale $error_msg as empty

//$error_msg = "";

session_start();

$error_msg = "";

if (isset($_POST['submit'])) {

if ($a_username = "admin" && $a_password = "123")

{

//Define $_POST from form text feilds

$username = $_POST['username'];

$password = $_POST['password'];

//Add some stripslashes

$username = stripslashes($username);

$password = stripslashes($password);

//Check if usernmae and password is good, if it is it will start session

if ($username == $a_username && $password == $a_password)

{

session_start();

$_SESSION['session_logged'] = 'true';

$_SESSION['session_username'] = $username;

//Redirect to admin page

header("Location: admin_area.php");

}

}

$username = (isset($_POST['username'])) ? $_POST['username'] : '';

$password = (isset($_POST['password'])) ? $_POST['password'] : '';

if($username && $password) {

$connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!");

mysql_select_db("friendsdb") or die ("Couldn't find the DB");

$query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'");

$numrows = mysql_num_rows($query);

if ($numrows != 0){

while ($row = mysql_fetch_array($query)) {

$dbusername = $row['username'];

$dbpassword = $row['password'];

}

//Check to see if they are match!

if ($username == $dbusername && md5($password) == $dbpassword) {

header ("Location: user_area.php");

$_SESSION['username'] = $username;

}

else

$error_msg = "Incorrect password!";

//code of login

}else

$error_msg = "That user does not exist!";

//echo $numrows;

}

else

$error_msg = "Please enter a username and password!";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Page</title>
</head>

<body>
<br />
<?php

require "header.php";
?><br />
<div align="center">
<table width="200" border="1">

<?php

// If $error_msg not equal to emtpy then display error message

if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?>

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">

Username: <input type="text" name="username" /><br /><br />

Password: <input type="password" name="password" /><br /><br />

<input type="submit" name = "submit" value="Log in" />
</form> <p> </p>

Register a <a href="register.php">New User</a>
</table>
</div>
</body>
</html>

Table Issue - Multiple Location Values For User Pushes Values Out Of Row Instead Of Wrapping In Cell

Similar Tutorials

Hi,

My company has 240+ locations and as such some users (general managers) cover multiple sites. When I run a query to pull user information, when the user has multiple sites to his or her name, its adds the second / third sites to the next columns, rather than wrapping it inside the same table cell. It also works the opposite way, if a piece of data is missing in the database and is blank, its pull the following columns in. Both cases mess up the table and formatting. I'm extremely new to any kind of programming and maybe this isn't the forum for this question but figured I'd give it a chance since I'm stuck.

The HTML/PHP code is below:

<table id="datatables-column-search-select-inputs" class="table table-striped" style="width:100%">

<thead>

<tr>

<th>ID</th>

<th>FirstName</th>

<th>LastName</th>

<th>Username</th>

<th>Phone #</th>

<th>Location</th>

<th>Title</th>

<th>Role</th>

<th>Actions</th>

</tr>

</thead>

<tbody>

<?php

//QUERY TO SELECT ALL USERS FROM DATABASE

$query = "SELECT * FROM users";

$select_users = mysqli_query($connection,$query);

// SET VARIABLE TO ARRAY FROM QUERY

while($row = mysqli_fetch_assoc($select_users)) {

$user_id = $row['user_id'];

$user_firstname = $row['user_firstname'];

$user_lastname = $row['user_lastname'];

$username = $row['username'];

$user_phone = $row['user_phone'];

$user_image = $row['user_image'];

$user_title_id = $row['user_title_id'];

$user_role_id = $row['user_role_id'];

// POPULATES DATA INTO THE TABLE

echo "<tr>";

echo "<td>{$user_id}</td>";

echo "<td>{$user_firstname}</td>";

echo "<td>{$user_lastname}</td>";

echo "<td>{$username}</td>";

echo "<td>{$user_phone}</td>";

//PULL SITE STATUS BASED ON SITE STATUS ID

$query = "SELECT * FROM sites WHERE site_manager_id = {$user_id} ";

