Jump to content

Icewolf

Members
 View Profile  See their activity

  • Posts

    59

  • Joined

  • Last visited

Everything posted by Icewolf

  1. Icewolf
    when the user logs in there is a sql statment that goes to the database to see what level they have and stores it for use later. { //the form has been posted without errors, so save it //notice the use of mysql_real_escape_string, keep everything safe! //also notice the sha1 function which hashes the password $sql = "SELECT user_id, user_name, user_level, rank FROM users WHERE user_name = '" . mysql_real_escape_string($_POST['user_name']) . "' AND user_pass = '" . sha1($_POST['user_pass']) . "'"; $result = mysql_query($sql); if(!$result) { //something went wrong, display the error echo 'Something went wrong while signing in. Please try again later.'; //echo mysql_error(); //debugging purposes, uncomment when needed } else { //the query was successfully executed, there are 2 possibilities //1. the query returned data, the user can be signed in //2. the query returned an empty result set, the credentials were wrong if(mysql_num_rows($result) == 0) { echo 'You have supplied a wrong user/password combination. Please try again.'; } else { //set the $_SESSION['signed_in'] variable to TRUE $_SESSION['signed_in'] = true; $_SESSION['timeout'] = time(); //we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages while($row = mysql_fetch_assoc($result)) { $_SESSION['user_id'] = $row['user_id']; $_SESSION['user_name'] = $row['user_name']; $_SESSION['user_level'] = $row['user_level']; $_SESSION['rank'] = $row['rank']; }
  2. Icewolf
    Sorry about that I know the value comes over because I use it to limit what the users can see. I have it on the create cat and admin page to say if they don't have that value not to allow them to access the page. That works fine. what i mean it doesn't work is that it doesn't use the admin page. it only uses the header.php. Header.php <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl" lang="nl"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="description" content="A short description." /> <meta name="keywords" content="put, keywords, here" /> <title>PDog Clan Forum</title> <link rel="stylesheet" href="style.css" type="text/css"> </head> <body> <h1>PDog Clan Forum</h1> <div id="wrapper"> <div id="menu"> <a class="item" href="/community/index.php">Home</a> - <a class="item" href="/community/create_topic.php">Create a topic</a> - <a class="item" href="/community/rewards.php">Rewards</a> - <a class="item" href="/community/rewards_medal.php">Medals</a> - <a class="item" href="/community/ranks.php">Rank</a> <div id="userbar"> <?php if($_SESSION['signed_in']) { echo 'Hello <b>' . htmlentities($_SESSION['user_name']) . '</b>. Not you? <a class="item" href="signout.php">Sign out</a>'; } else { echo '<a class="item" href="signin.php">Sign in</a> or <a class="item" href="signup.php">create an account</a>'; } ?> </div> </div> <div id="content"> header_admin.php <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl" lang="nl"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="description" content="A short description." /> <meta name="keywords" content="put, keywords, here" /> <title>PDog Clan Forum</title> <link rel="stylesheet" href="style.css" type="text/css"> </head> <body> <h1>PDog Clan Forum</h1> <div id="wrapper"> <div id="menu"> <a class="item" href="/community/index.php">Home</a> - <a class="item" href="/community/create_cat.php">Create a category</a> - <a class="item" href="/community/admin_page.php">Updates</a> <div id="userbar"> <?php if($_SESSION['signed_in']) { echo 'Hello <b>' . htmlentities($_SESSION['user_name']) . '</b>. Not you? <a class="item" href="signout.php">Sign out</a>'; } else { echo '<a class="item" href="signin.php">Sign in</a> or <a class="item" href="signup.php">create an account</a>'; } ?> </div> </div> <div id="content">
  3. Icewolf
    Here is what it is now but what I am trying to do is only display certain ones. I had to combine them into one because it isn't working but like if the user level is a 1 they should only see create topic, create cat and admind page other wise everyone else should see everything except the ones I listed for level 1. <div id="wrapper"> <div id="menu"> <a class="item" href="/community/index.php">Home</a> - <a class="item" href="/community/create_topic.php">Create a topic</a> - <a class="item" href="/community/rewards.php">Rewards</a> - <a class="item" href="/community/rewards_medal.php">Medals</a> - <a class="item" href="/community/ranks.php">Rank</a> - <a class="item" href="/community/create_cat.php">Create a category</a> - <a class="item" href="/community/admin_page.php">Updates</a> <div id="userbar">
