|
PHP - Prevent User From Voting Twice With Cookie
Hi there, im hoping someone can help me with this. What i’m trying to do is prevent users from voting twice with cookies, ive tried to set several myself but none of them have worked. Any help would be amazing. Thanks. EDIT: unsure why its formatted this way. how to fix?
<?php include 'functions.php'; // Connect to MySQL $pdo = pdo_connect_mysql(); // If the GET request "id" exists (poll id)... if (isset($_GET['id'])) { // MySQL query that selects the poll records by the GET request "id" $stmt = $pdo->prepare('SELECT * FROM polls WHERE id = ?'); $stmt->execute([$_GET['id']]); // Fetch the record $poll = $stmt->fetch(PDO::FETCH_ASSOC); // Check if the poll record exists with the id specified if ($poll) { // MySQL query that selects all the poll answers $stmt = $pdo->prepare('SELECT * FROM poll_answers WHERE poll_id = ?'); $stmt->execute([$_GET['id']]); // Fetch all the poll anwsers $poll_answers = $stmt->fetchAll(PDO::FETCH_ASSOC); // If the user clicked the "Vote" button... if (isset($_POST['poll_answer'])) { // Update and increase the vote for the answer the user voted for $stmt = $pdo->prepare('UPDATE poll_answers SET votes = votes +1 WHERE id = ?'); $stmt->execute([$_POST['poll_answer']]); // Redirect user to the result page header ('Location: result.php?id=' . $_GET['id']); exit; } } else { die ('Poll with that ID does not exist.'); } } else { die ('No poll ID specified.'); } ?> <?=template_header('Poll Vote')?> <div class="content poll-vote"> <h2><?=$poll['title']?></h2> <p><?=$poll['des']?></p> <form action="vote.php?id=<?=$_GET['id']?>" onSubmit="disable()" method="post"> <?php for ($i = 0; $i < count($poll_answers); $i++): ?> <label> <input type="radio" name="poll_answer" value="<?=$poll_answers[$i]['id']?>"<?=$i == 0 ? ' checked' : ''?>> <?=$poll_answers[$i]['title']?> </label> <?php endfor; ?> <div> <input type="submit" name="submit" value="Vote"> <a href="result.php?id=<?=$poll['id']?>">View Result</a> </div> </form> </div> <?=template_footer()?>
Edited July 1, 2020 by requinix cleaning up post Similar TutorialsI'm an experienced programmer with several languages (COBOL, REXX, Java, Javascript, etc.) under my belt over many years but I know very little about PHP. I dabbled in it a bit a year or two back and got it to do what I wanted to do but I'm not sure how to do what I currently need.
A bit of context: I have designed a website where the user can choose between various page styles; each style invokes different CSS to give them a different visual experience of the site. They can select the style they want via View/Style in Internet Exploder and View/Page Style in Firefox but that preference is only remembered as long as they're on that page. As soon as they move to another page on the site, they have to choose the alternate style again or live with the default style. I want them to be able to select that preference ONCE, the store it in a cookie specifically for them, then keep using that style every time they visit the site. (Naturally, I want them to be able to change the style and then remember the new style as well.) There will be many visitors and each will want that same capability. I currently don't require any login to the site. (I'm toying with password-protecting some of the site down the road but that's not a factor in this page style thing that I'm talking about here.
Now, my questions.
I've found a variety of short articles describing how to use setCookie() to create the cookie (and delete it later) and getCookie() or the newer echo $_COOKIE["name"] to determine the cookie value. However, I am NOT seeing anything that says where I put the code to set and/or read the code within my web pages. I would really appreciate an explanation of that! I expect to write short fragments of php code to do those jobs which I will then imbed within my web pages via SSI (Server Side Includes). Is that reasonable or is there a better way?
Also:
1. When the user clicks on the desired Style in the View/Style menu, how do I detect what choice they made?
2. Should the name of the cookie be something like "pageStyle" or should it be something that uniquely identifies the user so that the right cookie is retrieved when the come back? If the latter, what value should I use and how should I obtain it? I assume that something unique about the user obtained from their headers is far better than displaying a dialog and asking them for some unique identifier.
I'd rather stay away from Javascript in any of this functionality since I can't rely on it being turned on.
One quick aside while I'm here. Does anyone know how to change the page style if visitors use Google Chrome or Opera? I can't even FIND options for changing the page style in my copies of those two browsers and both are current versions. Do they not support differing page styles at all or do they just hide the technique to choose the style very effectively?
