if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$serv_id = $_POST['serv_id'];
$time = $_POST["time"];
$date = $_POST["date"];
if (!isset($_SESSION['id']))
{
echo "sorry you're not logged in.";
exit();
}
if(date('w', strtotime($date)) == 6 || date('w', strtotime($date)) == 0)
{
echo 'Event is on a weekend and cannot be booked.';
}
else
{
echo 'Thank for you booking with Claires hair and beauty';
$time = $time. ":00:00";
$result = mysqli_query($con, "SELECT time FROM tbl_booking WHERE time = '$time' AND date = '$date'") or trigger_error("Query Failed! SQL: $result - Error: ".mysqli_error($con), E_USER_ERROR);
}
if(mysqli_num_rows($result) == 0)
{
$sql = "INSERT INTO tbl_booking (tbl_mem_id, serv_id, date, time) VALUES ('{$_SESSION['id']}','$serv_id','$date','$time')";
mysqli_query($con, $sql) or die('Error: ' . mysqli_error($con));
location: 'dashboard.php';
}
else
{
echo("this time is already booked");
}
}
Essentially I'm trying to make it check if they're logged in by checking a session variable, then check if the date they have entered is a weekend and then if the date/time being entered is already taken as if it is it just needs to echo this time is already booked.
But what is happening is when the slot is already taken? It echos
Thank for you booking with Claires hair and beautythis time is already booked
Try This Code:
if(date('w', strtotime($date)) == 6 || date('w', strtotime($date)) == 0)
{
echo 'Event is on a weekend and cannot be booked.';
}
else
{
$time = $time. ":00:00";
$result = mysqli_query($con, "SELECT time FROM tbl_booking WHERE time = '$time' AND date = '$date'") or trigger_error("Query Failed! SQL: $result - Error: ".mysqli_error($con), E_USER_ERROR);
}
if(mysqli_num_rows($result) == 0)
{
$sql = "INSERT INTO tbl_booking (tbl_mem_id, serv_id, date, time) VALUES ('{$_SESSION['id']}','$serv_id','$date','$time')";
mysqli_query($con, $sql) or die('Error: ' . mysqli_error($con));
echo 'Thank for you booking with Claires hair and beauty';//this is right place
location: 'dashboard.php';// Don't know what you trying to do here
}
else
{
echo("this time is already booked");
}
If you want to redirect to another page in php use this:
header('Location: yourpage.php');
PHP Header Function
Related
I am trying to prevent a user from cancelling a booking if the booking is less than 2 days away. I tried doing this by getting the current date and the date of the booking, converting them both to strtotime and then checking if one value was greater than the other. However when I run my code though all it does is redirect to page which only displays the value of $diff
Here is my code
<?php
$customerRef = $_SESSION['customerRef'];
$messageCancelError;
$messageSuccess;
if (isset($_POST['Cancel']))
{
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$cancelAppointment = $_POST['cancel'];
//echo $cancelAppointment;
$sql4 = "SELECT dateOfBooking FROM booking WHERE bookingRef=? AND customerRef=?";
// initalise the prepared statement
$stmt4 = mysqli_stmt_init($conn);
// prepare the prepared statement
if (mysqli_stmt_prepare($stmt4, $sql4))
{
// bind values to the prepared statement
mysqli_stmt_bind_param($stmt4, "ss", $cancelAppointment, $customerRef);
// execute the prepared statement
mysqli_stmt_execute($stmt4);
// store the results of the prepared statement
mysqli_stmt_store_result($stmt4);
// bind the results of the prepared statement to variables
mysqli_stmt_bind_result($stmt4, $appointmentDate);
mysqli_stmt_fetch($stmt4);
//echo mysqli_stmt_error($stmt4);
//gets the current date in y-m-d format
$date = date('Y-m-d'); //gets the difference in todays date and the date of an appointment in seconds
$diff = abs(strtotime($date) - strtotime($appointmentDate)); echo $diff;
}
$stmt4->close();
}
$stmt4->close();
//172800 seconds in 2 days
if ($diff > 172800)
{
// checking for customer ref as well to prevent a user cancelling another users booking