  4. Icewolf
    Hi I was wondering is there a away to show a values from a database into this? I am helping a friend with a database that he is manually doing a lot of updates. For him to do this right now he is just changing the code to display a different picture. I was thinking there has to be a way to display the values into a bar like this some home. Thanks Andy
  5. Icewolf
    Hi I was is there a way to pick what tabs are show based on when a person logs in. Like I have a admin pages and then pages for the normal user. I have created different headers but I can't get them to work. Here is what i did <?php //create_cat.php include 'connect.php'; if ($_SESSION['user_level'] != 1 ) { include 'header_admin.php'; } else { include 'header.php'; }
  6. Icewolf
    Thanks alot that worked
  7. Icewolf
    Hi I am trying to create a button so the user can update points. I have a button so that it displays what is in the data base but I want another button to update the database. Here is the script for the button <?php //create_cat.php include 'connect.php'; include 'header.php'; include 'timeout.php'; echo '<h2>Review Member Rewards</h2>'; if($_SESSION['signed_in'] == false | $_SESSION['user_level'] != 1 ) { //the user is not an admin echo 'Sorry, you do not have sufficient rights to access this page.'; } else { $sql = "select member, cat_name from rewards, users where member = user_name"; $result = mysql_query($sql); if(!$result) { //the query failed, uh-oh :-( echo 'Error while selecting from database. Please try again later.'; } else { $dropdown = "<select name='mem'>"; $catdropdown = "<select name='catdp'>"; while($row = mysql_fetch_assoc($result)) { $dropdown .= "\r\n<option value='{$row['member']}'>{$row['member']}</option>"; $catdropdown .="\r\n<option value = '{$row['cat_name']} '>{$row['cat_name']}</option>"; } $dropdown .= "\r\n</select>"; $catdropdown .="\r\n</select>"; echo ' <form action="" method="post">' . $dropdown.' '. $catdropdown. ' <input type="text" name="max_point_cont" value="" /> <input type="text" name="points_earn_cont" value="" /> <input type="submit" value="Get Results">; <input type="submit" name="update" value="Update Rewards" onclick="action='updaterew.php'">; </form>'; } // only qeury the rewards table when the form above has been submitted if(isset($_POST['mem'])) { $post_sql = "select member, cat_name, point_earn, max_point from rewards where member = '" . mysql_real_escape_string($_POST['mem']) . "' and cat_name = '". mysql_real_escape_string($_POST['catdp']) . "'" ; $result_post = mysql_query($post_sql); if(!$result_post) { //the query failed, uh-oh :-( echo 'Error while selecting rewards from database. Please try again later.'; } else { echo '<table border="1"> <tr> <th>Member</th> <th>Category</th> <th>Points Earned</th> <th>Max Points</th> </tr>'; while($row = mysql_fetch_assoc($result_post)) { echo '<tr>'; echo '<td>' . $row['member'] . '</td>'; echo '<td>' . $row['cat_name'] . '</td>'; echo '<td>'. $row['point_earn']. '</td>'; echo '<td>' . $row['max_point']. '</td>'; echo '</tr>'; } echo '</table>'; } } } ?> Then here is the update query. <!DOCTYPE html> <?php //create_cat.php include 'connect.php'; include 'header.php'; include 'timeout.php'; if($_SERVER['REQUEST_METHOD'] != 'POST') { //someone is calling the file directly, which we don't want echo 'This file cannot be called directly.'; } else { //check for sign in status if(!$_SESSION['signed_in']) { echo 'You must be signed in to post a reply.'; } else { //a real user posted a real reply $sql = "UPDATE `rewards` SET `max_point`= `max_point`+ '" . $_POST['max_point_cont'] . "',`point_earn`= `point_earn` + '" . $_POST['points_earn_cont'] . "' WHERE member = '" . mysql_real_escape_string($_POST['mem']) . "' and cat_name = '". mysql_real_escape_string($_POST['catdp']) . "'" ; $result = mysql_query($sql); if(!$result) { echo 'Your reply has not been saved, please try again later.'; } else { echo 'Your rewards have been updated.' } } include 'footer.php'; ?>
  8. Icewolf
    Sorry I am sorry I forgot I changed the sql statement. Here is the new code. $sql = "select member, cat_name from rewards, users where member = user_name";
  9. Icewolf
    The code in my first question has the select query. Yes only one has data. The dropdown is there just nothing in it.
