twsowerby

Hi all, Is there a function that will return the details of the last database modification that was done? Basically I have users classified based on various attributes stored against them. If a user updates their details, I need to be able to run a script which checks what was updated and then re-classifies the user. Regards, Tom

try adding: $query = mysql_query($result); below the $result variable. Regards, Tom

Pretty much what GingerRobot said, This sort of thing should work... <?php //session start here $username = "Bob"; //change this to the username in your session //code below will select the right data for you based on the above variables. $sql = "SELECT incidents.id, incidents.description, users.firstname FROM incidents, users WHERE incidents.owner_id = users.id AND users.firstname='$username'"; $query = mysql_query($sql); while ($row = mysql_fetch_array($query)) { $ID = $row["id"]; $desc = $row["description"]; $fname = $row["firstname"]; echo "$ID, $desc, $fname <br />"; } ?> Hope that helps, Tom

Thanks AP81, I had tried the join earlier on to no effect, but your post made me realise that when I was joining them I was using the posted variable, so: WHERE villas.resortID = resorts.$resortID That passes in the resort ID as the joined table field, which of course is not what I wanted. Guess I was just having a dim moment. (in my defense it was late!) Anyway, sorted it now, thanks for replying. Regards, Tom

query is in that block of code... $sql = "SELECT villas.*,resorts.resortName FROM villas, resorts"; if(count($where)) $sql .= " WHERE ".implode(' AND ',$where); Have I missed something? Tom

Hi all, I've got a form which passes its data to an array and is then processed to see if there are matches in the database. It was working fine when I was retrieving data from one table, but as soon as I tried to match a value in one table to another table it didn't work properly. The code is: <?php require_once('sessionAndDB.php'); $resortID=$_POST['resortID']; $where = array(); if($_POST['resortID']) $where[] = "villas.resortID = $resortID"; if($_POST['pool']) $where[] = "villas.pool = '1'"; if($_POST['hot_tub']) $where[] = "villas.hottub = '1'"; if($_POST['tv']) $where[] = "villas.tv = '1'"; if($_POST['sauna']) $where[] = "villas.sauna = '1'"; if($_POST['dwasher']) $where[] = "villas.dWasher = '1'"; if($_POST['washer']) $where[] = "villas.washer = '1'"; if($_POST['beach']) $where[] = "villas.beach = '1'"; if($_POST['shops']) $where[] = "villas.shops = '1'"; if($_POST['bars']) $where[] = "villas.bars = '1'"; $sql = "SELECT villas.*,resorts.resortName FROM villas, resorts"; if(count($where)) $sql .= " WHERE ".implode(' AND ',$where); $query = mysql_query($sql); $count = mysql_num_rows($query); while ($row = mysql_fetch_array($query)) { $Name=$row["Name"]; $Resort=$row["resortName"]; $Price=$row["price"]; $ID=$row["ID"]; echo "<a href=\"./villadesc.php?id=$ID\">$Name</a>, $Resort, £$Price"; } if(($count)==0) { echo "<p>We're sorry, your search didn't return any results.</p><p>Please try again with a different query, or you can <a href='search_script.php'>click here</a> to see a list of all our villas</p>"; } ?> The script does return the right row (ie the correct villa name and price), but instead of just displaying the selected data once, it displays the data once for each value that is in the resortName field in the resorts table. Been staring at it for a long long time now and can't fix it, so if anyone can spot the bug I would really appreciate it! Regards, Tom

Awesome, thank you. You've been a great help. Regards, Tom

Thanks Aaron, I did know that it was a concatenation but the use of it there confused me a little bit, haven't quite got my head around how (using your example) PHP can have a variable that looks like it contains itself, ie $var = $var...Am I right in thinking that anything that calls $var in that script would be calling "ABCDEF" and not just "ABC"? Tom

Actually just a quick question, would you mind explaining to me what the '.' does in the second $sql variable? I know what a dot does normally but I don't fully understand its use here. How does the PHP differentiate between the two $sql's? Would like to know so I can learn from the help you gave me, will prevent me from asking similar questions in the future. Regards, Tom