$select_site = mysqli_query($connection, $query);

while($row = mysqli_fetch_assoc($select_site)) {

$site_name = $row['site_name'];

echo "<td>{$site_name}</td>";

}

echo "<td>{$user_title_id}</td>";

echo "<td>{$user_role_id}</td>";

echo "<td class='table-action'>

<a href='#'><i class='align-middle' data-feather='edit-2'></i></a>

<a href='#'><i class='align-middle' data-feather='trash'></i></a>

</td>";

//echo "<td><a href='users.php?source=edit_user&p_id={$user_id}'>Edit</a></td>";

echo "</tr>";

}

?>

<tr>

<td>ID</td>

<td>FirstName</td>

<td>LastName</td>

<td>Username</td>

<td>Phone #</td>

<td>Location</td>

<td>Title</td>

<td>Role</td>

<td class="table-action">

<a href="#"><i class="align-middle" data-feather="edit-2"></i></a>

<a href="#"><i class="align-middle" data-feather="trash"></i></a>

</td>

</tr>

</tbody>

<tfoot>

<tr>

<th>ID</th>

<th>FirstName</th>

<th>LastName</th>

<th>Username</th>

<th>Phone #</th>

<th>Location</th>

<th>Title</th>

<th>Role</th>

</tr>

</tfoot>

</table>

Error Code When Inserting A New User To Table

Similar Tutorials

I am trying to insert a new user into my database from my php code.

This is the error message that I am getting from the webpage:

Quote

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order, previousOrder) VALUES ('c_s@gmail.com','test','3','callulm','Smith','17' at line 1

This is the code that I am using:

Code: [Select]
<?php
$con = mysql_connect("localhost","root","");

if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("deliverpizza", $con);

$sql="INSERT INTO customer(userName, password, privilege, firstName,  lastName, address, postCode, order, previousOrder)
VALUES
('$_POST[username]','$_POST[password]','$_POST[privilege]','$_POST[firstname]','$_POST[lastname]','$_POST[address]','$_POST[postcode]','$_POST[order]','$_POST[previousOrder]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($con)
?>

Script Not Inserting All User Input From Array Into Database

Similar Tutorials

Before I get into my problem a couple of things.
First, this is a work project. My organization cannot afford a full time developer so as a database guy I'm being asked to develop a web based data system using php/html/mysql/javacript/etc. So I am not asking anyone to help me cheat or violate an honor code for a school project. Also I am having to learn PHP on the fly, by the seat of my pants. Second, my organization is using a version of PHP older that 5.5.X and I am powerless to update the version. So I know that some of the syntax I am using has been deprecated in more recent PHP versions. I don't mean to sound snarky or ungrateful but I really need some help solving this problem versus unhelpful comments about deprecated code. Third I am adapting code from the guys at TechStream so H/T to them.
Here is what I am trying to build. My office helps other offices in my large organization manage their records through the creation of a file plan. We are currently using a clunky, user-unfriendly Access database that was created back in 2009. I am tasked to transition that Access hoopty into a proper, web-based, user friendly system. The index.php form page consists of 2 parts.
You can see the original TechStream demo he http://demo.techstre...ssing-with-PHP/
I've adapted the top part of the form ("Travel Information") for my users to enter information about their office such as Office Name, Office Code, Office Chief, Creator (the user), Status and date. I've adapted the bottom part of the form ("Passenger Details") to be "Folder Details". This is an html table where users can add up to 10000 rows to list all the folders for their office by entering the folder name in the text box and then assign descriptors to each folder using the drop down menus. I've changed the drop down menus to reflect the descriptors we need, i.e. file-series, classification, media type. The user needs the flexibility to add folders as the number of folders will vary between offices. This adding and deleting of folders is accomplished dynamically through a javascript script.js file.
Now, here's my problem. When the user clicks submit button that fires a php script that runs an insert into query to place the array data into the backend mysql database. However, when the foreach loop is only inserting the office office from the top portion of the form with the first folder in the bottom portion of the form. In other words let's say the user fills out the top part with his office information and then adds 5 folders into the html table at the botton. The first folder will be inserted into the database table with both office information and folder information. However the subsequent 4 folders will have their folder information inserted into the table but the office information fields will be null. The office information needs to be inserted with each folder the user adds to the html table piece.
I suspect that my foreach loop is only capturing that office information on the first iteration of the loop and then flushing or deleting the office information after the first loop. Also, I suspect there is some disconnect between the html table for entering individual folders and the top part of the form that is not in html format. Any help I can get is most welcome. Thanks in advance! Code is below.
index.php

