I have login page and user page, which after user login with correct username and password, it will go to user page.
The user page consists of a table of user list and have a 'Edit User' button next to each user row. For example, in the screenshot here -->
http://i.stack.imgur.com/K3qxi.png
So, based on user level, if user level = User (which has ID=4), i want to hide the edit button. What I've tried so far is like this but its not working. I have imported the session code and all the queries. This code below is just some part of what I want to do.
include_once("session.php");
if($_SESSION['userlvl']==4){
echo "USER";
?>
<script>
$document.(ready(function){
$(#editbutton).hide();
});
</script>
<?php
}
?>
<a id="editbutton"><img src="Edit.png"/></a>
you can use class instead of Id
include_once("session.php");
if($_SESSION['userlvl']==4){
echo "USER";
?>
<script>
$document.(ready(function){
$(".editbutton").hide();
});
</script>
<?php
}
?>
<a class="editbutton"><img src="Edit.png"/></a>
As was pointed out by #insertusernamehere you should use PHP to control what is written to the page depending upon the user's access level - merely hiding content from view is just asking for trouble as it is trivial to find when looking in code view. Below is just an example of how you might do this.
<?php
include_once("session.php");
?>
<html>
<head>
<title>Restrict content based upon user level example</title>
<?php
if( isset( $_SESSION['userlvl'] ) ){
$level=intval( $_SESSION['userlvl'] );
/*
If you have javascript functions that actually submit the forms or
interact somehow with the data that are to be restricted to particular
levels of user, generate the code for that level only.
*/
switch( $level ){
case 1:
/* Basic user */
echo "
<script id='user' type='text/javascript'>
function view_record(){
alert('hello world');
}
</script>
";
break;
case 2:
/* Superuser */
break;
case 3:
case 4:
/* Manager & Admin level users ? */
echo "
<script id='admin' type='text/javascript'>
function delete_all_users(){
}
function drop_tables(){
}
function drop_database(){
}
function edit_record(e){
alert(e+' edit record')
}
function delete_record(e){
alert(e+' delete record')
}
</script>
";
break;
}
}
?>
</head>
<body>
<table>
<?php
/* Assuming you use php to generate the table: pseudo style code */
while( $rs=$result->fetch() ){
$editbttn='';
$deletebttn='';
if( in_array( $level, array( 3,4 ) ) ){
/* Admin & manager */
$editbttn="<a class='editbutton' onclick='edit_record(event)'><img src='Edit.png'/></a>";
$deletebttn="<a class='deletebutton' onclick='delete_record(event)'><img src='Delete.png'/></a>";
}
echo "
<tr>
<td>DATA</td>
<td>DATA</td>
<td>DATA</td>
<td>$editbttn</td>
<td>$deletebttn</td>
</tr>";
}
?>
</table>
</body>
</html>
I assumed that you want to restrict the user that only has the privilege of "User" not to be able to edit the data?
You might want to consider trying this as I think it is more straight forward and simple?
session_start();
if($_SESSION['userlvl'] == 4) {
echo "USER";
}else{
$userlvlpermission = '<a id="editbutton"><img src="Edit.png"></a>';
}
//At where you wanted to place the "editbutton"
<?php if($userlvlpermission){echo $userlvlpermission;}?>
Be sure that you check the user session of the edit page as well in case they know the exact url.
AT edit page
<?php
session_start();
if ($_SESSION['userlvl'] = 4){
echo "NO PERMISSION";
echo "header('Refresh: 3;url=page.php')";
exit();
}
Here's a simple solution.
include_once("session.php");
if ($_SESSION['userlvl'] == 4) {
$hideme = 'display:none;'
} else {
$hideme = '';
} ?>
< a id = "editbutton"
style = "<?php echo $hideme; ?>" > < img src = "Edit.png" / > < /a>
Related
I am very new to PHP and I am trying to make a registration form only for an admin(no need for other users). I want to show one of the menu nav ("Add photo") only to admins.
LOGIN.php:
<?php
include_once 'header.php';
$username = "Efren";
$password = "111";
if (($_POST['txt_uname_email'] == $username)&& ($_POST['txt_password'] == $password)) {
session_start();
$_SESSION['admin_is_logged'] = true;
echo '<script type="text/javascript"> window.open("homepage.php","_self");</script>';
}
This is the part of the header that I am trying to show only to admins:
<?php
if (isset($_SESSION['admin_is_logged']) && $_SESSION['admin_is_logged'] == true){
echo '<li>add photo</li>';
}
?>
</ul>
Right now “add photo” is hidden both to admin and other visitors.