$sql3 = "DELETE FROM booking WHERE bookingRef =? AND customerRef =?";
$stmt3 = mysqli_stmt_init($conn);
if (mysqli_stmt_prepare($stmt3, $sql3))
{
mysqli_stmt_bind_param($stmt3, "si", $cancelAppointment, $customerRef);
mysqli_stmt_execute($stmt3);
mysqli_stmt_store_result($stmt3);
// echo mysqli_stmt_error($stmt3);
}
if (mysqli_stmt_affected_rows($stmt3) === 1)
{
$messageSuccess = "Booking Cancelled";
}
else
{
$messageCancelError = "Couldn't cancel your booking, check your booking ref against existing ones ";
}
}
// Close statement
$stmt3->close();
// Close connection
// $conn->close();
}
I have tried changing it to this but the error is still happening
if ($diff > 172800) {
// checking for customer ref as well to prevent a user cancelling another users booking
$sql3 = "DELETE FROM booking WHERE bookingRef =? AND customerRef =?";
$stmt3 = mysqli_stmt_init($conn);
if (mysqli_stmt_prepare($stmt3, $sql3)) {
mysqli_stmt_bind_param($stmt3, "si", $cancelAppointment, $customerRef);
mysqli_stmt_execute($stmt3);
mysqli_stmt_store_result($stmt3);
// echo mysqli_stmt_error($stmt3);
if (mysqli_stmt_affected_rows($stmt3) === 1) {
$messageSuccess = "Booking Cancelled";
}//affected rows
}//stmt_prepare
}//$diff
else {
$messageCancelError = "Couldn't cancel your booking, check your booking ref against existing ones ";
}
Your if block needs to change.
Change:
//172800 seconds in 2 days
if ($diff > 172800)
{
...
if (mysqli_stmt_affected_rows($stmt3) === 1)
{
$messageSuccess = "Booking Cancelled";
}
else
{
$messageCancelError = "Couldn't cancel your booking, check your booking ref against existing ones ";
}
}
// Close statement
To:
//172800 seconds in 2 days
if ($diff > 172800)
{
...
if (mysqli_stmt_affected_rows($stmt3) === 1)
{
$messageSuccess = "Booking Cancelled";
}
}
else
{
$messageCancelError = "Couldn't cancel your booking, check your booking ref against existing ones ";
}
// Close statement
How can i limit the failed logins with this script? If the login fails, i insert it into the sql. (Is it the right way?)
But how can i check at the next login, that the user can now log in? I would take the login limit in 1 hour.
Aniway, is this code is good for that?
<?php
$loginError = array();
if(isset($_POST['login_submit']))
{
if(empty($_POST['email']) or !isset($_POST['email'])){$loginError[] = "Hiányzó email cím.";}
if(empty($_POST['pass']) or !isset($_POST['pass'])){$loginError[] = "Hiányzó jelszó.";}
if(strlen($_POST['email']) > 50 ){$loginError[] = "Hibás adat az email mezőben.";}
if(strlen($_POST['pass']) > 40 ){$loginError[] = "Hibás adat a jelszó mezőben.";}
if(count($loginError) == 0 )
{
$email = mysqli_real_escape_string($kapcs,$_POST['email']);
$pass = sha1($_POST['pass']);
$lekerdezes = mysqli_query($kapcs, "SELECT * FROM admin_user WHERE email = '$email'") or die(mysqli_error($kapcs));
if(mysqli_num_rows($lekerdezes) > 0 )
{
$adat = mysqli_fetch_assoc($lekerdezes);
if($adat['status'] == 1 )
{
if($adat['pass'] == $pass)
{
$_SESSION['adatok'] = $adat;
$_SESSION['email'] = $adat['email'];
$_SESSION['userid'] = $adat['id'];
header("Location:home.php");
}
else
{
$sql = "INSERT INTO loginattempts(log_address, log_datetime) VALUES ('".$_SERVER['REMOTE_ADDR']."', NOW())";
$insert_login_attempt = mysqli_query($kapcs, $sql) or die(mysqli_error($kapcs));
$loginError[] = "Hibás email cím vagy jelszó.";
}
}
else
{
$sql = "INSERT INTO loginattempts(log_address, log_datetime) VALUES ('".$_SERVER['REMOTE_ADDR']."', NOW())";
$insert_login_attempt = mysqli_query($kapcs, $sql) or die(mysqli_error($kapcs));
$loginError[] = "Még nincs aktiválva a fiók.";
}
}
else
{
$sql = "INSERT INTO loginattempts(log_address, log_datetime) VALUES ('".$_SERVER['REMOTE_ADDR']."', NOW())";
$insert_login_attempt = mysqli_query($kapcs, $sql) or die(mysqli_error($kapcs));
$loginError[] = "Hibás email cím vagy jelszó.";
}
}
}
?>
I would create a field in the database called status (blocked/ok) and assuming youve got a field timestamp for the last login...