--
Henry
I am trying to create a remember me checkbox for the login of my CMS. What I am trying to achieve is that whenever a user logs in with the checkbox ticked and auth code is created and stored in a cookie and also the database under their user info row. When I user closes their browser without logging out and then returns to the CMS a few days later etc I am trying to run some code straight away if they get redirected to the login page. The code will check to see if the auth code cookie exists, if it does it gets checked against the database records, if a match is found then log that user in. If it doesn't do nothing until the user uses the login form. I have written what I though was the perfect solution but it never seems to automatically log the user in, even if they haven't logged out. Some direction in this matter would be very helpful, thank you. I would also like to know if there is a way of using php to stop my session getting cleared by the trash collector after some inactivity? Login.php (I am using PHpass for the password hashing) Code: [Select] <?php include ('functions.php'); ?> <?php get_header('login'); ?> <div id="login-result"> <?php $redirect = htmlspecialchars(mysql_real_escape_string(addslashes($_GET['redirect']))); if(isset($_COOKIE['authcode'])){ connect(); $authcookie = htmlspecialchars(mysql_real_escape_string(addslashes($_COOKIE['authcode']))); $sql = "SELECT uid, username, firstname, lastname, role FROM usersT WHERE authcode='$authcode'"; $result = mysql_query($sql); $count = mysql_num_rows($result); $row = mysql_fetch_array($result); $uid = $row['uid']; $username = $row['username']; $fname = $row['firstname']; $lname = $row['lastname']; $role = $row['role']; if($count==1){ $sql2 = "UPDATE usersT SET status = '1' WHERE uid = '$uid'"; $result2 = mysql_query($sql2); if($result2){ session_register("uid"); session_register("uname"); session_register("ulevel"); $_SESSION["uid"] = $uid; $_SESSION["username"] = $username; $_SESSION["uname"] = $fname; $_SESSION["ufullname"] = $fname . " " .$lname; $_SESSION["urole"] = $role; if(!empty($redirect)) { header( 'Location: '. $redirect ) ; exit(); } else { header( 'Location: index.php' ) ; exit(); } } } } ?> <?php if (isset($_POST['admin_login'])){ if(isset($_POST["username"]) && isset($_POST["password"])){ connect(); $username_p = htmlspecialchars(mysql_real_escape_string(addslashes($_POST["username"]))); $password_p = htmlspecialchars(mysql_real_escape_string(addslashes($_POST["password"]))); if (strlen($password_1) < 73) { //Password hashing $sql3 = "SELECT password FROM usersT WHERE username='$username_p'"; $result3 = mysql_query($sql3); $row3 = mysql_fetch_array($result3); require("inc/password-hash.php"); $hasher = new PasswordHash(8, false); $stored_hash = "*"; $stored_hash = $row3['password']; $check = $hasher->CheckPassword($password_p, $stored_hash); if($check){ $sql4 = "SELECT uid, username, firstname, lastname, role FROM usersT WHERE username='$username_p'"; $result4 = mysql_query($sql4); $row4 = mysql_fetch_array($result4); $uid = $row4['uid']; $username = $row4['username']; $fname = $row4['firstname']; $lname = $row4['lastname']; $role = $row4['role']; $authcode = random(30); $sql5 = "UPDATE usersT SET status = '1', authcode = '$authcode' WHERE uid = '$uid'"; $result5 = mysql_query($sql5); if($result5){ session_register("uid"); session_register("uname"); session_register("ulevel"); $_SESSION["uid"] = $uid; $_SESSION["username"] = $username; $_SESSION["uname"] = $fname; $_SESSION["ufullname"] = $fname . " " .$lname; $_SESSION["urole"] = $role; if(isset($_POST['remember'])) { setcookie("authcode", $authcode, time() + 86400 * 365 * 2); } // Check if the user wants to be remembered. if(!empty($redirect)) { header( 'Location: '. $redirect ) ; exit(); } // Check if the user has been redirected from another page. else { header( 'Location: index.php' ) ; exit(); } } // Check if the users status has been updated. else { echo "<div class=\"error rounded5 shadow\">User status couldn't be updated!</div>"; } } // Check the entered password against the stored hash. else { echo "<div class=\"error rounded5 shadow\">Invalid username or password!</div>"; } } // Checked the character length of the password. else { echo "<div class=\"error rounded5 shadow\">Password must be 72 characters or less!</div>"; } } // Check both fields have been filled in. } // Check the user has submitted the data. ?> </div><!-- / login-results --> <div id="login" class="rounded5 shadow"> <form name="loginform" id="loginform" action="<?php $_SERVER['PHP_SELF']; ?>" method="post"> <p> <label for="username">Username<br> <input type="text" name="username" id="username" class="rounded5" value="<?php echo $username_p; ?>" size="20" tabindex="10" /></label> </p> <p> <label for="password">Password<br> <input type="password" name="password" id="password" class="rounded5" value="<?php echo $password_p; ?