Jump to content

Moorcam

Members
  • Posts

    197
  • Joined

  • Last visited

Everything posted by Moorcam

  1. Hi all, Hope to find you all good. I have the following, which creates a php file. This works fine and without error. However, once created, the content of the page, which is got from the Database, is not showing. <?php include_once('includes/header.php'); if(isset($_POST['new']) && $_POST['new']==1){ if(isset($_POST['submit'])){ $trn_date = mysqli_real_escape_string($con, date("Y-m-d H:i:s")); $name = mysqli_real_escape_string($con, $_POST['name']); $description = mysqli_real_escape_string($con, $_POST['description']); $body = mysqli_real_escape_string($con, $_POST['body']); $submittedby = mysqli_real_escape_string($con, $_SESSION["username"]); $sql = "SELECT * FROM pages WHERE name='$name'"; $res = mysqli_query($con, $sql); if (mysqli_num_rows($res) > 0) { $message = '<i class="fa fa-times text-danger"> - A Page already exists with that name!</i>'; }else{ $ins_query="insert into pages (`trn_date`,`name`,`description`, `body`, `submittedby`)values ('$trn_date','$name','$description', '$body', '$submittedby')"; mysqli_query($con,$ins_query) or die(mysqli_error($con)); if(mysqli_affected_rows($con)== 1 ){ // Name of the template file. $template_file = 'template.php'; // Root folder if working in subdirectory. Name is up to you ut must match with server's folder. $base_path = '/protour/'; // Path to the directory where you store the "template.php" file. $template_path = 'includes/'; // Path to the directory where php will store the auto-generated couple's pages. $page_path = '../'; // Posted data. $row['name'] = str_replace(' ', '', $_POST['name']); $row['description'] = str_replace(' ', '', $_POST['description']); $row['body'] = $_POST['body']; // Data array (Should match with data above's order). $placeholders = array('{name}', '{description}', '{body}'); // Get the template.php as a string. $template = file_get_contents($template_path.$template_file); // Fills the template. $new_file = str_replace($placeholders, $row, $template); // Generates couple's URL and makes it frendly and lowercase. $page_url = str_replace(' ', '', strtolower($row['name'].'.php')); // Save file into page directory. $fp = fopen($page_path.$page_url, 'w'); fwrite($fp, $new_file); fclose($fp); // Set the variables to pass them to success page. $_SESSION['page_url'] = $page_url; // If working in root directory. $_SESSION['page_path'] = str_replace('.', '', $page_path); // If working in a sub directory. $_SESSION['page_path'] = substr_replace($base_path, '', -1).str_replace('.', '',$page_path); $message = '<i class="fa fa-check"></i> - Page Created Successfully'; } } } } ?> <!-- Header--> <div class="breadcrumbs"> <div class="col-sm-4"> <div class="page-header float-left"> <div class="page-title"> <h1>Pages</h1> </div> </div> </div> <div class="col-sm-8"> </div> </div> <div class="content mt-3"> <div class="animated fadeIn"> <div class="row"> <div class="col-lg-12"> <div class="card"> <div class="card-header"><strong>Add </strong><small>Page <?php if($message = isset($message) ? $message : ''){ printf($message); } ?></small></div> <div class="card-body card-block"> <form role="form" method="post" action""> <input type="hidden" name="new" value="1" /> <div class="modal-body"> <div class="form-group"><label for="name" class=" form-control-label">Page Name</label><input type="text" id="name" name="name" placeholder="name" class="form-control"> </div> <div class="form-group"><label for="description" class=" form-control-label">Description</label><input maxlength="100" type="text" id="description" name="description" placeholder="descriptioon" class="form-control"></div> <div class="form-group"><label for="body" class=" form-control-label">Body</label> <textarea class="form-control" id="body" name="body" placeholder="body"></textarea> </div> <div class="modal-footer"> <button type="submit" name="submit" id="submit" class="btn btn-primary">Confirm</button> </div> </form> </div> </div> </div><!