Then Id connect to the database in case the login fails and save the status bloqued and the time stamp. the next attempt you would check the time.now vs last access...
I good suggestion would be create a function for the database connection so you can call it a couple of time without repeat the code, also dont forget use the try/except fot the db connection.
I have this weekly countdown process and if a login user reaches the 0 weeks limit his page will be banned from the site and that's fine, my problem is if i'm the admin i don't want this process to ban me.
On this platform i have user and admin privileges
like this: For admin: $user->isAdmin() and for the user : if($user->islg()
The Php process is this:
if($user->islg()) {
function get_weeks_remaining($date, $expire){
$difference = strtotime($expire) - strtotime($date);
return floor($difference / 604800);
}
$link = mysqli_connect("localhost", "user", "password", "table");
$nume = $user->data->username;
$id = $user->data->id;
$date = date('m/d/Y h:i:s a', time());
$expire_date = 'May 14, 2016';
$remain = get_weeks_remaining($date, $expire_date);
$reason = 'user has been suspended';
// weeks remaining
$save=mysql_query("INSERT INTO `week-ferify`(`id`,`date`,`name`,`expire`,`remain`)VALUES('$id','$date','$name','$expire_date','$remain')");
$sql = "SELECT `id`,`remain` FROM `week-ferify`";
if($result = mysqli_query($link, $sql)){
if(mysqli_num_rows($result) > 0){
while(list($id,$remain) = mysqli_fetch_array($result)){
if($remain > 0 and $remain < 2){
echo "<div class=\"week-remain-box\"><span class='week-remain-text'>week remain</span><p class='week-remain-remain'>$remain</p></div>";
}else{
echo "<div class=\"week-remain-box\"><span class='week-remain-text'>weeks remains</span><p class='week-remain-remain'>$remain</p></div>";
//Ban process
} if ($remain > 0 and $remain < 2) {
mysql_query("UPDATE `mls_users` SET banned=0 WHERE id=$id");
} else {
mysql_query("UPDATE `mls_users` SET banned=1 WHERE id=$id");
mysql_query("INSERT INTO `mls_banned`(`id`,`until`,`by`,`reason`)VALUES('$id','1462317824','1','$reason')");
}
}
mysqli_free_result($result);
}
}
}
I don't know where to put $user->isAdmin() for not being banned by the process and only simple users to get banned. Thanks for any advice, and sorry for my bad english.
Given that the $user->isAdmin() method returns true or false based on whether the user is an administrator:
Place an if statement before the actual ban code.
//Ban process
if ($remain > 0 and $remain < 2) {
mysql_query("UPDATE `mls_users` SET banned=0 WHERE id=$id");
} else {
if(!$user->isAdmin()){
mysql_query("UPDATE `mls_users` SET banned=1 WHERE id=$id");
mysql_query("INSERT INTO `mls_banned`(`id`,`until`,`by`,`reason`)VALUES('$id','1462317824','1','$reason')");
}
}
However, if you can safely assume that the default setting for banned is 0. I suggest you place wrap the condition over the entire "banning code"
//Ban process
if(!$user->isAdmin()){
if ($remain > 0 and $remain < 2) {
mysql_query("UPDATE `mls_users` SET banned=0 WHERE id=$id");
} else {
mysql_query("UPDATE `mls_users` SET banned=1 WHERE id=$id");
mysql_query("INSERT INTO `mls_banned`(`id`,`until`,`by`,`reason`)VALUES('$id','1462317824','1','$reason')");
}
}
And also you should probably modify the counter too.