>" size="20" tabindex="20" maxlength="72" /></label> </p> <p class="submit"> Keep me logged in <input type="checkbox" name="remember" id="remember" <?php if(isset($_COOKIE['remembered'])){ echo "selected=\"selected\""; } ?> /><br /><br /><a href="" class="left">Lost your password?</a> <input type="submit" name="admin_login" id="admin_login" class="btn rounded10 right" value="Log In" tabindex="100" /> </p> <div class="cleaner"></div><!-- / cleaner --> </form> </div><!-- / login--> <?php get_footer('login'); ?> Logout.php Code: [Select] <?php session_start(); include ('functions.php'); connect(); $uid = mysql_real_escape_string($_SESSION['uid']); $sql = "UPDATE usersT SET status = '0', authcode = '' WHERE uid = '$uid'"; $result = mysql_query($sql); if($result) { session_unset(); session_destroy(); setcookie("authcode", $authcode, time() - 86400 * 365 * 2); header("location:" . get_option('home') . "/login.php"); exit(); } else { exit(); } ?> Redirect Code Code: [Select] <?php session_start(); $url = (!empty($_SERVER['HTTPS'])) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'] : "http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']; $uid = $_SESSION['uid']; if (!isset($uid)) { header('location:login.php?redirect='.$url); exit(); die(); } ?> This topic has been moved to Linux. http://www.phpfreaks.com/forums/index.php?topic=318175.0 Hello, I was wondering is it possible to create vote with php when people vote the voted thing will go away like for exsample if there is ingame map vote and players vote !map de_dust2 the de_dust2 will be removed from map list and the last map that stays will be used? Sorry for bad english. <form action='index.php' method='POST' enctype='multipart/form-dat'> <select name='votes'> <option>SEATOWN</option> <option>vote1</option> <option>vote2</option> <option>vote3</option> </select> <input type='submit' name='vote' value='Vote'> </form> <?php $vote=$_GET['votes']; if(isset($_POST['vote'])) { echo "voted"; echo $vote; } ?> why would this not echo out anything for $vote??? cheers matt Basically I am writing my own voting system but I have a few problems and I would like to address them all in one post rather than three. First: The first thing I need help with is using CURL to check if a user actually voted at the remote top list website. Two: I need maybe a source script of a 10 digit hash generator that will display the hash generated and will insert it into the database This is currently what my hash generator looks like but I need someone to help me change it so that it will echo the actual hash generated and inserts it into the database, <?php function gen_md5_password($len = 6) { return substr(md5(rand().rand()), 0, $len); } ?> Three: I need some sort of way to tell the database that if they hash is not used within 24 hours, it will just dump or delete. Hi, I am trying to come up with the best way to create a range voting form. Each candidate will have a "confidence" value associated with the choice.(using a pulldown menu?) So for March Madness it would be: Team ....... Confidence Value..... each team could only be voted to finish the tournament in a particular place, and a value would be associated with that choice. The total choices possible determines the range of confidence value possible. So....if there are 16 teams to vote on....the confidence value would range from 1-16. The voter would assign his highest available value to the team he was most confident in landing in that particular position. Example: 16 teams - 16 conf vals - if certain Duke will end up at #1 - then vote : #1 = Duke, conf val 16 next, if almost as certain that NC will end up last - then vote: #16 = NC, conf val 15 next most certain "", conf val 14 and so on.... the tricky part is making sure that the form code validates each conf val so that it is used, but used on ly once.... ideally the form could return values that could then be imported into excel and comopared. has this been done somewhere? Can you help ? hope so.... thanks!! I'm trying to make a voting system, Where each person would vote and they'll receive a point for it. I just don't know how to accomplish this.. =/ This is a node voting module I created and it has a slight problem that I cannot figure out. It's supposed to be a simple 'Vote Up' or 'Vote Down' feature. You click 'Vote Up' and one appears in your vote tally. You click 'Vote Down' and your original vote tally is subtracted by one back down to zero. When it goes back to zero, it gets stuck there. It stays on zero no matter if I choose 'Vote Up' or 'Vote Down' again. There's something that's happening when I move my vote tally back down to zero. Maybe something isn't setup correctly with the $current_votes variable. I don't know. I've been at this for hours. Here's the code: <?php function bonnier_vote_perm() { return array('vote on content'); } function bonnier_vote_menu() { $items = array(); $items['vote'] = array( 'title' => 'vote', 'page callback' => 'bonnier_vote_vote', 'access arguments' => array('vote on content'), 'type' => MENU_CALLBACK, ); return $items; } function bonnier_vote_vote() { $nid = $_REQUEST['nid']; $value = $_REQUEST['votes']; $current_votes = db_result(db_query("SELECT votes FROM bonnier_vote WHERE nid = $nid")); if ($current_votes) { $new_votes = $current_votes + $value; db_query("UPDATE bonnier_vote SET votes = $new_votes WHERE nid = $nid"); } else { db_query("INSERT INTO bonnier_vote (nid, votes) VALUES ($nid, $value)"); } drupal_set_message('Your vote has been recorded'); drupal_goto('node/'.