I need to know how can I implement a user level access in my site. I need to hide forms and images when users with level are member...
in my DB I have a USERS TABLE with:
id
nombre
apellido
username
password
level
level is ENUM and have this two selects: administrator and member
I can hide scripts in any page with this type of PHP code:
<?php if(basename($_SERVER['PHP_SELF']) == 'contact.php') { ?>
<script src="js/jquery.js"></script>
<?php } ?>
and works very well, but I don't know how can hide per example this:
<div class="box span6">
<div class="box-header well" data-original-title>
<h2><i class="icon-picture"></i> <?php $translate->__('Save images'); ?></h2>
<div class="box-icon">
<i class="icon-chevron-up"></i>
<i class="icon-remove"></i>
</div>
</div>
<div class="box-content">
<form action="upload.php" method="post" name="image_upload" id="image_upload" enctype="multipart/form-data">
<label><?php $translate->__('Images type'); ?> (gif, jpg, png)</label><br />
<input type="file" size="45" name="uploadfile" id="uploadfile" class="file margin_5_0" onchange="ajaxUpload(this.form);" />
<div id="upload_area" class="corners align_center">
<?php $translate->__('Please select one image'); ?>.
</div>
</form>
</div>
</div>
In google I saw this code but don't work in my partycular case:
<?php if($USERS->level == "administrator"): ?>
<?php endif; ?>
can you help me with my problem?
Hiding js files will not do you much good because an attacker can intercept the javascript file being served to your admin user, build his own mock-up page of your site and have it use that javascript. So make sure to put security and validation in your php code, especially inside your upload.php
Obviously this $USERS->level can be replaced by any variable that you have set.
<?php if($USERS->level == "administrator")
{
?>
<div class="box span6">
<div class="box-header well" data-original-title>
<h2><i class="icon-picture"></i> <?php $translate->__('Save images'); ?></h2>
<div class="box-icon">
<i class="icon-chevron-up"></i>
<i class="icon-remove"></i>
</div>
</div>
<div class="box-content">
<form action="upload.php" method="post" name="image_upload" id="image_upload" enctype="multipart/form-data">
<label><?php $translate->__('Images type'); ?> (gif, jpg, png)</label><br />
<input type="file" size="45" name="uploadfile" id="uploadfile" class="file margin_5_0" onchange="ajaxUpload(this.form);" />
<div id="upload_area" class="corners align_center">
<?php $translate->__('Please select one image'); ?>.
</div>
</form>
</div>
</div>
<?php
}
?>
Related
Trying to make a login form become hidden once a successful login has happened within the form, so that the form cannot be seen by the user once they are logged in, but I still need a success message to be displayed when a successful login has happened.
I have the form and the login sorted and it displayed a success message when a successful login has been made but I cant hide the form upon successful login.
i have an if statement set up using isset but that's as far as I got I don't know what needs to go inside the if statement for me to hide the form.
