edrew04

how to restrict the users that accessing the main database, i want only this user to be accepted to have higher previllages in user.php: username:admin and password is: admin , if a user: username:guest password:guest, another template for them will be shown like guestuser.php <?php include("includes/header.php"); ?> <?php include("includes/connection.php"); ?> <html> <head><title>Welcome to Mountain View Hospital</title> </head> <body background="mv.jpg"> <?php //if the login form is submitted if (isset($_POST['btn'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] || !$_POST['pass']) { die('You did not fill in a required field. <a href=login.php>Click Here to Login.</a>'); }// checks it against the database if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); }$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die( mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check)) {$_POST['hashed_password'] = stripslashes($_POST['pass']); $info['hashed_password'] = stripslashes($info['hashed_password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the hashed_password is wrong if ($_POST['pass'] != $info['hashed_password']) { die('Incorrect password, please try again. <a href=login.php>Click Here to Login.</a>'); }else {echo "<meta http-equiv='Refresh' content='0; url=user.php'>"; }}}else {// if they are not logged in ?> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="username" type="text" id="username"></td> </tr> <tr> <td>password</td> <td>:</td> <td><input name="pass" type="password" id="pass"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="btn" id="btn" value="Login"></td> </tr> </table> <a href="register.php">Not yet registered?</a> </td> </form> </tr> </table> <?php }?> </form> </body> </html>

