I Have a button which can only be accessed if a manager logins and not an junior employee. I want to restrict the access of it. I am taking a SessionVariable to check but it doesn't seems to be working.
I have assigned access value 1 for a manager where I am checking Login credentials-
if ($_SESSION["AccessValue"] != 1)
{
header("Refresh:0; url=HomePage.php");
}
I believe you're looking for location:
if ($_SESSION['AccessValue'] != 1) {
header('Location: homePage.php');
}
see here: https://secure.php.net/manual/en/function.header.php
Though I'd much rather recommend hiding the button entirely from junior rather than preventing action of click.
e.g.
<?php if ($_SESSION['AccessValue'] == 1) : ?>
<button type="button" etc etc.>Click me</button>
<?php endif; ?>
You can disable the button itself for a Junior
if ($_SESSION["AccessValue"] != 1)
{
$disable_btn = 'disabled = "disabled"';
}else{
$disabled_btn= '';
}
HTML:
<button <?php echo $disabled_btn; ?> ></button>
You should set the cookie of session first using :
setcookie(session_id(),session_name(),time()+3600*72);
And for every time that you want access session you should start session using session_start();
Now for time that you specified (3600*72) the session will be able to access for that user and if she/he login the session will be accessible.
And after that you can use this session like a condition for echo the button tag or disable and enable that
if(isset($_SESSION('NAME'))
$status=$_SESSION('NAME');
<button ....<?php if ($status!=1)echo "disabled";?>.....>
button_name</button>
Related
I have a div that contains a slider when the homepage of the website is opened. What im trying to achieve is that when the website is opened for the first time, the slider should appear. However, if the user goes another page other than the homepage and then returns to the homepage again, the slider should not appear.
Below is the code I am trying to implement:
<div class="homeslidermain" style="display:<?php echo empty($_SESSION['first_load']) ? 'block' : 'none'; ?>">
<?php putRevSlider("typewriter-effect", "homepage") ?>
</div>
The recommended way would be to set a cookie using setcookie() and getcookie() (http://php.net/manual/de/features.cookies.php).
If you want to use the session then you are setting "first_load" incorrectly. Make sure that on any page call:
session_start(); // before you do anything else
if(!isset($_SESSION['first_load'])) // set it to true on first load
... and to false in any other case.
The only reason why this might go wrong is if you are reinitializing your session wrong. Make sure you are still in the same session after switching pages.
There is no need to output the div as display:none. Just output the div only when user visits the homepage for the first time. Use the setcookie() function to remember that user already visited he homepage, but please note that you should call this function before any output.
<?php
if (empty($_COOKIE['homepage_visited'])) {
// Remember the first visit for one year
setcookie('homepage_visited', 1, strtotime('+1 year'));
// Show the slider
echo '<div class="homeslidermain">';
putRevSlider("typewriter-effect", "homepage");
echo '</div>';
}
There are several ways to achieve it, best is to check if user visiting page for first time
session_start();
if(!isset($_SESSION['first_load']))
{
$_SESSION['first_load'] = '1';
}
if(empty($_SESSION['first_load']))
{?>
<div>
Slider block // this block loads only is first load is empty
</div>
<?php
}?>
You Could try something like this
// start the session
session_start();
$bShowBanner = true;
if(isset($_SESSION['BannerShown'])){
$bShowBanner = false;
}else{
$_SESSION['BannerShown'] = true;
}
?>
<div class="homeslidermain" style="display:<?php echo ($bShowBanner ? 'block' : 'none'); ?>">
<?php putRevSlider("typewriter-effect", "homepage") ?>
</div>
I'm making a dynamic site, and I'm making a reset password through email, and I have this flag in my database so when the user resets his password the value is true, and the next time that user logs in, he will be redirected to the change password page.
I'm working with a single index page with a switch.
<?php
session_start();
$lig=mysql_connect("localhost", "root", "") or
die ("Problema na ligação ao servidor MYSQL");
mysql_select_db("demo",$lig);
if (isset($_REQUEST['cmd'])) $cmd=$_REQUEST['cmd']; else $cmd='home';
?>
<div class="col-md-12">
<div class="row">
<?php
switch($cmd) {
case 'home': require('home.php');break;
case 'pw': require('users/pw.php');break;
}
?> </div> </div>
I made this code so when reset is different than NULL he redirects the user to the pw.
if(isset($_SESSION['user'])){
if(is_null($_SESSION['reset'])){
}
else{ echo "<meta http-equiv=refresh content=0;URL=index.php?cmd=pw>";
}
}
but the page seems to be in an infinite loop of refreshing.
