|
PHP - How Do I Display All The Data Of A User?
I want to fetch data from a table let's say table "activities". Uid | day | activity | time | remarks 1. Mon. Act1. 3pm. Good 2. Mon. Act1. 5pm. Bad 1. Tue. Act2. 12am. Bad 1. Tue. Act5. 1am. Bad 1. Thur. Act8. 9pm. Good 2. Wed. Act4. 7am. Good
Now assuming I want to fetch all the data that is related to user Id 1 and display them in another table (Uid 1). Which is 4 rows according to the table, how do I go about it using select query? Thanks!!! I tried something like this but it displays just one row
<?php
$uid = $_SESSION['login'];
$sql2 = "SELECT * FROM Activities WHERE uid=? ORDER BY Uid LIMIT 6";
$stmt2 = $connection->prepare($sql2);
$stmt2->bind_param('i', $Uid);
$stmt2->execute();
$result2 = $stmt2->get_result();
$row2 = $result2->fetch_assoc();
//now am stuck here
?>
now trying to display the fetch those data for only Uid 1 in these simple format...
<table style="width:100%"> <tr> <th>Day</th> <th>Activity</th> <th>Remarks</th> </tr> <tr> <td>Mon</td> <td>Act1</td> <td>Good</td> </tr> <tr> <td>Tue</td> <td>Act2</td> <td>Bad</td> </tr> <tr> <td>Tue</td> <td>Act5</td> <td>Bad</td> </tr> </table>
Similar Tutorialshi, i have made a website where people resgister their details of them and products. they have to enter the following details in form Name of company name of the product company address email id password mobile number contact and brief details about their company
user can then login with email id and pwd. now after login ..user will get a page where he can upload the photos of products images and their price, so now my question is that when he finishes uploading (|by clicking on upload button) the product images and price text box ..then on final uploaded webspage it should show all other things which he registerd before (company name , mobile number etc) along with images and price...hence the main question that user does not need to enter mobile and address while uploading images and filling proce ..but on the final page it should show mobile and address along with price and images..as user is not going to enter mobile and address again and again as he will have multiple products to upload.
Say there is a complex opt in process where people start to enter their data but certain questions stop them where they close out of the page. They already entered their data and I feel there is a way to grab it and post it to mysql even though they do not click submit.
How would this be done?
A super simple example (proof of concept) or a link to a tutorial would be very useful.
Edited by brentman, 23 September 2014 - 10:42 AM. I have two tables. Table Name:Users Fields: User_name user_email user_level pwd 2.Reference Fields: refid username origin destination user_name in the users table and the username field in reference fields are common fields. There is user order form.whenever an user places an order, refid field in reference table will be updated.So the user will be provided with an refid Steps: 1.User needs to log in with a valid user id and pwd 2.Once logged in, there will be search, where the user will input the refid which has been provided to him during the time of order placement. 3.Now User is able to view all the details for any refid 3.Up to this we have completed. Query: Now we need to retrieve the details based on the user logged in. For eg: user 'USER A' has been provided with the referenceid '1234' during the time of order placement user 'USER B' has been provided with the referenceid '2468' during the time of order placement When the userA login and enter the refid as '2468' he should not get any details.He should get details only for the reference ids which is assigned to him. <?php session_start(); if (!$_SESSION["user_name"]) { // User not logged in, redirect to login page Header("Location: login.php"); } $con = mysql_connect('localhost','root',''); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("login", $con); $user_name = $_POST['user_name']; $refid = $_POST['refid']; $query = "SELECT * from reference,users WHERE reference.username=users.user_name AND reference.refid='$refid' AND "; $result = mysql_query($query) or trigger_error('MySQL encountered a problem<br />Error: ' . mysql_error() . '<br />Query: ' . $query); while($row = mysql_fetch_array($result)) { echo $row['refid']; echo $row['origin']; echo $row['dest']; echo $row['date']; echo $row['exdate']; echo $row['username']; } echo "<p><a href=\"logout.php\">Click here to logout!</a></p>"; ?> <html> <form method="post" action="final.php"> Ref Id:<input type="text" name="refid"> <input type="submit" value="submit" name="submit"> </html> Hi all I need some help with displaying user account details i am currently able to show only the email address and i would like to show the name school name and yeargroup heres my code for myaccount.php <?php require_once('Connections/isn_1.php'); ?> <?php if (!isset($_SESSION)) { session_start(); } $MM_authorizedUsers = "1,2,3,4"; $MM_donotCheckaccess = "false"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && false) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "login.php?login=false"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) $MM_referrer .= "?" . $_SERVER['QUERY_STRING']; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?> <!DOCTYPE HTML> <html> <head> <title>My Account - <?php echo($_SESSION['MM_Username']); ?></title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @import url("style.css"); </style> </head> <body class="about"> <!-- Start NavBar --> <div id="topnavbar"> <dl> <dt id="home"><a href="index.php">Home</a></dt> <dt id="about"><a href="about.php">About</a></dt> <dt id="account"><a href="myaccount.php">Account</a></dt> <dt id="login"><a href="login.php">Login</a></dt> </dl> <dl id="rightnavbar"> <dt id="ISN"><a href="index.php">ISN</a></dt> </dl> </div> <!-- End NavBar --> <div id="page-container"> <div id="header"> </div> <div id="sidebar-a"></div> <div id="content"> <div class="padding"> <center> <table width="631" border="0"> <tr> <td colspan="2">Personal Details</td> </tr> <tr> <td width="229"> </td> <td width="648"></td> </tr> <tr> <td>Name</td> <td></td> </tr> <tr> <td>Email</td> <td><?php echo($_SESSION['MM_Username']); ?></td> </tr> <tr> <td>School Name</td> <td></td> </tr> <tr> <td>Year Group</td> <td></td> </tr> <tr> <td>DOB</td> <td></td> </tr> <tr> <td> </td> <td><a href="updateprofile.php">Modify my details</a></td> </tr> </table> <a href="logout.php">Logout?</a> </center> </div> </div> <div id="footer"> <div id="altnav"> <a href="index.php">Home</a> - <a href="login.php">Login</a> - <a href="register.php">Register</a> - <a href="about.php">About</a> - <a href="terms.php">Terms & Conditions</a> </div> <div id="copyright">© 2011 InterSchoolsNetwork, All Rights Reserved - A <a href="http://jordansmithsolutions.co.uk">Jordan Smith Solutions</a> & <a href="http://www.joecocorp.webs.com/">JoeCo Corp Production</a><br /> </div> </div> </div> </body> </html> <?php mysql_free_result($rsUpdateUser); ?> If you need any other code to help answer it for me then let me no please Dear everyone, I am reasonably new to php, so there is a chance that what I am asking for may exceed my grasp. Nevertheless I'd like to try: Is it possible to let the user choose (by using a drop down listbox for instance) which table from a database to display on a page? And/or which database to display on a page? Background information: I'm working on a website for my chess club. I've already got a working page (html,css) with a table of the standings (mysql, php) of the latest round (with position number, name, points, wins, losses, etc). By clicking on the column header, it sorts the respective column. What I'd finally like to do is let the user choose to display a different round (table), or even a different season (database). I could make a seperate page for each round, but I'd like to know if there's a more elegant way to do this by using only one page and one or more databases. Thanks in advance for any tips and best wishes from The Netherlands, Wouter. Good Day PHP world,
I am encountering a problem in php code meant to allow the user to update their profile picture.