This is the PHP code for my login page -
<?php
require('includes/application_top.php');
$page_title='Login!';
if (isset($_POST['action'])) {
$username_input = $_POST['username'];
$password_input = $_POST['password'];
$login_ok = login($username_input, $password_input);
}
require('includes/site_header.php');
?>
<style>
<?php
require('css/login.css');
?>
</style>
<br>
<br>
<br>
<?php
if (isset($login_ok)) {
?>
<div class="row">
<div class="col-sm-12">
<?php
if ( ! $login_ok) {
?>
<div class="alert alert-danger">
<p>Your credentials were invalid</p>
</div>
<?php
} else {
?>
<div class="alert alert-success">
<p>Login successful</p>
</div>
<?php
}
?>
</div>
</div>
<?php
}
?>
<!-- This is the if statement I mention -->
<?php
if !isset($login_okay){
?>
<div class="wrapper dafswInDown" hidden>
}
?>
<div class="wrapper fadeInDown">
<div id="formContent">
<!-- Icon -->
<div class="fadeIn first">
<br>
<img src="images/Head1.jpg" style="height: 40%; width: 60%;" id="icon" alt="User Icon" />
<br>
<h3> Login! </h3>
</div>
<br>
<!-- Login Form -->
<form id="login_form" action="login_page.php" method="post">
<input type="text" class="fadeIn second" id="username" name="username" placeholder="Username" value="<?= isset($_POST['username']) ? htmlspecialchars($_POST['username']) : '' ?>" maxlength="100" />
<input type="password" class="form-control" id="password" name="password" placeholder="Password" value="" />
<input type="submit" class="fadeIn fourth" name="action" value="Login"/>
</form>
<!-- Remind Passowrd -->
<div id="formFooter">
<a class="underlineHover" href="#">Forgot Password?</a>
</div>
</div>
</div>
<?php
require('includes/application_bottom.php');
require('includes/site_footer.php');
?>
There are a number of different ways you can approach this problem, but i think the best way to do this is with a session variable. Make your login function create a session variable that will follow the logged in user around throughout the website, then its just a matter of checking for the value and either displaying or hiding the form based on that. Here is a simplified example:
<?php function login($username_input=false, $password_input=false){
// Do all your verification here
// If logged in then:
session_start();
$_SESSION["user"] = true;
}
// Then on the form side just do this:
if(!$_SESSION["user"]){ ?>
FORM HERE
<?php } ?>
Im using the COMMMENT FORM in WORDPRESS but I wanna customize the form.The form is wraped by default:
<div id="respond" class="comment-respond">
...
</div>
Now I want to add some class attributes to tag.So can I use filter hook to make that or anyone have good idea for this problem.Thanks
This is code of file comments.php:
<div class="wilpost-component__module mb-30">
<?php if (have_comments() == false) { ?>
<h3 class="postComponent-title">No comment</h3>
<?php } else { ?>
<h3 class="postComponent-title"><?php echo esc_html("(" . get_comments_number() . ")comment"); ?></h3>
<div class="wilpost-comment__module">
<ol class="commentlist">
<?php
wp_list_comments(array('callback' => 'fractal_comment', "style" => "ol"));
?>
</ol>
</div>
<?php } ?>
</div>
<?php comment_form();?>
And this is code I wanna customize my comment form like this:
<div class="wilform__module wilform__feedback">
<form name="wil-feedback" id="wil-feedback" action="#">
<div class="item-group">
<label for="name">name</label>
<input type="text" id="name"/>
<div class="form-icon"><i class="fa fa-user"></i></div>
</div>
<div class="item-group">
<label for="email">email</label>
<input type="email" id="email"/>
<div class="form-icon"><i class="fa fa-envelope"></i></div>
</div>
<div class="item-group">
<label for="textarea">textarea</label>
<textarea></textarea>
</div>
<button class="wil-btn wil-btn--primary wil-btn--md wil-btn--round " type="submit">Subscrible<i class="la la-paper-plane"></i>
</button>
</form>
</div>
If you can see this image there are main 4 pages. 1. issues.html 2. review issue.php 3.Another page.html 4. anotherpage.html
User inputs the query it goes to DB then I am fetching it on review issue page from DB using mysqli_fetch_array() and in the while loop, i am calling every row data present in DB. Review issue page shows all the issue list present in DB. But I want to send issue 1 data on some page called another page and issue 2 data on another page 2. For that what needs to be done. I ahve used local storage to function these checkboxes. You can see them in image.
This is the code for Review-issue.php
<?php
$result = mysqli_query($conn,$sql);
while($row = mysqli_fetch_array($result,MYSQLI_BOTH))
{
?>
<div class="c-body">
<div class="alert alert-success alert-dismissible" role="alert"> This issue has been reported by <?php echo $row['your_name']; ?> from <?php echo $row['store_name']; ?>
<p> <?php echo $row['issue_title']; ?></p>
<p><?php echo $row['file'] ?></p>
<p>View File </p>
<a class="c-font-slim" href="#">read this important alert message</a>.
