Administrator tools / updating other users details - php

I have implemented a functioning login and registration into a website template, but i am stuck on how to update other users details within the database using a form style basis?
For example is changing what group their in for the permissions, then a mod being able to give a 24 hour time out for chat/comments to standard users and so on.
Below is a very basic what i am talking about which iv done using the existing code just a different form, and its getting the username thats entered there that needs to be the 'id' for which row is edited?
I realise my code doesnt have what's needed but if anyone could point me in the right direction id much appreciate it.
<?php
require 'core/init.php';
include 'includes/overall/header.php';
if(!$user->hasPermission('admin')) {
Redirect::to ('index.php');
}
if(Input::exists()) {
if(Token::check(Input::get('token'))) {
$validate = new Validate();
$validation = $validate->check($_POST, array(
'username' => array(
'required' => true)
));
if($validation->passed()) {
try {
$user->update(array(
'grouptest' => Input::get('group')
));
} catch(Exception $e) {
die($e->getMessage());
}
Session::flash('home', 'Your Name has been updated succssfully!.');
Redirect::to('useraccount.php');
} else {
foreach($validate->errors() as $error) {
echo $error, '<br>';
}
}
}
}
?>
<form method="post" action="">
<label for="username">Change user:</label>
<input type="text" name="username" id="username" value=""/>
<label for="group"> to group:</label>
<select name="group" id="group">
<option value="1">Standard user</option>
<option value="2">Moderator</option>
<option value="3">Administrator</option>
</select>
<input type="submit" value="Update">
</form>


i sorted it thanks. here is the whole rewrite of the code just for this.
It is basic but made it on its own.
<?php
error_reporting(E_ALL);
require 'connect.php';
require 'security.php';
$records =array();
if(!empty($_POST)){
if(isset($_POST['username'], $_POST['perms'])){
$username = trim($_POST['username']);
$perms = trim($_POST['perms']);
if(!empty($username) && !empty($perms)){
$update = $db->query("UPDATE users2 SET perms = '$perms' WHERE username = '$username'");
if($update){
echo 'success';
header('location: updatedb.php');
die();
} else {
echo 'failed';
}
}
}
}
if($results = $db->query("SELECT * FROM users2")){
if($results->num_rows){
while($row = $results->fetch_object()){
$records[] = $row;
}
$results->free();
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>updatedb</title>
</head>
<div id="nav">
<ul>
<li>Add to DB Form</li>
<li>Give Admin to Admin</li>
<li>Update DB Form</li>
<li>Delete from DB form</li>
</ul>
</div>
<body>
<h3>update database</h3>
<?php
if(!count($records)){
echo 'no records';
}else{
?>
<table>
<thead>
<tr>
<th>Username</th>
<th>Permission level</th>
</tr>
</thead>
<tbody>
<?php
foreach ($records as $r){
?>
<tr>
<td><?php echo escape($r->username); ?></td>
<td><?php echo escape($r->perms); ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
<?php
}
?>
<hr>
<form method="post" action="">
<label for="username">Username:</label>
<input type="text" name="username" id="username" value=""/>
<label for="perms">Role:</label>
<select name="perms" id="perms">
<option value="1">Standard user</option>
<option value="2">Moderator</option>
<option value="3">Administrator</option>
</select>
<input type="submit" value="Update">
<input type="hidden" name="token" value="<?php echo Token::generate(); ?>">
</form>
</body>
</html>

