Here is the code which I am trying to block a user from my website. I am using MySQL database and I insert a Banned column in my user table and set their value 1 by default so tell me what I have to do. Table name of this section in MySQL database is Lectures So please help me as soon as possible.
<?php
session_start();
include("header.php");
include("conection.php");
//echo "lec name".$_SESSION["lecname"];
?>
<?php
if($banned == "1")
{
header("Location:lectureaccount.php");
}
else
{
header("Location:banned.php");
}?>
<?php
//if(isset($_SESSION["userid"]))
{
$lec_id = $_SESSION["userid"];
?>
you are doing good.
I am assuming you need to know what your SQL should be to get user data from the database.
<?php
session_start();
include("header.php");
include("conection.php");
//echo "lec name".$_SESSION["lecname"];
if(isset($_SESSION["userid"]))
{
$user_id = $_SESSION["userid"];
$con=mysqli_connect("example.com","username","password","database_name");
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT banned FROM Lectures where user_id = ".$user_id);
while($row = mysqli_fetch_array($result)){
$banned= $row['banned'];
}
mysqli_close($con);
if($banned == "1"){
header("Location:lectureaccount.php");
}
else{
header("Location:banned.php");
}
}
?>
<?php
//if(isset($_SESSION["userid"]))
{
$lec_id = $_SESSION["userid"];
Related
I'm trying to use if statement by comparing $resultsub (pass by sql) and $_id (session). I have tried to use <> and == . It seem doesn't work. I think it have some error on my if statement. Please help me to correct my php code.
This is the code.
<?php
include 'db_connect.php';
session_start();
$_id = $_SESSION['staff_id'];
if(isset($_POST['submit']))
{
$sub_code = $_POST['sub_code'];
$doc_name = $_POST['doc_name'];
$checksub = "SELECT staff_id FROM subject WHERE sub_code='$sub_code' ";
$resultsub = mysqli_query( $link,$checksub) or die("Query failed");
if ($resultsub == $_id)
{
if((IsChecked('tick','delete')) && (IsChecked('tick','add')))
{
//some other code
}
}
else
echo "you cannot upload file. Only coordinator for every subject only can upload file." ;
}
?>
It does not show any error. But it does not check my if statement and jump to else.
try starting your session just after the php open tag like following
<?php
session_start();
include 'db_connect.php';
and the second thing is that you need to fetch the required field from your variable $result_sub by using the function mysqli_fetch_array() try this code.
<?php
session_start();
include 'db_connect.php';
$_id = $_SESSION['staff_id'];
if(isset($_POST['submit']))
{
$sub_code = $_POST['sub_code'];
$doc_name = $_POST['doc_name'];
$checksub = "SELECT staff_id FROM subject WHERE sub_code='$sub_code' ";
$resultsub = mysqli_query( $link,$checksub) or die("Query failed");
$row=mysqli_fetch_array($resultsub,MYSQLI_ASSOC);
if ($row['nameOfYourIdField'] == $_id)
{
if((IsChecked('tick','delete')) && (IsChecked('tick','add')))
{
//some other code
}
}
else
echo "you cannot upload file. Only coordinator for every subject only can upload file." ;
}
?>
I'm doing project and i want to update user profile using php mysql when i click
on update button it show that there are error in line 17. please help to find the error.
<?php
session_start();
if(!isset($_SESSION["n"]))
{
header("location:error.php");
}
if(isset($_POST["s"]))
{
$name=$_POST["nm"];
$lname=$_POST["lnm"];
$address=$_POST["ad"];
$u=$_SESSION["un"];
$query = "SELECT * FROM signup";
$result=mysqli_query($result,$query) or die(mysqli_connect_error());
$i=0;
while($row=mysqli_fetch_array($result))
{
$roll[$i]=$row['rollno'];
$i++;
}
$total_elmt=count($roll);
require_once("vars.php");
$conn=mysqli_connect(host,uname,pass,db) or die(mysqli_connect_error());
$query="update signup set name='$nm',lname='$lnm',address='$ad' where user_id='$value'";
$execute=mysqli_query($conn,$query);$r=mysql_affected_rows();
mysqli_close($conn);
$msg="Your information is submitted successfully";
}
?>
you need to open the database first to run the select query.