-- .animated --> </div><!-- .content --> </div><!-- /#right-panel --> <!-- Right Panel --> <script src="assets/js/vendor/jquery-2.1.4.min.js"></script> <script src="assets/js/popper.min.js"></script> <script src="assets/js/plugins.js"></script> <script src="assets/js/main.js"></script> <script src="assets/js/bing.js"></script> <script src="assets/js/lib/data-table/datatables.min.js"></script> <script src="assets/js/lib/data-table/dataTables.bootstrap.min.js"></script> <script src="assets/js/lib/data-table/dataTables.buttons.min.js"></script> <script src="assets/js/lib/data-table/buttons.bootstrap.min.js"></script> <script src="assets/js/lib/data-table/jszip.min.js"></script> <script src="assets/js/lib/data-table/pdfmake.min.js"></script> <script src="assets/js/lib/data-table/vfs_fonts.js"></script> <script src="assets/js/lib/data-table/buttons.html5.min.js"></script> <script src="assets/js/lib/data-table/buttons.print.min.js"></script> <script src="assets/js/lib/data-table/buttons.colVis.min.js"></script> <script src="assets/js/lib/data-table/datatables-init.js"></script> <script src="https://cdn.tiny.cloud/1/sw6bkvhzd3ev4xl3u9yx3tzrux4nthssiwgsog74altv1o65/tinymce/5/tinymce.min.js" referrerpolicy="origin"></script> <script> tinymce.init({ selector: 'textarea', plugins: 'advlist autolink lists link image charmap print preview hr anchor pagebreak', toolbar_mode: 'floating', }); </script> <script type="text/javascript"> $(document).ready(function() { $('#customer-table').DataTable(); } ); </script> </body> </html> My guess is the placeholder section is not working. // Posted data. $row['name'] = str_replace(' ', '', $_POST['name']); $row['description'] = str_replace(' ', '', $_POST['description']); $row['body'] = $_POST['body']; // Data array (Should match with data above's order). $placeholders = array('{name}', '{description}', '{body}'); Here is template.php <?php include_once('includes/header.php'); require_once('admin/includes/config.php'); if(isset($_POST['new']) && $_POST['new']==1){ $trn_date = mysqli_real_escape_string($con, date("Y-m-d H:i:s")); $name = mysqli_real_escape_string($con, $_POST['name']); $email = mysqli_real_escape_string($con, $_POST['email']); $pickup = mysqli_real_escape_string($con, $_POST['pickup']); $dropoff = mysqli_real_escape_string($con, $_POST['dropoff']); $dep_date = mysqli_real_escape_string($con, $_POST['dep_date']); $ret_date = mysqli_real_escape_string($con, $_POST['ret_date']); $dep_time = mysqli_real_escape_string($con, $_POST['dep_time']); $pax_numbers = mysqli_real_escape_string($con, $_POST['pax_numbers']); $ins_query="insert into quotes (`trn_date`,`name`,`email`, `pickup`, `dropoff`, `dep_date`, `ret_date`, `dep_time`, `pax_numbers`) values ('$trn_date','$name','$email', '$pickup', '$dropoff', '$dep_date', '$ret_date', '$dep_time', '$pax_numbers')"; mysqli_query($con,$ins_query) or die(mysqli_error($con)); if(mysqli_affected_rows($con)== 1 ){ $message = "Thank you. We will be in touch soon."; } } $sql = "SELECT * FROM slide"; $result = $con->query($sql); if ($result->num_rows > 0) { while($row = $result->fetch_assoc()) { ?> <div class="hero-wrap" style='background-image: url("admin/uploads/<?php echo $row['image']; ?>")' data-stellar-background-ratio="0.5"> <div class="overlay"></div> <div class="container"> <div class="row no-gutters slider-text justify-content-start align-items-center"> <div class="col-lg-6 col-md-6 ftco-animate d-flex align-items-end"> <div class="text"> <p style="font-size: 18px;"><?php echo $row['slide_text']; ?></p> <a href="<?php echo $row['youtube']; ?