Related

Where to put $_Session[variable] in the code

Im trying to save a variable in the $_Session[deptselect] and call it in a different page but confused to where to declare it. when i echo $_Session[deptselect] it gives blank.
I have already tried in multiple places like inside the form or below it but nothing seems to work. i want to send it from appointment to appointment2 but appointment2 seems to not get the variable.
I have already tried to use $_post[deptselect] to get the value in second page and i get it there but it disappears as soon as i press submit in the second page.
appointment.php
<?php
include("dbconnection.php");
session_start();
if(!isset($_SESSION['username'])) {
die("Please login");
}
$_SESSION['deptselect']=$_POST['deptselect'];
?>
<form class="" action="appointment2.php" method="post">
<fieldset>
<legend>Appointment</legend>
<label>Select Department</label>
<select class="" name="deptselect" required>
<option ></option>
<?php
$deptsql=mysqli_query($con,"select deptname,deptid from department where status='1'");
while ($row = mysqli_fetch_assoc($deptsql))
{
echo "<option id='deptselect' value='" . $row['deptid'] ."'>" . $row['deptname'] ."</option>";
}
?>
</select>
</fieldset>
<input type="submit" name="submit" value="Submit">
</form>
<?php
include("footer.php");
?>
appointment2.php
<?php
session_start();
if(!isset($_SESSION['username']))
{
include('footer.php');
die("Please login");
}
if(!empty($_POST)){
include("dbconnection.php");
$dept=$_SESSION['deptselect'];
echo $dept;
$daate=$_POST['date'];
$doc = $_POST['doc'];
$tiime=$_POST['time'];
$user=$_SESSION['username'];
$pd="SELECT * from patient where name='$user'";
$pid=mysqli_query($con,$pd);
while($row = mysqli_fetch_assoc($pid)){
$piid=$row['pid'];
}
$query="insert into appointment (deptid, docempid,pid,apptime,appdate) VALUES ('$dept','$doc','$piid','$tiime','$daate') " ;
//$res=mysqli_query($con,$query);
// echo "$query";
//echo "$dept";
}
?>
<body>
<form class="" action="appointment2.php" method="post">
<label>Select doctor</label>
<select class="" name="doc" >
<option ></option>
<?php
$dee=$_POST['deptselect'];
$_SESSION['id']=$dee;
$sql="SELECT * FROM doctor where deptid='$dee'";
$docsql= mysqli_query($con,$sql);
while ($row = mysqli_fetch_assoc($docsql))
{
echo "<option value='" . $row['docempid'] ."'>" . $row['name'] ."</option>";
}
?>
</select>
<br><br><br>
<label>Enter Time</label>
<input type="time" name="time" placeholder="enter time" >
<br><br><br>
<label>Enter date</label>
<input type="date" name="date" placeholder="enter date" >
<br> <br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
<?php include("footer.php");
?>
I want the $_session[deptselect] in appointment2.php so i can run the command the insert, i have zero knowledge of js so doing the dependent list thing is not possible. TIA

In the beginning of the first script you have:
if(!isset($_SESSION['username'])) {
die("Please login");
}
And in the beginning of the second:
if(!isset($_SESSION['username']))
{
include('footer.php');
die("Please login");
}
Both stop immediately, if $_SESSION['username'] is not set.
So how should $_SESSION['username'] ever be set, if your body code is never executed?

