My question is how to display specific content based on user session php.
I have a file called profile.php. When a user click on another user the first user gets redirected to the profile.php file. In this file I want the users to be able to see all the posts that user has made.
Image illustration:
Something like this:
<?php
if ($_SESSION['username'] == ($_GET[‘id’])) {
//DISPLAY rows with info from Database just like the attached code.
//DISPLAY edit button ONLY if the current user session is the same as the current id of the profile page.
}
?>
profile.php code below:
<?php
session_start();
require('connect.php');
if (#$_SESSION["username"]) {
?>
<!DOCTYPE html>
<html>
<head>
<title>Profile page</title>
</head>
<body>
<?php include('header.php'); ?>
<center>
<?php echo '<table border="1px;">'; ?>
<tr>
<td>
<span>ID</span>
</td>
<td width="400px" style="text-align: center;">
Name
</td>
<td width="80px" style="text-align: center;">
Creator
</td>
<td width="80px" style="text-align: center;">
Date
</td>
<td width="80px" style="text-align: center;">
Edit
</td>
</tr>
</center>
</body>
</html>
<?php
if (#$_GET['id']) {
$check_d = mysql_query("SELECT * FROM users WHERE id ='".$_GET['id']."'");
while ($row_d = mysql_fetch_assoc($check_d)) {
echo "<h1>Post made by: ".$row_d['username']."</h1>";
$check_u = mysql_query("SELECT * FROM topics WHERE topic_creator='".$row_d['username']."'");
while ($row_u = mysql_fetch_assoc($check_u)) {
$id = $row_u['topic_id'];
echo "<tr>";
echo "<td>".$row_u['topic_id']."</td>";
echo "<td><a href='topic.php?id=$id'>".$row_u['topic_name']."<br /></a></td>";
echo "<td>".$row_u['topic_creator']."<br /></td>";
echo "<td>".$row_u['date']."<br /></td>";
echo "<td><a href='edit.php?edit=$id'>Edit</a><br /></td>";
echo "</tr>";
}
}
}
echo "</table>";
if (#$_GET['action'] == "logout") {
session_destroy();
header("Location: login.php");
}
}else {
echo "You must be logged in.";
}
?>
If anyone knows how to solve this I would be most grateful!
Most of the answers I could find online involves user level distribution where the admin and user levels are predetermined. This is not what I would prefer. I simply would like the current user that is logged in to be able to edit their own posts, but not the other user posts.
I hope that this made sense, but if not, just ask!
Thanks beforehand!
// E.
If logged in user shouldn't edit other user's posts, then don't show the edit column, then you can do simple if check for the column Edit like below
while ($row_d = mysql_fetch_assoc($check_d)) {
echo "<h1>Post made by: ".$row_d['username']."</h1>";
$check_u = mysql_query("SELECT * FROM topics WHERE topic_creator='".$row_d['username']."'");
while ($row_u = mysql_fetch_assoc($check_u)) {
$id = $row_u['topic_id'];
echo "<tr>";
echo "<td>".$row_u['topic_id']."</td>";
echo "<td><a href='topic.php?id=$id'>".$row_u['topic_name']."<br /></a></td>";
echo "<td>".$row_u['topic_creator']."<br /></td>";
echo "<td>".$row_u['date']."<br /></td>";
// Add if condition here
if($_SESSION['current_logged_in_user_id'] === $row_u['topic_creator_id']) {
echo "<td><a href='edit.php?edit=$id'>Edit</a><br /></td>";
}
echo "</tr>";
}
}
but don't use mysql_* functions. use mysqli or PDOs for security reasons like protecting yourself from sql injection attacks.
Related
I have this userlist page and i want for users to be able to click the users username and it will send them to there profile page how would i go on doing this ?