>" class="icon-wrap popup-vimeo d-flex align-items-center mt-4"> <div class="icon d-flex align-items-center justify-content-center"> <span class="ion-ios-play"></span> </div> <div class="heading-title ml-5"> <span>Play Our Short Video</span> </div> </a> </div> </div> <div class="col-lg-2 col"></div> <div class="col-lg-4 col-md-6 mt-0 mt-md-5 d-flex"> <form method="post" action="" role="form" class="request-form ftco-animate"> <input type="hidden" name="new" value="1" /> <h2>Get A Quote</h2> <div class="d-flex"> <div class="form-group mr-2"> <label for="name" class="label">Name</label> <input class="form-control" type="text" id="name" name="name" placeholder="Your Name" /> </div> <div class="form-group ml-2"> <label for="email" class="label">Email</label> <input class="form-control" type="email" id="email" name="email" placeholder="Your Email" /> </div> </div> <div class="form-group"> <label for="searchBox" class="label">Pick-Up Location</label> <input class="form-control" type="text" id="searchBox" name="pickup" placeholder="Start Typing..." /> </div> <div class="form-group"> <label for="searchBoxAlt" class="label">Drop-Off Location</label> <input type="text" class="form-control" id="searchBoxAlt" name="dropoff" placeholder="Start Typing..." /> </div> <div class="d-flex"> <div class="form-group mr-2"> <label for="" class="label">Departure Date</label> <input type="text" class="form-control" id="book_pick_date" name="dep_date" placeholder="Date"> </div> <div class="form-group ml-2"> <label for="" class="label">Return Date</label> <input type="text" class="form-control" id="book_off_date" name="ret_date" placeholder="Date"> </div> </div> <div class="d-flex"> <div class="form-group mr-2"> <label for="" class="label">Pick-Up Time</label> <input type="text" class="form-control" id="time_pick" name="dep_time" placeholder="Time"> </div> <div class="form-group ml-2"> <label for"" class="label">Passenger Numbers</label> <input type="number" class="form-control" id="pax_numbers" name="pax_numbers" placeholder="Amount" /> </div> </div> <div class="form-group"> <button type="submit" class="btn btn-primary py-3 px-4">Request Quote</button> <p><?php if($message = isset($message) ? $message : ''){ printf($message); } ?></p> </div> </form> </div> </div> </div> </div> <?php } } ?> <script type="text/javascript" src="https://www.bing.com/api/maps/mapcontrol?key=AqIY0ivSCCdBIe3-EKGuox9cwBFw2wWRWIErZi1iy57EfD67PoiSra9wl_wu48de&callback=bingMapsReady" async defer></script> <?php if(isset($_GET['id'])){ $id = mysqli_real_escape_string($con, $_GET['id'] ?? DEFAULT_ID); $sql = "SELECT * FROM pages WHERE id = $id"; $result = $con->query($sql); if ($result->num_rows > 0) { while($row = $result->fetch_array()) { ?> <!-- HOW IT WORKS --> <section class="ftco-section ftco-no-pt ftco-no-pb"> <div class="container"> <div class="row no-gutters"> <div class="col-md-12 wrap-about py-md-5 ftco-animate"> <div class="heading-section mb-5 pl-md-5"> <span class="subheading"><?php echo $row['description']; ?> </span> <h2 class="heading"><?php echo $row['name']; ?></h2> <?php echo $row['body']; ?> </div> </div> </div> </div> </section> <?php } } } ?> <!-- FOOTER --> <?php include_once('includes/footer.php'); ?> Please note that this is just a project and will not be going live. It's for learning purposes and I am aware there are some vulnerabilities within parts of the code. Any assistance with the above issues though would really be appreciated. Thanks and have a ripper evening.
  2. Got it to work by using an If statement as such: if(mysqli_real_escape_string($con, $_GET['id']=="")){ $sql = "SELECT * FROM pages WHERE name = 'Home'"; $result = $con->query($sql); if ($result->num_rows > 0) { while($row = $result->fetch_assoc()) { Most likely not the most correct way to do it but it works.
  3. Thanks for pointing that out. Yes, I agree. It is only a project that will be fixed up as time goes on. For now I just want to get everything working and then I can modify MySQL code where required.