Awesome, that worked a treat, thanks! Regards, Tom

Hi all, Had a quick look through the archives for the answer to this query but not had any luck so far... I have a database full of villa details. some of the fields are 'pool', 'hottub' and 'tv'. Each villa either has a 1 or a 0 in the pool, tv, hottubs fields depending on whether they have one or not. I need to be able to search villas by checking a checkbox. So if a user wanted to search for villas with a pool and a tv they could check the pool and tv box and click search. I have made a start but it doesnt seem to be working, so far I have this: <form method="post" action="scripts/search_script.php"> <input type="checkbox" name="pool" value="1" />Pool <br /> <input type="checkbox" name="hot_tub" value="1" />Hot Tub <br /> <input type="checkbox" name="tv" value="1" />TV <br /> <input type="submit" value="Go"> </form> $query = mysql_query("SELECT * FROM villas WHERE pool = '%$pool%' and hottub = '%$hot_tub%' and tv = '%$tv%'"); while ($row = mysql_fetch_array($query)) { $Name=$row["Name"]; $Country=$row["country"]; $Price=$row["price"]; echo $Name, $Country, $Price; } I'm pretty new to PHP so there's bound to be something wrong with my query or syntax. Any help would be greatly appreciated! Regards, Tom

Hi all, I've been playing around with strstr and str_replace to try and check if the current page is a restricted area of the site. I'm getting a bit frustrated because I'm new to this and not sure why its not working. I think I've just been staring at ti for too long now, so if anyone can help me out that would be awesome. $current = $_SERVER['PHP_SELF']; // If in users if(strstr($current, '/users/')) { $current = str_replace("users/", "", $current); $current = strtolower($current); // users/ resitricted pages if($current == 'userarea.php' || $current == 'logout.php' || $current == 'deleteproduct.php' || $current == 'deleteproductc.php' || $current == 'changeproductstatus.php' || $current == 'index.php') { checkIsLoggedIn(); checkSession(); } } My folder structure for the users folder is as follows: localhost/sites/fyp/htdocs/users/ I have got myself into a bit of a muddle here and I can't figure out how to fix it. There are no errors, its just not restricting access to the pages it should. Thanks, Tom

Hmm thanks laffin, still getting the same result as before though, very infuriating, im pretty sure its something really simple but i cant seem to sort it out. is it supposed to pass this in the url? http://localhost/sites/fyp/htdocs/userlogin.php?returnto=%D3%2F%CE%2CI-%D6O%AB%2C%D0%CF%28I%C9O.%D6%CF%ADtLN%CE%2F%CD%2B%D1%2B%C8%28%00%00 If you have any bright ideas please let me know. I'm not getting any errors, its just taking me straight back to the index page after i log in. is my if($_SESSION['SESS_USERNAME']==null) bit right? I'm thinking the $_GET['returnto'] isn't working, but I have no idea why. Tom

Right laffin, I hope your still around, cos im a bit stuffed if not! All the syntax is fine and theres no errors, i just can't get it to do what I need! I don;t think the url is being passed properly, but I don't know why! This is what I have so far: userlogin.php <?php require("config.php"); require("db.php"); require("functions.php"); session_start(); if($_SESSION['SESS_USERNAME']) { header("Location: " . $config_basedir); } if($_POST['submit']) { $sql = "SELECT * FROM users WHERE username = '" . pf_fix_slashes($_POST['username']) . "' AND password = '" . md5(pf_fix_slashes($_POST['password'])) . "'"; $result = mysql_query($sql); $numrows = mysql_num_rows($result); if($numrows == 1) { $row = mysql_fetch_assoc($result); session_register("SESS_USERNAME"); session_register("SESS_USERID"); session_register("SESS_USERLEVEL"); $_SESSION['SESS_USERNAME'] = $row['username']; $_SESSION['SESS_USERID'] = $row['id']; $_SESSION['SESS_USERLEVEL'] = $row['level']; if(isset($_GET['returnto'])) { $returnto=gzinflate(urldecode($_GET['returnto'])); } else { $returnto='index.php'; header('Location:'. $returnto); exit;} } else { header("Location: " . $config_basedir . "/userlogin.php?error=1"); } } else { require("header.php"); echo "<h1>Login</h1>"; if($_GET['error']) { echo "<p>Incorrect login, please try again!</p>"; } ?> <form action="<?php echo $SCRIPT_NAME ?> "" method="post"> <table> <tr> <td>Username</td> <td><input type="text" name="username"></td> </tr> <tr> <td>Password</td> <td><input type="password" name="password"></td> </tr> <tr> <td></td> <td><input type="submit" name="submit" value="Login!"></td> </tr> </table> </form> <?php } ?> Thats my login script. incSession.php <?php session_start(); if($_SESSION['SESS_USERNAME']==null) { $uri = urlencode(gzdeflate($_SERVER['REQUEST_URI'],9)); header("Location: " . $config_basedir . "userlogin.php?returnto=$uri"); exit; } else { } ?> Thats what is included in all restricted pages. When I'm logged out of the system and click a restricted page, it takes me to the login page, i sign on, and then it sends me back to index.php. I need it to send me to the original page i was trying to access. Any ideas? Tom