I am using jquery.min and jquery.js. The code below runs with no errors reported. The file has been successfully uploaded to upload path using this form.
upload.php
<form id="imageform" method="post" enctype="multipart/form-data" action='ajaximage.php'> <input type="file" name="photoimg" id="photoimg" class="stylesmall"/> </form>ajaximage.php
$path = "uploads/";
$valid_formats = array("jpg", "png", "gif", "bmp","jpeg");
if(isset($_POST) and $_SERVER['REQUEST_METHOD'] == "POST")
{
$name = $_FILES['photoimg']['name'];
$size = $_FILES['photoimg']['size'];
if(strlen($name))
{
list($txt, $ext) = explode(".", $name);
if(in_array($ext,$valid_formats))
{
if($size<(1024*1024)) // Image size max 1 MB
{
$actual_image_name = $name.".".$ext;
$tmp = $_FILES['photoimg']['tmp_name'];
if(move_uploaded_file($tmp, $path.$actual_image_name))
{
$query = "UPDATE users SET profile_image='$actual_image_name' WHERE student_id='{$_SESSION['user_id']}'";
$result = mysqli_query($link_id, $query);
echo "<img src='uploads/".$actual_image_name."' class='preview'>";
}
The problem is the image being uploaded does not display on the
Student_home.php
<div id="about-img">
<img class="profile-photo" align="middle" src='uploads/".$actual_image_name."' />
</div>
But the image uploaded will display when i write directly its filename example
<div id="about-img">
<img class="profile-photo" align="middle" src="uploads/107.jpg" />
</div>
My problem is i wanted to display the uploaded picture of the specific student on Student_Home.php
Code: [Select] <html> <title>Micro Elite Brigade - Registration</title><LINK REL="SHORTCUT ICON" HREF="images/favicon.png"><?php require_once('upper.php'); require_once('database.php'); echo $error_msg=''; if(isset($_POST['submit'])) { $LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId'])); $Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1'])); $Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2'])); $Name=mysqli_real_escape_string($dbc,trim($_POST['Name'])); $Age=mysqli_real_escape_string($dbc,trim($_POST['Age'])); $BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup'])); /*if(!isset($_POST['Sex'])) { echo 'Please enter Sex<br>'; }*/ //else{ $Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex'])); //} $Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification'])); $ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber'])); $Email=mysqli_real_escape_string($dbc,trim($_POST['Email'])); $Address=mysqli_real_escape_string($dbc,trim($_POST['Address'])); $AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself'])); //$countCheck=count($_POST['checkbox']); //echo $countCheck; //$checkbox=$_POST['checkbox']; //$countCheck=count($checkbox); if(empty($LoginId)){echo 'Please enter Login Id';} elseif(empty($Password1)){echo 'Please enter Password';} elseif(empty($Password2)){echo 'Please confirm Password';} elseif($Password1!==$Password2){echo 'Password didn\'t match';} elseif(empty($Name)){echo 'Please enter Name';} elseif(empty($Age)){echo 'Please enter Age';} elseif(!isset($_POST['Sex'])){echo 'Please enter Sex';} elseif(empty($Qualification)){echo 'Please enter Qualification';} elseif(empty($ContactNumber)){echo 'Please enter Contact Number';} elseif(empty($Email)){echo 'Please enter Email';} elseif(empty($Address)){echo 'Please enter Address';} elseif(empty($AboutYourself)){echo 'Please enter About Yourself';} elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';} elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';} else { require_once('database.php'); $query="select * from registration where LoginId='$LoginId'"; $result=mysqli_query($dbc,$query); if(mysqli_num_rows($result)==0) { $checkbox=$_POST['checkbox']; $countCheck=count($_POST['checkbox']); $reg_id=' '; for($i=0;$i<$countCheck;$i++) { $reg_id=$reg_id.$checkbox[$i].','; $query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())"; $result=mysqli_query($dbc,$query) or die("Not Connected"); } $query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId',SHA('$Password1'),'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')"; $result=mysqli_query($dbc,$query) or die("Not Connect"); echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>'; $from= 'Elite Brigade'; $to='ankitp@rsquareonline.com'; $subject='New User Registration'; $message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro"; mail($to,$subject,$message,'From:'.$from); //header('Location: index.php'); // header('Location: Registration.php'); } else { echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id'; }} } ?> <html> <head> <link rel="stylesheet" type="text/css" href="css/style.css" /> <script type="text/javascript"> function lengthRestriction(elem, min, max){ var uInput = elem.value; if(uInput.length >= min && uInput.length <= max){ return true; }else{ alert("Please enter between " +min+ " and " +max+ " characters"); elem.value=""; return false; } } function emailValidator(elem, helperMsg){ var emailExp = /^[\w\-\.\+]+\@[a-zA-Z0-9\.\-]+\.[a-zA-z0-9]{2,4}$/; if(elem.value.match(emailExp)){ return true; }else{ alert(helperMsg); elem.value=""; return false; } } </script> </head> <body> <?php echo $error_msg; ?> <form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'> <div class="registration_and_activity"> <table border="0" cellspacing="0" cellpadding="0" width="380"> <tr><td colspan="2"> <br/><h3>New User?</h3></td></tr> <tr><td width="120"> <em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId' id='LoginId' value='<?php if(!empty($LoginId))echo $LoginId;?>' onblur="lengthRestriction(document.getElementById('LoginId'), 6, 20)")/></td></tr> <tr><td> <em>*</em>Enter Password</td> <td><head> <SCRIPT language=Javascript> function capLock(e){ kc = e.keyCode?e.keyCode:e.which; sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false); if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk)) { if(document.getElementById('Password1').value=='') alert("Caps Lock is On"); } else document.getElementById('divMayus').style.visibility = 'hidden'; } </SCRIPT> </HEAD> <input onkeypress='return capLock(event)' type='password' name='Password1' id="Password1" value='<?php if(!empty($Password1))echo $Password1;?>' onblur="lengthRestriction(document.getElementById('Password1'), 4, 50)")/></td></tr> <tr><td> <em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr> <tr><td width="120"> <em>*</em>Enter Name</td> <td><input type='text' name='Name' Id="Name" value='<?php if(!empty($Name))echo $Name;?>' onblur="lengthRestriction(document.getElementById('Name'), 2, 30)")/></td></tr> <tr><td> <em>*</em>Enter Age</td><HEAD> <SCRIPT language=Javascript> function isNumberKey(evt) { var charCode = (evt.which) ? evt.which : event.keyCode if (charCode > 31 && (charCode < 48 || charCode > 57)) return false; return true; } </SCRIPT> </HEAD> <td><INPUT onkeypress='return isNumberKey(event)' type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr> <tr><td> <em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' id="BloodGroup" onblur="lengthRestriction(document.getElementById('BloodGroup'), 1, 3)") /></td></tr> <tr><td> <em>*</em>Enter Sex</td><td><input type='radio' name='Sex' style='width:16px; border:0;' value='Male'<?php if(isset($_POST['Sex'])) { echo "checked='checked'";} ?