  4. Hi folks, I am in the middle of creating a CMS as a project. It's going pretty well so far but I am stuck and hoping to get some guidance. When loading the main website, I want the contents from "Home" in the database to display unless a menu item is clicked. Here is what I have so far: <?php include_once('includes/header.php'); require_once('admin/includes/config.php'); ?> <div class="hero-wrap" style="background-image: url('images/uluru.jpg');" data-stellar-background-ratio="0.5"> <div class="overlay"></div> <div class="container"> <div class="row no-gutters slider-text justify-content-start align-items-center"> <div class="col-lg-6 col-md-6 ftco-animate d-flex align-items-end"> <div class="text"> <h1 class="mb-4">Coaches For Hire <span>Book Now!</span></h1> <p style="font-size: 18px;">The local Anangu, the Pitjantjatjara people, call the landmark Uluṟu (Pitjantjatjara [ʊlʊɻʊ]). This word is a proper noun, with no further particular meaning in the Pitjantjatjara dialect, although it is used as a local family name by the senior Traditional Owners of Uluru.</p> <a href="https://www.youtube.com/watch?v=biuYA54nb7Y" class="icon-wrap popup-vimeo d-flex align-items-center mt-4"> <div class="icon d-flex align-items-center justify-content-center"> <span class="ion-ios-play"></span> </div> <div class="heading-title ml-5"> <span>Learn more about Uluru</span> </div> </a> </div> </div> <div class="col-lg-2 col"></div> <div class="col-lg-4 col-md-6 mt-0 mt-md-5 d-flex"> <form action="#" class="request-form ftco-animate"> <h2>Get A Quote</h2> <div id="searchBoxContainer" class="form-group"> <label for="searchBox" class="label">Pick-Up Location</label> <input class="form-control" type="text" id="searchBox" placeholder="Start Typing..." /> </div> <div id="searchBoxContainerAlt" class="form-group"> <label for="searchBoxAlt" class="label">Drop-Off Location</label> <input type="text" class="form-control" id="searchBoxAlt" placeholder="Start Typing..." /> </div> <div class="d-flex"> <div class="form-group mr-2"> <label for="" class="label">Departure Date</label> <input type="text" class="form-control" id="book_pick_date" placeholder="Date"> </div> <div class="form-group ml-2"> <label for="" class="label">Return Date</label> <input type="text" class="form-control" id="book_off_date" placeholder="Date"> </div> </div> <div class="d-flex"> <div class="form-group mr-2"> <label for="" class="label">Pick-Up Time</label> <input type="text" class="form-control" id="time_pick" placeholder="Time"> </div> <div class="form-group ml-2"> <label for"" class="label">Passenger Numbers</label> <input type="number" class="form-control" placeholder="Amount" /> </div> </div> <div class="form-group"> <input type="submit" value="Request Quote" class="btn btn-primary py-3 px-4"> </div> </form> </div> </div> </div> </div> <script type="text/javascript" src="https://www.bing.com/api/maps/mapcontrol?key=AqIY0ivSCCdBIe3-EKGuox9cwBFw2wWRWIErZi1iy57EfD67PoiSra9wl_wu48de&callback=bingMapsReady" async defer></script> <?php $id = $_GET['id']; $sql = "SELECT * FROM pages WHERE id = $id"; $result = $con->query($sql); if ($result->num_rows > 0) { while($row = $result->fetch_array()) { ?> <!-- HOW IT WORKS --> <section class="ftco-section ftco-no-pt ftco-no-pb"> <div class="container"> <div class="row no-gutters"> <div class="col-md-12 wrap-about py-md-5 ftco-animate"> <div class="heading-section mb-5 pl-md-5"> <span class="subheading"><?php echo $row['description']; ?> </span> <h2 class="heading"><?php echo $row['name']; ?></h2> <?php echo $row['body']; ?> </div> </div> </div> </div> </section> <?php } } ?> <!-- FOOTER --> <?php include_once('includes/footer.php'); ?> I hope you can help and that I am making sense. Cheers, Dan
  5. Guinness