    <?php
    session_start();
    if(!isset($_SESSION['myusername'])) {
    header('Location:index.php');
     }

    echo $_SESSION['myusername'];
    echo '<a href="logout.php"><span>Logout</span></a></li>';

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
        <title>Records Management File Plan Application</title>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
        <link rel="stylesheet" type="text/css" href="css/default.css"/>
        <script type="text/javascript" src="js/script.js"></script>
    </head>
    <body>    
        <form action="InsertFileDetailArraytoDB.php" class="register" method="POST">
            <h1>Office File Plan Application/h1>
            <fieldset class="row1">
                <legend>Office Information</legend>
                <p>
                    <label>Office Code *
                    </label>
                    <input name="officecode[]" type="text" required="required"/>
                    <label>Date*
                    </label>
                    <select class="date" name="day[]">
                        <option value="1">01
                        </option>
                        <option value="2">02
                        </option>
                        <option value="3">03
                        </option>
                        <option value="4">04
                        </option>
                        <option value="5">05
                        </option>
                        <option value="6">06
                        </option>
                        <option value="7">07
                        </option>
                        <option value="8">08
                        </option>
                        <option value="9">09
                        </option>
                        <option value="10">10
                        </option>
                        <option value="11">11
                        </option>
                        <option value="12">12
                        </option>
                        <option value="13">13
                        </option>
                        <option value="14">14
                        </option>
                        <option value="15">15
                        </option>
                        <option value="16">16
                        </option>
                        <option value="17">17
                        </option>
                        <option value="18">18
                        </option>
                        <option value="19">19
                        </option>
                        <option value="20">20
                        </option>
                        <option value="21">21
                        </option>
                        <option value="22">22
                        </option>
                        <option value="23">23
                        </option>
                        <option value="24">24
                        </option>
                        <option value="25">25
                        </option>
                        <option value="26">26
                        </option>
                        <option value="27">27
                        </option>
                        <option value="28">28
                        </option>
                        <option value="29">29
                        </option>
                        <option value="30">30
                        </option>
                        <option value="31">31
                        </option>
                    </select>
                    <select name="month[]">
                        <option value="1">January
                        </option>
                        <option value="2">February
                        </option>
                        <option value="3">March
                        </option>
                        <option value="4">April
                        </option>
                        <option value="5">May
                        </option>
                        <option value="6">June
                        </option>
                        <option value="7">July
                        </option>
                        <option value="8">August
                        </option>
                        <option value="9">September
                        </option>
                        <option value="10">October
                        </option>
                        <option value="11">November
                        </option>
                        <option value="12">December
                        </option>
                    </select>                   

                    <select name="year[]">
                        <option value="2013">2013
                        </option>
                        <option value="2014">2014
                        </option>
                        <option value="2015">2015
                        </option>
                        <option value="2016">2016
                        </option>                       
                    </select>

                </p>
                <p>
                    <label>Office Chief*
                    </label>
                    <input name="officechief[]" required="required" type="text"/>