  10. Icewolf
    Thanks for the help with the text boxes however I need to use to drop downs to do the update query. I can only get one to work. I am sure that it is wrong I am just taking a guess how it should be. { $dropdown = "<select name='mem'>"; $catdropdown = "<select name='catdp'>"; while($row = mysql_fetch_assoc($result)) { $dropdown .= "\r\n<option value='{$row['user_name']}'>{$row['user_name']}</option>"; $catdropdown .="\r\n<option value = '{$row['cat_name']} '>{$row['cat_name']}</option>"; } $dropdown .= "\r\n</select>"; $catdropdown .="\r\n</select>"; echo ' <form action="" method="post">' . $dropdown.' '. $catdropdown. ' <input type="text" name="max_point_cont" value="" /> <input type="text" name="points_earn_cont" value="" /> <input type="submit" value="Get Results"> </form>'; }
  11. Icewolf
    Hi I am having a little problem trying to figure out how to create two text boxes on this form so the user can add values to the max points or points earned. Then I would like once the update happens that it shows the new values from the database. The update query is based on the Member and Category. I was thinking about adding two text boxes in the form where the dropdown is but I am not sure how I would reference those boxes in my update query. <?php //create_cat.php include 'connect.php'; include 'header.php'; include 'timeout.php'; echo '<h2>Review Member Rewards</h2>'; if($_SESSION['signed_in'] == false | $_SESSION['user_level'] != 1 ) { //the user is not an admin echo 'Sorry, you do not have sufficient rights to access this page.'; } else { $sql = "Select user_name from users"; $result = mysql_query($sql); if(!$result) { //the query failed, uh-oh :-( echo 'Error while selecting from database. Please try again later.'; } else { $dropdown = "<select name='mem'>"; while($row = mysql_fetch_assoc($result)) { $dropdown .= "\r\n<option value='{$row['user_name']}'>{$row['user_name']}</option>"; } $dropdown .= "\r\n</select>"; echo ' <form action="" method="post">' . $dropdown . ' <textpoint name="max_point_cont"></textpoint><br /><br /> <textpoint name="points_earn_cont"></textpoint><br /><br /> <input type="submit" value="Get Results"> </form>'; } // only qeury the rewards table when the form above has been submitted if(isset($_POST['mem'])) { $post_sql = "select member, cat_name, point_earn, max_point from rewards where member = '" . mysql_real_escape_string($_POST['mem']) . "'"; $result_post = mysql_query($post_sql); if(!$result_post) { //the query failed, uh-oh :-( echo 'Error while selecting rewards from database. Please try again later.'; } else { echo '<table border="1"> <tr> <th>Member</th> <th>Category</th> <th>Points Earned</th> <th>Max Points</th> </tr>'; while($row = mysql_fetch_assoc($result_post)) { echo '<tr>'; echo '<td>' . $row['member'] . '</td>'; echo '<td>' . $row['cat_name'] . '</td>'; echo '<td>'. $row['point_earn']. '</td>'; echo '<td>' . $row['max_point']. '</td>'; echo '</tr>'; } echo '</table>'; } } }
  12. Icewolf
    Thank you so much Ch0cu3r that worked.