if the textbox is for letters only(example:first name), numbers and other special characters are not allowed even if you typed it accidentally, it will not show, but only letters...if the textbox is for numbers only(example:age), letters and other special characters are not allowed even if you typed it accidentally, it will not show, but only numbers. i don't know how to do it in php, maybe javascript can , help guys... <?php include("includes/header.php"); include("includes/connection.php"); include("includes/header2.php"); if (isset($_POST['btn'])) { mysql_query("INSERT INTO patients (firstName,surname,bday,patient_age,sex,patient_address) VALUES ('$_POST[patientname]','$_POST[sur]','$_POST[bday]','$_POST[age]','$_POST[sex]','$_POST[add]')") or die (mysql_error); } ?> <table width="1000" border="1" align="center" cellpadding="1" cellspacing="1" bgcolor="#CCCCCC"> <div id="insidebox1"> <form name="form1" method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <tr><td><p>First Name: <td><input type="text" name="patientname" id="patientname" size="15" maxlength="30" value=""/></p></td></tr> <tr><td><p>Surname: <td><input type="text" name="sur" id="sur" size="15" maxlength="60" value=""/></p></tr> <tr><td><p>Birhdate: <td><input type="text" name="bday" id="bday" size="15" maxlength="100" value="mm/dd/yyyy"/></p></td></tr> <tr><td><p>Age: <td><input type="text" name="age" id="age" size="15" maxlength="100" value=""/></p></td></tr> <tr><td><p>gender: <td><input type="text" name="sex" id="sex" size="15" maxlength="40" value=""/></p></td></tr> <tr><td><p>Address: <td><input type="text" name="add" id="add" size="15" maxlength="100" value=""/></p></td></tr> <tr><td><p><input type="submit" name="btn" id="btn" value="Add Patient"/></p></td></tr> </form> </div> </table> <hr> <table width="1000" border="1" align="center" cellpadding="1" cellspacing="1" bgcolor="#CCCCCC"> <div id="insidebox1"> <form name="form2" method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <tr><td><p>patient_ID: <td><input type="text" name="pat" id="pat" size="15" maxlength="3" value=""/></p></td></tr> <tr><td><p><input type="submit" name="btn2" id="btn2" value="Delete Patient"/></p></td></tr> </form> </div> </table> <hr> <table width="1000" border="1" align="center" cellpadding="1" cellspacing="1" bgcolor="#CCCCCC"> <div id="insidebox1"> <form name="form3" method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <tr><td><p>patient_ID: <td><input type="text" name="pat2" id="pat2" size="15" maxlength="11" value=""/></p></td></tr> <tr><td><p><input type="submit" name="btn3" id="btn3" value="Search Patient"/></p></td></tr> </form> </div> </table> <hr> <table width="1000" border="1" align="center" cellpadding="1" cellspacing="1" bgcolor="#CCCCCC"> <div id="insidebox1"> <form name="form1" method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <tr><td><p>*Patient_ID <td><input type="text" name="p_id" id="p_id" size="15" maxlength="60" value=""/></p></tr> <tr><td><p>First Name: <td><input type="text" name="patientname" id="patientname" size="15" maxlength="30" value=""/></p></td></tr> <tr><td><p>Surname: <td><input type="text" name="sur" id="sur" size="15" maxlength="60" value=""/></p></tr> <tr><td><p>Birhdate: <td><input type="text" name="bday" id="bday" size="15" maxlength="100" value="mm/dd/yyyy"/></p></td></tr> <tr><td><p>Age: <td><input type="text" name="age" id="age" size="15" maxlength="100" value=""/></p></td></tr> <tr><td><p>gender: <td><input type="text" name="sex" id="sex" size="15" maxlength="40" value=""/></p></td></tr> <tr><td><p>Address: <td><input type="text" name="add" id="add" size="90" maxlength="100" value=""/></p></td></tr> <tr><td><p><input type="submit" name="btn4" id="btn4" value="Update Patient"/></p></td></tr> </form> </div> </table> <?php if (isset($_POST['btn'])) { mysql_query("INSERT INTO patients (firstName,surname,bday,patient_age,sex,patient_address) VALUES ('$_POST[patientname]','$_POST[sur]','$_POST[bday]','$_POST[age]','$_POST[sex]','$_POST[add]')") or die (mysql_error); } else if (isset($_POST['btn2'])) { mysql_query("DELETE FROM patients WHERE patient_id ={$_POST['pat']}")or die (mysql_error); } else if (isset($_POST['btn3'])) { $query=mysql_query("SELECT * FROM patients WHERE patient_id=" . $_POST['pat2']) or die (mysql_error()); echo "<table width='1000' border='2' align='center' cellpadding='1' cellspacing='1' bgcolor='#CCCCCC'><tr><td>SEARCH RESULTS</tr></td></table>"; echo "<table width='1000' border='2' align='center' cellpadding='1' cellspacing='1' bgcolor='#CCCCCC'>"; echo "<tr><td>Patient_ID</td><td>First Name</td><td>Surname</td><td>Birthdate</td><td>Age</td><td>Gender</td><td>Address</td></tr>"; while($row=mysql_fetch_array($query)) { $PatientID=$row['patient_id']; $PatientFN=$row['firstName']; $PatientSN=$row['surname']; $bday=$row['bday']; $age=$row['patient_age']; $sex=$row['sex']; $add=$row['patient_address']; echo "<tr><td>".$PatientID."</td><td>".$PatientFN."</td><td>".$PatientSN."</td><td>".$bday."</td><td>".$age."</td><td>".$sex."</td><td>".$add."</td></tr>"; } echo "</table>"; } else if(isset($_POST['btn4'])){//edit echo "<center/><a href='patients.php'>Check the update results </a></p>"; mysql_query("UPDATE patients SET firstName='".$_POST['patientname']."', surname='".$_POST['sur']."', bday='".$_POST['bday']."',patient_age='".$_POST['age']."',sex='".$_POST['sex']."',patient_address='".$_POST['add']."' WHERE patient_id='".$_POST['p_id']."'") or die (mysql_error()); } ?> <center/><a href="patients.php">Check the patient's database </a></p> <center/><a href="choosedb.php">Use another database </a></p>

yeah, i echoed my table, but when it comes to search, i only want the id which is 1 to be shown, but other id's are showing even they were not id number 1. it shows that, my search query is as the same as my echo the whole table

my search query wont work, i know, that my codes are correct.please help <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <div id="insidebox1"> <form name="form3" method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <tr><td><p>physician_ID: <td><input type="text" name="pat5" id="pat5" size="15" maxlength="11" value=""/></p></td></tr> <tr><td><p><input type="submit" name="btn7" id="btn7" value="Search Physician"/></p></td></tr> </form> </div> </table> <?php if (isset($_POST['btn7'])) { echo "<center/><a href='physicians.php'>Check the search results </a></p>"; mysql_query("SELECT * FROM physicians WHERE Physician_ID={$_POST['pat5']}") or die (mysql_error()); } ?>

