maxxd
-
Posts
1,662 -
Joined
-
Last visited
-
Days Won
52
Posts posted by maxxd
-
-
You're using the status as a parameter for your query, so it's only going to return records that match the username, password, and the supplied status. Keep 'status' in your select field list, but don't use it in the conditional. That way you'll pull the record that matches the username, password, and any status. Then you can check the value of that status and be on your way.
-
As the error states, your syntax is wrong. You're probably missing a closing parenthesis before your opening brace on line 69.
-
Turn on error reporting at the top of your script:
ini_set('display_errors',true); error_reporting(-1);These lines instruct php to print all errors and warnings to the screen, so you'll them instead just a blank white screen. Obviously you'll want to comment these lines out before you take your site live, but you should always have error reporting enabled while developing.
-
Looking at the way you're building your WHERE clause, it looks like there's no way it's not going to start with an AND keyword. You define $where with a blank string, then every if() branch concatenates a string beginning with ' AND...'. This will throw a syntax error in SQL - try printing the query before you run it and I think you'll see that's the error.
There are a couple ways around this. You could test the value of $where in each if() branch to see if it's blank or not before concatenating the keyword 'AND', like so:
$where = ''; if(!empty($sbidDate)){ if(!empty($where)){ $where .= " AND "; } $where .= "b.BidDate = '{$sbidDate}'"; } if(!empty($sdueDate)){ if(!empty($where)){ $where .= " AND "; } $where .= "b.DueDate = '{$sdueDate}'"; } ...Or, you could set up a blanket condition in the SQL before you append $where - something like:
$sql = "... WHERE 1=1 {$where};"As mac_gyver pointed out in his replies, there are other issues with the code you've posted (you're wide open to SQL injection, the query as written will throw a SQL error if no search criteria is supplied, there's a lot of repeated code, etc.), but it looks like the main cause of the specific issue this thread is about is SQL syntax and the logic behind building the WHERE clause.
-
unfortunately, a lot of the xAMP development packages set up default root database credentials in the php.ini that allow mysql_ functions to automatically make a working database connection, thereby hiding bad code that should fail and call your attention to a problem, instead of silently appearing to work, that then won't work on a live server.
Well that doesn't help anybody...
Does it override error_reporting(-1), though? Because I'm fairly certain the code above should be throwing some errors - if nothing else than for trying to grab values from the apparently undefined $data array. It's been forever since I built development Ubuntu server and I can't remember if I had to modify the php.ini for error display.
-
Honestly, I can't see how this is working even on your local host.
You're using mysql_real_escape_string() with mysqli() functions, which I'm pretty sure won't work. Admittedly, I could be wrong about that, but you really should be using prepared statements and avoiding the issue entirely. You're already halfway there by using mysqli() instead of mysql(), so why not go the extra step and save yourself work in the long run?
Also, you're trying to pull array values from $date which isn't defined in the code you posted. You just try to grab a value from it on line 19. In addition, it's a bit misleading to call a variable $date when it includes student id and last login date - this obviously won't stop your script from running, but it will make life harder when you inevitably revisit the code later on. Maybe $student_login_info would be a better name for the array?
Finally, do you have error reporting and display turned on, and what are the specs of the two servers?
-
Remove the error suppression (@) in front of the mail() call and see if that throws any errors for you. Maybe?
-
You technically can store the php statements and functions in a database and run it using eval(), but, as Ch0cu3r pointed out (with massive understatement, btw), it's really not a good idea. You'd be far better off either creating or using an existing CMS or framework (think WordPress, Yii, Laravel, Drupal, etc.) that includes the functionality you need to run, but in a safer and more controlled manner.
-
1
-
-
Could you not use DateTime() objects?
function getAge($dob='1/1/1970'){ $today = new DateTime(); $dob = new DateTime($dob); $diff = $dob->diff($today); print("You are ".$diff->format('%Y years')." old"); } getAge(); -
Unless it happens in _admin_functions.inc.php, $Auth is not instantiated; hence the error about it not being an object.
-
@cyberRobot: Hunh. Interesting read - thanks!
So, unless that's changed in the 5 years since that article was written, it's not possible to boldface visit links. However, you can change the color - you may have to get a bit more specific than the example code above ('li a:visited' or something similar).
Off to do some research about the current handling of :visited links...
-
URL encoding in PHP.
And yes, your example is almost correct:
echo "<a target='_blank' href='".$url."'>This Is Example Text</a>";
Note the single quotes around the attribute values and the closing '>' on the opening tag, plus closing quotation marks on the string.
-
It looks like that's being routed on the recipient end. So what you've got is the equivalent of www.crime-statistics.co.uk?postcode=EX23 9DZ. Although I'm not sure this will work properly with the space - I should think it should be url-encoded.
