In my login.php I store the username and the user id in sessions. After login the user selects their page and once they are lead to their page, they can select a lecturer name which needs to be only their name, not other's lecturer. I know that this lecturer name that is selected needs to be stored in a session. Afterwards, I have to match either with the user id or username so to control what the user can see. A problem is how to match these sessions from the login.php and the `lecturer.php. Should I create a separate file for the sessions?
login.php
<?php
require ('connect.php');
$username = $_POST['username'];
$password = $_POST['password'];
if (isset($_POST['submit'])) {
if ($username && $password) {
$check = mysql_query("SELECT * FROM users WHERE username='".$username."' AND password= '".$password."'");
$rows = mysql_num_rows($check);
if(mysql_num_rows($check) != 0){
session_start();
$run_login =mysql_fetch_array($check);
$uid = $run_login['id'];
$_SESSION['uid'] = $_POST['uid'];
$_SESSION['username']=$_POST['username'];
header("location:../../statistics/home.php");
}
else{
die("Could not find the Username or password.");
}
}
else {
echo "Please fill all the fields.";
}
}
?>
lecturer.php
<?php
include 'connect.php';
$year = mysql_real_escape_string($_POST['year']);
$lecturer = mysql_real_escape_string($_POST['lecturer']); // Don't forget to handle the SQL Injections ...
$years = array(
2005,
2006,
2007
);
$lecturers = array(
'dimopoulos',
'lagkas',
'kehagias',
'chrysochoou'
);
if(isset($_POST['submit'])){
if (in_array($lecturer, $lecturers) && in_array($year, $years)) {
$sql = "SELECT unit_name,a1,a2,a3,l1,l2,l3,l4,l5,l6,l7,lavg,r1,r2,u1,u2,u3 FROM $lecturer WHERE year=$year";
$result = mysql_query($sql);
}
else {
echo "No data found";
}
}
else{
echo "Please select";
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="../../statistics/style.css">
</head>
<body>
<div id="container">
<table id="table" width="900" border="1" cellspacing="1">
<tr>
<td>Unit Name</td>
<td>A1 </td>
<td>A2 </td>
<td>A3 </td>
<td>L1 </td>
<td>L2 </td>
<td>L3 </td>
<td>L4 </td>
<td>L5 </td>
<td>L6 </td>
<td>L7 </td>
<td>LAVG </td>
<td>R1 </td>
<td>R2 </td>
<td>U1 </td>
<td>U2 </td>
<td>U3 </td>
</tr>
<?php
while($unit=mysql_fetch_assoc($result)){
echo "<tr>";
echo "<td>".$unit['unit_name']."</td>";
echo "<td>".$unit['a1']."</td>";
echo "<td>".$unit['a2']."</td>";
echo "<td>".$unit['a3']."</td>";
echo "<td>".$unit['l1']."</td>";
echo "<td>".$unit['l2']."</td>";
echo "<td>".$unit['l3']."</td>";
echo "<td>".$unit['l4']."</td>";
echo "<td>".$unit['l5']."</td>";
echo "<td>".$unit['l6']."</td>";
echo "<td>".$unit['l7']."</td>";
echo "<td>".$unit['lavg']."</td>";
echo "<td>".$unit['r1']."</td>";
echo "<td>".$unit['r2']."</td>";
echo "<td>".$unit['u1']."</td>";
echo "<td>".$unit['u2']."</td>";
echo "<td>".$unit['u3']."</td>";
echo "</tr>";
}
?>
</table>
</div>
</body>
</html>
lecturerForm.php
<form name="myform" action="lecturer.php" method="POST" >
<b>Lecturers:<b/>
<select name="lecturer">
<option value="Choose">Please select..</option>
<?php
$sql=mysql_query("SELECT lec_name FROM lecturer");
while($row=mysql_fetch_array($sql)){
echo "<option value='".$row['lec_name']."'>".$row['lec_name']."</option>";
}
?>
</select><br/><br/>
<b>Year:<b/>
<select name="year">
<option value="Choose">Please select..</option>
<option value="2005">2005</option>
<option value="2006">2006</option>
<option value="2007">2007</option></select><br/><br/>
<br/>
<input type="submit" name="submit" value="Submit">
<input type="reset" name="reset" value="Clear">
</form>
Put session_start() to the begin of lecturer.php page.