This line is where the user clicks the username of a user
echo "<td class='info'><a href=''>". $people_list['username']."</a></td>";
Also in my .htaccess i have a code that makes it so i go to users profile all i do is http://www.example.com/username
<?php
include 'core/int.php';
include 'includes/head.php';
include 'head.php';
include 'includes/body.php';
include 'body.php';
$people_list="SELECT * FROM users";
$people=mysql_query($people_list);
?>
<html>
<head>
<style>
.owner {
color: orange;
}
</style>
</head>
<body>
<pre>
<table class="table table-bordered">
<thead>
<tr>
<th>ID</th>
<th>Username</th>
<th>Email</th>
</tr>
<?php
while($people_list=mysql_fetch_assoc($people)){
echo "<tr>";
if ($people_list['username'] == KillerDucky1){
echo "<td>". $people_list['user_id']."</td>";
echo "<td class='warning'><a class='owner' href=''>". $people_list['username']."</a></td>";
echo "<td>". $people_list['email']."</td>";
} else {
echo "<td>". $people_list['user_id']."</td>";
echo "<td class='info'><a href=''>". $people_list['username']."</a></td>";
echo "<td>". $people_list['email']."</td>";
echo "</tr>";
}
}
?>
</thead>
</pre>
</body>
</html>
You simply need to put the username in the <a> link tag :)
<a href='/".$people_list['username']."'>...</a>
You could try just adding the username to the href of the anchor.
echo '<td class="info">'. $people_list['username'].'</td>';
should give you something like:
<td class="info">username</td>
I"m having trouble with my code hopefully someone can help.
I'm trying to call information using "php echo" to display information in table form and it works except for the links which doesn't recognize the $id. If I don't put it in the table form it works fine but it is not aesthetically appealing.
Any suggestions would be greatly appreciated!
<?php
session_start();
if(!isset($_SESSION['name'])){
header("location: ../index.php");
exit();
}
// Script Error Reporting
error_reporting(E_ALL);
ini_set('display_errors', '1');
include_once("../scripts/connect.php");
// Delete Item Question to Admin, and Delete Product if they choose
if (isset($_GET['deleteid'])) {
echo 'Do you really want to delete messages with ID of ' . $_GET['deleteid'] .'? Yes | No';
exit();
}
if (isset($_GET['yesdelete'])) {
// delete from database
$id_to_delete = $_GET['yesdelete'];
$sql = mysql_query("DELETE FROM `mystore`.`messages` WHERE `messages`.`id` = '$id_to_delete' LIMIT 1") or die (mysql_error());
}
$messages = "";
$sql = mysql_query("SELECT * FROM messages ORDER BY msg_date DESC LIMIT 20");
$count = mysql_num_rows($sql);
if($count > 0){
while($row = mysql_fetch_array($sql)){
echo '<tr>';
echo '<td>'.$row['msg_name'].'</td>';
echo '<td>'.$row['msg_email'].'</td>';
echo '<td>'.$row['msg_subject'].'</td>';
echo '<td>'.$row['msg_date'].'</td>';
echo '<td>Reply</td>';
echo '<td>Delete</td>';
echo '</tr>';
}
}else{
$messages = "<b>There are no messages in the database at this moment</b>";
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Admin Messages</title>
<meta charset="utf-8" />
<link rel="stylesheet" href="style/forms.css" media="screen">
<link rel="stylesheet" href="style/main.css" media="screen">
</head>
<body>
<div id="main_wrapper">
<?php include_once("templates/tmp_header.php"); ?>
<?php include_once("templates/tmp_nav.php"); ?>
<section id="main_content">
<h2 class="page_title">Messages</h2>
<br/>
<table width="730" cellspacing="0" cellpadding="3" border="1">
<tr>
<td align="center" width="100">From</td>
<td align="center" width="300">Email</td>
<td align="center" width="300">Subject</td>
<td align="center" width="100">Date</td>
<td align="center" width="100">Actions</td
></tr>
<?php echo $messages; ?>
</table>
</section>
<?php include_once("templates/tmp_aside.php"); ?>
<?php include_once("templates/tmp_footer.php"); ?>
</div>
Please change
echo '<td>Delete</td>';
to
echo "<td><a href='admin_messages.php?deleteid=$id'>Delete</a></td>";
when trying to print out a variable the main string has to be wrapped in double quotes.
If you want to interpolate variables in PHP, you need to use double quotes. echo '$id' will literally print $id, whereas echo "$id" will print the value of the variable. However, I would recommend an alternative approach. Don't use PHP where it isn't needed. There's no need to use echo so much.
I would change the contents of your loop to this:
?>
<tr>
<td><?=$row['msg_name']?></td>
<td><?=$row['msg_email']?></td>
<td><?=$row['msg_subject']?></td>
<td><?=$row['msg_date']?></td>
<td>Reply</td>
<td>Delete</td>
</tr>
<?php
The <?=$id?> is shorthand for <?php echo $id?> and is supported by default in PHP versions >=5.4.0. You can also use it in previous versions if you enable short_open_tags.
