I am new to php and mysql and am having problems understanding why a specific function to update a value within the databse isnt working.
I want to be able to change a "0" int to a "1" when the user clicks the link. (I am using the value 0 / 1 to track if the user account is active or not).
The link in question reads:
<?php
$user = query("SELECT * FROM users WHERE id = ?", $_SESSION["id"]);
//check to see if the user is active or not
if ($user [0]['active'] == 0)
{
printf("Your account is not currently active ");
printf('Click Me');
printf(" to reactivate");
}
//assuming they have logged in they will probably want to make themselves active
?>
When I click the link the console reports:
Uncaught ReferenceError: activate is not defined
I have defined activate in a separate functions.php file that is being loaded and has the correct permissions. (I am sure it is being loaded by the code above as when I define activate manually in the code above the I get an error telling me I cannot define 2 functions with the same name).
The functions.php section reads:
function activate()
{
require("../templates/activate_user.php");
exit;
}
Finally, the activate_user.php reads:
<?php
// configuration
require("../includes/config.php");
query("UPDATE users SET active = 1 WHERE id = ?", $_SESSION["id"]);
return false;
?>
I have searched and searched on how to fix this error, but I have not been able to fix the issue. I am guessing it might be related to scope of activate, but am not sure that is the right path.
Any help well received, this is my first venture into php/mysql so all points welcome.
Thanks;
Andy
The onclick="activate();" is Javascript code. The rest of your code is written in PHP. Both won't work together this way.
In the interest of keeping things simple I have solved the problem by calling the same page and defining the function within that page:
<?php
function activate()
{
require("../templates/activate_user.php");
exit;
}
//check to see if the user is active or not
if ($user [0]['active'] == 0)
{
printf("Your account is not currently active ");
printf('Click Me');
printf(" to reactivate");
//assuming they have logged in they will probably want to make themselves active
if(isset($_GET['action'])&& $_GET['action'] =='callfunction'){
activate();
}
}
?>
Not sure if its pretty or not, but it certainly works. Thanks for the help and comments (made searching much easier!)
Related
UPDATE: Not sure why the answer was removed. But i did receive a solution and for future views I am leaving the original code below. But to make this work we simply needed to change:
if (site_active == 0)
TO:
if ($row['site_active'] == 0)
We also removed the "else exit;" code so if the site was active the page would continue to load like normal. Thank you to whoever posted this answer. Not sure why you deleted it because it worked.
Original Question:
Ok, I am using MYSQL as a database and then php for my script. I am wanting to make a script that checks whether a user's site is "active" or "disabled" this code will be placed at the beginning of each webpage. If the users website is "active" then the website will continue to load normally. If the users website is "disabled" then the website will redirect to an error page that states so.
If my client does not pay the monthly hosting fee then I will set the site to "disabled" in the database and the site will not be accessible until the payment is made. which then I will return it to an "active" state and it will be accessible again. I have came up with the following code so far (I am new to php so if it's stupid don't judge please!) When this code is executed it redirects to the page I have set no matter what rather than displaying the regular site. Any help or suggestions to make this work would be greatly appreciated!
<?php
$con=mysqli_connect("CONNECTION INFO REMOVED FOR SECURITY REASONS");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM mypanda_clients
WHERE id='34'");
while($row = mysqli_fetch_array($result))
{
if (site_active == 0)
{
header('Location: http://www.green-panda.com/');
}
else
{
exit;
}
}
?>
<html>
<h2>Congratulations, your site is active!</h2>
</html>
Give this a try,
if ($row['site_active'] == 0)
{
.....
}
can someone please help, i am trying to get the column 'privellages' (i know its spelt wrong) to update in my table 'ptb_permissions' when a link is clicked.
basically i've done this before for loads of other things and its worked fine its just this not working for some reason.
users are notified in their inbox when a user sends a request to view their pictures. and the user will have two links one to approve or one to delete the request.
if they click approve then this should update the enum colum 'privellages' from 0 to 1.
this is not working. im not getting any errors im just not getting anything happening. please can someone show me where im going wrong thanks.
Yes this is ok
contents of approve_priv_pix.php;
<?php
require_once("session.php");
require_once("functions.php");
require('_config/connection.php');
approve_pix ($_GET['picture'], $_SESSION['user_id']);
header("Location: {$_SERVER['HTTP_REFERER']}");
?>
mysql function:
function approve_pix($picture, $user) {
global $connection;
global $_SESSION;
$query = "UPDATE ptb_permissions
SET privellages='1'
WHERE id=$picture
AND to_user_id=$user";
mysql_query($query, $connection);
}
$_GET['picture'] should be $_GET['pix']
Also double check your privellages column enum values.
Yes this is ok
Here you have pix as a key, but in approve_priv_pix.php you are taking picture id from $_GET['picture']. Suppose it should be replaced with $_GET['pix']
Also, not sure why do you have <?php echo $pix['user_id']; ?> in link code. Possibly it should be something like <?php echo $pix['picture_id']; ?>
Additionally, you code is opened to sql injections. Here:
$query = "UPDATE ptb_permissions
SET privellages='1'
WHERE id=$picture
AND to_user_id=$user";
Instead of that you should better do:
$query = "UPDATE ptb_permissions
SET privellages='1'
WHERE id=" .mysql_real_escape_string($picture) . "
AND to_user_id=" .mysql_real_escape_string($user);
More details about mysql_real_escape_string. Take a look at warning message on top of that page. mysql extension is deprecated and will be remove soon. For new projects you should better use PDO or MySQLi extensions.