i see an error when running my code here:Unknown column 'column name(your input on the textbox:pname1)' in 'field list' <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <div id="insidebox1"> <form name="form1" method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <tr><td><p>*Physician_ID<td> <input type="text" name="p_id" id="p_id" size="15" maxlength="60" value=""/></p></tr> <tr><td><p>First Name: <td> <input type="text" name="pname1" id="pname1" size="15" maxlength="30" value=""/></p></td></tr> <tr><td><p>Surname: <td> <input type="text" name="psur1" id="psur1" size="15" maxlength="60" value=""/></p></tr> <tr><td><p>Specialty: <td> <input type="text" name="psp1" id="psp1" size="15" maxlength="100" value=""/></p></td></tr> <tr><td><p><input type="submit" name="btn8" id="btn8" value="Update Physician"/></p></td></tr> </table> <?php if(isset($_POST['btn8'])){//edit echo "<center/><a href='physicians.php'>Check the update results </a></p>"; mysql_query("UPDATE physicians SET firstName={$_POST['pname1']}, surname={$_POST['psur1']}, Specialty={$_POST['psp1']} WHERE Physician_ID={$_POST['p_id']}") or die (mysql_error()); } ?>

i know that i have no errors in the coding knowing also that i have an auto incrementing primary key which was named Patient_ID in my mysql table please help in what is wrong? <html> <head><title>Welcome to Mountain View Hospital</title> <style type="text/css"> input.field{ width:100%; height:30px; font-family:Verdana, Arial, Helvetica, sans-serif; font-size:18px; text-align:right; } .btn{ width:40px; height:40px; } .btn0{ width:100%; height:40px; } </style> </head> <body font face="tahoma" background="mv.jpg"> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <div id="insidebox1"> <form name="form1" method="POST" action="patient.php"> <tr><td><p>Patient's name: <input type="text" name="patientname" id="patientname" size="15" maxlength="30" value=""/></p></td></tr> <tr><td><p>Address: <input type="text" name="add" id="add" size="15" maxlength="60" value=""/></p></tr> <tr><td><p>Birhdate: <input type="text" name="bday" id="bday" size="15" maxlength="10" value="mm/dd/yyyy"/></p></td></tr> <tr><td><p>Age: <input type="text" name="age" id="age" size="15" maxlength="3" value=""/></p></td></tr> <tr><td><p>gender: <input type="text" name="sex" id="sex" size="15" maxlength="40" value=""/></p></td></tr> <tr><td><p><input type="submit" name="btn" id="btn" value="Add Patient"/></p></td></tr> </form> </div> </table> <?php include("dbconnect.php"); if (isset($_POST['btn'])) { mysql_query("INSERT INTO patient (Patient_Name,Address,Birthdate,Age,Gender) VALUES ('.$_POST[patientname].','.$_POST[add].','.$_POST[bday].','.$_POST[age].','.$_POST[sex].')") or die (mysql_error); echo "eow"; } ?> </body> </html>

by the way, the codes that i posted here is the code from our professor, ms. Cabrera

This code i got from my teacher in php, she has the ownership of this code that i posted

You sir, have no idea what you're talking about... And frankly I'm not sure if I can say what you actually want. Do you need to create a guestbook using MS Access as a database? Yes, I need to create a guestbook using MS Access as a database...

i need this kind of Email server format: previous sent email message:(it has a default message saying:"no messages at the moment" if you didn't sent an email(below)) name(textbox) email address(textbox) message(textarea) save(button) i need some codes and foundations to start my own email server. thanks for the help.

