I need to list to all the schemas in some inputs (checkbox) then we can choose which one(s) we want to manipulate, to give privileges to a specific user.
Anyway, I got this, as you can see:
<div id="list-schemas">
<?php
foreach ($schemas as $elt) {
echo '<input type="checkbox" name="schemas[]" value="' . $elt->getSchema() . '"/>' . $elt->getSchema() . '<br />';
}
?>
</div>
Then, I need also to put some checkbox with the privileges, I did that:
<div id="div-privileges">
<?php
foreach ($schemas as $elt) {
echo '<div class="list">';
echo '<label for="list">' . $elt->getSchema() . ' :</label><br />';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="REVOKE"/> REVOKE ? <br />';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="ALL"/> ALL PRIVILEGES ? <br />';
echo '<hr>';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="SELECT"/> SELECT ? <br />';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="INSERT"/> INSERT ? <br />';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="UPDATE"/> UPDATE ? <br />';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="DELETE"/> DELETE ? <br />';
echo '<hr>';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="CREATE"/>CREATE ? <br />';
echo '</div>';
}
?>
</div>
It looks like that: https://image.noelshack.com/fichiers/2019/37/3/1568191628-capture2.png
So, that's being said, here's my function update in my UserManager.class.php:
public static function update(User $newPerso){
$db = DbConnect::getDb();
$newLogin= pg_escape_string($newPerso->getLogin());
$arraySchemas=$newPerso->getSchemas();
$arrayPrivileges=$newPerso->getPrivileges();
if (isset($arraySchemas)){
foreach($arrayPrivileges as $schema => $privileges){
if (isset($arrayPrivileges)){
foreach($privileges as $privilege){
if($privilege=="REVOKE"){
pg_query("{$privilege} ALL ON ALL TABLES IN SCHEMA {$schema} FROM {$newLogin};");
}
else if($privilege=="CREATE"){
pg_query("GRANT {$privilege} ON SCHEMA {$schema} TO {$newLogin};");
}
else if($privilege=="ALL" || $privilege=="INSERT" || $privilege=="SELECT" || $privilege=="UPDATE" || $privilege=="DELETE"){
pg_query("GRANT {$privilege} ON ALL TABLES IN SCHEMA {$schema} TO {$newLogin};");
}
}
}
}
}
}
The fact is that when I do that: https://image.noelshack.com/fichiers/2019/37/3/1568193038-capture3.png
It works, the user will have SELECT + INSERT on "public" & will have UPDATE + DELETE on "schematest"
BUT,
When I do that: https://image.noelshack.com/fichiers/2019/37/3/1568186255-capture.png
My User will have (in that example):
ALL PRIVILEGES in both of these schemas...
It's normal that it works for "public" but how can I prevent for the "schematest"..?
Well guys, I add a "&& in_array($schema, $arraySchemas)"
It seems to work now let me show you :
public static function update(User $newPerso){
$db = DbConnect::getDb();
$newLogin= pg_escape_string($newPerso->getLogin());
$arraySchemas=$newPerso->getSchemas();
$arrayPrivileges=$newPerso->getPrivileges();
if (isset($arraySchemas)){
foreach($arrayPrivileges as $schema => $privileges){
if (isset($arrayPrivileges) && in_array($schema, $arraySchemas)){ /****<- RIGHT HERE****/
foreach($privileges as $privilege){
if($privilege=="REVOKE"){
pg_query("{$privilege} ALL ON ALL TABLES IN SCHEMA {$schema} FROM {$newLogin};");
}
else if($privilege=="CREATE"){
pg_query("GRANT {$privilege} ON SCHEMA {$schema} TO {$newLogin};");
pg_query("GRANT USAGE ON SCHEMA {$schema} TO {$newLogin};");
}
else if($privilege=="ALL" || $privilege=="INSERT" || $privilege=="SELECT" || $privilege=="UPDATE" || $privilege=="DELETE"){
pg_query("GRANT {$privilege} ON ALL TABLES IN SCHEMA {$schema} TO {$newLogin};");
pg_query("GRANT USAGE ON SCHEMA {$schema} TO {$newLogin};");
}
}
}
}
}
}
Related
I have a first checkbox with a list of several schemas.
Want I want to do is simple:
When I check a schema, I want to make appear his individual div "list-right" right below, which is ANOTHER checkbox.
