Jump to content

alpine

Members
  • Posts

    759
  • Joined

  • Last visited

Everything posted by alpine

  1. You can also define a variable, and echo that. This means the variable will always be defined. $notes = (!empty($rows['notes'] ? $rows['notes'] : ''); echo $notes; // if $rows['notes'] contains info, it will be printed, else it prints out nothing ( '' ).
  2. Its really hard to read your code, please put it inside code tags. Bootstrap modal isnt visible by default, so if you post to the same page, the post normally wont be handleded if the handler is inside the modal. Look into jquery ajax to handle forms from modal, search around for examples on the interweb
  3. Instead of storing passwords anywhere client side for client identification, one approach is to create a unique code (temp generated password) each time a user logs in. Store it in the users table, set it in cookie or session and match against that instead. On logout, clear it. Even better, update it on sertain pageload intervals to prevent it from being static and match it against a timestamp when last generated. Password should never be pulled out of table, only matched at the point of login.
  4. $thematches->linkset->link is obviously not an array (anymore), thats why its flagged as invalid Simple test: if(is_array($thematches->linkset->link)){ echo '<p>is array:</p>'; print_r($thematches->linkset->link); } else{ echo '<p>is not an array:</p>'; echo $thematches->linkset->link; }
  5. If you match 2 rows with the same username AND password, its impossible to differ those users apart. I would rather deny access under this circumstance rather than doing 'limit 1' that may give the wrong user access to his twin account. If user id 1 and user id 2 have the same creditentials, a default ascending query 'limit 1' login attemt performed by user 2 will give access to user id 1 account. A sensible design should as we all know prevent this from ever happening in the first place. I would match with rows = 1 or deny access
  6. You shouldnt use json to transport html formatted content as it will most lightly break (as it does right now in your example - its json that breaks it), and if you are sending content to JQM you should send pure data and format it in JQM for best result. JQM can be a real pain to work with even if you try to do it according to standars, especially when moving outside utf8 (as some of us have to). When working with mobile content you also want to send as little amount of data as possible between server and mobile unit for best possible performance and smallest data size. This alltogether would save you from the trouble you are experiencing at this stage. So if this is a new db/content setup you should reconcider storing pure data in db, if not you probably need to clean away any html before sending it through json_encode. Your alternative is to drop json and send it as html through ajax. Your best option is probably to run the query with default encoding and adapt the data with php before sending it.
  7. Something like this function utf8_apply($val){ return utf8_encode($val); } $employees = array_map("utf8_apply", $employees);
  8. You cannot utf8_encode an array, apply utf8_encode to the values (string)
  9. In cases where the database charset is different from utf8 you should always encode the text before sending it through ajax, this is also the case with JQM as its no way to override utf8 charset unless you edit the JQM source Replacing special chars is probably not your best option // you have some control in this example, no special characters as we can avoid them $js_return['status'] = 'saved'; // this however might contain special characters depending of db charset etc, convert it to utf8 before sending it $js_return['text'] = utf8_encode($db_data); echo json_encode($js_return);
  10. I would check that there is none with that username, if you have 2 or more already stored while comparing with "1", it will always allow yet another one. if(mysql_num_rows($run) === 0){ echo 'nobody with that username was found in database'; } else{ echo 'You cannot use this username'; }
  11. Okay, remove the print_r if($_SESSION['login'] && $_SESSION['type'] === 'ADMINISTRATION'){ You have 3 comparisors === Try with only 2 == Other than that its hard to say whats going on. You just have to do some faultfinding within your files and functions.
  12. Try this, what do you get ? <?php include '../../core.php'; echo "<pre>"; print_r($_SESSION); echo "</pre>"; exit(); if($_SESSION['login'] && $_SESSION['type'] === 'ADMINISTRATION'){ ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <link rel="stylesheet" type="text/css" href="../css/main.css"/> </head> <body> This is Admin. <a href="../../logout.php">Log Out!</a> </body> </html> <?php }else{ header('Location:Webpage/index.php'); } ?>
  13. Hard to follow what you are using at this stage, are you using this ? if(!isset($_SESSION['login']) || (isset($_SESSION['type']) && $_SESSION['type'] != 'ADMINISTRATION')) { header('Location:Webpage/index.php'); exit; // stop the script } Its passing you on to Webpage/index.php if session "login" isnt set, and i cannot see its being set anywhere ? This means this will always send you to Webpage/index.php. And if Webpage/index.php is checking to see if session "type" is set, it will send you "back" i presume.. and there you have a loop