You need to start session on every page you want access to $_SESSION variable. I saw your session_start is inside if statement. Just set it on top of every file (where you need session) and it should work.
Put
session_start();
on file beginning just after <?php
Is it possible to hide the table with jQuery if their is session present?
this is my session code
<?php
$username = $this->session->userdata('username');
if($username == TRUE){
echo "WELCOME ".$username;
}else{
echo "<div class='msg'>Please Log In</div>";
}
?>
and in my jQuery I dont know what to put in IF statement so I put it like this
if(".msg:visible"){
$('table').hide();
}
If possible I want to hide the table using jQuery
You can do using jQuery try below code
if ($(".msg").length > 0) {
$('table').hide();
}
if($(".msg").is(":visible"))
$('table').hide();
If you need to hide the table when session exists (when msg is not visible), you can try this with jQuery:
if (!$('.msg').is(':visible')) {
$('table').hide();
}
However, if you page reloads when your users log in, you could do it directly on the table without jQuery:
<table <?php echo $username == TRUE ? 'style="display: none"' : ''; ?>>
<!-- contents -->
</table>
I have setup Buddypress to have 3 field groups. While the user is on the front end editing their profile, I would like it if when they hit Save that it automatically progresses to the next field group.
So for example I am editing my profile for field group 1 and hit save, it takes me to field group 2 so I can edit that without having to click the nav label for the field.
Because this is a form with method="post" I assumed it would be as easy as checking for a post value. The problem is when I edit the profile and hit save there is not post data. Im using this just for troubleshooting (note these return empty even after I save):
//Next step progression
//Check the field group
echo bp_get_current_profile_group_id();
if(bp_get_current_profile_group_id() == 1) {
echo '<pre>';
print_r($_GET);
echo '</pre>';
echo '<pre>';
print_r($_POST);
echo '</pre>';
if(isset($_POST['_wpnonce'])){ ?>
<script>
jQuery(document).ready(function($){
alert('Saved');
});
</script>
<?php }
} elseif(bp_get_current_profile_group_id() == 2) {
}
After digging a little deeper I see the form action is this: <?php bp_the_profile_group_edit_form_action(); ?> which calls the function <?php bp_get_the_profile_group_edit_form_action(); ?>
I see I can add a filter/action from how this function is documented but I can not seem to get it working.
Try using this hook:
do_action( 'xprofile_updated_profile', bp_displayed_user_id(), $posted_field_ids, $errors, $old_values, $new_values );
Found in buddypress\bp-xprofile\bp-xprofile-screens.php
You'll need to write your own feedback message and check the $posted_field_ids to figure out which group the user was editing.
Thanks to shanebp I was able to find the right hook and get a working solution like this:
in buddypress/members/single/profile/edit.php I added this inside the form tag:
<input type="hidden" name="group_id" id="groupd_id" value="<?php echo bp_get_current_profile_group_id(); ?>" />
Then in my functions I did this which isnt the most dynamic but got me where I needed to go in case anyone else finds this:
function update_xprofile_group_progressions($user_id) {
if (!empty($user_id)) {
if(isset($_POST['group_id']) && $_POST['group_id'] == 1){
$url = home_url() . '/all-members/' . bp_core_get_username($user_id) . '/profile/edit/group/2/';
wp_redirect($url);
exit;
} elseif(isset($_POST['group_id']) && $_POST['group_id'] == 2){
$url = home_url() . '/all-members/' . bp_core_get_username($user_id) . '/profile/edit/group/4/';
wp_redirect($url);
exit;
}
}
}
add_action('xprofile_updated_profile', 'update_xprofile_group_progressions', 0, 1);
i have a multi step form and want to condition users on specific sites on my web .