Thanks laffin, I did what you said and I'm hoping it will work but unfortunately my lack of PHP experience i killing me again, I'm finding a syntax error in a nested if that looks fine to me, coulf you have a look for me and see if you can see the problem? The error is on the line where I try and retrieve the url that has been passed through. (if(isset($_GET['returnto'])...) <?php require("config.php"); require("db.php"); require("functions.php"); session_start(); if($_SESSION['SESS_USERNAME']) { } if($_POST['submit']) { $sql = "SELECT * FROM users WHERE username = '" . pf_fix_slashes($_POST['username']) . "' AND password = '" . md5(pf_fix_slashes($_POST['password'])) . "'"; $result = mysql_query($sql); $numrows = mysql_num_rows($result); if($numrows == 1) { $row = mysql_fetch_assoc($result); session_register("SESS_USERNAME"); session_register("SESS_USERID"); session_register("SESS_USERLEVEL"); $_SESSION['SESS_USERNAME'] = $row['username']; $_SESSION['SESS_USERID'] = $row['id']; $_SESSION['SESS_USERLEVEL'] = $row['level']; if(isset($_GET['returnto']) { $returnto=gzinflate(urldecode($_GET['returnto'])); } else { $returnto='index.php';<br>header('Location: $returnto'); exit;} } else { header("Location: " . $config_basedir . "/userlogin.php?error=1"); } } else { require("header.php"); echo "<h1>Login</h1>"; if($_GET['error']) { echo "<p>Incorrect login, please try again!</p>"; } ?> <form action="<?php echo $SCRIPT_NAME ?> "" method="post"> <table> <tr> <td>Username</td> <td><input type="text" name="username"></td> </tr> <tr> <td>Password</td> <td><input type="password" name="password"></td> </tr> <tr> <td></td> <td><input type="submit" name="submit" value="Login!"></td> </tr> </table> </form> <?php } ?> Regards, Tom

Oh yes it does, im very sorry! I must have messed it up somehow when i was editing. Ok I've got your code working, but how to I go about checking if the user is logged in on each restricted page? I saw your if ($_SESSION['SESS_USERLEVEL'] == 10) { } But I don't really want to do membership levels, just need it to redirect to the login page if the session isnt active. Regards, Tom

Thanks Micro, I'm trying to implement your code but I'm struggling to get it to work, mainly syntax issues but I'm pretty new to PHP and they are frustrating me. <?php require("../includes/config.php"); require("../includes/db.php"); require("../includes/functions.php"); session_start(); if($_SESSION['SESS_USERNAME']) { header("Location: " . $config_basedir . "index.php"); } if($_POST['submit']) { $sql = "SELECT * FROM users WHERE username = '" . pf_fix_slashes($_POST['username']) . "' AND password = '" . md5(pf_fix_slashes($_POST['password'])) . "'"; $result = mysql_query($sql); $numrows = mysql_num_rows($result); if($numrows == 1) { $row = mysql_fetch_assoc($result); session_register("SESS_USERNAME"); session_register("SESS_USERID"); $_SESSION['SESS_USERNAME'] = $row['username']; $_SESSION['SESS_USERID'] = $row['id']; header("Location: " . $config_basedir); } else { header("Location: " . $config_basedir . "/login.php?error=1"); } } else { echo "<h1>Login</h1>"; echo "<form action=\"login.php\" method=\"post\">"; echo "<table>"; echo "<tr>"; echo "<td>Username</td>"; echo "<td><input type=\"text\" name=\"username\"></td>"; echo "</tr>"; echo "<tr>"; echo "<td>Password</td>"; echo "<td><input type=\"password\" name=\"password\"></td>"; echo "</tr>"; echo "<tr>"; echo "<td></td>"; echo "<td><input type=\"submit\" name=\"submit\" value=\"Login!\"></td>"; echo "</tr>"; echo "</table>"; echo "</form>"; } if($_GET['error']) { echo "<p>Incorrect login, please try again!</p>"; } ?> I echoed the login form as the version you posted was outside the PHP, but was meant to be within the IF statement. If that is wrong then please let me know. The problem I'm having now is that one of the dynamic URL's isn't working and keeps throwing a 404 not found when i try and run the script. Really struggling to fix it so any help would be great. Thanks, Tom