Another note: global $_SESSION; is not needed at all. It is accessible form any place in PHP by default.
im not getting any errors im just not getting anything happening
To see all errors you should set error_reporting to E_ALL (in your ini file or directly in code). With this option enabled you would see all notices/warnings/errors.
I currently have a list of users in my mysql database. One of the columns is "type". I am trying to display certain data if type is equal to admin. If type is equal to anything else, it should just echo an error message.
Unfortunately, I have tried multiple methods but it just does not seem to be working out for me. Can anyone help me get this to work properly?
This is what I have, but obviously I am doing something wrong....
<?php
$usertype = $_SESSION['type'];
if ($usertype == "admin" ){
?>
admin stuff only goes here
<?
}
else
{
echo "not priveleged usertype";
}
?>
EDIT:
The following code works when displaying via username, however, I need content displayed by usertype, not the username.
<?php
if($_SESSION['user']['username'] == "oneoftheadminusernames" )
{
?>
Each page has to start with
<?php
#session_start();
?>
otherwise, php does not "see" the sessions contents. So that's probably it.
The # prevents the php error: A session has already been started... by the way.
Now, every page that uses the session must have this directive at the top.
At least, in a quick example, that reproduces your error perfectly.
If you are saving each logged in users type field in $_SESSION['type'] variable than the code you are writing is correct. Or if you are storing type in another variable than you that variable to check.
i have an idea like add a field EnableFlag in the table. if enablee flag is set to 1 consider it as a admin else as a User;
I'm just using the Magic Members plugin, and wondering if anyone has any experience checking permissions for an individual page. I'm looping through all of the child pages of one of the main pages, but different user levels will be able to view different child pages, so I need to be able to check and display that information based on whether the user has access to that particular child.
<?php
foreach($pages as $page):
if ($has_access):
?>
content for this child page prints out to the screen!
<?php
endif;
$i++;
endforeach;
?>
How can I programmatically find out whether the user has the proper permissions to view that page ($has_access either true or false)?
Thanks!
It's not too difficult, actually. I got the answer from their custom support. Here it is, in case you are looking:
//current user
$current_user = wp_get_current_user();
//get membership type
$mgm_member = mgm_get_member($current_user->ID);
//mgm_array_dump($mgm_member); //you can uncomment this to see all of the available data for the member
$membership_type=$mgm_member->membership_type;
//then you can check for a certain user type
if ($membership_type=='client'){
//do something incredible here!
}
//current user
$current_user = wp_get_current_user();
//get membership type
$mgm_member = mgm_get_member($current_user->ID);
//mgm_array_dump($mgm_member); //you can uncomment this to see all of the available data for the member
$membership_type=$mgm_member->membership_type;
//then you can check for a certain user type
if ($membership_type=='client'){
//do something incredible here!
}
This code will only see if they were a member at one time in the life of your site. If they are payed up active member is another story.
just add this code:
//get member status
$membership_status=$mgm_member->status;
//then you can check for a certain user type
if ($membership_status=='Active'){
//do something incredible here!
}
Here's a situation, i have a list of support tickets that when you click the title of the ticket takes you to a page that displays the ticket in more detail. If uses URL GET variables to query the database. I've taken SQL injection into account but what if someone modifies the url to an id that doesn't exist? whats the best way to deal with that?
Thanks,
Jonesy
If the ID does not exist, send a 404 - Not Found header along with a nice error page telling the user that it wasn't found.
You probably have to make a page handling unsuccessful searches anyway; just route it in there. Then you can help the user to find what (s)he searches in a consistent way, provide cues and "most-searched-after" and what not.
This may seem too simple, but you should always validate your GET (or POST) variable before doing anything with them. In your case, just verify that the ID exists in the database. If it doesn't, inform the user.
You should always check if your query returned anything. If it returned 0 rows, the ID doesn't exist.
<?php
$result = mysql_db_query("your query", $link);
$num_rows = mysql_num_rows($result);
if($num_rows < 1) {
// row with that id doesnt exist
// do whatever you want
} elseif($num_rows > 1) {
// you have problem with your ids in db
} else {
// everything went fine
// do your thing here
}
?>
Check if the ticket exists; if not, react accordingly. What "react accordingly" means is determined by your business logic: create a new ticket? raise an error? take the user to a list of available tickets?
An example using the old mysql extension for brevity:
$sanitized_numeric_id = (int) $_GET['ticket_id']; // assuming id is numeric
$query_resource = mysql_query('SELECT `somecolumn`, `column2`, `othercolumn`
FROM `tickets`
WHERE `id`= ' . $sanitized_numeric_id);
if (mysql_num_rows($query_resource) > 0) {
// the ticket exists, do something with it
} else {
// the ticket doesn't exist, react accordingly
}