As stated in the comments, you should really be using mysqli functions, as mysql functions are deprecated.
Current Grid View structure with View Anchor - I want to view a specific row after clicking on View anchor, data should be displayed in popup - javascript
Below is my code. I have already implemented functionality for PHP Grid View, Delete option is implemented at the top with querystring
Now what i want is, After clicking view, it should display javascript popup with all the details of that specific row, and close option
The part which am not getting is
how to transfer data from php/mysql to javaScript and display it in popup
`
if(isset($_GET['id'])){
$id = $_GET['id'];
//$x = 'confirm("Are you sure you want to delete this product")';
//echo $x;
mysql_query("DELETE FROM users WHERE id = '$id'");
//echo "alert('Row Deletion Successful')";
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Table Display</title>
<style>
table, td, th
{
border:1px solid green;
}
th
{
background-color:green;
color:white;
}
</style>
</head>
<body>
<table>
<thead>
<tr>
<?php $result = mysql_query("SELECT id, CONCAT(title, ' ', name) as FullName, email, mobile FROM users") or die(mysql_error());
$row_count = 1;
$row = mysql_fetch_assoc($result);
echo '<td><input type="checkbox" /></td>';
echo "<th> Sr. No </th>";
foreach($row as $col=>$value)
{
echo "<th>";
echo $col;
echo "</th>";
}
?>
<th>EDIT</th>
</tr>
</thead>
<tbody>
<?php
mysql_data_seek($result, 0);
while($row = mysql_fetch_assoc($result)){
echo "<tr>";
echo '<td><input type="checkbox" /></td>';
echo "<td>" . $row_count ."</td>";
foreach($row as $key=>$value)
{
echo "<td>";
echo $row[$key];
echo "</td>";
}
$row_count++;
?>
<td>
VIEW |
DELETE |
EDIT
</td>
<?php
echo "</tr>";
}
echo "</table>";
?>
</tbody>
</table>
</body>
</html>`
you can use this code to display in your records in popup window
function openWin()
{
myWindow=window.open('','','width=200,height=100');
myWindow.document.write("<p>your code to display in table format</p>");
myWindow.focus();
}
<a onclick="openWin();">Edit/Delete/View(any one)</a>
try this out in document.write() method enter your code inside a table tag
render specific view in a page (e.g. viewpageaddress.php?id=7)
and then get it's content in js by:
$.get('viewpageaddress.php?id=7', function(cnt){/* show cnt in your popup */})
I have a login script with a Twitter-like posting script and I tried to insert the user name into the posts but that didn't work. They are both using the same database but I can't figure out why. Here is the php.
<?php
session_start();
require_once 'database.php';
if (isset($_SESSION['user'])){
echo "Welcome ".$_SESSION['user'];
?>
<?php
$posts = show_posts($_SESSION['userid']);
if (count($posts)){
?>
Now the posts part
<table class="imagetable">
<table align="center" border='0' cellspacing='0' cellpadding='5' width='300'>
<td background="cell-blue.jpg">
<?php
foreach ($posts as $key => $list){
echo "<tr valign='middle'>\n";
echo "<td>".".$_SESSION['user']" . "<p>'s BFFL is</p>".$list['body'] ."<br/>\n ";
echo "<small>".$list['stamp'] ."<hr>"."</small></td>\n";
echo "</tr>\n";
}
?>
</table>
I'm a noob to php, and I can't get why it's not working... I just want the name of the user to be in the post.
There was an extra period (concat operator) before your session variable. I cleaned it up for you.
echo "<td>" . $_SESSION['user'] . "<p>'s BFFL is</p>" . $list['body'] . "<br/>\n";
I am new to php.