This mean i want that only after submitting my form a client in my case can see the redirected page ,
And that with a kinda tim-out for that page to . this redirected page need to show only to those people who fill the form first even when users copy the link and give that link to somebody else the link should not work or should direction in a error. i have archived the last part partly
Here is all my code :
On the form.php i have this :
<?php
session_start(); $_SESSION['form_finished'] = true;
?>
On the proces.php i have this :
$emotion = $_POST['emotion'];
if($emotion == 'Basic Pack') {
session_start();
$_SESSION['form_finished'] = true;
header('Location: /new/basicc.php');
} elseif($emotion == 'Deluxe Pack') {
header('Location: html6.php');
} elseif($emotion == 'Premium Pack') {
header('Location: html7.php');
}
and destination site in this case basicc.php' this :
<?php
session_start();
if(!$_SESSION['form_finished']) {
header("HTTP/1.0 404 Not Found");
exit;
}
?>
This code is working partly because if the user on the form.php site if he just copy the basicc.php link on the address bar he can see the basic.php site imadtitly without having to fill the form , and i want that to condition him to do that and than the page to show up .
I hope i was clear thanks in advance
If proces.php is where submitting the form redirects then remove $_SESSION['form_finished'] = true; from form.php and keep it in proces.php only.
ETA: For the timer:
<script>
var remainingSeconds = 600; // how many second before redirect
function counter() {
if (remainingSeconds == 0) { clearInterval(countdownTimer); window.open('form.php', '_SELF'); // return to form page
} else { remainingSeconds--; }
}
var countdownTimer = setInterval('counter()', 1000); // 1000 is the interval for counting down, in this case 1 second
</script>
In this case, you will have to add back the statement in form.php but set it to false $_SESSION['form_finished'] = false;
ETA2: Forgot to mention that you should also add $_SESSION['form_finished'] = false; in basicc.php.
Yes you could just use a simple session for this case. Example:
If in your form action, if the form processing is in process.php. You could initialize there the session.
session_start();
$emotion = $_POST['emotion'];
$_SESSION['form_finished'] = true; // set session
// then your other process etc. etc.
if($emotion == 'Basic Pack') {
header('Location: /new/basicc.php');
} elseif($emotion == 'Deluxe Pack') {
header('Location: html6.php');
} elseif($emotion == 'Premium Pack') {
header('Location: html7.php');
}
And then on the destination files: /new/basicc.php and others, check that session existence:
/new/basicc.php and others:
if(isset($_SESSION['form_finished'])) { // so after redirection check this
//
// hello, i came from process.php
unset($_SESSION['form_finished']); // and then UNSET it! this is important
} else {
echo 'not allowed'; // if this is not set, the page is directly accessed, not allowed
exit;
}
I think the best solution is that you should only use one page, no need for sessions ;)
Try to have a particular variable set to false, send your form to the server using a POST method <form method=post> and on your server, change this variable to true and render the same page again.
In the example below, I'm checking if the user has entered his name in the form. ;)
<!-- In form.php -->
<?php
$formSubmitted = false;
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST["name"])) {
//Do what you need to do with form data, for example:
$name = filter_var($_POST["name"],FILTER_SANITIZE_STRING);
//Maybe do some checks on the data (or add to database) and when successful:
if($name != '')
{
$formSubmitted = true; // Set variable to true
}
}
?>
<?php if($formSubmitted): ?>
Hello <?php echo $name; ?>! <!-- Show all other HTML things you want to show -->
<p> This is a message only for people who submitted the form! </p>
<?php else: ?>
<form action='form.php' method='POST'>
<input name='name' type='text'>
</form>
<?php endif; ?>
I hope it'll be useful and hopefully a different way to look at the problem. For multi-step, this could easily accommodate more variables to see which step the user is on ;)
Good luck :)
Im creating an website where i am checking for login and redirecting the user to the index page, if his login was successful i want him to see something else instead of the login button
i have followed this approach for my query
<?php
if(!isset($_SESSION['uid']))
{
?>
<span class="Login">Login</span>
<?php
}
else if(isset($_SESSION['uid']))
{
?>
<span>Post</span>
<?php
}
?>
it doesn't seem to work quite the way i want. The 'Login' span is always visible, it would seem that the $_SESSION['uid'] is not being set, but that is not the case. To be honest i don't even know if this is the correct way of doing this
You need to put session_start(); in each page that need to access the session data before accessing (or creating) any session data.
See: Session Manuel
<?php
session_start();
$linkPage = 'login.php';
$linkName = 'Login';
if(isset($_SESSION['uid'])) {
$linkPage = 'postThread.php';
$linkName = 'Post';
}
?>
<span class="link"><?php echo $linkName; ?></span>