> />Male <input type='radio' name='Sex' style='width:16px; border:0;' value='Female' <?php if(isset($_POST['Sex'])) { echo "checked='checked'";} ?> />Female</td></tr> <tr><td> <em>*</em>Enter Qualification</td><td><input type='text' name='Qualification' value='<?php if(!empty($Qualification))echo $Qualification;?>' id="Qualification" onblur="lengthRestriction(document.getElementById('Qualification'), 3, 60)"/></td></tr> <tr><td> <em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text' name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr> <tr><td> <em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' id="emailer" onblur="emailValidator(document.getElementById('emailer'), 'Not a Valid Email')"/></td></tr> <tr><td> <em>*</em>Enter Address</td><td><input type='text' name='Address' value='<?php if(!empty($Address))echo $Address;?>' id="Address" onblur="lengthRestriction(document.getElementById('Address'), 2, 100)")/></td></tr> <tr ><td > <em>*</em>About Yourself </td></tr> <tr><td colspan="2"><textarea rows='10' cols='40' name='AboutYourself' id="AboutYourself" onblur="lengthRestriction(document.getElementById('AboutYourself'), 5, 500)") /><?php if(!empty($Address))echo $Address;?></textarea></td></tr> <tr><td> <?php echo" <tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>"; require_once('database.php'); $query="select * from activity"; $result=mysqli_query($dbc,$query); while($row=mysqli_fetch_array($result)){ $Title=$row['Title']; $ActivityId=$row['ActivityId']; echo "<tr><td>$Title</td>"; echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox" echo "<br/>"; } echo " <tr> <table border='0' cellspacing='0' cellpadding='0' width='400' style='margin:10px 0 0 0;'> <td align='left' valign='top' scope='col' width='80'><em>*</em><input type='checkbox' name='TermsAndConditions' style='width:14px; text-align:right;'/></td> <td align='left' valign='top' scope='col'> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade.</td> </table> </tr>"; echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0; margin:15px 0 5px 100px; '/></td></tr><br>"; echo " </td></tr></table> </div> </form> </body> </html>"; require_once('lower.php'); ?>Hi friends.......... I have two problems with this page....... 1--> When user not select radio button it should displays "Please enter Sex" but on submit it displays an error "Undefined index: Sex in C:\wamp\www\EliteBrigadeserver\RegistrationAndActivity.php on line 19 Please enter Sex." I want to remove this notice........ 2--> If user not fill any field and press submit then if user once selected his sex, it should remain selected. Help me please............ Anyone????????? thanks in advance................... after the user has logged in, I would like to display their details by barcode id Login.php <?php $host=""; // Host name $username=""; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name=""; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); session_start(); // username and password sent from form $barcodeID=$_POST['barcode']; // To protect MySQL injection (more detail about MySQL injection) $barcodeID = stripslashes($barcodeID); $barcodeID = mysql_real_escape_string($barcodeID); $sql="SELECT * FROM $tbl_name WHERE BarcodeID='$barcodeID'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count > 0){ $data = mysql_fetch_array ($result); $_SESSION["user_id"] = $data["BarcodeID"]; $_SESSION["user_firstname"] = $data["Firstname"]; $_SESSION["user_surname"] = $data["Surname"]; $_SESSION["user_jobrole"] = $data["JobRole"]; $_SESSION["user_manager"] = $data["Manager"]; $_SESSION["user_priority"] = $data["Priority"]; $_SESSION["user_datejoined"] = $data["DateJoined"]; $_SESSION["user_times_loggged_in"] = $data["TimesLoggedOn"]; if ($_SESSION["user_priority"] == '1') { header("Location: AdminSection.php"); } else { header("Location:LoggedIn.php"); } if ($_SESSION["user_times_loggged_in"] == '0') { header("Location:UsingTheSystem.html"); } } ?> LoggedIn.php I keep getting the error undefined index "barcode"? <?php $barcodeID = $_POST["barcode"]; include 'dbcon.php'; $sql = "SELECT Firstname, Surname, JobRole, Manager" . " FROM users" . " WHERE BarcodeID = .'$barcodeID'" ; $rows = mysql_query($sql); echo $rows; ?> Any help will be greatly appreciated Thanks Hi, I'm trying to display a user review system allowing user's to vote. This works fine, but I'm trying to user php to only display the rating system if the user is logged in and display alternate text if they are not. I am getting the following error: Parse error: syntax error, unexpected T_ELSE in XXXXXX on line 182 Here's the code: Code: [Select] <?php if ($_SESSION['username']){ $query = mysql_query("SELECT * FROM locations WHERE name = '$location'"); while($row = mysql_fetch_array($query)) { $rating = (int)$row[rating] ?> <div class="floatleft"> <div id="rating_<?php echo $row[id]; ?>"> <span class="star_1"><img src="fivestars/star_blank.png" alt="" <?php if($rating > 0) { echo"class='hover'"; } ?> /></span> <span class="star_2"><img src="fivestars/star_blank.png" alt="" <?php if($rating > 1.5) { echo"class='hover'"; } ?> /></span> <span class="star_3"><img src="fivestars/star_blank.png" alt="" <?php if($rating > 2.5) { echo"class='hover'"; } ?> /></span> <span class="star_4"><img src="fivestars/star_blank.png" alt="" <?php if($rating > 3.5) { echo"class='hover'"; } ?> /></span> <span class="star_5"><img src="fivestars/star_blank.png" alt="" <?php if($rating > 4.5) { echo"class='hover'"; } ?> /></span> </div> </div> <div class="star_rating"> (Rated <strong><?php echo $rating; ?></strong> Stars) </div> <div class="clearleft"> </div> } } <?php else { echo "Log in to review"; } ?> Thanks in advance for any help. I'm sure it's something trivial but I can't see it! I have a php page that is linked to in a Joomla site in a Wrapper. I want to be able to block access to a php page unless it was called by a link in the main menu. I figured I could use $_SERVER['HTTP_REFERER'] to accomplish this like so: Link from Main Menu -> top_secret.php Code: [Select] <?php //the following is placed in the header of top_secret.php web page $page1 = 'http://myweb.com/index.php?option=com_wrapper&view=wrapper&Itemid=201';//page that user must come from $menu_link = $_SERVER['HTTP_REFERER'];//page that user comes from if($page1 !== $menu_link) { header('Location: http://myweb.com/error_page.php'); } ?> Thus if some one tries to simply access the top_secret.php with out going through the joomla menu- they will be re-directed to an error page. My question to the guru's is- is this secure or can someone easily get to the top_secret.php without going through the menu. Keep in mind- that the menu the person must use is only accessible from a registered joomla user for that site. Hope that makes sense. Hello all, I am hoping that someone can help me out with some code that I have. Here is the code: <?php include "include/dbc.php"; include "include/header.inc"; ?