Here is my code :
<div>
<div>
<h4>Select your schema(s) :</h4>
<div id="list-schemas">
<?php
foreach ($schemas as $elt) {
echo '<input type="checkbox" name="schemas[]" value="' . $elt->getSchema() . '"/>' . $elt->getSchema() . '<br />';
}
?>
</div>
</div>
<h4>Privileges on tables by selected schemas :</h4>
<div id="div-privileges">
<?php
foreach ($schemas as $elt) {
echo '<div class="list-right" id="' . $elt->getSchema() . '">';
echo '<label for="list-right">' . $elt->getSchema() . ' :</label><br />';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="REVOKE"/> REVOKE ? <br />';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="ALL"/> ALL PRIVILEGES ? <br />';
echo '<hr>';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="SELECT"/> SELECT ? <br />';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="INSERT"/> INSERT ? <br />';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="UPDATE"/> UPDATE ? <br />';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="DELETE"/> DELETE ? <br />';
echo '<hr>';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="CREATE"/>CREATE ? <br />';
echo '</div>';
}
?>
</div>
</div>
I managed to display = 'none' ALL THE div "list-right".
As you can see :
var listRight=document.getElementsByClassName("list-right");
for (var i = 0; i < listRight.length; i ++) {
listRight[i].style.display = 'none';
}
What I have without the JavaScript function :
https://image.noelshack.com/fichiers/2019/38/3/1568790896-capture2.png
What I have with the JavaScript function :
https://image.noelshack.com/fichiers/2019/38/3/1568790893-capture.png
What I want :
https://image.noelshack.com/fichiers/2019/38/3/1568790898-capture3.png
But I can't make them appear individually, & dynamically...
Can anybody help me..?
If you want to this this dynamically you will have to use a client-side script, like javascript. Add onclick functions to your checkboxes like this:
echo '<input onclick="show_checkboxes(\''.$elt->getSchema().'\');" type="checkbox" name="schemas[]" value="' . $elt->getSchema() . '"/>' . $elt->getSchema() . '<br />';
Also, change your list-right div to this:
echo '<div class="list-right" id="list_right_'.$elt->getSchema().'" style="display:none;">';
Then add the show_checkboxes function like this:
echo'
<script>
function show_checkboxes(schema){
if(this.checked == true){
document.getElementById("list_right_"+schema).style.display = "block";
}
else{
document.getElementById("list_right_"+schema).style.display = "none";
}
}
</script>';
Finally it's correct, here's the code :
PhP:
<div>
<div>
<h4>Select your schema(s) :</h4>
<div id="list-schemas">
<?php
foreach ($schemas as $elt) {
echo '<input id="' . $elt->getSchema() . '" onclick="show_checkboxes(\''.$elt->getSchema().'\');" type="checkbox" name="schemas[]" value="' . $elt->getSchema() . '"/>' . $elt->getSchema() . '<br />';
}
?>
</div>
</div>
<h4>Privileges on tables by selected schemas :</h4>
<div id="div-privileges">
<?php
foreach ($schemas as $elt) {
echo '<div class="list-right" id="list_right_'.$elt->getSchema().'">';
echo '<label for="list-right">' . $elt->getSchema() . ' :</label><br />';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="REVOKE"/> REVOKE ? <br />';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="ALL"/> ALL PRIVILEGES ? <br />';
echo '<hr>';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="SELECT"/> SELECT ? <br />';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="INSERT"/> INSERT ? <br />';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="UPDATE"/> UPDATE ? <br />';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="DELETE"/> DELETE ? <br />';
echo '<hr>';
echo '<input type="checkbox" name="privileges[' . $elt->getSchema() . '][]" value="CREATE"/>CREATE ? <br />';
echo '</div>';
}
?>
</div>
</div>
Javascript :
/*Way to display none all the list-right divs*/
var listRight=document.getElementsByClassName("list-right");
for (var i = 0; i < listRight.length; i ++) {
listRight[i].style.display = 'none';
}
/*function to display block when we click on the right schema*/
function show_checkboxes(schema){
if(document.getElementById(schema).checked){
document.getElementById("list_right_"+schema).style.display = "block";
}
else{
document.getElementById("list_right_"+schema).style.display = "none";
}
}
Thank you for the help.