move this line to the top:
$conn=mysqli_connect(host,uname,pass,db) or die(mysqli_connect_error());
you are using mysqli_query function wrong. it should be
$result=mysqli_query($conn,$query) or die(mysqli_connect_error());
Now i have updated your code
<?php
session_start();
if(!isset($_SESSION["n"]))
{
header("location:error.php");
}
if(isset($_POST["s"]))
{
$name = $_POST["nm"];
$lname = $_POST["lnm"];
$address = $_POST["ad"];
$u = $_SESSION["un"];
$conn = mysqli_connect(host,uname,pass,db) or die(mysqli_connect_error());
$query = "SELECT * FROM signup";
$result = mysqli_query($conn, $query);
$i=0;
while($row=mysqli_fetch_array($result))
{
$roll[$i]=$row['rollno'];
$i++;
}
$total_elmt=count($roll);
require_once("vars.php");
$query="update signup set name='$nm',lname='$lnm',address='$ad' where user_id='$value'";
$execute=mysqli_query($conn,$query);
$r=mysql_affected_rows();
mysqli_close($conn);
$msg="Your information is submitted successfully";
}
?>
This is my PHP code page
<?php
session_start();
//include database connection
include_once("dbconn.php");
//afetr click the submit button the below code will be impelemnted
if(isset($_POST['id'])){
$id=$_POST['id'];
$Type=$_POST['Type'];
$Avalibility=$_POST['Avalibility'];
# insert data into MySQL database
$sql1 =" update $Type set Reserve=1 where APP_ID=$id ";
$sql2="INSERT INTO appointment_summary
SELECT Fname,Dep_Name,".$_SESSION['login_user'] .",D_ID,Hospital_Name,Hospital_Type,'".$_SESSION['Reason']."',APP_ID,Avalibility
FROM $Type
where APP_ID=$id";
$sql3="select * from appointment_summary where P_ID=".$_SESSION['login_user'] ." and Availability ='$Avalibility' ";
$result=$conn->query($sql3);
if ($result->num_rows != 1) {
$conn->query($sql2);
$conn->query($sql1);
echo "<script>
alert('Your appointment has been succssfuly add');
window.location.href='CheckAppoinmnets.php';
</script>";
} else {
$Invalid="<p style=\"color:red;\"> You alrredy have an appointment in this time</p>";
$_SESSION['Invalid']=$Invalid;
}
}
//enter code here
$conn->close();
This code which I used in HTML page
<?php
if(isset($_POST['id'])){
echo $_SESSION['Invalid'];
}
?>
try the following code
<?php
session_start();
if(isset($_REQUEST['id'])){
echo isset($_SESSION['Invalid'])?$_SESSION['Invalid']:'';
}
?>
it should print if you have value in ID and also in SESSION
Hello, I've been stumped by the PHP code I've written. I've stared at this for hours with no success, please help find any errors I've apparently gone over.
What I want this script to do is from a html form page, to query a database table ('users') to make sure their password and username are correct, then in a separate table ('tokens') insert a random token (the method I used before, it works) into the 'tk' column, and the users general auth. code pulled from the 'users' table into the 'gauth' colum, in the 'tokens' table.
The reason for the additional general auth is so I can pull their username and display it on all the pages I plan on "securing"
Sorry if I'm confusing, this is the best I can refine it. Also, I'm not that good at formatting :). I'm going to add some html later, that's why the tags are there.
MySQL Tables:
Users Example:
cols: username | password | email | classcode | tcode | genralauth |
hello | world | hello.world#gmail.com | 374568536 | somthin | 8945784953 |
Tokens Example:
cols: gauth | tk |
3946893485 |wr8ugj5ne24utb|
PHP:
<html>
<?php
session_start();
error_reporting(0);
$servername = "localhost";
$username = "-------";
$password = "-------";
$db = "vws";
?>
<?php
// Create connection
$conn = new mysqli($servername, $username, $password, $db);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>
<?php
$sql1 = "SELECT username FROM users";
$data1 = $conn->query($sql1);
if ($conn->query($sql1) === TRUE) {
echo "";
}
?>
<?php
$sql2 = "SELECT password FROM 'users'";
$data2 = $conn->query($sql2);
if ($conn->query($sql2) === TRUE) {
echo "";
}
?>
<?php
$bytes = openssl_random_pseudo_bytes(3);
$hex = bin2hex($bytes);
?>
<?php
if($_POST['pss'] == $data2 and $_POST['uname'] == $data1) {
$correct = TRUE;
}
else {
$correct = FALSE;
}
?>
<?php
if ($correct === TRUE) {
$sql3 = "SELECT generalauth FROM users WHERE password='".$_POST['pss']."'";
$result3 = $conn->query($sql3);
}
?>
<?php
if ($correct === TRUE) {
$sql4 = "INSERT INTO tokens (tk,gauth) VALUES (".$hex."' , '".$result3."')";
if ($conn->query($sql4) === TRUE) {
echo "New token genrated.";
} else {
echo "Error: " . $conn->error;
}
}
?>
<?php
if ($correct === TRUE) { ?>
<p>Succesfuly loged in!</p><br/>
<button>Continue</button><br/>
<?php
}
elseif ($correct === FALSE) { ?>
<p>Incorrect, please try again.</p><br/>
<button>Back</button><br/>
<?php
}
?>
<?php
if ($correct === TRUE) {
$_SESSION['auth'] = $hex;
$_SESSION['logstat'] = TRUE;
}
?>
<?php
if ($correct === FALSE) {
$_SESSION['logstat'] = FALSE;
}
$conn->close();
?>
This is the PHP I'm going to use on most pages for token auth, howver it dosn't actually check the database 'tokens', also I need a way to display signed in users username using the general auth.