> <style type="text/css"> .mydate{ color:#00F; text-decoration:underline; cursor:pointer; } </style> <script type="text/javascript"> function displayDate(d){ var date=new Date(); var D=date.getDate(); date.setDate(D+d); var YYYY=date.getFullYear(); var MM=date.getMonth()+1; MM<10?MM='0'+MM:null; var DD=date.getDate(); DD<10?DD='0'+DD:null; var span=document.getElementById('date'); span.innerHTML= 'Entries for '+MM+'/'+DD+'/'+YYYY; } onload=function(){displayDate(0)}; </script> <h1>Food Diary</h1> <div class="full"> <center><div><span class="mydate" onclick="displayDate(-1)"><img src="images/left_arrow.png" border="0">Yesterday</span> <span id="date" style="font-size:2em;"></span> <span class="mydate" onclick="displayDate(1)">Tomorrow<img src="images/right_arrow.png" border="0"></span></div><br /> <a href="#" onclick="displayDate(0);return false;">Today</a> </center> <div class="full"> <form name="exercise" id="exercise" method="GET" action=""> <center><table> <tr> <td><h3>Add an Activity</h3></td> </tr> <tr> <td><input name="NewSearchString" style="width: 100px" type="text"/> <input type="submit" value="Search" /> </td> </tr> <tr> <td> <select name="activity"> <option value="_">Activity Browse...</option> <option value="all">All Activities</option> <option value="biking">Biking</option> <option value="condition">Conditioning</option> <option value="dancing">Dancing</option> <option value="fish">Fishing & Hunting</option> <option value="Home">Home Activities</option> <option value="misc">Miscellaneous</option> <option value="music">Music Playing</option> <option value="occupation">Occupation</option> <option value="running">Running</option> <option value="sports">Sports</option> <option value="walking">Walking</option> <option value="water">Water Activities</option> <option value="winter">Winter Activities</option> </select> <input type="submit" value="Submit" /></td></tr></table></center></form> </td> </tr> </table> </center> <table width="100%"> <tr bgcolor="#66CC33"> <td><div>Activity</div></td> <td><div>Specific Activity</div></td> <td><div>Time (hh:mm)</div></td> <td><div>Distance</div></td> <td><div>Units</div></td> </tr> <tr bgcolor="#66CC33"> <td><div></div></td> <td><div></div></td> <td><div></div></td> <td><div class="Float"></div></td> <td class="cp_Distance"><div></div></td> </tr> <?php if(isset($_GET[activity])) { $category=$_GET[activity]; $result = mysql_query("SELECT * FROM exercise WHERE type='$category'"); ?> <form action="add_activity.php" method="POST"> <?php while($row = mysql_fetch_array($result)) { echo '<tr><td><div>'.$row[Type].'</div></td>'; echo '<td><div>'.$row[Name].'<input type="hidden" name="exerciseid[]" value="'.$row[Name].'"></div></td>'; echo '<td><div><input type="text" name="duration['.$row['Name'].']"></div></td>'; echo '<td><div><input type="text" name="distance['.$row['Name'].']"></div></td>'; echo '<td><div><select name="metric[]"> <option value="mile" name="mile">mile</option> <option value="Km" name="Km">km</option> <option value="M" name="M">m</option> <option value="Yard" name="yard">yrd</option> <option value="Feet" name="feet">ft</option> </select></div></td></tr>'; } mysql_close(); ?> <tr><td colspan="6" align="center"><input type="submit" name="submit" value="Add Activities" onClick="return confirm( 'Are you sure you want to submit the activities?');"></td></tr> </form> <?php } ?> <tr bgcolor="#66CC33"> <td><div></div></td> <td><div></div></td> <td><div></div></td> <td><div class="Float"></div></td> <td class="cp_Distance"><div></div></td> </tr></table> The code pulls variables, called exercise activities, from a table and allows the user to input the duration and distance that they completed the exercise. The second page looks like this: <?php include "include/dbc.php"; include "include/header.inc"; $exerciseid = $_POST["exerciseid"]; $duration = $_POST["duration"]; $distance = $_POST["distance"]; $metric = $_POST["metric"]; echo'<h1>Added Activities</h1>'; // name of array echo '<h1>Exercise</h1>'; if (is_array($exerciseid)) { foreach ($exerciseid as $key => $value) { echo $key .' : '. $value .'<br />'; } } // name of array echo '<h1>Duration</h1>'; if (is_array($duration)) { foreach ($duration as $key => $value) { echo $key .' : '. $value .'<br />'; } } // name of array echo '<h1>Distance</h1>'; if (is_array($distance)) { foreach ($distance as $key => $value) { echo $key .' : '. $value .'<br />'; } } // name of array echo '<h1>Metric</h1>'; if (is_array($metric)) { foreach ($metric as $key => $value) { echo $key .' : '. $value .'<br />'; } } ?> Here is what the second page of php code returns: [text] Added Activities Exercise 0 : Automobile repair 1 : Carpentry, general 2 : Carrying heavy loads, such as bricks 3 : Construction, outside, remodeling 4 : Electrical work, plumbing 5 : Farming, baling hay, cleaning barn 6 : Farming, milking by hand 7 : Farming, shoveling grain 8 : Marching, rapidly, military 9 : Painting, papering, plastering, scraping Duration Automobile repair : 26 Carpentry, general : Carrying heavy loads, such as bricks : Construction, outside, remodeling : Electrical work, plumbing : Farming, baling hay, cleaning barn : Farming, milking by hand : Farming, shoveling grain : Marching, rapidly, military : Painting, papering, plastering, scraping : Distance Automobile repair : 25 Carpentry, general : Carrying heavy loads, such as bricks : Construction, outside, remodeling : Electrical work, plumbing : Farming, baling hay, cleaning barn : Farming, milking by hand : Farming, shoveling grain : Marching, rapidly, military : Painting, papering, plastering, scraping : Metric 0 : M 1 : mile 2 : mile 3 : mile 4 : mile 5 : mile 6 : mile 7 : mile 8 : mile 9 : mile [/text] Though this works, I want it to be better. I want a way to single out only the data the user inputs and not return everything else. Any ideas/suggestions are welcomed. Thank you! Hi, I have stored user data in the database, but I think I need to somehow grab the "id" of the username, and use that in a SESSION when they log in, so that I can pull up the user information in the database for that particular user when they log in. and do that for everyone when they log in. My idea is user logs in Something like "grab the user "id" linked to this user, and add that value to "$currentUser", then somehow when it is time to show their user profile page, I do something like "display all field data where username=$currentUser. I don't know I am confused, any help plus code would be great if anyone can help, or just the pseudocode would be good. I hope I explained it right. thanks. First off, let me say that this will not be a public use site. We want to create a site that allows us to run queries in our database; this way we don't need to log into the MySQL server when ever we want to run a query. Basically, I am trying to create something as simple as a form with a text-input and a submit button. In this text-input, we will write a query (such as SELECT * FROM xxxx). When we hit submit, we would like to have the MySQL table printed out in a large textbox below. Our database has multiple tables, so something that works across the entire database seamlessly is key. Has anyone ever made anything like this? Is there another way to go about this? We really just want an easy way to run queries on the go. Thanks in advance to anyone who replies! <?php echo $error_msg=''; if(isset($_POST['submit'])) { $LoginId=$_POST['LoginId']; $Password1=$_POST['Password1']; $Password2=$_POST['Password2']; $Name=$_POST['Name']; $Age=$_POST['Age']; $BloodGroup=$_POST['BloodGroup']; $Sex=$_POST['Sex']; $Qualification=$_POST['Qualification']; $Email=$_POST['Email']; $Address=$_POST['Address']; $AboutYourself=$_POST['AboutYourself']; [b]$countCheck=count($_POST['checkbox']); echo $countCheck;[/b] //$checkbox=$_POST['checkbox']; //$countCheck=count($checkbox); if(empty($LoginId)){echo 'Please enter Login Id';} elseif(empty($Password1)){echo 'Please enter Password';} elseif(empty($Password2)){echo 'Please confirm Password';} elseif($Password1!