I placed this in the index.php page, but if
I put it in the home page for example it works just fine, I wanted to be able to make this in the index, so I don't have to put it in every single page of my website...
Making the time for the content=0; bigger is not a reliable option..
Thanks!!
Use session_destroy() to destroy the session after the user changes the password, so you only need to check if $_SESSION is setted. This routine I put to orient you towards users that is already logged into page.
function changePass(){
//YOUR ROUTINE
if ($queryExecuted == true){
session_destroy();
}
}
//checking session
if(!isset($_SESSION)){
echo "<meta http-equiv=refresh content=0;URL=index.php?cmd=pw>";
}
Your meta is always running because is in else statement, taking ALL OTHER CONDITIONS while $_SESSION['reset'] is not null. Other important thing it's avoid use echo metas, use header instead:
header("Refresh:0");
//or refresh and redirect
header("Refresh:0; url=page2.php");
After user login, don't redirect to index page and to all those validation, just validate inside the own user login routine and redirect to users/pw.php
If you don't want to change all your routine checking, the page always refreshing because is not checking where the user is:
if(isset($_SESSION['user']) && !is_null($_SESSION['reset']) && (isset($_GET['cmd']) && $_GET['cmd'] != 'pw')){
header("Refresh:0; url=index.php?cmd=pw");
}
I want to hide button in search menu to specific page for normal users so they can't access to page witch is for administrators only. i'm new at writing this code so i'm asking you guys who have much more knowledge than me for help.
I want to hide File/page name upload.php for normal users and show for administrators only
Is anyone know how could i do this with php?
i'm really appreciate for every help. Thank you!
You can capture user type of user's in session. And, according to user type show / hide button.
<?
if(S_SESSION['userType'] == 'Admin') {
//Show
}
if(S_SESSION['userType'] == 'User') {
//Hide
}
?>
It's hard to give an advice without your context, but an simple example for your scenario:
// Normal Page
if($_SESSION['user_level'] > x){
//show button
}
// Admin-Only-Page
if($_SESSION['user_level'] < x){
die("Access denied");
}
Depends of how you define the administrator, if he is the user whose the Id is 1 for example, use the following script:
<?php
$current_user_id = // get it from the session if user is logged in
If ($current_user_id == 1):
?>
<input ...>
<?php endif; ?>
For that you need to set one flag in Database as user is admin or normal user.
after that in your code check with condition that logged in user is admin or not;
for example admin role is 1 then:
if($user->role == 1){
// your button code
}
simple, Enjoy :)
for example, you can use following Conditional statement :
if ($user -> role == 1){
// `enter code here`
}
I want to enable or disable a div according to the session if it starts with an user or a guest. I want to do something like this:
First, i will evaluate if it is user or not by doing this:
<?php
if(!isset($_SESSION['idUser'])) // If it is Guest doesn't have id.
{
$guest=true;
} else {
$guest=false;
}
?>
then in jquery, i would like to say:
$('.box').click(function(){ // labBox appears when box is clicked
if(<?php $guest?>)
$("#LabBox").hide();
else
$("#LabBox").show();
});
Question: how can i use my php boolean var $guest to disable or hide some elements of my website?
Do i have to do two distinct php files? one for users and other for guest (e.g, home.php and home_guest.php)?
you could do the alternative such as
<script>
var guest = '<?php echo $guest; ?>';
$('.box').click(function(){ // labBox appears when box is clicked
if(guest === "true") {
$("#LabBox").hide();
} else {
$("#LabBox").show();
}
});
</script>
This would simply allow you to pass the PHP value to a Javascript variable, in order for you to use it within the onClick.
Remember: everything that reaches the client can be manipulated. Therefore, if you send an hidden element (say, an hidden <div>) any tech-savvy user can, and will, easily make them visible.
You MUST perform the checks about the login/guest status in your PHP script, and don't rely on jQuery to assemble the page at client side (hey, after all, the user may have disabled javascript altogether!)
You don't need two pages (eg: home.php and home_guest.php) to render different content based on the user level. Just use appropriately session/cookies and different echos.
Use a hidden input, populated by PHP, which jQuery can grab:
<?php
echo "<input type=hidden id=guestcheck value=$guest/>"
?>
if ("#guestcheck").val()) {
}
I personally like this method because it allows me to check the source when debugging to find out where any errors may be (for instance you can plainly see in the source when viewing the page whether or not GUEST is true)
It depends on contents of those files. If the only difference is visibility of the block, it's more reasonable to do the check inline.