-
Change line 32 from
.visited
to
a:visited
and see if that does what you're looking for.
You want to use the native :visited pseudo-class instead of specifically setting a separate style on the element. The browser will read and understand :visited and invoke the rule when the user has followed a link to it's target page. I think that's what you're attempting to do.
-
Did you get this working?
If not, print the contents of f to your console and check it there. If the status isn't 'correct', but for instance, "you are correct, sir or ma'am!", then my code wont' work because it's checking equality. However, your code would work because the word 'correct' is present in the string somewhere after the first letter of the string. It's also possible that the JSON output from forgotpasswordcheck.php isn't being parsed in JavaScript before the check is made.
-
Page element display is a CSS issue. If, by "links selected", you mean links that the user has already visited, use the 'a:visited' selector in your CSS file. If you mean the links to which you attach the class 'selected', you'd want to define that class in your CSS file.
Also, please use the code tags in the post editor ("< >" on the toolbar) when posting code to the forum - it makes everything much easier to read.
-
Right, and that's why we're asking you to supply the surrounding code. $row['category'] either isn't being set, or it's being set incorrectly. However, without the surrounding code, there's no way to tell where, how, or why.
-
What's the surrounding code? Given the variable name $row, it's possible the code is trying to run the select query inside a loop, which isn't a good idea. If that is what's actually happening, you're probably going to want to rework the initial query to use a join in order to bring back the entire record set with a single call to the database.
-
Random aside here - Barand, I'd never (as far as I can recall, anyway) heard of the levenshtein() function. Thank you - that's kinda awesome!
-
You're going to need to create a role-based access structure. Basically, you create a new table that stores role name, role level, and role ID. Then add a role ID foreign key column to your user table and use that for comparison. You'll also need to create a method of checking the user access role when that user loads a page - anyone can type an address into the browser's location bar, so once the user is there you have to confirm the fact that they're actually allowed to be there.
There's about a million and four debates around the web about handling role-based access systems, so there's no dearth of information or opinion on the matter. Google and spend some time reading.
What's below is certainly not the most elegant refactoring of your code, but at it's basest it should get you moving in the right direction.
if(isset($_POST['login']) && !empty(trim($_POST['login']))){ $username = stripslashes($_POST['username']); $password = stripslashes($_POST['password']); $stmt = $pdo->prepare(" SELECT u.password ,u.status ,r.roleName FROM tablename u LEFT JOIN tableroles r ON u.roleID = r.ID WHERE u.username = :username "); $stmt->bindValue('username', $username, PDO::PARAM_STR); $stmt->execute(); $pg = 'badLogin.php'; if($stmt->rowCount() === 1){ $row = $stmt->fetch(PDO::FETCH_OBJ); if(!password_verify($password, $row->password)){ header("location:{$pg}"); exit; } $_SESSION['username'] = $username; if($row->roleName == 'ADMIN'){ if($row->status == 'COMPLETED'){ $pg = 'completed/admin_index.php'; }else{ $pg = 'uncompleted/admin_index.php'; } }else{ if($row->status == 'COMPLETED'){ $pg = 'completed/index.php'; }else{ $pg = 'uncompleted/index.php'; } } } header("location:{$pg}"); exit; } -
In your php file, echo a json-encoded array and check those values in your javascript. Along the lines of:
... echo json_encode(array('status'=>'correct')); ...and in your JS:
if(f.status == 'correct'){ ... -
Just some quick advice - break this out into another thread. Your original issue is solved and this one is new; as a new thread you'll probably get more traffic (and hopefully help).
Now, to the posted code. I'm assuming there was a copy/paste error with the 'full page setup', because you've got raw PHP in your HTML. Also, it looks like you're attempting to pass the value of the .message form field to the php script via AJAX, but you're using the value from $_SESSION, which is set in the chunk of code not contained within <?php and ?>. And I'm assuming that core/init.php calls session_start(), because I don't see that anywhere. Are you getting any errors?
-
Could you explain what you mean by 'it says that the query is wrong'? What I see right off the bat is that you don't appear to be calling session_start() before using $_SESSION, but without more information I have no idea if that's the issue or if you didn't copy/paste the session_start() call.
-
Try changing 'top:' to 'margin-top:' and see if that fixes your issue.
Login problem
in PHP Coding Help
Posted
Basically, change this:
$stmt = $con->prepare("SELECT username, password, status FROM users WHERE username=? AND password=? AND status=?"); $stmt->bind_param("ssi", $username, $password, $status);to this:
$stmt = $con->prepare("SELECT username, password, status FROM users WHERE username=? AND password=?"); $stmt->bind_param("ss", $username, $password);The rest of your script should work as you expect.