==$Password2){echo 'Password didn\'t match';} elseif(empty($Name)){echo 'Please enter Name';} elseif(empty($Age)){echo 'Please enter Age';} elseif(empty($Sex)){echo 'Please enter Sex';} elseif(empty($Qualification)){echo 'Please enter Qualification';} elseif(empty($Email)){echo 'Please enter Email';} elseif(empty($Address)){echo 'Please enter Address';} elseif(empty($AboutYourself)){echo 'Please enter About Yourself';} [b]elseif($countCheck==0){ echo 'You have to register at least one activity.';}[/b] else { $dbc=mysqli_connect('localhost','root','','nog'); $query="select * from registration where LoginId='$LoginId'"; $result=mysqli_query($dbc,$query); if(mysqli_num_rows($result)==0) { $checkbox=$_POST['checkbox']; $countCheck=count($_POST['checkbox']); $reg_id=' '; for($i=0;$i<$countCheck;$i++) { $reg_id=$reg_id.$checkbox[$i].','; } $query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,Email,Address,AboutYourself,Activity)values ('$LoginId',SHA('$Password1'),'$Name','$Age','$BloodGroup','$Sex','$Qualification','$Email','$Address','$AboutYourself','$reg_id')"; $result=mysqli_query($dbc,$query) or die("Not Connect"); echo ' Dear '.$Name.'.<br>Your Account is waiting for approval<br>'; echo "<a href='RegistrationAndActivity.php'>Back to Home</a>"; //header('Location: index.php'); // header('Location: Registration.php'); } else { echo 'Dear '.$Name. ' <br>Account already exist with Login Id '.$LoginId.' <br>Try another Login Id'; }} } ?> <html> <body> <?php echo $error_msg; ?> <h3>New User?</h3> <form action='<?php echo $_SERVER['PHP_SELF'];?>' method='post'> Enter Login id<br><input type='text' name='LoginId' value='<?php if(!empty($LoginId))echo $LoginId;?>'/><br> Enter Password<br><input type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>'/><br> Confirm Password<br><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>'/><br> Enter Name<br><input type='text' name='Name' value='<?php if(!empty($Name))echo $Name;?>'/><br> Enter Age<br><HEAD> <SCRIPT language=Javascript> function isNumberKey(evt) { var charCode = (evt.which) ? evt.which : event.keyCode if (charCode > 31 && (charCode < 48 || charCode > 57)) return false; return true; } </SCRIPT> </HEAD> <INPUT onkeypress='return isNumberKey(event)' type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'><br/> Enter Blood<br><input type='text' name='BloodGroup'value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>'/><br> Enter Sex<br><input type='text' name='Sex'value='<?php if(!empty($Sex))echo $Sex;?>'/><br/> Enter Qualification<br><input type='text' name='Qualification' value='<?php if(!empty($Qualification))echo $Qualification;?>'/><br> Enter Email<br><input type='text' name='Email' value='<?php if(!empty($Email))echo $Email;?>'/><br> Enter Address<br><input type='text' name='Address' value='<?php if(!empty($Address))echo $Address;?>'/><br> About Yourself<br/><textarea rows='10' cols='22' name='AboutYourself' value='<?php if(!empty($AboutYourself))echo $AboutYourself;?>'></textarea><br/> <?php echo" <b>Select fields for which you want to register</b><br/>"; $dbc=mysqli_connect('localhost','root','','nog'); $query="select * from activity"; $result=mysqli_query($dbc,$query); while($row=mysqli_fetch_array($result)){ $Title=$row['Title']; $ActivityId=$row['ActivityId']; echo $Title; //echo $ActivityId; [b]echo "<input type='checkbox' name='checkbox[]' value=$ActivityId />"[/b];//value=$ActivityId tells ActivityId variable extracts with name="checkbox" echo "<br/>"; } echo "<input type='submit' value='Register' name='submit'/><br>"; echo "</form> </body> </html>";?> Quote Hi friends......... In above code I want to manadatory the checkboxes which works properly as well but when user not select any checkbox it should display "You have to register at least one activity." according to above code but user get an extra server error also "Notice: Undefined index: checkbox in C:\wamp\www\NGOProject\RegistrationAndActivity.php on line 16 You have to register at least one activity. " I don't want to display this extra server error "Notice: Undefined index: checkbox in C:\wamp\www\NGOProject\RegistrationAndActivity.php on line 16" to user............... please help me .......... Anyone??????????????? thanks in advance.................. Hi I am currently making a site where users can upload second hand books for sale, I have everything working as i wish apart from i am having trouble creating a account page where users can review the books they have posted. so far i use the following code to bring view a the data associated with an uploaded book based on its id Code: [Select] public static function getById( $id ) { $conn = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD ); $sql = "SELECT * FROM books WHERE id = :id"; $st = $conn->prepare( $sql ); $st->bindValue( ":id", $id, PDO::PARAM_INT ); $st->execute(); $row = $st->fetch(); $conn = null; if ( $row ) return new Book( $row ); } I think i can use a similar function for my user account however, each book entered by a user has their member id attached to it, which is gained from there id in the members table which in turn is stored in $_SESSION['id']. My question is, is there a way to rework the code above to have something like select * where member_id = $_SESSION['id']. I have tried a few things and get stuck manly due to the fact i dont know what to replace the current :id with. Thanks in advance, i hope i explained it well enough for you lot to understand. Ian Hello, I'm trying to build a registration/login system. I managed to set it up but i need that for the user when he/she is logged in to display his own information and to manage to edit them, First i need to display them, because i seem to not be doing it.. i know it's easy in principal but i am really new at this... So here is my code: The login.php page Code: [Select] <?php include ('database_connection.php'); if (isset($_POST['formsubmitted'])) { // Initialize a session: session_start(); $error = array();//this aaray will store all error messages if (empty($_POST['e-mail'])) {//if the email supplied is empty $error[] = 'You forgot to enter your Email '; } else { if (preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $_POST['e-mail'])) { $Email = $_POST['e-mail']; } else { $error[] = 'Your EMail Address is invalid '; } } if (empty($_POST['Password'])) { $error[] = 'Please Enter Your Password '; } else { $Password = $_POST['Password']; } if (empty($error))//if the array is empty , it means no error found { $query_check_credentials = "SELECT * FROM members WHERE (Email='$Email' AND password='$Password') AND Activation IS NULL"; $result_check_credentials = mysqli_query($dbc, $query_check_credentials); if(!