  13. Icewolf
    I think I am just going to use a button. I have revised the code to add a button. However that is not showing up. Plus I am not sure if I have the code set up correctly to use the item from the drop down. Right now this code shows the dropdown and the row with the titles. I dont see the button nor does it shows any return values. <?php //create_cat.php include 'connect.php'; include 'header.php'; echo '<h2>Update Rewards</h2>'; if($_SESSION['signed_in'] == false | $_SESSION['user_level'] != 1 ) { //the user is not an admin echo 'Sorry, you do not have sufficient rights to access this page.'; } else { $sql = "Select user_name from users"; $result = mysql_query($sql); if(!$result) { //the query failed, uh-oh :-( echo 'Error while selecting from database. Please try again later.'; } else { $dropdown = "<select name='mem'>"; while($row = mysql_fetch_assoc($result)) { $dropdown .= "\r\n<option value='{$row['user_name']}'>{$row['user_name']}</option>"; } $dropdown .= "\r\n</select>"; echo $dropdown; } $post_sql = "select cat_name, point_earn, max_point from rewards where member = '" . mysql_real_escape_string($_POST['mem']) . "'"; $result_post = mysql_query($post_sql); if(!$result_post) { //the query failed, uh-oh :-( echo 'Error while selecting rewards from database. Please try again later.'; } else { echo '<form action="" method="post"> <table border="1"> <tr> <th>Category</th> <th>Points Earned</th> <th>Max Points</th> </tr>'; while($row = mysql_fetch_assoc($result_post)) { echo '<tr>'; echo '<td>' . $row['cat_name'] . '</td>'; echo '<td>'. $row['point_earn']. '</td>'; echo '<td>' . $row['max_point']. '</td>'; echo '</tr>'; } '<input type="submit" value="Get Results"> </form>'; } } ?>
  14. Icewolf
    Hi I was wondering is it possible to have a query ran after an item is selected from a dropdown menu? If not how do I create a button to run the query. Also how do I use the value from the drop down in my where clause? <?php //create_cat.php include 'connect.php'; include 'header.php'; echo '<h2>Update Rewards</h2>'; if($_SESSION['signed_in'] == false | $_SESSION['user_level'] != 1 ) { //the user is not an admin echo 'Sorry, you do not have sufficient rights to access this page.'; } else { $sql = "Select user_name from users"; $result = mysql_query($sql); if(!$result) { //the query failed, uh-oh :-( echo 'Error while selecting from database. Please try again later.'; } else { $dropdown = "<select name='mem'>"; while($row = mysql_fetch_assoc($result)) { $dropdown .= "\r\n<option value='{$row['user_name']}'>{$row['user_name']}</option>"; } $dropdown .= "\r\n</select>"; echo $dropdown; } $post_sql = "select cat_name, point_earn, max_point from rewards where member = '" . mysql_real_escape_string($_POST['mem']) . "'"; $result_post = mysql_query($post_sql); if(!$result_post) { //the query failed, uh-oh :-( echo 'Error while selecting rewards from database. Please try again later.'; } else { echo '<table border="1"> <tr> <th>Category</th> <th>Points Earned</th> <th>Max Points</th> </tr>'; while($row = mysql_fetch_assoc($result_post)) { echo '<tr>'; echo '<td>' . $row['cat_name'] . '</td>'; echo '<td>'. $row['point_earn']. '</td>'; echo '<td>' . $row['max_point']. '</td>'; echo '</tr>'; } } } ?>
  15. Icewolf
    So this Var_Dump should show me what cookies for that if I am getting a null back then that means that specific coding to pull the cookie is not correct right? How do I figure out what the could should be?
  16. Icewolf
    Hi What do you mean by Vardump? I am new to this kind of code.