I made a member registration on login page and adm too. So inside admin I wanted to get the list of the members and delete the members I dont want. So I took the a code from a sample code for phone book from http://localhost/xamp and editted it to my requirement I am able to retrieve the members but unable to delete the members. See the code below:
<?php
require_once('auth.php');
require_once('../config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
?>
<html>
<head>
<meta name="author" content="Kai Oswald Seidler">
<link href="../loginmodule.css" rel="stylesheet" type="text/css">
<title></title>
</head>
<body>
<p>
<h2><?php echo "User list"; ?></h2>
<table border="0" cellpadding="0" cellspacing="0">
<tr bgcolor="#f87820">
<td><img src="img/blank.gif" alt="" width="10" height="25"></td>
<td class="tabhead"><img src="img/blank.gif" alt="" width="150" height="6"><br><b><?php echo $TEXT['phonebook-attrib1']; ?></b></td>
<td class="tabhead"><img src="img/blank.gif" alt="" width="150" height="6"><br><b><?php echo $TEXT['phonebook-attrib2']; ?></b></td>
<td class="tabhead"><img src="img/blank.gif" alt="" width="150" height="6"><br><b><?php echo $TEXT['phonebook-attrib3']; ?></b></td>
<td class="tabhead"><img src="img/blank.gif" alt="" width="50" height="6"><br><b><?php echo $TEXT['phonebook-attrib4']; ?></b></td>
<td><img src="img/blank.gif" alt="" width="10" height="25"></td>
</tr>
<?php
$firstname=$_REQUEST['firstname'];
$lastname=$_REQUEST['lastname'];
$phone=$_REQUEST['phone'];
if($_REQUEST['action']=="del")
{
$result=mysql_query("DELETE FROM members WHERE member_id={$_REQUEST['member_id']}");
}
$result=mysql_query("SELECT member_id,firstname,lastname,login FROM members ORDER BY lastname");
$i = 0;
while($row = mysql_fetch_array($result)) {
if ($i > 0) {
echo "<tr valign='bottom'>";
echo "<td bgcolor='#ffffff' height='1' style='background-image:url(img/strichel.gif)' colspan='6'></td>";
echo "</tr>";
}
echo "<tr valign='middle'>";
echo "<td class='tabval'><img src='img/blank.gif' alt='' width='10' height='20'></td>";
echo "<td class='tabval'><b>".$row['lastname']."</b></td>";
echo "<td class='tabval'>".$row['firstname']." </td>";
echo "<td class='tabval'>".$row['member_id']." </td>";
echo "<td class='tabval'><a onclick=\"return confirm('".$TEXT['userlist-sure']."');\" href='userlist.php?action=del&member_1d=".$row['member_id']."'><span class='red'>[".$TEXT['userlist-button1']."]</span></a></td>";
echo "<td class='tabval'></td>";
echo "</tr>";
$i++;
}
echo "<tr valign='bottom'>";
echo "<td bgcolor='#fb7922' colspan='6'><img src='img/blank.gif' alt='' width='1' height='8'></td>";
echo "</tr>";
?>
</table>
</body>
</html>
I haven't editted it that properly and the looks in all.
Please help me in making it able to delete the members also.
I didn't understand what .$TEXT['userlist-button1'].,'".$TEXT['userlist-sure']. variables are?
I also want to include an approved and disapproved radio button in table for each members.
How can I do that?
Please if you can help me.
This should be a POST via a FORM not a href link (GET).
$TEXT is obviously an array holding the text you want printed.
You need to replace &member_1d in the href with a real & and a real i as &member_id.
$TEXT is an array contaning all the language strings for the selected language.
You find the strings defined unter /lang/yourlanguage.php
In general this is not a very good example to start coding with IMO.
But I think your app may start working, if you make sure, the language files and other include files are available and you change this &member_1d with &member_id
An example of a list of members with delete links:
$query = mysql_query("SELECT member_id,firstname,lastname,login FROM members ORDER BY lastname");
if(mysql_num_row($query)!= 0){ //only continue if there are members in the database
while($row = mysql_fetch_assoc($query)){ //loop through each row in the database
$member_id = $row['member_id'];
$firstname = $row['firstname'];
$lastname = $row['lastname'];
echo '<p>' . $firstname . ' - ' delete '</p>';
}
}
A simple script on delete_member.php to delete the member from the database.
if(isset($_GET['id'])){
$member_id = $_GET['id'];
$query = mysql_query("DELETE FROM members WHERE member_id='$member_id'");
echo '<p>This user was deleted from database</p>';
}
This code is only basic to give an example.
I would however prefer to use a simple form and $_POST for something like this instead of using $_GET which is very vulnerable in this kind of instance.
After getting the list of members use a form with input field to type the id you want to delete.