$result_check_credentials){//If the QUery Failed echo 'Query Failed '; } if (@mysqli_num_rows($result_check_credentials) == 1)//if Query is successfull { // A match was made. $_SESSION = mysqli_fetch_array($result_check_credentials, MYSQLI_ASSOC);//Assign the result of this query to SESSION Global Variable header("Location: page.php"); }else { $msg_error= 'Either Your Account is inactive or Email address /Password is Incorrect'; } } else { echo '<div class="errormsgbox"> <ol>'; foreach ($error as $key => $values) { echo ' <li>'.$values.'</li>'; } echo '</ol></div>'; } if(isset($msg_error)){ echo '<div class="warning">'.$msg_error.' </div>'; } /// var_dump($error); mysqli_close($dbc); } // End of the main Submit conditional. ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login Form</title> <style type="text/css"> body { font-family:"Lucida Grande", "Lucida Sans Unicode", Verdana, Arial, Helvetica, sans-serif; font-size:12px; } .registration_form { margin:0 auto; width:500px; padding:14px; } label { width: 10em; float: left; margin-right: 0.5em; display: block } .submit { float:right; } fieldset { background:#EBF4FB none repeat scroll 0 0; border:2px solid #B7DDF2; width: 500px; } legend { color: #fff; background: #80D3E2; border: 1px solid #781351; padding: 2px 6px } .elements { padding:10px; } p { border-bottom:1px solid #B7DDF2; color:#666666; font-size:11px; margin-bottom:20px; padding-bottom:10px; } a{ color:#0099FF; font-weight:bold; } /* Box Style */ .success, .warning, .errormsgbox, .validation { border: 1px solid; margin: 0 auto; padding:10px 5px 10px 60px; background-repeat: no-repeat; background-position: 10px center; font-weight:bold; width:450px; } .success { color: #4F8A10; background-color: #DFF2BF; background-image:url('images/success.png'); } .warning { color: #9F6000; background-color: #FEEFB3; background-image: url('images/warning.png'); } .errormsgbox { color: #D8000C; background-color: #FFBABA; background-image: url('images/error.png'); } .validation { color: #D63301; background-color: #FFCCBA; background-image: url('images/error.png'); } </style> </head> <body> <form action="login.php" method="post" class="registration_form"> <fieldset> <legend>Login Form </legend> <p>Enter Your username and Password Below </p> <div class="elements"> <label for="name">Email :</label> <input type="text" id="e-mail" name="e-mail" size="25" /> </div> <div class="elements"> <label for="Password">Password:</label> <input type="password" id="Password" name="Password" size="25" /> </div> <div class="submit"> <input type="hidden" name="formsubmitted" value="TRUE" /> <input type="submit" value="Login" /> </div> </fieldset> </form> Go Back to <a href="#">Account Verification on sign up</a> </body> </html> This is the page's code where user is redirected after login Code: [Select] <?php ob_start(); session_start(); if(!isset($_SESSION['Username'])){ header("Location: login.php"); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Member Area </title> <style type="text/css"> .success { border: 1px solid; margin: 0 auto; padding:10px 5px 10px 60px; background-repeat: no-repeat; background-position: 10px center; font-weight:bold; width:450px; color: #4F8A10; background-color: #DFF2BF; background-image:url('images/success.png'); } </style> </head> <body> <div class="success">Welcome , <?php echo $_SESSION['Username'] ; ?></div> <? $b = time (); $date1 =date( "Y-m-d;h:i:s" , mktime(date("h")+6, date("i"), date("s"), date("m") , date("d"), date("Y"))); $str_time = "&receivedtimestamp="; $str_msg = "&msg=bkt"; $str_from = "from="; ?> <a href="http://testext.i-movo.com/api/receivesms.aspx?<?echo $str_from;?><?echo $_SESSION['phone'];?><?echo $str_time;?><?echo $date1;?><?echo $str_msg;?>">Get a Cupon</a> </br> <?php echo $_SESSION['Email'] ; ?> </br> <?php echo $_SESSION['phone'] ; ?> <p><strong>My Account</strong></p> <a href="myaccount.php">My Account</a><br> <a href="mysettings.php">Settings</a><br> <a href="logout.php">Logout </a> </body> </html> And finally the database structure is this one ... Code: [Select] CREATE TABLE IF NOT EXISTS `members` ( `Memberid` int(10) NOT NULL AUTO_INCREMENT, `Username` varchar(20) NOT NULL, `Email` varchar(50) NOT NULL, `Password` varchar(10) NOT NULL, `phone` varchar(25) NOT NULL, `Activation` varchar(60) DEFAULT NULL, PRIMARY KEY (`Memberid`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=30 ; Please help me with this because i'm going mad just wandering if this can be done and if so do you know were i can read about this or have any suggestion? i have a database with all are clients data that we store in it. I can now let them log into a php search screen that they can pull data from and see what we have stored. I would like to restrict what info they can pull by the user name they log in with, so they are not pulling other client info when they do the search. the user database and company database are two different ones. they search by box number and i would like to restrict what it pulls up by company name depending on if the user logged in has rites to that company info. so if jane doe logged in and she was a member of soso company when she did a box search she would only see what was from soso company instead of how it is now it pulls from soso, DD, and all the company's. Thanks in advance I want to show data for logged in user, i am using sessions to login. This is the code i already have: // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); //this selects everything for the current user, ready to be used in the script below $result = mysql_query("SELECT id, points, ingame_points, ingame_money, ingame_items FROM members; WHERE username = $_SESSION['myusername']"); //this function will take the above query and create an array while($row = mysql_fetch_array($result)) { //with the array created above, I can create variables (left) with the outputted array (right) $points = $row['points']; $id = $row['id']; $ingame_points = $row['ingame_points']; $ingame_money = $row['ingame_money']; $ingame_items = $row['ingame_items']; } Help ? I have members.php: <?php /********************************************************************** Filename: members.php Version: $Id: members.php 17 2007-04-09 09:40:35Z Jez $ Description: This file displays the members screen once they've logged in. **********************************************************************/ /* Members script: */ include_once("config.php"); // Check user logged in already: checkLoggedIn("yes"); doCSS(); print("Welcome to the members page <b>".$_SESSION["login"]."</b><br>\n"); print("Your password is: <b>".$_SESSION["password"]."</b><br>\n"); print("<a href=\"logout.php"."\">Logout</a>"); ?