Note:
You have bad var name in login.php where set $_SESSION['uid']:
$uid = $run_login['id'];
$_SESSION['uid'] = $uid; // not $_POST['uid'];
Related
when page is loaded it display error that id, name and address is undefined. These variable are getting on condition of edit, but i dont understand how to place these values in text filed 'value' for edit as this is not working. The main code is like this.*** also the code of update is not updating values but it displays your record is updated
<?php
include 'server.php';
if (isset($_GET['edit'])) {
$id = $_GET['edit'];
$update = true;
$record = mysqli_query($con, "SELECT * FROM info WHERE id=$id");
if (count($record) == 1) {
$n = mysqli_fetch_array($record);
$name = $n['name'];
$address = $n['address'];
}
}
?>
<!-- Form -->
<!DOCTYPE html>
<html>
<head>
<title>CReate, Update</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<form method="post" action="php_code.php" >
<input type="hidden" name="id" value="<?php echo $id; ?>">
<input type="text" name="name" value="<?php echo $name; ?>">
<input type="text" name="address" value="<?php echo $address; ?>">
<div class="input-group">
<?php if ($update == true): ?>
<button class="btn" type="submit" name="update" >Update</button>
<?php else: ?>
<button class="btn" type="submit" name="submit" >save</button>
<?php endif ?>
</div>
</form>
<!-- Display -->
<?php
$i = 1;
$q = mysqli_query($con, "select*from info");
while ($f = mysqli_fetch_array($q)) {
?>
<table>
<th> sr N0</th>
<th> Name</th>
<th> address</th>
<th> Action</th>
<tr>
<td> <?php echo $i; ?> </td>
<td> <?php echo $f['name']; ?> </td>
<td> <?php echo $f['address']; ?> </td>
<td><a href="index.php?edit=<?php echo $f['id']; ?>" class="edit_btn" >Edit</a></td>
</tr>
<?php $i ++;
}
?>
</table>
</body>
</html>
<?php
include 'server.php';
if (isset($_POST['save']))
{
$name= $_POST['name'];
$add= $_POST['address'];
$q = "INSERT into info (name,address) VALUES ('$name', '$add')";
mysqli_query($con, $q);
echo "inserted";
}
if (isset($_POST['update']))
{
$uname= $_POST['name'];
$uaddress= $_POST['address'];
$q = "UPDATE info set name= '$uname', adress= '$uaddress' WHERE id = $id";
mysqli_query($con, $q);
echo "updated";
}
?>
Make
if (count($record) == 1 ) {
to
if (mysqli_num_rows($record) == 1 ) {
code:
<script>
$(document).ready(function(){
$(".menu").click(function(){
ids = $('.menu:checked').map(function() {
return this.id;
}).get().join(',');
console.log(ids);
$("#ids").val(ids);
});
});
</script>
<?php
if(isset($_POST['submit']))
{
$adminid = $_POST['admin'];
$menuids = explode(",", $_POST['ids']);
foreach ($menuids as $idd)
{
$sql = "update menu set admin_id = concat(admin_id,'$adminid',',') where id = '$idd'";
$result = mysqli_query($link,$sql);
}
if($result == true)
{
$msg .= "<p style='color:green'>successfull</p>";
}
else
{
$msg .= "<p style='color:red'>error!</p>";
}
}
?>
<form method="post">
<select name="admin" id="admin">
<option value="">---Select Admin---</option>
<?php
$sql = "select * from admin";
$result = mysqli_query($link,$sql);
while ($row = mysqli_fetch_array($result))
{
?>
<option value="<?php echo $row['id']; ?>"><?php echo $row['firstname']?></option>
<?php
}
?>
</select>
<table>
<tr>
<th>Share</th>
<th>Menu Name</th>
</tr>
<?php
$query = "select * from menu";
$results = mysqli_query($link,$query);
while ($fetch = mysqli_fetch_array($results))
{
?>
<tr>
<td>
<input type="checkbox" class="menu" id="<?php echo $fetch['id']; ?>" name="menuid" />
</td>
<td>
<?php echo $fetch['menu_name']; ?>
</td>
</tr>
<?php
}
?>
</table>
<input type="text" name="ids" id="ids" value=""/>
<input type="submit" name="submit" id="submit" />
</form>
In this code I am update a table having name menu in database. Now, I want to check only those checkbox where admin_id like ,1, or ,2, which is update by query. How can I fix this issue ?please please help.
Thank You
while ($fetch = mysqli_fetch_array($results))
{
?>
<tr>
<td>
<input type="checkbox" class="menu" value="<?php if($fetch['id']==1 or
$fetch['id']==2 ) { echo "checked";} else{} ?>" name="menuid" />
</td>
<td>
<?php echo $fetch['menu_name']; ?>
</td>
</tr>
<?php
}
?>
I am trying to get PHP to read my select options as variables and then echo out a particular page based on the users choice.