For loop inserts only 1 MySQL record

I have been working on a form that allows entering a menu item for a cafe establishment, alongside its ingredients (arrays of data). Unfortunately, a problem came up as it only executes 1 query even though 2 or more ingredients were entered in the form (dynamic, jQuery).
Here is the PHP code:
<?php
include("session.php");
if (isset($_POST['submit'])) {
$productname = $_POST['product_name'];
$categoryID = $_POST['categoryID'];
$price = $_POST['srp'];
// ingredients
$ingredients = $_POST['ingredients'];
$qty = $_POST['qty'];
$measure = $_POST['measure'];
if (!empty($productname) && !empty($categoryID) && !empty($price) && !empty($ingredients) && !empty($qty) && !empty($measure)) {
for ($i=0; $i < count($ingredients); $i++) {
if ($ingredients[$i] != "" && $qty[$i] != "" && $measure[$i] != "") {
mysqli_query($db, "insert into individual_ingredients values ('', '$productname', '{$ingredients[$i]}', '{$qty[$i]}', '{$measure[$i]}')");
}
}
mysqli_query($db, "insert into end_products values ('', '$productname', '$price', '', '$categoryID')");
mysqli_query($db, "insert into audit_trail values ('', now(), '{$_SESSION['login_user']}', 'New end product added')");
header("location: end_products.php");
} else {
echo '<font color="red">'."Incomplete data entered".'</font>';
}
}
?>
And here is the HTML form and JQuery:
<html>
<head>
<title><?php echo $login_session; ?> | New End Product Record</title>
<link rel="stylesheet" href="css/main.css" type="text/css">
<link href="https://fonts.googleapis.com/css?family=Roboto" rel="stylesheet">
<!-- jQuery library -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<!-- Bootstrap js library -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
//add more fields group
$(".addMore").click(function(){
var fieldHTML = '<div class="form-group fieldGroup">'+$(".fieldGroupCopy").html()+'</div>';
$('body').find('.fieldGroup:last').after(fieldHTML);
});
//remove fields group
$("body").on("click",".remove",function(){
$(this).parents(".fieldGroup").remove();
});
});
</script>
</head>
<body>
HTML form:
<table style="margin: 5% -1% 0 -10%; font-size: 0.9em">
<tr>
<form action="new_end_product_record.php" method="post">
<td>Name</td>
<td><input type="text" name="product_name"></td>
<td>Raw Material/s Used</td>
<td>
<div class="fieldGroup">
<select name="ingredients[]">
<option value="">Ingredient</option>
<?php
$items_sql = "select name from raw_materials where status='Active'";
$get_items = mysqli_query($db, $items_sql);
while ($option = mysqli_fetch_assoc($get_items)) { ?>
<option value="<?php echo $option['name']; ?>"><?php echo $option['name']; ?></option>
<?php } ?>
</select>
<input type="text" name="qty[]" placeholder="Quantity" style="width:60px">
<select name="measure[]">
<option value="">Measure Unit</option>
<?php
$get_units = "select * from raw_material_measures";
$units = mysqli_query($db, $get_units);
while ($unit = mysqli_fetch_assoc($units)) {
?>
<option value="<?php echo $unit['full_name']; ?>"><?php echo $unit['full_name']; ?></option>
<?php } ?>
</select>
ADD
<br /><br />
</div>
<!-- second set -->
<div class="fieldGroupCopy" style="display: none;">
<div class="input-group">
<select name="ingredients[]">
<option value="">Ingredient</option>
<?php
$items_sql = "select name from raw_materials where status='Active'";
$get_items = mysqli_query($db, $items_sql);
while ($option = mysqli_fetch_assoc($get_items)) { ?>
<option value="<?php echo $option['name']; ?>"><?php echo $option['name']; ?></option>
<?php } ?>
</select>
<input type="text" name="qty[]" placeholder="Quantity" style="width:60px">
<select name="measure[]">
<option value="">Measure Unit</option>
<?php
$get_units = "select * from raw_material_measures";
$units = mysqli_query($db, $get_units);
while ($unit = mysqli_fetch_assoc($units)) {
?>
<option value="<?php echo $unit['full_name']; ?>"><?php echo $unit['full_name']; ?></option>
<?php } ?>
</select>
REMOVE
<br /><br />
</div>
</div>
</td>
</tr>
<tr>
<td>SRP</td>
<td><input type="text" name="srp"></td>
</tr>
<tr>
<td>Category</td>
<td>
<select name="categoryID">
<option value="">Select category...</option>
<!--list all categories in the database-->
<?php
$cat_query = "select category_ID, name from end_products_categories";
$get_cats = mysqli_query($db, $cat_query);
while ($option = mysqli_fetch_assoc($get_cats)) { ?>
<option value="<?php echo $option['category_ID']; ?>"><?php echo $option['name']?></option>
<?php } ?>
</select>
</td>
<!-- <td>Expiration</td>
<td><input type="date"></input></td> -->
</tr>
</table><br>
<input type="submit" class="button" name="submit" value="ADD RECORD">
<input type="reset" value="ERASE ALL">
</div></form>
</div>
</body>
</html>
Is there a problem with the loop or with the HTML form that prevents the second to the last set of values from being inserted? Any help would be appreciated.