> and functions.php: <?php /********************************************************************** Filename: functions.php Description: This file contains main stock of functions. This file is automatically 'include()'d by every page that include()'s the file 'config.php'. This has the benefit that every page that includes 'config.php' will have access to all of the functions in this file. **********************************************************************/ /******************************************************\ * Function Name : connectToDB() * * Task : create connection to db * * Arguments : none * * Globals: all defined in config.php * * Returns : none, sets $link * \******************************************************/ function connectToDB() { global $link, $dbhost, $dbuser, $dbpass, $dbname; /* Database connection: The PHP function mysql_pconnect() connects to a MySQL database with the arguments it is given. mysql_pconnect() creates a persistent database connection which can save some time when a number of mysql connections are made to the same db with the same user/password/dbhost triple. Further, when the execution of the PHP script ends, the connection to the database is NOT closed. In some rare cases this can cause problems. Alternatively mysql_connect() can be used and takes the same arguments as mysql_pconnect(). However mysql_connect() does not maintain a persistent connection - every call to mysql_connect() creates a new db connection. On a busy server this can significantly increase the amount of time taken to execute queries on the db. */ ($link = mysql_pconnect("$dbhost", "$dbuser", "$dbpass")) || die("Couldn't connect to MySQL"); // select db: mysql_select_db("$dbname", $link) || die("Couldn't open db: $dbname. Error if any was: ".mysql_error() ); } // end func dbConnect(); /******************************************************\ * Function Name : newUser($login, $pass) * * Task : Create a new user entry in the users table based on args passed * * Arguments : string($login, $pass) * * Returns : int($id), $id of new user * \******************************************************/ function newUser($login, $password) { /* Creating a New User Record in the DB: In this function we create a new user record in the db. We first build a query and save it into the $query variable. The query statement says: 'Insert the value of $login and $password into the 'login' and 'password' columns in the 'users' table' */ global $link; $query="INSERT INTO users (login, password) VALUES('$login', '$password')"; $result=mysql_query($query, $link) or die("Died inserting login info into db. Error returned if any: ".mysql_error()); return true; } // end func newUser($login, $pass) /******************************************************\ * Function Name : displayErrors($messages) * * Task : display a list of errors * * Arguments : array $messages * * Returns : none * \******************************************************/ function displayErrors($messages) { /* Error Handling functions: An error handling function is useful to have in any project. This particular function takes an array of messages, and for each message displays it in a list using HTML <ul><li></li></ul> tags. */ print("<b>There were problems with the previous action. Following is a list of the error messages generated:</b>\n<ul>\n"); foreach($messages as $msg){ print("<li>$msg</li>\n"); } print("</ul>\n"); } // end func displayErrors($messages) /******************************************************\ * Function Name : checkLoggedIn($status) * * Task : check if a user is (isn't) logged in depending on $status * * Arguments : quasi(!) boolean $status - "yes" or "no" * * Returns : * \******************************************************/ function checkLoggedIn($status){ /* Function to check whether a user is logged in or not: This is a function that checks if a user is already logged in or not, depending on the value of $status which is passed in as an argument. If $status is 'yes', we check if the user is already logged in; If $status is 'no', we check if the user is NOT already logged in. */ switch($status){ // if yes, check user is logged in: // ie for actions where, yes, user must be logged in(!) case "yes": if(!isset($_SESSION["loggedIn"])){ header("Location: login.php"); exit; } break; // if no, check NOT logged in: // ie for actions where user can't already be logged in // (ie for joining up or logging in) case "no": /* The '===' operator differs slightly from the '==' equality operator. $a === $b if and only if $a is equal to $b AND $a is the same variable type as $b. for example, if: $a="2"; <-- $a is a string here $b=2; <-- $b is an integer here then this test returns false: if($a===$b) whereas this test returns true: if($a==$b) */ if(isset($_SESSION["loggedIn"]) && $_SESSION["loggedIn"] === true ){ header("Location: members.php"); } break; } // if got here, all ok, return true: return true; } // end func checkLoggedIn($status) /******************************************************\ * Function Name : checkPass($login, $password) * * Task : check login/passwd match that stored in db * * Arguments : string($login, $password); * * Returns : array $row - array of member details on success * false on failure \******************************************************/ function checkPass($login, $password) { /* Password checking function: This is a simple function that takes the $login name and $password that a user submits in a form and checks that a row exists in the database whe the value of the 'login' column is the same as the value in $login and the value of the 'password' column is the same as the value in $password If exactly one row is returned, then that row of data is returned. If no row is found, the function returns 'false'. */ global $link; $query="SELECT login, password FROM users WHERE login='$login' and password='$password'"; $result=mysql_query($query, $link) or die("checkPass fatal error: ".mysql_error()); // Check exactly one row is found: if(mysql_num_rows($result)==1) { $row=mysql_fetch_array($result); return $row; } //Bad Login: return false; } // end func checkPass($login, $password) /******************************************************\ * Function Name : cleanMemberSession($login, $pass) * * Task : populate a session variable * * Arguments : string $login, string $pass taken from users table in db. * * Returns : none * \******************************************************/ function cleanMemberSession($login, $password) { /* Member session initialization function: This function initializes 3 session variables: $login, $password and $loggedIn. $login and $password are used on member pages (where you could allow the user to change their password for example). $loggedIn is a simple boolean variable which indicates whether or not the user is currently logged in. */ $_SESSION["login"]=$login; $_SESSION["password"]=$password; $_SESSION["loggedIn"]=true; } // end func cleanMemberSession($login, $pass) /******************************************************\ * Function Name : flushMemberSession($session) * * Task : unset session variables and destroy session * * Arguments : array $session * * Returns : true * \******************************************************/ function flushMemberSession() { /* Member session destruction function: This function unsets all the session variables initialized above and then destroys the current session. */ // use unset to destroy the session variables unset($_SESSION["login"]); unset($_SESSION["password"]); unset($_SESSION["loggedIn"]); // and use session_destroy to destroy all data associated // with current session: session_destroy(); return true; } // send func flushMemberSession() /******************************************************\ * Function Name : doCSS() * * Task : output the CSS for the screens * * Arguments : * * Returns : * \******************************************************/ function doCSS() { /* CSS Output: This function simply outputs some cascading style sheet data for markup by the user's browser. */ ?