The login system is functional but only logs me into one page.
<form action="login.php" method="POST">
<table cellspacing="10">
<tr>
<td>Email: </td>
<td><input type='text' name='email'/></td>
</tr>
<tr>
<td>Password: </td>
<td><input type='password' name='password'/></td>
</tr>
<tr>
<td>Event: </td>
<td>
<select name="event">
<option><?php echo $title?></option>
<option><?php echo $title2?></option>
</select>
</td>
</tr>
</table>
<br />
<button class="button" type='submit' name='Submit' value='Submit' />Login</button>
</form>
<?php
if (!empty($email) && !empty($password)) {
$pdo = getPdo();
$statement = $pdo->prepare('SELECT * FROM awdawda WHERE email=:email;');
$statement->bindParam(':email', $email);
$statement->execute();
$data = $statement->fetch();
$pdo = null;
if (!empty($data)) {
$dbemail = $data['email'];
$dbpassword = $data['password'];
$dbfullname = $data['fullname'];
if ($password == $dbpassword) {
$_SESSION['fullname'] = $dbfullname;
$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
if ($_POST['event']) {
$event1=$title;
echo '<script type="text/javascript">window.location = "http://awda/adwa/awd1.php" </script>';
}
if ($_POST['event']) {
$event2=$title2;
echo '<script type="text/javascript">window.location = "http://awdaw/awda/adwa.php" </script>';
}
}
echo '<div style="padding: 10px;">Login Failed: Password Incorrect</div>';
}
echo '<div style="padding: 10px;">User not found</div>';
}
?>
That is the code I am using to login with. I left out what was above it since it all works fine right now.
You have to give value to the options of your select tag
<select name="event">
<option value="value1"><?php echo $title?></option>
<option value="value2"><?php echo $title2?></option>
</select>
and have to update your php logic according to these value
if ($_POST['event'] == "value1") {
$event1=$title;
echo '<script type="text/javascript">window.location = "http://awda/adwa/awd1.php" </script>';
}
if ($_POST['event'] == "value2") {
$event2=$title2;
echo '<script type="text/javascript">window.location = "http://awdaw/awda/adwa.php" </script>';
}
I'm trying to update user profile with session. Suppose, the user profile page will update accordingly to the profile of the logged in user. Here's the sample code of user_profile.php:-
<?php
session_start();
ob_start();
include("../function/dbconnect.php");
include("header.php");
?>
<html>
<body>
<?php
if(isset($_SESSION['VALID_USER'])){
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$s=mysql_query("UPDATE tbl_staffs SET username='$username', password='$password' WHERE username='".mysql_real_escape_string($_SESSION["VALID_USER"])."'");
if ($s)
{ echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_profile.php';</script>"; }
else
{ echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_profile.php';</script>"; }
}
$query1=mysql_query("SELECT * FROM tbl_staffs WHERE username='".mysql_real_escape_string($_SESSION["VALID_USER"])."' AND user_levels = '".mysql_real_escape_string('1')."'");
$query2=mysql_fetch_array($query1);
?>
<form action="user_profile.php" method="POST">
<div>Your Profile</div>
<table border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<td><div>Username:</div></td>
<td><input type="text" name="username" value="<?php echo $query2['username']; ?>" /></td>
</tr>
<tr>
<td><div align="left" id="tb-name">Password:</div></td>
<td><input type="text" name="password" value="<?php echo $query2['password']; ?>" /></td>
</tr>
</table>
<input type="submit" name="submit" value="Update" />
</form>
<?php
// close while loop
}}
?>
<?php
// close connection;
mysql_close();
?>
</br>
</body>
</html>
The page returns blank. There are several other codes that I'm working on for the user_profile.php page too but, the results that I get are the same... I used below codes for admin to update user profile.