to finnish.. how to make a basic paging of text files(no mysql used) in php? for instance: i have this code here and a page will only display 5 text files only per page and there will be a "next>>" button where in , you can go to the other remaining text files and also there is the link "<<previous" where in, you can go back to the first five page you had started please help. i put comment on the counting of news in "news.class.php" :here is "news.class.php" <?php class news{ var $newsDir = 'news'; var $newsList; var $newsCount = -1; function getNewsList(){ $this->newsList=array(); //Open the actual directory if($handle=@opendir($this->newsDir)){ //Read all file form the actual directory while ($file=readdir($handle)){ if(!is_dir($file)){ $this->newsList[]=$file; } } } rsort($this->newsList); return $this->newsList; } /*Well, I will not use the function getNewsCount(){} anymore because i had a better idea of counting the number of news*/ /*function getNewsCount(){}<-trapped in a comment hahahahahaha ^.^*/ function displayNews(){ $list = $this->getNewsList(); echo "<table class='newsList'>"; foreach($list as $value){ $newsData=file($this->newsDir.DIRECTORY_SEPARATOR.$value); $newsTitle=$newsData[0]; $submitDate=$newsData[1]; unset($newsData['0']); unset($newsData['1']); $newsContent=""; $i= 0; foreach($newsData as $value){ $newsContent.=$value; } $numOfNews=(count($list)); if($numOfNews>5){ $numOfNextNewsPage=$numOfNews-5; //$list=$numOfNextNewsPage; //$NextNewsPage=$list-$numOfNextNewsPage; echo "<tr><th align='left'>$newsTitle</th>"; echo "<tr><td colspan='2'>".$newsContent."<br></td></tr>"; echo "<th class='right'>$submitDate</th></tr>"; } else { echo "<tr><th align='left'>$newsTitle</th>"; echo "<tr><td colspan='2'>".$newsContent."<br></td></tr>"; echo "<th class='right'>$submitDate</th></tr>"; } } if($numOfNews>0 && $numOfNews<=5){ $stringMsgNews="<b>The total number of news for today is:</b> ".$numOfNews." <b>News.</b><br>"; echo $stringMsgNews; echo"</table> "; } else if($numOfNews>5){ $stringMsgNews="<b>The total number of news for today is:</b> ".$numOfNews." <b>News.</b><br>"; echo $stringMsgNews; echo "The page exeeded to 5 news. click next>> to see more news"; echo"</table> "; echo "<a href='http://localhost/xampp/cardano/cardano3/Project_News/index.php'><center><p><b>next>></b></p></center>"; } else{ echo ""; echo"</table> "; } //echo"</table> "; if(sizeOf($list) ==0){ echo "<hr color='dodgerblue' size='10%'>"; echo "<center><p><b> No News At The Moment.</b></p><p>&nbsp</p></center> "; echo "<hr color='dodgerblue' size='10%'>"; } } function displayAddForm(){ ?> <script language="javascript" type="text/javascript" src="js/tiny_mce.js"></script> <script language="javascript" type="text/javascript"> tinyMCE.init ({ mode : "textareas", theme : "advanced", theme_advanced_buttons3 : "", theme_advanced_toolbar_align : "center", theme_advanced_toolbar_location: "top", }); </script> <form class="iform" action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> News title:<br/> <input type="text" name="title" size="40"/><br/><br/> Content:<br/> <textarea name="newstext" rows="15" cols="67"></textarea><br> <center><input type="submit" name="submit" value="save"> </form> <?php } function insertNews(){ $newsTitle = isset($_POST['title']) ? $_POST['title']:'Untitled'; $submitDate = date('Y-m-d g:i:s A'); $newsContent = isset($_POST['newstext']) ? $_POST['newstext']:'No Content'; $filename = date('YmdHis'); if(!file_exists($this->newsDir)){ mkdir($this->newsDir); } $f = fopen($this->newsDir.DIRECTORY_SEPARATOR.$filename.".txt","w+"); fwrite($f,$newsTitle."\n"); fwrite($f,$submitDate."\n"); fwrite($f,$newsContent."\n"); fclose($f); header('Location:index.php'); } } ?> here is my "index.php" <?php #Front End ?> <?php require_once ("news.class.php"); $newsHandler = new news(); ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>News</title> <link href="style/style.css" rel="stylesheet" type="text/css"> </head> <body> <div id="container"> <div id="header"><div id="header_left"></div> <div id="header_main">News</div><div id="header_right"></div></div> <div id="content"> <?php $newsHandler->displayNews(); ?> </div> </div> </body> </html> and this is my "admin.php" <?php //News administration panel. ?> <?php require_once("news.class.php"); $newsHandler = new news(); if (!isset($_POST['submit'])) { ?> <html> <head> <meta http-equiv = "Content-Type" content = "text/html; charset = utf-8" /> <title>News - Admin panel</title> <link href = "style/style.css" rel = "stylesheet" type = "text/css" /> </head> <body> <div id = "container"> <div id = "header"><div id = "header_left"></div> <div id = "header_main">News - Admin panel</div><div id = "header_right"></div></div> <div id = "content"> <?php $newsHandler -> displayAddForm(); ?> </div> </div> </body> </html> <?php } else { $newsHandler->insertNews(); } ?> help me here