How to get information from an already populated form

I am trying to update a database record using a submit button, however the form that information is being taken from has itself been populated by another submit button.
The PHP is below:
if (isset($_POST['edit']))
{
$editUser = User::locate($_POST['userSelect']);
$setCompany = Company::findCompany();
$exCompanyId = $editUser->user_company_id;
$isAdmin = $editUser->user_admin;
$eUserFirstname = $editUser->user_firstname;
$eUserLastname = $editUser->user_lastname;
$eUserUsername = $editUser->user_username;
$eUserEmail = $editUser->user_email;
$eUserCompany = $editUser->user_company;
$adminArray = array("Yes","No");
if ($exCompanyId > NULL)
{
$exCompany = Company::locateId($exCompanyId);
$companyValue = $exCompany->company_name;
}
else
{
$companyValue = "";
}
if ($isAdmin > 0)
{
$userAdmin = $adminArray[0];
}
else
{
$userAdmin = $adminArray[1];
}
}
if (isset($_POST['confirm']))
{
$updateUserRecord = User::locate($eUserUsername);
$newCompanyValue = $_POST['setCompany'];
$isAdmin = $_POST['userAdmin'];
$newCompany = Company::locate($newCompanyValue);
$companyId = $newCompany->company_id;
$updateUserRecord->user_company_id = $companyId;
$updateUserRecord->user_admin = $isAdmin;
$editUser->updateUserAdmin();
$message = "You have successfully updated the user account";
echo "<script type='text/javascript'>alert('$message');</script>";
}
The HTML code is below:
<form action="" method="post">
<p>
<label>First Name:</label>
<label><?php echo $eUserFirstname ?></label>
</p>
<p>
<label>Last Name:</label>
<label><?php echo $eUserLastname ?></label>
</p>
<p>
<label>Username:</label>
<label><?php echo $eUserUsername ?></label>
</p>
<p>
<label>Email Address:</label>
<label><?php echo $eUserEmail ?></label>
</p>
<p>
<label>User Company:</label>
<label><?php echo $eUserCompany ?></label>
</p>
<p>
<label>Set Company:</label>
<select name="setCompany">
<option><?php echo $companyValue ?></option>
<?php
foreach ($setCompany as $srow)
{
?>
<option id="<?=
$srow->company_id
?>">
<?=
$srow->company_name
?>
</option>
<?php
}
?>
</select>
</p>
<p>
<label>Administrator:</label>
<select name="userAdmin">
<option><?php echo $userAdmin ?></option>
<?php
foreach ($adminArray as $arow)
{
?>
<option>
<?=
$arow
?>
</option>
<?php
}
?>
</select>
</p>
<input type="submit" name="cancel" value="Cancel">
<input type="submit" name="confirm" value="Confirm">
</br>
</form>
From my investigations so far the variables aren't transferring to the 2nd if statement, and I'm not sure how to make them available to it.

Store the first form's submission in hidden input fields alongside your echo statements. For example: <input type="hidden" name="field_name" value="<?php echo htmlspecialchars($field); ?>">
Or, alternatively, update the DB after first form posts.

need help on coding for search using area, file no, applicant and application status