$nid); } function bonnier_vote_nodeapi(&$node, $op, $teaser = null, $page = null) { if ($op == 'view' && !$teaser) { $votes = db_result(db_query("SELECT votes FROM bonnier_vote WHERE nid = {$node->nid}")); if (!$votes) { $votes = 0; } $widget = '<div>'; $widget .= l('Vote Up', 'vote', array('query' => array('nid' => $node->nid, 'votes' => 1))); $widget .= ' '; $widget .= l('Vote Down', 'vote', array('query' => array('nid' => $node->nid, 'value' => -1))); $widget .= ' '; $widget .= 'Sco '. $votes; $widget .= '</div>'; $node->content['vote_widget'] = array( '#value' => $widget, '#weight' => -10, ); } } Any bit of advice would be much appreciated. So I have made an anonymous poll system but I would like to limit the possibility to vote only once from a single pc. I think that I could store and check 3 things regarding a user that has voted: 1) $_SERVER['HTTP_CLIENT_IP']."!".$_SERVER['HTTP_X_FORWARDED_FOR']."!".$_SERVER['REMOTE_ADDR']; 2) HTTP cookie 3) Flash cookie LSO (because this contrary to the HTTP cookei can be detected in multiple browsers( (only if Flash is installed))) But there can be a simple situation - a simple user votes one time from Firefox and after a time his IP changes (for example he uses some Mobile internet where dynamic addressing is used) . Then for some reason he wants to use Internet Explorer where Flash is not installed. In result - it is possible to vote twice. Can anyone please suggest something regarding this? I know there is not 100% bulletproof solution - I just want to minimise the possibility to vote more than once. Also I am thinking about using EverCookie(undeletable cookie) but that could cause a lot of other problems. I made a website for school where everyone can upload their summaries, download them and rate them (thumbs up, thumbs down). You upload a summary with some data: a specific class, subject, name etc. The path to the file, the name, subject etc. comes in a mysql table and the summaries show in a list on the site. Now here comes the problem, when you vote a summary up you go to the page up.php like this: Code: [Select] <!--Directing to up.php--> --some mysql-- while ( $summary = mysql_fetch_assoc($result) ) { echo "<a href=\"up.php?id=".$summary['id']."&page=".$summary['class'].$summary['period']."\">"; } On the page up.php I have the following code which adds +1 in the thumbsup row in myqsl: Code: [Select] <!-- thumbsup +1 --> --some mysql-- $sql2 = "UPDATE locatie SET thumbsup = thumbsup + '1' WHERE id='".strval($_GET['id'])."'"; $uitvoeren2 = mysql_query($sql2); and sends you back to the previous page Code: [Select] header("Location: ".$_GET['page'].".php"); Google crawls all my pages, and also the page Code: [Select] up.php?id=1&page=class1periode3, which changes my mysql. Leading to that all of the summaries are being voted on by google, which is every annoying. This probably isn't the best voting script but I'm fairly new to php and thought this up on my own, so I was wondering if I could get it working properly Thanks in advance Hello, Im trying to create a simple voting script for my site, i been trying different things but cannot get it too function properly. The idea is you click the 'thumbs up' image to add 1 to the 'likes' value and thumbs down to add '1' to the dislikes. Sound simple but its giving me headaches. Would really appreciate it if someone could take a quick look at my script. The table is called 'youtube_rating' (because thats the look i was going for) and in the table is 4 columns, id (aut0_increment), liked (counts liked votes), disliked (counts dislikes) and item_num which is the id for teh product the rating is for. Code: [Select] <? if ( $row['rating'] == 'YES' ) { require ("../rating/voting/dbcon.php"); $result1 = mysql_query("select * from youtube_rating WHERE item_num='".$page_id."'"); $row = mysql_fetch_array($result1); $dislike = $row['dislike']; $like = $row['liked']; if (isset($_POST['submitted'])) { require_once ("../database/functions.php"); $userip = $_SERVER['REMOTE_ADDR']; $id = safe($_POST['id']); $vote = '1'; // check if user already voted $result = mysql_query("SELECT * FROM youtube_ip WHERE userip='$userip' AND item_num ='".