Use this to display the correspondent div
<div id="list-schemas">
<?php
foreach ($schemas as $elt) {
echo '<input type="checkbox" name="schemas[]" value="' .$elt->getSchema() . '" class="schema"/>' . $elt->getSchema() . '<br />';
}
?>
</div>
and this in your javascript
<script>
var schmas=document.getElementsByClassName("schema");
for (var i = 0; i < schema.length; i++) {
schema[i].onChange = function(e) {
var schema = e.value;
if (e.checked) {
showMe(schema);
} else {
hideMe(schema);
}
}
}
function showMe(schema) {
document.getElementById(schema).style.display= block;
}
function hideMe(schema) {
document.getElementById(schema).style.display= = none;
}
</script>
But remeber to make all list-right divs hidden by using display:none in css
I have an issue when trying to insert info coming from a form which is generated dynamically in php.
The form consists of of an variable amount of inputs which all consists of four input elements. See below how my form is generated:
<?php $result = mysql_query("SELECT id,name,description FROM todo_q WHERE todo_id = $todo_id AND active = 'y'");
while($todo_q=mysql_fetch_array($result)){
echo '<label>';
echo $todo_q['name'];
echo '</label><br>';
echo '<input type="checkbox" name="value[]" value="y" />';
//echo '<input type="hidden" name="value[]" value="n" />';
echo '<label>';
echo $todo_q['description'];
echo '</label><br>';
echo '<input type="text" id="comment" name="comment[]">';
echo '<input type="hidden" name="user_id[]" value="';
echo $user_id;
echo '" />';
echo '<input type="hidden" name="todo_id[]" value="';
echo $todo_q['id'];
echo '" />';
echo '<HR>';
}?>
And this is how I try to insert the info into mySQL:
$query = "INSERT INTO todo_a (value, comment, user_id, todo_id) VALUES ";
$query_parts = array();
for($x=0; $x<count($_POST["value"]); $x++){
$query_parts[] = "('" . $_POST['value'][$x] . "','" . $_POST['comment'][$x] . "'," . $_POST['user_id'][$x] . "," . $_POST['todo_id'][$x] . ")";
}
$q_parts = $query_parts;
foreach ($q_parts as $q_p){
$insert = ($query .= implode(',', $query_parts));
$result = mysql_query($insert);
}
The problem I have is that when check all checkboxes and comments everything is inserted on the right row in the DB, but if I skip to check one checkbox then it gets messed up...
I would like it the insert a new row if it the checkbox is checked and/or a comment is entered.
Can anybody point me in the right direction?
I tried to put a hidden input to get the value of unchecked checkboxes but i doesn't seem to work.. That why I have commented out the hidden checkbox.
PS. I know I should be using mysqli but this is an older site that I haven't upgraded yet..
You need to add index into input checkbox and comment name like :
$cbIndex = 0;
while($todo_q=mysql_fetch_array($result)){
echo '<label>';
echo $todo_q['name'];
echo '</label><br>';
// Generate checkbox with index of current result
echo '<input type="checkbox" name="value[' . $cbIndex . ']" value="y" />';
// Generate comment with index of current result
echo '<input type="text" id="comment" name="comment[' . $cbIndex . ']">';
echo '<input type="hidden" name="user_id[' . $cbIndex . ']" value="';
echo $user_id;
echo '" />';
echo '<input type="hidden" name="todo_id[' . $cbIndex . ']" value="';
echo $todo_q['id'];
echo '" />';
echo '<HR>';
// Inc of index
$cbIndex++;
}
When you submit your form, only checked checkbox will appear in $_POST["value"] :
foreach ($_POST["value"] as $cbIndex => $cbValue) {
$query_parts[] = "('" . $_POST['value'][$cbIndex] . "','" . $_POST['comment'][$cbIndex] . "'," . $_POST['user_id'][$cbIndex] . "," . $_POST['todo_id'][$cbIndex] . ")";
// or
$query_parts[] = "('" . $cbValue . "','" . $_POST['comment'][$cbIndex] . "'," . $_POST['user_id'][$cbIndex] . "," . $_POST['todo_id'][$cbIndex] . ")";
}
...
Btw, you don't need to store value of checkbox, that will be 'y' all the time.
INFO That will be fine for a test app, but as commented by #Pogrindis and #John Conde, it's not safe code. MySQLi/PDO + prepare statement will avoid SQL injection.