<?php if (isset($_SESSION['idUser'])) { ?>
$('.box').click(function() { $("#LabBox").show(); }
<?php } ?>
Personally I would do it in the HTML rather than the JS file...
<?php
if(!isset($_SESSION['idUser'])) // If it is Guest doesn't have id.
{
$loggedin=true;
} else {
$loggedin=false;
}
?>
Then later on..
<?php if($loggedin===true){?>
<div>User is logged in</div>
<?php }else{?>
<div>Guest is viewing page</div>
<?php }?>
This means that the div for the user is not shown to the guest, whereas your currently solution only hides it from view (user could just use firebug/viewsource!
Why don't you just show/hide your div in the php depended on if they are a guest or not...
So...
<?php
if(!isset($_SESSION['idUser'])) // If it is Guest doesn't have id.
{
$guest=true;
} else {
$guest=false;
}
if($guest===true){
echo "<div></div>";
}
else{
//dont echo div
}
?>
PHP / server-side:
<?php
if(!isset($_SESSION['idUser'])) // If it is Guest doesn't have id.
{
$guest=true;
} else {
$guest=false;
// add #LabBox element from here to avoid junk/hidden elements for guests
}
?>
JQuery / client-side:
$('.box').click(function(){ // labBox appears when box is clicked
if (!<?php echo $guest?> && $('#LabBox').length > 0) {
$('#LabBox').show();
}
});
Then it is critical that any action requested by the user pass the "guest or not?" test before being granted from the server-side.
I have a file called admin.php in which I have a button with the name send. What I want to do is when I click it, to make visible a link on the user's page, user.php. How can I do this?
I have a file with all my functions called functions.php in which I have a function called onSubmit($var); I initialize the variable $var is admin.php with the value $_POST['send'] but when I call the function in the file user.php I have no way of telling him who the variable $var is so I get 'undefined index'.
Is there another way to do this?
EDIT Added code
This is admin.php
<input type="button" name="send" value="Submit" /><br/>
require 'functions.php';
$posted = $_POST['send'];
onSubmit($posted);
This is user.php
require 'functions.php';
onSubmit($var); //here it says undefined index var because it doesn't know who the variable is
if($isSent == 1) {
<a style="visibility:visible;" href="test3.html" id="test3">Test3</a> <br/>
}
And this is functions.php
global $isSent;
function onSubmit($var) {
if(isset($var)) {
$isSent = 1;
}
}
Basically you need to use sessions like below:
if(isset($_SESSION['makeVisible']) && $_SESSION['makeVisible'] == true){
echo '<button>Button init</button>'; //you could also use html like the comment below.
}
/*
if(condition){?> <!-- this is now html --> <button>Button init</button><?}
*/
Then to set this variable on your admin page use:
if(isset($_POST['submitButton'])){
$_SESSION['makeVisible'] == true;
}
You'll also need a form for this method to work but there are other methods but I prefer this one.
<form name="buttonMakerThing" method="POST">
<input name="submitButton" value="Make button init Visible" type="submit"/>
</form>
Without an action the form defaults to 'POSTING' the form information to the current page. Making the condition if(isset($_POST)) return true.
You will need to add a $_SESSION declaration at the top of every php page you have on your site for this to work. It MUST go on the very first line of every page! for example:
01: | <?php session_start();
02: |//rest of script;
Please look more into $_SESSIONS for unnsetting/destroying your sessions and more uses for them :) http://php.net/manual/en/reserved.variables.session.php
Right I've done a bit of research on Caching and this is what I've come up with. It might not be 100% correct but it's a start as like I've said I've never tried it myself lol
In your admin.php I'd put this function in:
if(isset($_POST['send'])){
if($enabled == true){
$enabled == false;
}
else{
$enabled == true;
}
apc_add('enabled',$enabled);
}
Now to 'get' our $enabled var:
$enabled = apc_fetch('enabled');
Then to check the the var within your client page:
if($enabled == true){
echo ' button';
}
Now the only things I haven't fully looked at is the security of the apc_ function and the client usage. I believe it works for all clients of the server but I'm not 100% certain. Here the php manual to give better examples.
This is the method I was thinking of. But again I'm not sure on the security of it but I'm sure you can find something to keep it secure. The video is actually is tutorial for a Youtube API. But he does cover saving a variable to a cache text file which should be of use to you :)
If you have functions.php which defines functions, simply include it in admin.php file and then you can call the function from there and also pass value.