i have an application in office used for registration of project application. it was developed using code igniter framework for MVC. The application can be used to search file based on the area and application status only. However there are 4 search item which is area, file no., applicants, and application status. Now i want to do search using area and file no. or applicant name. below is the existing codes:
MODEL CODES
> public function hasilCarianPermohonan()
{
$mukim_id = $_POST['mukim_id'];
$no_fail = $_POST['no_fail'];
$pemohon = $_POST['pemohon'];
$status = $_POST['status'];
if($pemohon == NULL)
{
$pemohon = "%";
} else if($no_fail == NULL)
{
$no_fail = "%";
}
$query = $this->db->query("SELECT * FROM permohonan pr INNER JOIN
status_permohonan st ON pr.no_fail = st.no_fail WHERE pr.mukim_id LIKE '$mukim_id' AND st.status LIKE '$status' AND (pr.no_fail LIKE '$no_fail' OR pr.pemohon LIKE '$pemohon') ORDER BY pr.app_id ASC");
if($query->num_rows() > 0)
{
return $query->result();
} else {
return false;
}
CONTROLLER CODES
public function carian()
{
/*
This function is used to allow the user to search the database record for any one of the matching criteria
of the application including the mukim, file holding person, status and etc.
*/
$data['mukim_id'] = 0; // default selectbox index
$data['status'] = "0"; // default selectbox status
$data['isResult'] = false;
$this->load->view('view-carian',$data);
}
public function hasilcarian()
{
/*
Render a record found view for the carian function.
*/
$data['mukim_id'] = $_POST['mukim_id']; /*'mukim_id is area */
$data['status'] = $_POST['status']; /*'status is application status. i want to add 'no_fail' (file no.) and 'pemohon'(applicant) so i can search file using these from database */
$data['isResult'] = true;
$data['list'] = $this->modelpermohonan->hasilCarianPermohonan();
if($data['list'] == false)
{
$data['isResult'] = false;
$this->session->set_flashdata('mesej', '<span class="label label-info">Tiada rekod yang sepadan dijumpai!</span> ');
}
$this->load->view('view-carian',$data);
}
VIEW CODES
<?php echo $this->navigasi->top(); ?>
<div class="container">
<br>
<h4 style="margin:0 auto;width:650px;color:white;">Carian Permohonan</h4>
<br>
<form class="form-horizontal the-form" action="<?php echo base_url(); ?>permohonan/hasilcarian/" method="post">
<div class="control-group">
<label class="control-label">Mukim:</label>
<div class="controls">
<select name="mukim_id" class="span3" id="mukim_id">
<option value="%" <?php if($mukim_id == 0) { echo "selected"; } ?>>-- Semua Mukim --</option>
<option value="1" <?php if($mukim_id == 1) { echo "selected"; } ?>>Hulu Langat</option>
<option value="2" <?php if($mukim_id == 2) { echo "selected"; } ?> >Kajang</option>
<option value="3" <?php if($mukim_id == 3) { echo "selected"; } ?>>Cheras</option>
<option value="4" <?php if($mukim_id == 4) { echo "selected"; } ?>>Beranang</option>
<option value="5" <?php if($mukim_id == 5) { echo "selected"; } ?>>Semenyih</option>
<option value="6" <?php if($mukim_id == 6) { echo "selected"; } ?>>Hulu Semenyih</option>
</select>
</div>
</div>
<div class="control-group">
<label class="control-label">No. Fail Jabatan:</label>
<div class="controls">
<input name="no_fail" type="text" class="input-xlarge" placeholder="No. Fail Jabatan" id="no_fail">
</div>
</div>
<div class="control-group">
<label class="control-label">Nama Pemohon:</label>
<div class="controls">
<input name="pemohon" type="text" class="input-xlarge" placeholder="Nama Pemohon" id="pemohon">
</div>
</div>
<div class="control-group">
<label class="control-label">Status:</label>
<div class="controls">
<select name="status" class="span3" id="status">
<option value="%" <?php if($status == 0) { echo "selected"; } ?>>-- Semua Status --</option>
<option value="Dalam Proses" <?php if($status == "Dalam Proses") { echo "selected"; } ?>>Dalam Proses</option>
<option value="Lulus" <?php if($status == "Lulus") { echo "selected"; } ?>>Lulus</option>
<option value="Tangguh" <?php if($status == "Tangguh") { echo "selected"; } ?>>Tangguh</option>
<option value="Tolak" <?php if($status == "Tolak") { echo "selected"; } ?>>Tolak</option>
</select>
</div>
</div>
<div class="control-group">
<label class="control-label"></label>
<div class="controls">
<button class="btn btn-primary" type="submit"><i class="icon-white icon-ok"></i> Cari Rekod</button>
</div>
</div>
</form>
<br><br>
<!-- Keputusan Carian !-->
<center><?php echo $this->session->flashdata('mesej'); ?></center>
<?php if($isResult == true) { ?>
<table class="table table-bordered" style="background:#fff;">
<thead>
<tr>
<th>Bil.</th>
<th>No. Fail</th>
<th>Pemohon</th>
<th>Alamat Premis</th>
<th>Status</th>
</tr>
</thead>
<tbody>
<?php $i = 1; foreach($list as $a) { ?>
<tr>
<td><?php echo $i; ?>.</td>
<td><?php echo $a->no_fail; ?></td>
<td><?php echo $a->pemohon; ?></td>
<td><?php echo $a->alamat_premis; ?></td>
<td><?php echo $a->status; ?></td>
</tr>
<?php $i++; } ?>
</tbody>
</table>
<?php } ?>
<!-- Keputusan Carian !-->
</div> <!-- /container -->

I think the MVC framework id made so that that your code is flexbile enough for a big app.
You have to write another model and another controller that generates a list for your view. That is the idea.

How to load a view in codeigniter where multiple forms are used

This is my view:
<form action="HomeController.php" method="post">
Available Batches:<select name="batch">
<?php mysql_connect('localhost','root','');
mysql_select_db('login');
$sql = "SELECT b_id FROM batch where type='C#'and seats_left!=0";
$result= mysql_query($sql);
while ($row = mysql_fetch_array($result)){
?>
<option value="" ><?php echo $row["b_id"];?></option>
<?php
}
?>
</select><br>
<input type="submit" name="new" value="new"><br>
</form>
<?php echo form_open('HomeController/Enteringdata') ?>
Enter batch id:<input type="text" name="b"><br>
<input type="submit" name="enter" value="enter"><br>
This is my controller:
public function Enteringdata() {
if($this->input->post('enter')=="enter"){
$b= $this->input->post('b');
$this->load->Model('LoginModel');
$seats=$this->LoginModel->batch($b);
$seats--;
$this->LoginModel->ins($seats,$b);
}
elseif($this->input->post('new')=="new")
{
$this->load->view('batchc');
}
}

Categories