    1. Stefany93

      Stefany93

      the book or the beer?

       

    2. Moorcam

      Moorcam

      Ooooh the beer deffo :)

    3. gizmola

      gizmola

      My favorite Beer!

       

  6. Use MySQLi or PDO. MySQL is deprecated since php 5.5 and completely removed from php 7.
  7. Thanks gizmola, Much appreciated. Still learning.
  8. Fixed. For some reason the Google API was affecting it. Basically, the URL was not authorized to use the API so once I did that, all errors disappeared. No idea how it caused an Undefined Index though. But all is good.
  9. Hi all, Strange one. I have Google Maps Places API added to a text field for Autocomplete purposes. However, if I add the id="address" to the text field and save the data I get Undefined Index. Here is the text field: <div class="form-group"> <label><?php echo $lang_company_address; ?></label> <input type="text" class="form-control" id="address" name="company_address" value="<?php echo $row['company_address']; ?>"/> </div> Here is where I am getting the Undefined error: $company_address = mysqli_real_escape_string($mysqli, $_POST['company_address']); And here is the Google JS code: <script> function initMap(){ var autocomplete = new google.maps.places.Autocomplete($("#address")[0], {}); google.maps.event.addListener(autocomplete, 'place_changed', function() { var place = autocomplete.getPlace(); console.log(place.address_components); }); } </script> The script above works fine. Although I do get the dreaded Ooops Something went wrong error, which I presume is tied to the above somehow. The API key is called as below: <script src="https://maps.googleapis.com/maps/api/js?key=<?php echo $row['google_api']; ?>&libraries=places&callback=initMap" async defer></script> The key is stored in the database. Any ideas?
  10. Thank you. I tried that and it first stated that -> was unexpected. I changed -> to _ and get the following: $tour_id = mysqli_real_escape_string($mysqli, $_GET['tour_id']); It works. Thank you so much. I really appreciate your help and guidance. I promise not to come and ask questions unless I am really stuck, just like today. *virtual handshake * Danno
  11. I am. The one in the URL is from the DB. <?php echo $row['tour_id']; ?> I am using the same echo statement on the page but not getting anything. I changed to tour_id in the db and code to see if that would help. Thought there might be a possible mixup with another piece of code but still nothing. But if I remove the WHERE clause, it will show data. I just want to show the data that is compared to the id in the url.
  12. Thank you. I meant in general. Most programmers will fill you with Jargon while trying to help. I get lost at times. The dump shows: string(0) Strange hey.
  13. Hi, Thanks for the reply. I am learning mate, which is why I have come here. It's easy for experienced programmers like your good self to say do this and that and use the jargon to describe what it is we should be doing. But for us, less average programmer-wannabes the jargon is something that we find hard at times to understand. So to say I am not bothered to learn MySQLi is a little harsh to be honest. Not being rude, just stating, because I am TRYING to learn. I am using MySQLi because I haven't coded in like 15 years and always used MySQL. I know I should use PDO. I will eventually. This project is just to get my feet wet again. Here is what I am using to call the ID into the URL, as I feel this maybe contributing to the issue. However, I am unsure if this is the correct way or not. Been trying to find similar things on Google but can't find anything on it. <td><a href="tourdetails.php?tour_id=<?php echo $row['tour_id']; ?>"><?php echo $row['tour_name']; ?></a></td> Thanks in advance if anyone can put me in the right direction.
  14. Where is your update code? You only have a SELECT query there. Also, MySQL is deprecated. Change over to MySQLi or PDO.
  15. Hi mate, Not being rude but nobody will go to your site to look for the issue. Not that they just don't want to. Lots of people are nervous of possible infections. Your best bet is to post your code here and also the error you are getting so people who are experienced with the script you are using can help.