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<div class="c-content-panel">
<div class="c-body">
<div class="row">
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-body">
<div class="form-group">
<label class="col-md-4 control-label">Action</label>
<form action="track.php" method="post">
<div class="col-md-6">
<label class="checkbox-inline">
<input type="checkbox" class="progressbar_chkbox" type="checkbox" id="pending" data-progress="33" value="pending">Pending </label>
<label class="checkbox-inline">
<input type="checkbox" id="inlineCheckbox2" class="progressbar_chkbox" id="read" type="checkbox" data-progress="66" value="option2" value="read"> Read</label>
<label class="checkbox-inline">
<input type="checkbox" id="inlineCheckbox3" class="progressbar_chkbox" id="completed" type="checkbox" data-progress="100" value="option3" name="completed"> Completed </label>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<?php } ?>
If you have a column in your database to identify which type of issue each record is, then add a conditional that will divide your results set into the two issue types. Then you can include the appropriate form for the issue type.
<?php
if ($row["issue_type"] == 1) {
include "issue1.php";
} elseif ($row["issue_type"] == 2) {
include "issue2.php";
} else {
include "default.php";
}
?>
I have this simple code:
<div class="container">
<div class="row">
<div class="col-md-12">
<div class="titleDiv">
<h1>Image canvas</h1>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="previewDiv">
<img src="#" id="imgPreview">
</div>
<div class="buttonsDiv">
<button type="button" class="rotateButtons" id="rotateLeft">
<i class="fa fa-arrow-circle-left" aria-hidden="true"></i> Rotate left
</button>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="uploadDiv">
<form action="upload.php" method="POST" id="#uploadForm">
<!--<input type="file" name="img" accept="image/*" id="imgUpload">-->
<input type="number" name="number" value="0">
<input type="submit" value="Submit">
</form>
</div>
</div>
</div>
</div>
And on the upload.php file I have only 2 lines of code:
var_dump($_POST);
var_dump($_GET);
When I try to send this data over POST I get an output array(0) { } .
Though when I change the form method to method="GET" everything works normal and I receive the the data great on the upload.php.
I looked the php.ini file (I am using xampp as a local server) and the line ;enable_post_data_reading=Off is commented. Can someone help sort out this problem?
Check if you're actually using your webserver. What's the address on your navigation bar? It should be localhost without some strange ports. If it's pointing to 63342 that could be your problem.
edit: that could happen if you're using an IDE
I am trying to handle the Post request in the same page. But i am facing some issues when handling post parameters.I am always getting 'value as empty'.
Below is my code.
<body>
<?php include 'Header.html' ?>
<div class="container">
<div style="margin:10% 30% 0% 30%;">
<div class="panel panel-default">
<div class="panel-heading">
<h4 align="center" style="font-family: monospace;"><p>Upload External Device Report</p></h4>
</div>
<div class="panel-body">
<div class="container col-lg-12">
<form class="form-horizontal" action="UploadExternalReport.php" role="form" method='post' enctype="multipart/form-data">
<div class="input-group">
<input type="file" class="filestyle" data-buttonName="btn-primary" name="fileToUpload" accept=".xls ,.xlsx" required="required" >
</div>
<br/>
<button type="submit" class="btn btn-default">Upload</button>
</form>
</div>
</div>
</div>
</div>
</div>
<?php
// require_once '../PHPExcel/IOFactory.php';
if(isset($_POST["fileToUpload"]) && trim($_POST["fileToUpload"]) != ""){
echo $_POST['fileToUpload'];
}
else
{
echo'value is empty';
}?>
I tried !empty($_POST["fileToUpload"]) in if condition. But still its getting as 'value is empty'.
You are supposed to use the $_FILES array, not $_POST.
So make use of $_FILES['fileToUpload'].
http://php.net/manual/en/reserved.variables.files.php