                    <label>Status*
                    </label>
                    <select name="status[]">
                        <option value="Draft">Draft
                        </option>
                        <option value="Submitted">Submitted
                        </option>
                        <option value="Approved">Approved
                        </option>
                    </select>
                </p>
                <p>
                    <label>Creator *
                    </label>
                    <input name="creator[]" required="required" type="text"/>
                </p>
                <div class="clear"></div>
            </fieldset>
                <fieldset class="row2">
                <legend>Folder Details</legend>
                <p>
                    <input type="button" value="Add Folder" onClick="addRow('dataTable')" />
                    <input type="button" value="Remove Folder" onClick="deleteRow('dataTable')"     />
                    <p>(All actions apply only to entries with check marked check boxes.)</p>
                </p>
            <table id="dataTable" class="form" border="1">
                <tbody>
                    <tr>
                    <p>
                        <td><input type="checkbox" required="required" name="chk[]"     checked="checked" /></td>
                        <td>
                            <label>Folder Name</label>
                            <input type="text" required="required" name="BX_NAME[]">
                        </td>
                        <td>
                            <label for="BX_fileseries">File Series</label>
                            <select id="BX_fileseries required="required"   name="BX_fileseries[]">
                            <option>100-01-Inspection and Survey/PII-NO</option>
                            <option>200-02-Credit Card Purchases/PII-NO</option>
                            <option>300-07-Time and Attendance/PII-YES</option>                         
                        </td>
                        <td>
                            <label for="BX_classification">Classification</label>
                            <select id="BX_classification" name="BX_classification"         required="required">
                                <option>Unclassified</option>
                                <option>Confidential</option>
                                <option>Secret</option>
                                <option>Top Secret</option>
                                <option>Ridiculous Top Secret</option>
                                <option>Ludicrous Top Secret</option>
                            </select>
                        </td>
                        <td>
                            <label for="BX_media">Media</label>
                            <select id="BX_media" name="BX_media" required="required">
                                <option>Paper</option>
                                <option>Shared Drive</option>
                                <option>Film</option>
                                <option>Floppy Disk</option>
                                <option>Mixed</option>
                                <option>Other</option>
                            </select>
                        </td>
                            </p>
                        </tr>
                        </tbody>
                        </table>
                        <div class="clear"></div>
                    </fieldset>

                <input class="submit" type="submit" value="File Plan Complete &raquo;" />


                <div class="clear"></div>
                </form>

            </body>

    </html>

PHP script with foreach loop to loop through the array from index.php and insert into database: InsertFileDetailArrayToDB.php

    /*
    When the user has finished entering their folders, reviewed the form inputs for accuracy and clicks the submit button, this will loop through all folder entries and using the SQL insert into query will place them in the database.  When it     completes     data insertion it will redirect the user back to the file detail input form*/

    <?php

    /*this part requires the user to be logged in and allows their user name to be included in the insert into query.
    If you remove the "ob_start();" piece it will screw up the header statement down at the botton.  
    See the comments by the header statement for an explanation of its purpose*/

    ob_start();
    session_start();
    if(!isset($_SESSION['myusername'])) {
    header('Location:index.php')
    }

    /*these two lines would ordinarily display the user name and a link a
    allowing the user to log out. However this php script does not output anything
    so the user will never it.*/
    echo $_SESSION['myusername'];
    echo '<a href="logout.php"><span>Logout</span></a></li>';

    ?>

    <?php

    /*this include statement connects this script to the MySQL database
    so the user form inputs can be inserted into the file_plan_details
    table*/

    include ('database_connection.php');

    foreach($_POST['BX_NAME'] as $row=>$BX_NAME)

    {
        $BX_NAME1 = mysql_real_escape_string($_POST['BX_NAME');
        $officecode1 = mysql_real_escape_string($_POST['officecode'][$row]);
        $username1 = mysql_real_escape_string($_SESSION['myusername'][$row]);
        $day1 = mysql_real_escape_string($_POST['day'][$row]);
        $month1 = mysql_real_escape_string($_POST['month'][$row]);
        $year1 = mysql_real_escape_string($_POST['year'][$row]);
        $creator1 = mysql_real_escape_string($_POST['creator'][$row]);
        $officechief1 = mysql_real_escape_string($_POST['officechief'][$row]);
        $status1 = mysql_real_escape_string($_POST['status'][$row]);
        $BX_fileseries1 = mysql_real_escape_string($_POST['BX_fileseries'][$row]);
        $BX_classification1 = mysql_real_escape_string($_POST['BX_classification'][$row]);
        $BX_media1 = mysql_real_escape_string($_POST['BX_media'][$row]);