PHP:
<html>
<h1 class="title">Virtual Work Sheets!</h1>
<p class="h_option">[Log In / Register]</p><hr/>
<div class="body">
<?php
session_start();
error_reporting(0);
$servername = "localhost";
$username = "root20";
$password = "jjewett38";
$db = "vws";
?>
<?php
// Create connection
$conn = new mysqli($servername, $username, $password, $db);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>
<?php
$sql = "SELECT tk FROM tokens";
$data = $conn->query($sql);
?>
<?php
if (!$_GET['tk'] == $data) {
echo "
<p>Invalid token, please consider re-logging.</p>
";
}
else {
?>
<?php
switch ($_GET['view']) {
case teacher:
?>
Teacher page html here...
<?php
break;
case student:
?>
Student page html here...
<?php
break;
default:
echo "Please login to view this page.";
}
}?>
</html>
I suggest that you change your approach.
Although at first glance these example files looks like a lot, once you study them you'll see it's really much more simple and logical approach than the direction you are now headed.
First, move the db connect / login stuff into a separate file, and require or include that file at top of each PHP page:
INIT.PHP
// Create connection
$conn = new mysqli($servername, $username, $password, $db);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//Might as well also load your functions page here, so they are always available
require_once('fn/functions.php');
?>
Now, see how we use it on the Index (and Restricted) pages?
INDEX.PHP
<?php
require_once('inc/head.inc.php');
require_once('fn/init.php');
?>
<body>
<!-- Examples need jQuery, so load that... -->
<script src="https://code.jquery.com/jquery-1.11.3.js"></script>
<!-- and our own file we will create next... -->
<script type="text/javascript" src="js/index.js"></script>
<div id="pageWrap">
<div id="loginDIV">
LoginID: <input type="text" id="liID" /><br>
LoginPW: <input type="password" id="liPW" /><br>
<input type="button" id="myButt" value="Login" />
</div>
</div>
JS/INDEX.JS
$(function(){
$('#myButt').click(function(){
var id = $('#liID').val();
var pw = $('#liPW').val();
$.ajax({
type: 'post',
url: 'ajax/login.php',
data: 'id=' +id+ '&pw=' +pw,
success: function(d){
if (d.length) alert(d);
if (d==1) {
window.location.href = 'restricted_page.php';
}else{
$('#liID').val('');
$('#liPW').val('');
alert('Please try logging in again');
}
}
});
});//END myButt.click
}); //END document.ready
AJAX/LOGIN.PHP
<?php
$id = $_POST['id'];
$pw = $_POST['pw'];
//Verify from database that ID and PW are okay
//Note that you also should sanitize the data received from user
if ( id and password authenticate ){
//Use database lookups ot get this data: $un = `username`
//Use PHP sessions to set global variable values
$_SESSION['username'] = $un;
echo 1;
}else{
echo 'FAIL';
}
RESTRICTED_PAGE.PHP
<?php
if (!isset($_SESSION['username']) ){
header('Location: ' .'index.php');
}
require_once('inc/head.inc.php');
require_once('fn/init.php');
?>
<body>
<h1>Welcome to the Admin Page, <?php echo $_SESSION['username']; ?>
<!-- AND here go all teh restricted things you need a login to do. -->
More about AJAX - study the simple examples
I want to insert a data into a mysql database, but I need to put some constrains over that insertion. And my code is not working for me.
Basically I have selected "departments" from the mysql db using html select tag and show that in dropdown. And now I want to insert subject and subject code in front of that row which is selected in the drop down. But the problem is my code is not working and show me error please help and checkout code.
This is code for inserting data from mysql database. It work's fine.
<code>
<select class="form-control" name="department">
<?php
$host="localhost";
$username = 'root';
$password = "";
$con = mysql_connect($host,$username,$password);
mysql_select_db('sims',$con);
// Checking connection
if (!$con){
echo ("Failed to connect to MySQL:. " .mysql_error($con));
}
else {
echo("db connect");
}
$result = mysql_query("SELECT * from `sims-reg-department`");
if($result == FALSE) {
die(mysql_error()); // TODO: better error handling
}
while($row=mysql_fetch_array($result)){
?>
<option value="<?php '.row[dept-id];'?>"><?php echo $row["dept-name"];?></option>
<?php }
?>
</select>
</code>
This section is showing me errors:
<code>
<?php
if(isset($_POST['submit'])){
$dptname = $_POST["department"] or
$coursename = $_POST["course-name"] and
$coursecode = $_POST["course-code"];
if($coursename=="" or $coursecode=="" )
{
echo "Please fill all the fields before hit submitting button";
return true;
}
else
{
$q = "INSERT INTO `sims-reg-department`(`course-name`,`course-code`)VALUES ('$coursename','$coursecode') where '$dptname' LIKE `dept-name`";
}
$res = mysql_query($q) or die(mysql_error());
mysql_close($con);
}
?>
</code>