I have a need to check the checkboxes which values are available in the database, with that i has to display additional options avaialable also.
I was trying, as i am using two loops it's repeating the same set of checkboxes and check differnt values in each instance.
I need to check the appropriate checkboxes in first loop itself. Is there any way to achieve this
The following was my output
Output of the code
Following is the code i am using
$sid;//Retrived from DB
$iDLst=array();
$sql1 = "SELECT
`id1`
FROM `tbl1`
where `tbl1_sid`='" . $sid . "'";
$result1 = $conn->query($sql1);
if ($result1->num_rows > 0) {
while ($row = $result1->fetch_assoc()) {
$iDLst[]=$row['id1'];
}
}
foreach ($iDLst as $id){
$sql2 = "SELECT
`id`,
`nme`
FROM `tbl2`;
";
$result2 = $conn->query($sql2);
if ($result2->num_rows > 0) {
while ($rowC = $result2->fetch_assoc()) {
if (strpos($rowC['id'], $id) !== FALSE ) {
echo ' <input value="' . $rowC['id'] . '" type="checkbox" name="upD[]" checked/> <label>' . $rowC['nme'] . ' </label>';
} else {
echo ' <input value="' . $rowC['id'] . '" type="checkbox" name="upD[]" /> <label>' . $rowC['nme'] . ' </label>';
}
}
}
}
Note: I have changed to general code, There is no errors in code. I am getting the display. I need the solution regarding the logic part...
I think you can replace this:
if (strpos($rowC['id'], $id) !== FALSE ) {
echo ' <input value="' . $rowC['id'] . '" type="checkbox" name="upD[]" checked/> <label>' . $rowC['nme'] . ' </label>';
} else {
echo ' <input value="' . $rowC['id'] . '" type="checkbox" name="upD[]" /> <label>' . $rowC['nme'] . ' </label>';
}
with this:
echo ' <input value="' . $rowC['id'] . '" type="checkbox" name="upD[]" ' . strpos($rowC['id'], $id) ? 'checked ' : '' . '/> <label>' . $rowC['nme'] . ' </label>';
It's a ternary statement that says if strpos($rowC['id'], $id) evaluates true, 'checked ' will be in the enclosing echo statement, otherwise '' will be in the enclosing echo statement.
I have found the way after some research.
The way i am doing is only half part.
Following code will do the work addition to the provided code.
//Print the checkbox with checeked for the values in array
foreach ($iDLst as $id){
$sql2 = "SELECT
`id`,
`nme`
FROM `tbl2`;
";
$result2 = $conn->query($sql2);
if ($result2->num_rows > 0) {
while ($rowC = $result2->fetch_assoc()) {
echo ' <input value="' . $rowC['id'] . '" type="checkbox" name="upD[]" checked/> <label>' . $rowC['nme'] . ' </label>';
}
}
}
//Print the checkbox without checeked for the values Not in array
$sql3 = "$sql2 = "SELECT
`id`,
`nme`
FROM `tbl2` where id NOT IN (" . implode(',', array_map('intval', $iDLst)) . "); ";
$result3 = $conn->query($sql3);
if ($result3->num_rows > 0) {
while ($rowC = $result3->fetch_assoc()) {
echo ' <input value="' . $rowC['id'] . '" type="checkbox" name="upD[]"/> <label>' . $rowC['nme'] . ' </label>';
}
}
the following questions lead me the way to do this
MySQL PHP - SELECT WHERE id = array()? [duplicate]
mysql syntax on not equal many values
I have following problem, I have list of products in a database and want to display them in table unfortunately it plays some tricks for me because it displays one td before table even begins.
Here are the PHP functions:
<?php
function displayProduct($code,$url)
{
echo '<form method="post" action="cart_update.php"><input type="hidden" name="code" value="' . $code . '"/>';
echo '<input type="hidden" name="return_url" value="' . $url . '" />';
echo '<input type="hidden" name="type" value="add" /><input type="submit" value="Add" /></form>';
}
function displayItem($obj,$url)
{
echo '<tr>';
echo '<td>' . $obj->menuposition . '</td><td>' . $obj->name . '</td><td>' . '£'.$obj->price . '</td><td>' . displayProduct($obj->code,$url) .'</td>';
echo '</tr>';
if(strlen($obj->description) > 2)
{
echo '<tr><td colspan="4" style="font-size: 10px;">' . $obj->description . '</td></tr>';
}
}
?>
And here is the HTML output that I get:
Could someone help me ?