        $fileplandetailinsert1 = "INSERT INTO file_plan_details (folder_name, office_code, user_name, day, month, year, creator, office_chief, status, file_series, classification, media)
                  VALUES             ('$BX_NAME1','$officecode1','$username1','$day1','$month1','$year1','$creator1','$officechief1','$status1','$BX_fileseries1','$BX_classification1','$BX_media1')";


        mysql_query($fileplandetailinsert1);

            }

           /*this header statement redirects the user back to the folder detail input form after it inserts data into the db
           After I build a main navigation page, I will switch out index.php with whatever I name
           the script that will produce the main navigation page*/

           header('Location:index.php');

           ?>

script.js

function addRow(tableID) {
    var table = document.getElementById(tableID);
    var rowCount = table.rows.length;
    if(rowCount < 10000){                            // limit the user from creating fields more than your limits
        var row = table.insertRow(rowCount);
        var colCount = table.rows[0].cells.length;
        for(var i=0; i<colCount; i++) {
            var newcell = row.insertCell(i);
            newcell.innerHTML = table.rows[0].cells[i].innerHTML;
        }
    }else{
         alert("Maximum Passenger per ticket is 5.");
               
    }
}

function deleteRow(tableID) {
    var table = document.getElementById(tableID);
    var rowCount = table.rows.length;
    for(var i=0; i<rowCount; i++) {
        var row = table.rows[i];
        var chkbox = row.cells[0].childNodes[0];
        if(null != chkbox && true == chkbox.checked) {
            if(rowCount <= 1) {                         // limit the user from removing all the fields
                alert("Cannot Remove all the Passenger.");
                break;
            }
            table.deleteRow(i);
            rowCount--;
            i--;
        }
    }
}

Edited by mac_gyver, 17 December 2014 - 01:13 PM.
code tags around posted code please

User Signup Is Inserting To Mysql But The Passwords Coming Up Wrong, Any Advice?

Similar Tutorials

Hi there I have a problem here, I think I may know what it is but just wanted some guidance on this issue.

I took the logic from a previous help from the people on this forum and here is my landing page:

<?php
// ini_set("display_errors", 1);

// randomly starts a session!

session_name("jeremyBasicLogin");
session_start();

if(isset($_SESSION['username'])) {

// display whatever when the user is logged in:

echo <<<ADDENTRY

<html>
<head>
<title>User is now signed in:<title>
</head>

<body>
<h1>You are now signed in!</h1>
<p>You can do now what you want to do!</p>
</body>
</html>
ADDENTRY;

} else {
// If anything else dont allow access and send back to original page!

header("location: signin.php");

}
?>

This is where the user goes to when they go to this system (not a functional system, ie it doesnt actually do anything its more for my own theory.

As you wont have a session on the first turn to this page it goes to:

signin.php which contains:
<?php
// ini_set("display_errors", 1);

require_once('func.db.connect.php');

if(array_key_exists('submit',$_POST)) {

dbConnect(); // connect to database anyways!

// Do a procedure to log the user in:

// Santize User Inputs
$username = trim(stripslashes(mysql_real_escape_string($_POST['username']))); // cleans up with PHP first!
$password = trim(stripslashes(mysql_real_escape_string(md5($_POST['password'])))); // cleans up with PHP first!

$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysql_query($sql);

if(mysql_num_rows($result) == 1) {

session_name("jeremyBasicLogin");
session_start();
$_SESSION['is_logged_in'] = true;
$_SESSION['username'] = $username;
//print_r($_SESSION); // debug purposes only!
$_SESSION['time_loggedin'] = time(); // this is adding to the array (have seen the output in the SESSION vars!