Hi, My include which checks whether a user is logged in already contains that. What I have now is this script that is included on every restricted page: <?php //start the session session_start(); //check to make sure the session variable is registered if(session_is_registered('username')){ //the session variable is registered, the user is allowed to see anything that follows header( "Location: ./index.php" ); } else{ //the session variable isn't registered, send them back to the login page header( "Location: ./login.php" ); } ?> I need it to redirect to whatever page the user was trying to access before they were forced to login by this script. Eg, User clicks link to restricted page-->user is forced to log in-->once logged in, user arrives at page they were trying to access. Regards, Tom

Hi all, I have a general login script that uses sessions. It basically uses an include to check if a user is logged in before they view a certain page. However when they try and view a restricted page and are not logged in, they are taken to the login page but once logged in it does not redirect them to the page they were trying to view. How would I go about doing this? Regards, Tom

Hi all, Just getting my head around sessions and came across a stumbling block. I have the following code which compares a login form to a database value and starts a new session. It also stores a cookie containing the session id. I got this code from a tutorial and understand how it works. <?php // Check if the information has been filled in if($psEmail == '' || $psPassword == '') { // No login information header('Location: login.php?refer='.urlencode($psRefer)); } else { // Authenticate user $hDB = mysql_connect('localhost', '', ''); mysql_select_db('fyp', $hDB); $sQuery = " Select iUser, MD5(UNIX_TIMESTAMP() + iUser + RAND(UNIX_TIMESTAMP())) sGUID From tblUsers Where sEmail = '$psEmail' And sPassword = password('$psPassword')"; $hResult = mysql_query($sQuery, $hDB); if(mysql_num_rows($hResult)) { $aResult = mysql_fetch_row($hResult); // Update the user record $sQuery = " Update tblUsers Set sGUID = '$aResult[1]' Where iUser = $aResult[0]"; mysql_query($sQuery, $hDB); // Set the cookie and redirect setcookie("session_id", $aResult[1]); if(!$psRefer) $psRefer = 'index.php'; header('Location: '.$psRefer); } else { // Not authenticated header('Location: login.php?refer='.urlencode($psRefer)); } } ?> I'm not sure how to do the logout part of this though, how do you end the session? presumably I also have to remove the cookie that stores the session ID. Any help would be appreciated, thanks. Tom

Hi, I've got this code which returns all the data in an XML file: <?php $doc = new DOMDocument(); $doc->load( 'filmReviews.xml' ); $films = $doc->getElementsByTagName( "film" ); foreach( $films as $film ) { $titles = $film->getElementsByTagName( "title" ); $title = $titles->item(0)->nodeValue; $dates = $film->getElementsByTagName( "date" ); $date = $dates->item(0)->nodeValue; $notes = $film->getElementsByTagName( "notes" ); $note = $notes->item(0)->nodeValue; echo "$title - $date \n <br /><br />$note\n<br /><br />"; } ?> I need to be able to use a form to search the XML. For example, I would like to be able to search by film title. I'm not entirely sure how to get this to work as I have very limited experience with XML. Any help would be great! Thanks, Tom

Hi, I've been playing around with the HTTP Auth tutorial here on PHP Freaks, and I have'nt been able to log a user out once they have been logged. I would be very grateful if anyone could give me some pointers on how I would do this. This is the code: <?php $realm = 'Restricted admin area'; //user => password $users = array('admin' => 'admin'); if (empty($_SERVER['PHP_AUTH_DIGEST'])) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm="'.$realm. '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"'); die('Text to send if user hits Cancel button'); } // analyze the PHP_AUTH_DIGEST variable if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || !isset($users[$data['username']])) die('Wrong Credentials!'); // generate the valid response $A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]); $A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']); $valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); if ($data['response'] != $valid_response) die('Wrong Credentials!'); // ok, valid username & password echo 'Your are logged in as: ' . $data['username']; // function to parse the http auth header function http_digest_parse($txt) { // protect against missing data $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1); $data = array(); preg_match_all('@(\w+)=([\'"]?)([a-zA-Z0-9=./\_-]+)\2@', $txt, $matches, PREG_SET_ORDER); foreach ($matches as $m) { $data[$m[1]] = $m[3]; unset($needed_parts[$m[1]]); } return $needed_parts ? false : $data; } ?> Regards, Tom

You're a genius thank you very much, that works perfectly! Tom *SOLVED*

Hi, That just returns "query is empty", sorry to sound stupid but could you please tell me exactly how to implement that? Tom

I had already set my tables to full search and my SQL appears to be fine, not throwing back any errors. It wont return search results though, and I know the terms I'm looking for exist within the table. Any ideas? Thanks, Tom