> <style type="text/css"> body{font-family: Arial, Helvetica; font-size: 10pt} h1{font-size: 12pt} </style> <?php } // end func doCSS() # function validates HTML form field data passed to it: function field_validator($field_descr, $field_data, $field_type, $min_length="", $max_length="", $field_required=1) { /* Field validator: This is a handy function for validating the data passed to us from a user's <form> fields. Using this function we can check a certain type of data was passed to us (email, digit, number, etc) and that the data was of a certain length. */ # array for storing error messages global $messages; # first, if no data and field is not required, just return now: if(!$field_data && !$field_required){ return; } # initialize a flag variable - used to flag whether data is valid or not $field_ok=false; # this is the regexp for email validation: $email_regexp="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|"; $email_regexp.="(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"; # a hash array of "types of data" pointing to "regexps" used to validate the data: $data_types=array( "email"=>$email_regexp, "digit"=>"^[0-9]$", "number"=>"^[0-9]+$", "alpha"=>"^[a-zA-Z]+$", "alpha_space"=>"^[a-zA-Z ]+$", "alphanumeric"=>"^[a-zA-Z0-9]+$", "alphanumeric_space"=>"^[a-zA-Z0-9 ]+$", "string"=>"" ); # check for required fields if ($field_required && empty($field_data)) { $messages[] = "$field_descr is a required field."; return; } # if field type is a string, no need to check regexp: if ($field_type == "string") { $field_ok = true; } else { # Check the field data against the regexp pattern: $field_ok = ereg($data_types[$field_type], $field_data); } # if field data is bad, add message: if (!$field_ok) { $messages[] = "Please enter a valid $field_descr."; return; } # field data min length checking: if ($field_ok && ($min_length > 0)) { if (strlen($field_data) < $min_length) { $messages[] = "$field_descr is invalid, it should be at least $min_length character(s)."; return; } } # field data max length checking: if ($field_ok && ($max_length > 0)) { if (strlen($field_data) > $max_length) { $messages[] = "$field_descr is invalid, it should be less than $max_length characters."; return; } } } ?> The db has an table users with id, login, password, site Question how can i get inf from "site" raw for logged user on members.php ( as a link). Pls help thanks So if I change the user his data to banned or something he don't change Here is the part of the code: Code: [Select] $userInfo = $db->getuserInfo($_GET['id']); if ($userInfo) { echo '<form action="'.coreLink('admin', 'users').'" method="post"><input type="hidden" name="userID" value="'.$userInfo['ID'].'"><ul class="inputs"> <li> <div style="float:right"><input type="text" name="username" class="input" value="'.$userInfo['username'].'"></div> '.__('Username').'<br /><small>'.__('Nickname of the user').'</small> </li> <li> <div style="float:right"><input type="text" name="pass" class="input" value=""></div> '.__('Change password').'<br /><small>'.__("Fill this input if you want to change it's password").'</small> </li> <li> <div style="float:right"><input type="text" name="email" class="input" value="'.$userInfo['email'].'"></div> '.__('Email').'<br /><small>'.__('Email of the user').'</small> </li> <li> <div style="float:right"><input type="text" name="api" class="input" value="'.$userInfo['api'].'"></div> '.__('API Code').'<br /><small>'.__('Used to access through the API').'</small> </li> <li> <div style="float:right"><select class="input" name="status" style="width:311px">'; foreach (array('ok'=>__('Active'), 'nc'=>__('Not confirmed'), 'banned'=>__('Banned')) as $key=>$long) { echo '<option value="'.$key.'"'; if ($key == $userInfo['status']) echo ' selected'; echo '>'.$long.'</option>'; } echo '</select> </div> '.__('Status').'<br /><small>'.__('It can be active, banned..').'</small> </li> <li> <fieldset id="shorters" style="border: 1px solid #ddd;-moz-border-radius:2px;-webkit-border-radius:2px"><legend>'.__('Profile').'</legend><br /><div style="padding-left:40px;margin-bottom:20px;width:110px">'; $avatar = getAvatar($userInfo['ID'], '48'); if (!$userInfo['gravatar'] && ($avatar != $jk->base."static/img/avatar/default_note.png")) echo '<div style="float:right;font-size:.8em"><input type="checkbox" name="avatar"> <img src="'.$jk->base.'static/img/trash.gif"></div>'; echo '<img src="'.getAvatar($userInfo['ID'], '48').'" style="border: 1px solid #ddd"></div> <ul> <li> <div style="float:right"><input type="text" name="profile_name" class="input" value="'.$userInfo['realname'].'"></div> '.__('Name').'<br /><small>'.__('Real name of the user').'</small> </li> <li> <div style="float:right"><input type="text" name="profile_web" class="input" value="'.$userInfo['profile']['url'].'"></div> '.__('Website').'<br /><small>'.__('Website of the user').'</small> </li> <li> <div style="float:right"><input type="text" name="profile_location" class="input" value="'.$userInfo['location'].'"></div> '.__('Location').'<br /><small>'.__('Location of the user').'</small> </li> <li> <div style="float:right"><input type="text" name="profile_bio" class="input" value="'.$userInfo['profile']['bio'].'"></div> '.__('Bio').'<br /><small>'.__('Description of the user').'</small> </li> </ul></fieldset> </li> <li> <div style="float:right"><select class="input" name="language" style="width:311px">'; foreach (return_languages() as $short=>$lang) { echo '<option value="'.$short.'"'; if ($short == $userInfo['language']) echo ' selected'; echo '>'.$lang.'</option>'; } echo '</select> </div> '.__('Language').'<br /><small>'.__('Language of the user').'</small> </li> <li> <div style="float:right"><select class="input" name="theme" style="width:311px">'; foreach ($jk->allowed_themes as $theme) { echo '<option value="'.$theme.'"'; if ($theme == $userInfo['theme']) echo ' selected'; echo '>'.$theme.'</option>'; } echo '</select> </div> '.__('Theme').'<br /><small>'.__('Skin of Jisko').'</small> </li> <li> <div style="float:right"><input type="text" name="invitations" class="input" value="'.$userInfo['invitations'].'"></div> '.__('Number of invitations').'<br /><small>'.__('Number of invitations that the user has').'</small> </li> <li> <div style="float:right"><input type="text" name="openid" class="input" value="'.$userInfo['openid'].'"></div> '.__('OpenID').'<br /><small>'.__('Used to access Jisko trough an OpenID account').'</small> </li> <li> <div style="float:right"><input type="text" name="facebook" class="input" value="'.$userInfo['facebook'].'"></div> '.__('Facebook ID').'<br /><small>'.__('Used to access Jisko trough a Facebook account').'</small> </li> </ul> <br /><input type="submit" value="'.__('Save').'"><br /><br /></form>'; } else header('Location: '.coreLink('admin', 'users')); } |
|||||||