  17. Icewolf
    Hi I am trying to get data from a sql database based on who logs in. I am having problems getting it to display. I am not sure how to ge this to look at the query piece. I have tried to do it on a sperate PHP page as well as with in the same PHP file. <!--fetch tha data from the database while ($row = mysql_fetch_array($result)) echo "--> <form action="Dropdown_new.php" target="showhere"> <table width=844 cellspacing=2 cellpadding=2 border=2> <tr> <td bgcolor=#000000 width=150><font face=tahoma color=white>ID: {$row['Member_ID']}</font></td> <td width=150><font face=tahoma>Bank: {$row['Bank']}</td> <td width=150><font face=tahoma>Reward 1: {$row['Reward_1']}</td> <td width=150><font face=tahoma>Reward 2: {$row['Reward_2']}</td> <td width=150><font face=tahoma>Reward 3: {$row['Reward_3']}</td> </tr> </table> </form> <iframe width="800" height="100" name="showhere" marginheight="0" marginwidth="0" frameborder="0" scrolling="no"> </iframe> Here is the query piece do I need to name this and then call that name below to get it to display? <?php $username = "pdogclan"; $password = "topdog0208"; $hostname = "localhost"; //connection to the database $dbhandle = mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL"); echo "<font face=tahoma color=#ff000><b>Connected to MySQL</b></font><br><br>"; //select a database to work with $selected = mysql_select_db("pdogclan_points",$dbhandle) or die("Did this change"); // Formulate Query $memid = mysql_real_escape_string($_COOKIE['username']); $query = sprintf("SELECT Member_ID, Bank, Reward_1, Reward_2, Reward_3 FROM Points_Rewards WHERE Member_ID = '$memid'") or die("Could Not Formulate the Query"); //execute the SQL query and return records $result = mysql_query($query); // Check result // This shows the actual query sent to MySQL, and the error. Useful for debugging. if (!$result) { $message = 'Invalid query: ' . mysql_error() . "\n"; $message .= 'Whole query: ' . $query; die($message); } ?>
  18. Icewolf
    Thank you so much I knew it had to be something stupid. That fixed the double points but now when I change the amounts on the forum it looks like it is keeping the counts and adding those points after they are gone. Do I need to clear the cookies or something after every time this is ran?
  19. Icewolf
    Hi Here is all of the code. I might be doing this wrong but what I have is when the user goes to this page I want to display the data from the database (Filter). Once they do this they can add points (Submit). <?php $username = "username"; $password = "password"; $hostname = "localhost"; //connection to the database $dbhandle = mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL"); echo "<font face=tahoma color=#ff000><b>Connected to MySQL</b></font><br><br>"; //select a database to work with $selected = mysql_select_db("pdogclan_points",$dbhandle) or die("Did this change"); // Formulate Query $_POST["filter"]; $memid = mysql_real_escape_string($_POST["Member_ID"]); $query = sprintf("SELECT Member_ID, Bank, Reward_1, Reward_2, Reward_3 FROM Points_Rewards WHERE Member_ID = '$memid'") or die("Could Not Formulate the Query"); //execute the SQL query and return records $result = mysql_query($query); // Check result // This shows the actual query sent to MySQL, and the error. Useful for debugging. if (!$result) { $message = 'Invalid query: ' . mysql_error() . "\n"; $message .= 'Whole query: ' . $query; die($message); } //fetch tha data from the database while ($row = mysql_fetch_array($result)) echo "<table width=750 cellspacing=2 cellpadding=2 border=2> <tr> <td bgcolor=#000000 width=150><font face=tahoma color=white>ID: {$row['Member_ID']}</font></td>". "<td width=150><font face=tahoma>Bank: {$row['Bank']}</td>". "<td width=150><font face=tahoma>Reward 1: {$row['Reward_1']}</td>". "<td width=150><font face=tahoma>Reward 2: {$row['Reward_2']}</td> ". "<td width=150><font face=tahoma>Reward 3: {$row['Reward_3']}</td> </tr> </table><br></font>";//display the results // Formulate Update Query $_POST["submit"]; $memid = mysql_real_escape_string($_POST["Member_ID"]); $bankpd = $_POST['bank']; $reward1 = $_POST['reward1']; $reward2 = $_POST['reward2']; $reward3 = $_POST['reward3']; $query = "UPDATE Points_Rewards Set Bank = Bank + '$bankpd', Reward_1 = Reward_1 + '$reward1', Reward_2 = Reward_2 + '$reward2', Reward_3 = Reward_3 + '$reward3' WHERE Member_ID = '$memid'"; $result = mysql_query($query) or die(mysql_error()); if(mysql_query($query)){ echo "updated";} else{ echo "fail";} //close the connection mysql_close($dbhandle); ?>