// call function to update the time stamp in MySQL?

header("location: index.php");

} else if(mysql_num_rows($result) != 1) {
$message = "You typed the wrong password or Username Please retry!";
}
} else {
$message = "";
}
// displays the login page:
echo <<<LOGIN
<html>
<body>
<h1>Example Login</h1>

<form id="login" name="login" action="{$_SERVER['PHP_SELF']}" method="post">
<label for="username">Username: </label><input type="text" id="username" name="username" value="" /><br>
<label for="password">Password: </label><input type="text" id="password" name="password" value="" /><br>
<input type="submit" id="submit" name="submit" value="Login" />
</form>
LOGIN;
echo "<p>" . $message . "</p>";
echo <<<LOGIN

<p>Please Login to View and Edit Your Entries</p>
<p><a href="register.php">Click Here To Signup</a><p>
</body>
</html>
LOGIN;
?>

This checks through user inputs and hopefully logs them in, when Ive inserted the data into the database itself it works, if I try and login but if a user fills in this form:

signup.php:

<?php
//ini_set("display_errors", 1);

$message ='';

require_once('func.db.connect.php');

if(array_key_exists('submit',$_POST)) {

dbConnect(); // connect to database anyways!

// do some safe protecting of the users variables, apply it to all details!
$username = trim(stripslashes(mysql_real_escape_string($_POST['username']))); // cleans up with PHP first!
$email = trim(stripslashes(mysql_real_escape_string($_POST['email']))); // cleans up with PHP first!
$password = trim(stripslashes(mysql_real_escape_string(md5($_POST['password'])))); // does as above but also encrypts it using the md5 function!
$password2 = trim(stripslashes(mysql_real_escape_string(md5($_POST['password2'])))); // does as above but also encrypts it using the md5 function!

if($username != '' && $email != '' && $password != '' && $password2 != '') {
// do whatever when not = to nothing/empty fields!

if($password === $password2) {
// do database stuff to enter users details

$sql = "INSERT INTO `test`.`users` (`id` ,`username` ,`password`) VALUES ('' , '$username', MD5( '$password' ));";
$result = mysql_query($sql);
if($result) {
$message = 'You may now login by clicking <a href="index.php">here</a>';
}

} else {
// echo out a user message says they got their 2 passwords incorrectly typed:
$message = 'Pleae re enter your password';
}

} else {
// they where obviously where empty
$message = 'You missed out some required fields, please try again';
}

}

echo <<<REGISTER

<html>
<body>
<h1>Register Form</h1>
<p>Please fill in this form to register</p>
<form id="register" name="register" action="{$_SERVER['PHP_SELF']}" method="post">

<table>
<tr>
<td><label for="username">Username: </label></td>
<td><input type="text" id="username" name="username" value="" /></td>
</tr>

<tr>
<td><label for="email">Email: </label></td>
<td><input type="text" id="email" name="email" value="" /></td>
</tr>

<tr>
<td><label for="password">Password: </label></td>
<td><input type="text" id="password" name="password" value="" /></td>
</tr>

<tr>
<td><label for="password">Confirm Password: </label></td>
<td><input type="text" id="password2" name="password2" value="" /></td>
</tr>

<tr>
<td><input type="submit" id="submit" name="submit" value="Register" /></td>
</tr>

<table>

REGISTER;
echo "<p>" . $message . "</p>";
echo <<<REGISTER

</form>
</body>
</html>
REGISTER;
?>

As I said when the user signs up when submitting the above form, it doesnt work, keeps coming up with a different value for the password, so I am about 99% certain its the password, but I have been maticulous about copying in the sanitize function for SQL injections and it just doesnt still work, really puzzled now.

Any helps appreciated,
Jeremy.

Help With A Admin Panle

Similar Tutorials

So i got my login down and the cookies, kinda set up
my problem is how do i make the admin panle save the true/false in the string in settings.php
id like do do it with a drop down menu to enable/disable it.
any help?

Code download

Error On Admin Look-up

Similar Tutorials

I get this error:

Code: [Select]
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\user\user.php on line 5

code:
user.php:
Code: [Select]
<?php

$get = (isset($_GET['id'])); //this means that user.php?id=1 would mean $get = 1. Note: This is not SQL Inject protected.
$users = mysql_query("SELECT * FROM users WHERE id='".$get."'");
while ($row = mysql_fetch_array($users))
{
echo '
Id = '.$row['id'].'
Name = '.$row['name'].'
Username = '.$row['username'].'
Password = '.$row['password'].'
Reg. on = '.$row['date'].'
';
}

?>

<html>
<body>
<form action='user.php' method='GET'>
Username: <input type='text' value=''>
<input type='submit' value='submit'>
</form>
<?php

//what goes here?