$id."'"); $num = mysql_num_rows($result); // if already voted show error if (isset($_POST['submitted']) && ($num > 0)) { echo '<div class="alreadyvoted">You have already voted!</div>'; } // add like if (isset($_POST['submitted']) && ($_POST['submitted'] == 'like') && ($num == 0)) { // add 1 to value $liked_value = mysql_query("SELECT liked FROM youtube_ip WHERE item_num ='".$id."'"); $liked_total = $liked_value + $vote; $query = "update youtube_rating set liked = '".$liked_total."' where item_num ='".$id."'"; echo '<div class="ilikethis">You like this!</div>'; } // add dislike if (isset($_POST['submitted']) && ($_POST['submitted'] == 'dislike') && ($num == 0)) { // add 1 to value $dislike_value = mysql_query("SELECT dislike FROM youtube_ip WHERE item_num ='".$id."'"); $dislike_total = $dislike_value + $vote; $query = "update youtube_rating set dislike = '".$dislike_total."' where item_num ='".$id."'"; echo '<div class="idislikethis">You Dislike this!</div>'; } // log ip // if (isset($_POST['submitted']) && ($num == 0)) // { // mysql_query ("insert into youtube_ip (userip, item_num) values ('".$userip."', '".$id."')"); // } } ?> <table width="50%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="48%" align="center"> <form action="" method="post"> <input name="id" type="hidden" value="<? echo $page_id ?>" /> <input name="submitted" type="hidden" value="like" /> <button type="submit" class="like_button" name="like" id="like" > <img src="../rating/voting/pixel-vfl73.gif" alt=""> <span><?php echo $like?></span> </button> </form> </td> <td width="52%"> <form action="" method="post"> <input name="id" type="hidden" value="<? echo $page_id ?>" /> <input name="submitted" type="hidden" value="dislike" /> <button type="submit" class="dislike_button" name="dislike" id="dislike" > <img src="../rating/voting/pixel-vfl73.gif" alt=""> <span><? echo $dislike?></span> </button> </form> </td> </tr> </table> <? } ?> The problem is the vote does not add up or update the database, also it doesn't seem to be checking if the user has voted or not, it just attempts (but fails) to add a vote no matter what Thanks for any help. hi guys i am building a voting system for my gaming website people sign up for matches, and those will be played at 3-5 different maps people can vote for wich maps they want to play each player can choose 3 maps, also 3 x the same map now the results of that voting system are shown on the page like this There is 1 vote for Map 1 There are 5 votes for Map 2 There is 1 vote for Map 3 There are 2 votes for Map 7 There is 1 vote for Map 4 There is 1 vote for Map 5 There are 8 votes for Map 8 now i want to make a script that picks the maps that will be played, so only show the 3-5 best results in the example above it woud be 2 x map 8 and 1x map 2 but im not sure how to start on this the db table of the votes is built like this id matchid playerid mapid mapname 1 113 195 1 NukeTown 2 113 195 2 Grid 3 113 195 1 NukeTown 4 114 195 1 NukeTown 5 114 195 1 NukeTown any advice or thoughts on this? thanks Hello everyone. I recently coded a Minecraft Voting for Diamonds script. Basically, you enter your username, you vote on the sites, then click "Get Reward". The reward then goes through a RCON script, and rewards the user with their diamonds in-game. the full script works fine, and I am happy with it, but there is one small problem; and that is users being able to abuse the system. If they wanted to, they could just refresh the page, and click Get Rewarded again, and again. I want to make something like this: It has a countdown on the link, which is started upon click, and then the link re-activates when the timer is done. My script already has "disabled=..." tags, so you have to click all links, this way would make sure a user cannot click the link until the timer is done. I'm pretty new to PHP, and please forgive me if it is not 100% PHP, but this place seemed extremely helpful. I am also pretty new to PHP, so make it for dummies xD Thanks everyone! Hi Guys, I am designing this website that takes votes on images. I need to store the votes for each image against the image name and a username. For this purpose, I need to modify the current code which retrieves votes from the voting system but doesn't have a system to enter the image name dynamically. Below is the code for the same: Code: [Select] <?php ob_start(); $host="localhost"; $username="computat_abhi"; $password="[..]"; $databasename="computat_button"; $tbl_name="record"; $db=mysql_connect ("localhost", "computat_abhi", "[..]")or die(mysql_error()); mysql_select_db($databasename, $db) or die(mysql_error()); if( isset($_POST['Like']) ) { $sql = 'INSERT INTO record(ImageNumber,LikeCounter) VALUES (\'b1\', 1)'; mysql_query($sql, $db) or die(mysql_error()); echo 'Like vote is registered'; } elseif(isset($_POST['Dislike'])) { $sql = 'INSERT INTO record(ImageNumber,DislikeCounter) VALUES (\'b1\', 1)'; mysql_query($sql, $db) or die(mysql_error()); echo 'Dislike vote is registered'; } ob_end_flush(); ?