  20. Icewolf
    Hi I am trying to figure out why this code is doubling the counts. What I am trying to do is a person would input a number on a website form that would add to the number that is already stored in the database. I have it working but the problem is that it is doubling the number of what is from the website and I am not sure why that its. The filter piece pulls back what is in the database then I have a update query to update the information being enterd on the screen. // Formulate Query $_POST["filter"]; $memid = mysql_real_escape_string($_POST["Member_ID"]); $query = sprintf("SELECT Member_ID, Bank, Reward_1, Reward_2, Reward_3 FROM Points_Rewards WHERE Member_ID = '$memid'") or die("Could Not Formulate the Query"); //execute the SQL query and return records $result = mysql_query($query); // Check result // This shows the actual query sent to MySQL, and the error. Useful for debugging. if (!$result) { $message = 'Invalid query: ' . mysql_error() . "\n"; $message .= 'Whole query: ' . $query; die($message); } //fetch tha data from the database while ($row = mysql_fetch_array($result)) echo "<table width=750 cellspacing=2 cellpadding=2 border=2> <tr> <td bgcolor=#000000 width=150><font face=tahoma color=white>ID: {$row['Member_ID']}</font></td>". "<td width=150><font face=tahoma>Bank: {$row['Bank']}</td>". "<td width=150><font face=tahoma>Reward 1: {$row['Reward_1']}</td>". "<td width=150><font face=tahoma>Reward 2: {$row['Reward_2']}</td> ". "<td width=150><font face=tahoma>Reward 3: {$row['Reward_3']}</td> </tr> </table><br></font>";//display the results // Formulate Update Query $_POST["submit"]; $memid = mysql_real_escape_string($_POST["Member_ID"]); $bankpd = $_POST['bank']; $reward1 = $_POST['reward1']; $reward2 = $_POST['reward2']; $reward3 = $_POST['reward3']; $query = "UPDATE Points_Rewards Set Bank = (Bank + '$bankpd'), Reward_1 = (Reward_1 + '$reward1'), Reward_2 = (Reward_2 + '$reward2'), Reward_3 = (Reward_3 + '$reward3') WHERE Member_ID = '$memid'"; $result = mysql_query($query) or die(mysql_error());
  21. Icewolf
    Thank you for your response I understand what you are saying. Maybe I didn't say what I need to correct way. Right now when the person goes to this webpage I have for text boxes where the user can put in any number in. From that I want to take the value from the webpage and add it to the value that is already in the database. I was just saying the 200 as an example.
  22. Icewolf
    What happens is a person enters a value to a text box on a form and then what I want to do is just add that value to what is already in the database.
  23. Icewolf
    Hi I want to say thank you all for your help. I have one more question. How do I add a field from a form to a field in mysql database. What I want is if the field on the form has 200 and the field in the database has 200 then the field updates to 400 when I hit the submit button. What I am not sure of do I need to query the database first and then add them together? Here is what I have for now. $query = "UPDATE Points_Rewards Set Bank = '$bank', Reward_1 = ('$reward1' + Reward_1), Reward_2 = ('$reward2' + Reward_2), Reward_3 = ('$reward3' + Reward_3) WHERE Member_ID = '$memid'"; $result = mysql_query($query) or die(mysql_error());
  24. Icewolf
    I got it to work I had to remove the isset. Once I did that it started to work.
  25. Icewolf
    Here is what is interesting I can get the filter to work now problem when I have both buttons here. I am getting an error "Invalid query: Query was empty Whole query:". and I notice is that it updates the database to 0 for that id. I know the query works because I removed the filter piece and it works fine.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.