  14. I noticed my error on form names but was unable to edit. Rename form inputs to eusername and epassword as commented above. I dont generally dont provide cut and paste code, only suggested methods. You still have to learn php yourself. Here is what you need to run the query in my example. Still not tested and it requires a little kung fu from you. if(!empty($err)){ echo "<ul><li>".implode("</li><li>",$err)."</li></ul>"; } else{ $query = "SELECT LogUsername FROM tbl_account WHERE LogUsername='".$eusername."' AND LogPassword = '".$epassword."' AND type = '".$logintype."'"; $query_run = mysql_query($query); if(mysql_num_rows($query_run) == '1'){ $row = mysql_fetch_row($query_run); $_SESSION['user_id'] = $row[0]; $_SESSION['type'] = $logintype; echo "<script>alert('".$logintype." Login')</script>"; switch($logintype){ case 'ADMINISTRATION': header('Location: ../../ADMIN.php'); exit(); break; default: header('Location: ../../EMPLOYEE.php'); exit(); } }else{ echo "<script>alert('Incorrect Pass or User')</script>"; } }
  15. as a sidenote, you can optimize your loginform with an option list instead of 2 login forms, untested version: <?php if(isset($_POST['submit'])){ $err = array(); $required = array( 'eusername', 'epassword' ); foreach($_POST as $field => $value){ if(in_array($field,$required) && empty($value)){ $err[] = $field." cannot be empty"; } else{ ${$field} = mysql_real_escape_string($value); } } switch($_POST['id_type']){ case 'employee': $logintype = 'EMPLOYEE'; break; case 'admin': $logintype = 'ADMINISTRATION'; break; default: $err[] = "Incorrect login type"; } if(!empty($err)){ echo "<ul><li>".implode("</li><li>",$err)."</li></ul>"; } else{ $query = "SELECT * FROM tbl_account WHERE LogUsername='".$eusername."' AND LogPassword = '".$epassword."' AND type = '".$logintype."'"; // run query and set sessions etc } } ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> ID: <input type="text" name="username"> </br> Password: <input type="password" name="password"> Type: <select name="id_type"> <option value="employee">Employee</option> <option value="admin">Admin</option> </select> <input type="submit" name="submit" id="adminsubmit" value="Log in"> </form>
  16. I would define access on each page, and determine users levels vs page level Lightweight example: define("THIS_PAGE_LEVEL", 'EMPLOYEE'); // define("THIS_PAGE_LEVEL", 'ADMINISTRATION'); if(isset($_SESSION['usertype'])){ if($_SESSION['usertype'] <> THIS_PAGE_LEVEL){ header('Location:login.php'); exit(); } } else{ header('Location:login.php'); exit(); } echo 'Welcome '.THIS_PAGE_LEVEL;
  17. I would recomend cleaning all data after the form is submitted, not before. if(isset($_POST['submit'])){ foreach($_POST as $k => $v){ ${$k} = some_safeclean_function($v); } // input name 'myinput' is now clean as $myinput along with all the other posted inputs }
  18. You need to declare from both post and get data in your case, you have been relying on register_globals = ON ! In your form, you have <form action="test.php?page=matchfinder&action=enable" method=post> In order to get "page" and "action" status : $page = $_GET['page']; $action = $_GET['action']; // now you can use them .... Then handle posted values from form foreach($_POST['search_marital_status'] as $key => $val){ $status[] = $key; // you need key from your form names -> name[val] thing } $search_martial_status = implode('|',$status);
  19. Could you post the rest of index.php that handles the posted data..
  20. Can you describe the problem ? Or simply no email is sent ? Be aware that some hosts dont allow other email domains as FROM and REPLY TO in headers
  21. Yes, use on instead of live $('.load_more').on("click",function(){ }
  22. You need to debug your submitted formdata as you encounter problems, and make sure the pin actually exists in database AND that it isnt encrypted in any way. If its stored encrypted, you need to encrypt the posted password in order to match them! Also, this example looks for ONE record of that exact pin code, if its stored several pins with the same value in db, this query will fail !! <?php $query = mysql_query("SELECT * FROM pin_code WHERE pin = '".htmlspecialchars($password, ENT_QUOTES)."'"); if(mysql_num_rows($query) == '1'){ // Pin found - create user with kung-fu query } else{ echo '<p>Pin not found</p>'; echo '<p>Posted Pin: '.$password.'</p>; // <--- is this displayed value the exact value stored in db ???? } ?>
  23. You are overcomplicating things, something like this <?php $query = mysql_query("SELECT * FROM pin_code WHERE pin = '".htmlspecialchars($password, ENT_QUOTES)."'"); if(mysql_num_rows($query) == '1'){ // Pin found - create user with kung-fu query } else{ echo 'Pin not found'; } ?>
  24. Either you have a typo or your description is inacurate, you havent got GT-5830 in your list but you have GT-S5830 You could hack all this around, but most probably it wont fit all your requirements. But as an example on this exact question: $searchValue ="GT-S5830i"; foreach($phoneDevices as $key => $devices){ $device = explode('|',$devices); while(list($sub_key, $val) = each($device)) { if(stripos($searchValue,$val) !== false){ echo 'Found '.$searchValue.' in '.$key.' list as '.$val; // Found GT-S5830i in Samsung list as GT-S5830 } } } Result: Found GT-S5830i in Samsung list as GT-S5830
  25. alpine

    print_r

    while($rows = $query->fetch(PDO::FETCH_ASSOC)){ echo "<p>Voter ID ".$rows['voter_id']."</p>"; // next results }
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.