Jump to content

djlfreak

Members
 View Profile  See their activity

  • Posts

    29

  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

djlfreak's Achievements

Member

Member (2/5)

0

Reputation

  1. djlfreak
    I store cart contents in session id like this // current session id $sid = session_id(); // check if the product is already // in cart table for this session $sql = "SELECT pd_id FROM tbl_cart WHERE pd_id = $productId AND ct_session_id = '$sid'"; $result = dbQuery($sql); At the moment it deletes cart entries older than one day but I want them to delete immediately once user leaves site, not logs out as you can shop without logging in. How would I achieve this? /* Delete all cart entries older than one day */ function deleteAbandonedCart() { $yesterday = date('Y-m-d H:i:s', mktime(0,0,0, date('m'), date('d') - 1, date('Y'))); $sql = "DELETE FROM tbl_cart WHERE ct_date < '$yesterday'"; dbQuery($sql); } The reason I'm asking is when I was testing it logging in as different users the cart from old user was still there.
  2. djlfreak
    How do I word this function so the cart contents are emptied when user clicks log out button? I'm thinking it would be something like WHERE user_id= $_SESSION['']; function deleteAbandonedCart() { $sql = "DELETE FROM tbl_cart WHERE ?????? '"; dbQuery($sql); } ?> //LOGOUT FUNCTION case 'Logout': session_start(); session_unset(); session_destroy(); redirect('index.php'); break; Thanks in advance for any help Last post I promise, just trying to finish off website and had a few issues can't fix.
  3. djlfreak
    Hi all, I'm working on a sign up form which I'm trying to validate and I took out the regular expressions to try and test it with just a blank field check and I'm getting the error Unexpected T_CASE on line 182. I can't see where I've gone wrong and I desperately need this to work so if anyone can help I'd be so grateful. case 'Create Account': $name = (isset($_POST['name'])) ? trim($_POST['name']) : ''; ETC... $password_1 = (isset($_POST['password_1'])) ? trim($_POST['password_1']) : ''; $password_2 = (isset($_POST['password_2'])) ? trim($_POST['password_2']) : ''; $password = ($password_1 == $password_2) ? $password_1 : ''; if (isset($_POST['submit']) && $_POST['submit'] == 'Create Account') { $errors = array(); // make sure manditory fields have been entered if (empty($name)) { $errors[] = 'Name cannot be blank.'; } etc... if (empty($username)) { $errors[] = 'Username cannot be blank.'; } // check if username already is registered $sql = 'SELECT username FROM site_users WHERE username = "' . $username . '"'; $result = mysql_query($sql, $db) or die(mysql_error()); if (mysql_num_rows($result) > 0) { $errors[] = 'Username ' . $username . ' is already registered.'; $username = ''; } mysql_free_result($result); if (empty($age)) { $errors[] = 'Age cannot be blank.'; } ETC.... if (empty($password_2)) { $errors[] = 'Password cannot be blank.'; } if (count($errors) > 0) { echo '<p><strong style="color:#FF000;">Unable to process your ' . 'registration.</strong></p>'; echo '<p>Please fix the following:</p>'; echo '<ul>'; foreach ($errors as $error) { echo '<li>' . $error . '</li>'; } echo '</ul>'; } else { // No errors so enter the information into the database. $sql = 'INSERT INTO site_users (email, password, name, username, age, phone, address, county) VALUES ("' . mysql_real_escape_string($email, $db) . '", PASSWORD("' . mysql_real_escape_string($password, $db) . '"), ETC... "' . mysql_real_escape_string($county, $db) . '")'; $result = mysql_query($sql, $db) or die(mysql_error($db)); session_start(); $_SESSION['user_id'] = mysql_insert_id($db); $_SESSION['access_level'] = 1; $_SESSION['name'] = $name; $_SESSION['username'] = $username; redirect('cms_index.php'); break; The error is coming from the last line of the code above. The Form <form method="post" action="cms_transact_user.php"> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr><td><label for="name">Full Name: </label></td> <td><input type="text" id="name" name="name" maxlength="100" style="width: 200px;" value="<?php echo htmlspecialchars($name); ?>"/></td> </tr> etc... <tr> <td><input type="submit" name="action" value="Create Account"/> </td></tr> </table> </form>
  4. djlfreak
    Thank you for the tip mjdamato, I will try that.
  5. djlfreak