?>
</body>
</html>

Admin Check

Similar Tutorials

Hey guys, I've set up a database with a login and logout script for my site..

There is a TINYINT value called admin and it either equals 1 or 0 depending on whether the user is an admin or not..

The registration script works perfectly to create the table value and the login script works fine for the site..

The question I had was if I wanted to add a link to the bottom of every page that said:

Go to Administration Panel and make it only viewable by ADMINS I figured this little script would work..

Here would be the end of the page:
Code: [Select]
<br />
<center>Copyright &copy 2010 <a href="http://www.website.com">www.WEBSITE.com</a></center>

<?php include('includes/start_admincheck.php'); ?>
<center><a href="<?php echo $homedir .'admin.php'; ?>">Go to Administration Panel</a></center>
<?php include('includes/end_admincheck.php'); ?>

</body>

</html>
Inside start_admincheck.php I have:

(NOTE: $cUsername refers to a setcookie and $cAdmin does as well.. They are defined on my Variable page included at the top.)
Code: [Select]
<?php include('variables/variables.php'); ?>

<?php
  mysql_connect("$mysql_hostname", "$mysql_username", "$mysql_password") or die(mysql_error());
  mysql_select_db("$mysql_database") or die(mysql_error());

  if(isset($cUsername))
  {
    $check = mysql_query("SELECT * FROM users WHERE username = '$cUsername'")or die(mysql_error());

    while($info = mysql_fetch_array( $check ))
    {
      if (($cAdmin == 1) && ($info['admin'] == 1))
      {
?>
And this is the end_admincheck.php
Code: [Select]
<?php include('variables/variables.php'); ?>

<?php
      }

      else
        die();
    }
  }
  else
    die();
?>
?>
I get this Parse error thrown at the bottom of the page:

Code: [Select]
Parse error: syntax error, unexpected $end in /*******/includes/start_admincheck.php on line 15
Naturally I would checkout line 15 in start_admincheck.php, but normally when I get an $end error it is the last line of the code and leaves me lost..

Something I'm missing guys?

As always, thanks in advance

Help With My Admin Script Please

Similar Tutorials

Hey, in a nutshell the only thing in admin.php is the ability to moderate unapproved images, however, once approved, the "Approve Delete" links are still on screen.
How it works is a user uploads an image, the filename is added to mysql and the image is added to uploads/ once I Approve an image, the image is then moved to img/ to display on the index.php (to prevent porn and anything that doesn't belong to the general public).

I know what's happening, because I've got while loops to display the image while looping through the mysql database, so once the image is moved, the links are still on screen, displaying an "Approve Delete" for every image in the database. Also another thing that happens is the images on index.php are blank until approved. How can I work around this?

Here is the index.php when an image hasn't been approved:
http://www.xodiac.net/1.png

And here is the admin.php displaying Approve and Delete once an image has been approved:
http://www.xodiac.net/2.png

Help With Php Admin Login..

Similar Tutorials

Hallo I have a problem. This is my code:

<?php include 'connect.php';
?>

<html>
<head>
<title>Admin Insert page!</title>
</head>
<body>
<?php
error_reporting(-1);ini_set('display_errors',1);
if (isset($_POST['submit'])){
$name = $_POST['name'];
$password = $_POST['password'];
$result = mysql_query("SELECT * FROM users WHERE user='$name' AND password='$password'");
$num = mysql_num_rows($result);
if($num == 0){
echo "Bad login, go <a href='login.php'>back</a>";
}else{
session_start();
$_SESSION['name'] = $name;
header("Location: admin.php");
}
}else{
?>
<form action='login.php' methody='post'>
Username: <input type='text' name='name'/><br />
Password: <input type='password' name='password'/><br />
<input type='submit' name='submit' value='Login' />

</body>
</html>

I try to use console to find the problem but I didn't.... I know that there is some problem with $num Can somebody help me? Thank you.
Edited by Artur, 19 October 2014 - 12:11 PM.