  16. Would help to show your PHP code where you are selecting from the db to populate in the first place. All that jazz.
  17. Hi folks, I know people will say, "You should use PDO" but I prefer MySQLi for the time being. I am trying to display data based on its ID from the database by using the following. However, if I use: WHERE id='$id' Nothing appears. Basically, what I am doing is, when someone clicks a link, it will open a new page displaying the content related to the link they clicked. The URL will show the ID, which works fine, such as: domain.com/details.php?id=245 If I remove the WHERE clause, all rows are shown. If I use the WHERE clause, nothing is shown. No errors either. Here is the code in question: <?php $id = mysqli_real_escape_string($mysqli, $row['id']); $sql = "SELECT * FROM tours WHERE id = '" . $id. "'"; $result = $mysqli->query($sql); if ($result->num_rows > 0) { while($row = $result->fetch_assoc()) { ?> <h3><?php echo $row['tour_name']; ?></h3> <?php } } ?> Any help would be appreciated. Cheers Danno
  18. Thanks for that. Well, it looks like PDO is the way to go then. It had been suggested before by bananamen but never got round to using it. Will be away for a few days but will have the laptop so if I get a few hours on New Years Day will change to PDO. Thanks again and Happy New Year.
  19. Thanks for the feedback and input guys. I really appreciate it. I haven't used php and mysql for a lifetime. Recently just started to get back into it. So a bit of a learning curve with a dash of hit and miss as I go. So I really appreciate the guidance. People are raving about this PDO thingy. Will this work on MySQL servers? I have been told it is a lot more secure than MySQLi etc. I really need to find the time (between work etc) to sit down and actually read up on all of these changes that were made since I did it around 2005 lol
  20. Silly Irish man. I forgot to set a Unique key in the database. Works fine now. Sorry for the hassle and thanks again.
  21. Hi all, In a pickle again. I am trying to update a database from a html table, which I will post below. The issue is, if I have more than one entry in the table, clicking update will change all entries with the changes mate. Here is the update code along with the HTML table: <div class="panel-body"> <div class="table-responsive"> <form role="form" action="" method="post"> <?php if(isset($_POST['Submit'])){//if the submit button is clicked $id = mysqli_real_escape_string($mysqli, $_POST['id']); $fname = mysqli_real_escape_string($mysqli, $_POST['fname']); $lname = mysqli_real_escape_string($mysqli, $_POST['lname']); $email = mysqli_real_escape_string($mysqli, $_POST['email']); $phone = mysqli_real_escape_string($mysqli, $_POST['phone']); $sql="UPDATE clients SET fname='$fname', lname='$lname', email='$email', phone='$phone'"; $mysqli->query($sql) or die(mysqli_error($mysqli));//update or error } ?> <table class="table table-striped table-bordered table-hover" id="tab_logic"> <thead> <tr> <th>Client ID</th> <th>First Name</th> <th>Last Name</th> <th>Email</th> <th>Phone</th> </tr> </thead> <?php if (isset($_POST['Delete'])){ $checkbox = $_POST['checkbox']; $count = count($checkbox); for($i=0;$i<$count;$i++){ if(!empty($checkbox[$i])){ /* CHECK IF CHECKBOX IS CLICKED OR NOT */ $id = mysqli_real_escape_string($mysqli,$checkbox[$i]); /* ESCAPE STRINGS */ mysqli_query($mysqli,"DELETE FROM clients WHERE id = '$id'"); /* EXECUTE QUERY AND USE ' ' (apostrophe) IN YOUR VARIABLE */ } /* END OF IF NOT EMPTY CHECKBOX */ } /* END OF FOR LOOP */ } /* END OF ISSET DELETE */ $sql = "SELECT id, fname, lname, email, phone FROM clients"; $result = $mysqli->query($sql); if ($result->num_rows > 0) { while($row = $result->fetch_assoc()) { $id = mysqli_real_escape_string($mysqli, $row['id']); ?> <tbody> <tr id='addr0'> <td> <input type="text" size="5" name='id' placeholder='01' class="form-control" value="<?php echo $row['id']; ?