The echo call from displayProduct happens before the echo call of displayItem occurs.
I can see two solutions.
1: displayProduct should return the things to write and not echo them.
2:
echo '<td>' . $obj->menuposition . '</td><td>' . $obj->name . '</td><td>' . '£'.$obj->price . '</td><td>';
displayProduct($obj->code,$url);
echo '</td>';
displayProduct($code,$url) should return the string instead of printing it out:
function displayProduct($code,$url)
{
$result = '<form method="post" action="cart_update.php"><input type="hidden" name="code" value="' . $code . '"/>';
$result .='<input type="hidden" name="return_url" value="' . $url . '" />';
$result .='<input type="hidden" name="type" value="add" /><input type="submit" value="Add" /></form>';
return $result
}
[Edit] I should read better the questions...
But this still applies:
Also as Adrian stated, you should not echo the lines in "displayProducts", but return a string.
I am trying to get the values of a dynamically created set of checkboxes in PHP but apparently I couldn't get it. The source codes are below.
The "managestaff.php" page would allow searching for staff via their names and throws out a list of names with checkboxes for the admin to check them and click on a "delete" button at the bottom to delete the staff whom are being checked.
The deletion would be done on "deletestaff.php" as the "delete" button on "managestaff.php" simply forwards these values to "deletestaff.php" to do deletion work of the staff.
"managestaff.php" page codes:
<b><h3>Manage Staff</h3></b><br/>
<form action="managestaff.php" method="POST">
<input name="form" type="hidden" id="form" value="true">
<table width=300>
<tr>
<td width=112>Staff Name: </td>
<td width=188><input type="text" class="textfield" name="sname" /><br/></td>
</tr>
</table><br/>
<input type="submit" value="submit" />
</form>
<?php
if (isset($_POST['form']) && (isset($_POST['sname'])) && $_POST['form'] == 'true') {
$space = ' ';
$staffname = mysql_real_escape_string($_POST['sname']);
$query = 'SELECT * from staff where staffname like \'%' . $staffname . '%\'';
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) != 0) {
echo '<br><br>';
echo '<table>';
echo '<tr><th>Staff ID' . $space . '</th><th>Staff Name' . $space . '</th></tr>';
echo '<form action="deletestaff.php" method="POST">';
echo '<input name="delstaffform" type="hidden">';
while ($row = mysql_fetch_array($result)) {
echo '<tr>';
echo '<td>' . $row['staffid'] . '</td><td>' . $row['staffname'] . '</td>';
// :Begin - dynamic checkbox generation for deleting staff
echo '<td>';
echo '<input type="checkbox" name="delstaff" value="' . $row['staffid'] . '" />';
echo '</td>';
// :End
echo '</tr>';
}
echo '<tr align="right"><td colspan="3"><input type="submit" value="delete"/></td></tr>';
echo '</form>';
echo '</table>';
}
}
?>
"deletestaff.php" page codes:
<?php
print_r('POST: ' . $_POST);
echo '<br>';
if (isset($_POST['delstaffform']) && isset($HTTP_POST_VARS)) {
echo 'Submission of delstaffform FOUND !';
echo 'Staff to delete' . $HTTP_POST_VARS['delstaff'];
}
else{
echo 'Submission of delstaffform NOT FOUND !';
}
?>
The "deletestaff.php" doesn't do delete for now as it's a test page.
The current output I get is "Submission of delstaffform NOT FOUND !".
Thanks for the solutions.
Try this:
<input type="checkbox" name="delstaff[]" value="' . $row['staffid'] . '"/>';
print_r your $_POST and you'll see it sticks your submissions nicely into an array for you.
<?php
if (isset($_POST['delstaff']) && is_array($_POST['delstaff'])) {
echo 'Submission of delstaffform FOUND !';
$array = $_POST["delstaff"];
foreach($array as $value){
echo "<br>Value: ".$value."<br>";
}
} else {
echo 'Submission of delstaffform NOT FOUND !';
}
?>
Found the answer on my own but nevertheless you are helpful :D . Thanks a lot.