> <html> <head> <title> Do you Like/Dislike this image? </title> </head> <body> <h1> Do you Like/Dislike this image? </h1> <form name="form1" method ="post"> <input type="submit" name="Like" value="Like"> <input type="submit" name="Dislike" value="dislike"> </form> </body> </html> Another issue is to register a new user on the website www.computationalphotography.in and link it with the voting system above. Looking forward to your help and suggestions. hi, i have made a website where people resgister their details of them and products. they have to enter the following details in form Name of company name of the product company address email id password mobile number contact and brief details about their company
user can then login with email id and pwd. now after login ..user will get a page where he can upload the photos of products images and their price, so now my question is that when he finishes uploading (|by clicking on upload button) the product images and price text box ..then on final uploaded webspage it should show all other things which he registerd before (company name , mobile number etc) along with images and price...hence the main question that user does not need to enter mobile and address while uploading images and filling proce ..but on the final page it should show mobile and address along with price and images..as user is not going to enter mobile and address again and again as he will have multiple products to upload.
I would appreciate your assistance, there are tons of login scripts and they work just fine. However I need my operators to login and then list their activities for the other operators who are logged in to see and if desired send their clients on the desired activity. I have the login working like a charm and the activities are listed just beautifully. How do I combine the two tables in the MySQL with PHP so the operator Logged in can only make changes to his listing but see the others. FIRST THE ONE script the member logges in here to the one table in MSQL: <?php session_start(); require_once('config.php'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $login = clean($_POST['login']); $password = clean($_POST['password']); if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); if($result) { if(mysql_num_rows($result) == 1) { session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: member-index.php"); exit(); }else { header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> ................................................. ................................ Now I need the person who logged in to the table above to be able to make multiple entries to the table below <? $ID=$_POST['ID']; $title=$_POST['title']; $cost=$_POST['cost']; $activity=$_POST['activity']; $ayear=$_POST['aday']; $aday=$_POST['ayear']; $seats=$_POST['special']; $special=$_POST['seats']; mysql_connect("xxxxxx", "xxx350234427", "========") or die(mysql_error()); mysql_select_db("xxxx") or die(mysql_error()); mysql_query("INSERT INTO `activity` VALUES ('ID','$title', '$cost','$activity', '$aday', '$ayear', '$special', '$seats')"); Print "Your information has been successfully added to the database!" ?> Click <a href="member-profile.php">HERE</a> to return to the main menu <?php ?> Actually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after Hi, so far I have managed to set up a somewhat basic login website with a mysql database backend. Once they have logged on they go to a "main menu" page. What I need to define is that user A sees button A but only that button, etc. (Then of course that same rule would have to apply if they tried to directly go to the page, but I am guessing I can do that in the same way that I currently do to force a login). If anyone has any tutorials or sample code I would much appreciate it. Thanks, Hi guys, I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else. I have got the system to work up as far as: 1/ The user logs in 2/ Once logged in they are re-directed to their own page using 'theirusername.php' Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page. This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working! Please find below the code I am using: LOGIN <?php session_start(); function dbconnect() { $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error()); } ?> <?php if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; $_SESSION['name'] header("Location:" . strtolower($username) . ".php"); } ?> HEADER ON EACH PHP PAGE <?php session_start(); if(!isset($_SESSION['loggedin'])) { die(Access to this page is restricted without a valid username and password); ?> --------------------------------------------------- Am I right in thinking it is something to do with the "loggedin" part? The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php" Any help would be greatly appreciated! Ta |
|||||||