>"/> </td> <td> <input type="text" name='fname' placeholder='First Name' class="form-control" value="<?php echo $row['fname']; ?>"/> </td> <td> <input type="text" name='lname' placeholder='Last Name' class="form-control" value="<?php echo $row['lname']; ?>"/> </td> <td> <input type="text" name='email' placeholder='Email' class="form-control" value="<?php echo $row['email']; ?>"/> </td> <td> <input type="text" name='phone' placeholder='Phone' class="form-control" value="<?php echo $row['phone']; ?>"/> </td> <td> <input name="checkbox" value="0" type="hidden"> <?php echo "<td><input type='checkbox' name='checkbox[]' value='$id'></td>"; ?> </td> </tr> <tr id='addr1'></tr> </tbody> <?php } } $mysqli->Close(); ?> </table> <a href="new-client.php" type="submit" class="pull-left btn btn-success">Add New Client</a><button type="submit" name="Submit" class="btn btn-success">Save Changes</button> <input type="submit" name="Delete" class="pull-center btn btn-success" value="Delete Selected" /> </form> </div> </div> </div> </div> </div> </div> Please note that deleting works fine. Adding is done from a separate file. Any help would be appreciated. Cheers, Dan
  22. Hi bananamen, Thank you so much. I really appreciate you taking the time to help. The issues of html vanishing has been resolved as is the correct name being displayed, thanks to your instructions. Regarding PDO and password_hash, I will be changing over to these when I get home later. Thanks so much again. You are a legend. Cheers, Danno
  23. As I said, the above code is not the login. This is the Index after login is completed. Here is the login code: <?php // Coach Manager // Version 0.0.0.1 // Author Dan O'Riordan session_start(); if (isset($_SESSION['id'])) { header("Location: index.php"); } include_once 'includes/config.php'; include_once 'includes/db_connect.php'; //check if form is submitted if (isset($_POST['login'])) { $email = mysqli_real_escape_string($mysqli, $_POST['email']); $password = mysqli_real_escape_string($mysqli, $_POST['password']); $psalt = 'eghriwugfro78974togfg0487tr'; $password = hash('sha256', $password); $result = mysqli_query($mysqli, "SELECT * FROM admin_users WHERE email = '" . $email. "' and password = '" .$password . "'"); if ($row = mysqli_fetch_array($result)) { $_SESSION['id'] = $row['id']; $_SESSION['fname'] = $row['fname']; header("Location: index.php"); } else { $errormsg = "Incorrect Email or Password Combination!"; } } ?> <!DOCTYPE html> <html > <head> <meta charset="UTF-8"> <title>Tour Manager | Login</title> <!-- FONTAWESOME STYLES--> <link rel="stylesheet" href="assets/font-awesome/css/font-awesome.min.css" rel="stylesheet" /> <link rel='stylesheet prefetch' href='http://netdna.bootstrapcdn.com/bootstrap/3.0.2/css/bootstrap.min.css'> <link href="css/styles.css" rel="stylesheet"> </head> <body> <div id="loginModal" class="modal show" tabindex="-1" role="dialog" aria-hidden="true"> <div class="modal-dialog"> <div class="modal-content"> <div class="modal-header"> <h1 class="text-center">Tour Manager</h1> </div> <div class="modal-body"> <form class="form-signin" role="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="loginform"> <div class="form-group"> <input type="text" name="email" required class="form-control input-lg" placeholder="Email"> </div> <div class="form-group"> <input type="password" name="password" required class="form-control input-lg" placeholder="Password"> </div> <div class="form-group"> <button class="btn btn-primary btn-lg btn-block" name="login">Sign In</button> <span class="text-danger"><strong><?php if (isset($errormsg)) { echo $errormsg; } ?></strong></span> </div> </form> </div> <div class="modal-footer"> <div class="col-md-12"> Powered by <a href="http://www.danethical.com" target="_blank">Tour Manager</a> </div> </div> </div> </div> </div> <!-- script references --> <script src="//ajax.googleapis.com/ajax/libs/jquery/2.0.2/jquery.min.js"></script> <script src="js/bootstrap.min.js"></script> </body> </html> <?php Exit(); ?> Cheers
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.