I am using the following code to determine if a user is signed in or not, I have set the field 'first_sign_in' to 0 in the mysql table but I am still receiving the echo 'already signed in for the start of the day when actually it should return 'not signed in for the start of the day'
Could someone help me on where I am going wrong here.
$time = date('h:i:s', time());
$checkifstaffexists = mysql_query("SELECT user_id from staff WHERE pin = 3012");
if (!$checkifstaffexists) {
die('Failed.');
}
if (mysql_num_rows($checkifstaffexists) > 0) {
$checkfirstsignin = mysql_query("SELECT first_sign_in from staff WHERE pin = 3012");
if ($checkfirstsignin == 0) {
echo 'not signed in for start of day</br>';
$checksignintime = mysql_query("SELECT " . date("d") . " " . "_start from staff WHERE pin = 3012");
if($checksignintime > $time) {
echo 'user is late';
$addtolatetable = mysql_query("INSERT INTO lates (user_id, date_time) SELECT user_id, '2014-05-15 12:00:00' from staff WHERE pin = 3012");
//$signuserin = mysql_query(" ");
$changestatustoin = mysql_query("UPDATE staff SET status=1 WHERE pin = 3012");
//redirect
} else {
echo 'user is not late';
//$signuserin = mysql_query(" ")
$changestatustoin = mysql_query("UPDATE staff SET status=1 WHERE pin = 3012");
//redirect
}
} else {
echo 'already signed in for start of day</br>';
$checkifuserisinourout = mysql_query("SELECT status from staff WHERE pin = 3012");
if ($checkifuserisinourout == 0) {
echo 'user is not signed in so we will sign you in';
//$signuserin = mysql_query(" ");
$changestatustoin = mysql_query("UPDATE staff SET status=1 WHERE pin = 3012");
//redirect
} else {
echo 'user is signed in so we will sign you out';
//$signuserout = mysql_query(" ");
$changestatustoout = mysql_query("UPDATE `staff` SET status=0 WHERE pin = '3012'");
//redirect
}
}
} else {
//The user cannot be found
echo 'User doesn\'t exist.';
}
with the line
$checkfirstsignin = mysql_query("SELECT first_sign_in from staff WHERE pin = 3012");
you get back a resource that you have to use to fetch data, for example:
$row = mysql_fetch_assoc($checkfirstsignin);
and with this array ($row) you can work further.
Please check the manpage for mysql_query for further reading...
and since this will be posted all the time: mysql_* methods are deprecated, please use mysqli or pdo.
if ($checkfirstsignin == 0)
Will always equal true if the query succeeds even if there are no matching results.
You need to use mysql_fetch_row or mysql_fetch_array to do that.
while($row = mysql_fetch_assoc($checkfirstsignin)){
if($row['first_sign_in']==0){
//do something
}
}
Write this var_dump( $checkfirstsignin );
after this line $checkfirstsignin = mysql_query("SELECT first_sign_in from staff WHERE pin = 3012");
And you will see the returned result is an array, so it is always false on the next if check.
In my script I want to get the last send_time of the user that is logged in. If this send_time is at least a 10 minute time difference with the current time, he will be able to post something new, otherwise he will get an error message.
Though, when I try this, nobody will be able to post for at least 10 minutes since the last post someone made.
$email = $_SESSION['login'];
if ($link)
{
$check="SELECT TIMESTAMPDIFF(MINUTE, send_time, CURRENT_TIMESTAMP) AS 'diff' FROM bloopp WHERE email = '$email' ORDER BY bloopp_id DESC LIMIT 1" or die("Error " . mysqli_error($check));
$res = mysqli_query($link, $check) or die("Error " . mysqli_error($res));
$data = mysqli_fetch_array($res, MYSQLI_ASSOC);
if($data['diff'] <= "10")
{
echo "You posted not so long ago.";
}
else
{
$sql="INSERT INTO bloopp (bloopp, browser, medium, send_time, email) VALUES ('$bloopp', '$browser', 'desktop', NOW(), '$email')";
$result = mysqli_query($link, $sql);
if($result)
{
header('Location: index.php');
}
else
{
echo "Something has gone wrong. We’re sorry.";
}
}
}
else
{
echo "ERROR";
}