include('function/dbconnect.php');
if(isset($_GET['id']))
{
$id=$_GET['id'];
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$user_type = $_POST['user_type'];
$query3 = mysql_query("UPDATE tbl_staffs
SET username='$username', email='$email', password='$password', WHERE id='$id'");
if ($query3)
{ echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_list.php';</script>"; }
else
{ echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_list.php';</script>"; }
}
$query1=mysql_query("SELECT * FROM tbl_staffs WHERE id='$id'");
$query2=mysql_fetch_array($query1);
<form method="post">
<tr>
<td><b>Username:</b></td><td><input type="text" name="username" style="width:255px" value="<?php echo $query2['username']; ?>" /></td>
</tr>
<tr>
<td><b>Email:</b></td><td><input type="text" name="email" style="width:255px" value="<?php echo $query2['email']; ?>" /></td>
</tr>
<tr>
<td><b>Password:</b></td><td><input type="text" name="password" style="width:255px" value="<?php echo $query2['password']; ?>" /></td>
</tr>
<tr>
<td colspan="2" align="right">
<br />
<span title="Click to update the user details"><input type="submit" name="submit" value="Update" /></span>
</td>
</tr>
</table>
</form>
<?php
}
?>
Apparently, it works fine as it is. Though, when I tried to imply the codes for user so that they can update their own profile, the codes won't work. Where am I doing it wrong?
first check your session is exist or not and then replace ".mysql_real_escape_string($_SESSION["VALID_USER"])." in your query by a variable like
$VALID_USER=mysql_real_escape_string($_SESSION["VALID_USER"]);
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$s=mysql_query("UPDATE tbl_staffs SET username='$username', password='$password' WHERE username='$VALID_USER");
if ($s)
{ echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_profile.php';</script>"; }
else
{ echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_profile.php';</script>"; }
}
$query1=mysql_query("SELECT * FROM tbl_staffs WHERE username='$' AND user_levels = '".mysql_real_escape_string('1')."'");
$query2=mysql_fetch_array($query1);
hey i am new here any one can help me with this chunk of code in php and mysql
i know that this is a little mistake but i could not know where is the error and thank you.
this is the code :
//index.php
<html>
<head>
<title>Search for a user</title>
</head>
<body>
<h2> Search for a user below:</h2><br /><br />
<form action="profileprocess.php" method="get">
<table>
<tr>
<td>Username:</td><td><input type="text" id="username" name="username" /></td></tr>
<tr>
<td><input type="submit" name="submit" id="submit" value="View Profile" /></td>
</tr>
</table>
</form>
</body>
</html>
// profileprocess.php
<html>
<head>
<title><?php echo $username; ?> <?php echo $lastname; ?>s profile</title>
</head>
<body>
<?php
if(isset($_GET['username'])){
$username = $_GET['username'];
mysql_connect("localhost", "root", "") or die ("could not connect t the server");
mysql_select_db("users") or die("this database was not found");
$userquery = mysql_query("SELECT * FROM users WHERE username='$username'") or die("the query could be fale please try again");
if(mysql_num_rows($userquery) != 1){
die("that username could not be found!");
}
while($row = mysql_fetch_array($userquery, MYSQL_ASSOC)){
$firstname = $row['firstname'];
$lastname = $row['lastname'];
$email = $row['email'];
$dbusername = $row['username'];
$activated = $row['activated'];
$access = $row['access'];
}
if($username != $dbusername){
die ("there has been a fatal error please try again. ");
}
if($activated == 0){
$active = "this account has not been activated";
}else{
$active = "ths account has been activated";
}
if($access == 0){
$admin = "this user is not administrator";
}else{
$admin = "this user is an administrator";
}
?>
<h2><?php echo $username; ?> <?php echo $lastname; ?>s profile</h2>
<table>
<tr>
<td>firstname:</td><td><?php echo $firstname; ?></td>
</tr>
<tr>
<td>lastname:</td><td><?php echo $lastname; ?></td>
</tr>
<tr>
<td>email:</td><td><?php echo $email; ?></td>
</tr>
<tr>
<td>username:</td><td><?php echo $dbusername; ?></td>
</tr>
<tr>
<td>activated:</td><td><?php echo $active; ?></td>
</tr>
<tr>
<td>access:</td><td><?php echo $admin; ?></td>
</tr>
</table>
<?php
}else die("You need to specify a username!");
?>
</body>
</html>
//// any help????
I just run this code on my XAMPP server and it seems to work fine.
<html>
<head>
<title>Search for a user</title>
</head>
<body>
<h2> Search for a user below:</h2><br /><br />
<form action="" method="get">
<table>
<tr>
<td>Username:</td><td><input type="text" id="username" name="username" /></td></tr>
<tr>
<td><input type="submit" name="submit" id="submit" value="View Profile" /></td>
</tr>
</table>
</form>
</body>
</html>
<?php
if($_GET['username'] != ''){
echo $_GET['username'];
} else
die('doesnt work'); ?>
One problem i definitely see is that you have used echo at the start of the page and the query is not running. That is going to throw up errors.
Also, please tell us what the errors are, so that we can try and help you better.