    Hi There, I attempted some form validation but I seem to have made a complete balls of it. Can anyone see where I went wrong. Before I introduced the validation and regular expressions it was working fine but because I'm not really sure of this topic I made syntax errors everywhere. I would appreciate any help with this as I really want to learn. case 'Create Account': $error=array(); $name = (isset($_POST['name'])) trim(? $_POST['name']) : ''; if(empty($name)){ $error[]=urlencode('Please enter your fullname.'); } $email = (isset($_POST['email'])) trim(? $_POST['email']) : ''; if(empty($email)){ $error[]=urlencode('Please enter your email.'); if (strpos($email, ".") > 0) && (strpos($email, "@") > 0)) || preg_match("/[^a-zA-Z0-9.@_-]/", $email)) $error[] = urlencode('The Email address is invalid.'); } $username = (isset($_POST['username'])) trim(? $_POST['username']) : ''; if(empty($username)){ $error[]=urlencode('Please enter a username.'); if (strlen($username)) < 5){ $error[] = urlencode('Usernames must be at least 5 characters long.'); } // check if username already is registered $sql = 'SELECT username FROM site_users WHERE username = "' . $username . '"'; $result = mysql_query($sql, $db) or die(mysql_error()); if (mysql_num_rows($result) > 0) { $errors[] = 'Username ' . $username . ' is already registered.'; $username = ''; } $age = (isset($_POST['age'])) trim(? $_POST['age']) : ''; if(empty($age)){ $error[]=urlencode('Please enter your age.'); if (!is_numeric($age)) { $error[] = urlencode('Please enter a numeric value for age.'); } else if ($age < 18 || $age > 110) { $error[] = urlencode('Please enter age between 18 and 110.'); } $phone = (isset($_POST['phone'])) trim(? $_POST['phone']) : ''; if(empty($phone)){ $error[]=urlencode('Please enter your phone number.'); if (!is_numeric($phone)) { $error[] = urlencode('Please enter a numeric value for phone number.'); } $address = (isset($_POST['address'])) trim(? $_POST['address']) : ''; if(empty($address)){ $error[]=urlencode('Please enter your address.'); } $county = (isset($_POST['county'])) trim(? $_POST['county']) : ''; if(empty($county)){ $error[]=urlencode('Please enter your county.'); if (strlen($username)) < 4){ $error[] = urlencode('County names must be at least 4 characters long.'); } $password_1 = (isset($_POST['password_1'])) trim(? $_POST['password_1']) : ''; if(empty($password_1)){ $error[]=urlencode('Please enter password 1.'); if (strlen($password_1)) < 6){ $error[] = urlencode('Passwords must be at least 6 characters long.'); } $password_2 = (isset($_POST['password_2'])) trim(? $_POST['password_2']) : ''; if(empty($password_2)){ $error[]=urlencode('Please enter password 2.'); if (strlen($password_2)) < 6){ $error[] = urlencode('Passwords must be at least 6 characters long.'); } $password = ($password_1 == $password_2) ? $password_1 : ''; if (empty($error)) { $sql = 'INSERT INTO site_users (email, password, name, username, age, phone, address, county) VALUES ("' . mysql_real_escape_string($email, $db) . '", PASSWORD("' . mysql_real_escape_string($password, $db) . '"), "' . mysql_real_escape_string($name, $db) . '", "' . mysql_real_escape_string($username, $db) . '", "' . mysql_real_escape_string($age, $db) . '", "' . mysql_real_escape_string($phone, $db) . '", "' . mysql_real_escape_string($address, $db) . '", "' . mysql_real_escape_string($county, $db) . '")'; mysql_query($sql, $db) or die(mysql_error($db)); session_start(); $_SESSION['user_id'] = mysql_insert_id($db); $_SESSION['access_level'] = 1; $_SESSION['name'] = $name; $_SESSION['username'] = $username; }else{ header('Location:register.php?action=create account' . '&error=' . join($error, urlencode('<br/>'))); } redirect('cms_index.php'); break; Sign Up Form <form method="post" action="cms_transact_user.php"> <td> <table> <tr> <td><label for="name">Full Name: </label></td> <td><input type="text" id="name" name="name" maxlength="100" style="width: 200px;" value="<?php echo htmlspecialchars($name); ?>"/></td> </tr> <tr> ETC...ETC... <td> <input type="submit" name="action" value="Create Account"/> </td> </tr> </table> </form> There shouln't be too much wrong with it, I could just do with some guidance. Thanks in advance
  6. djlfreak
    I'm working on a site in production environment and the following code returns Error 403 - Access Forbidden. I'm using the correct localhost, user and password. What could be causing this? Is it a problem with the database or the php code? <?php //This is only displayed if they have submitted the form if ($searching =="yes") { echo "<h2>Results</h2><p>"; //If they did not enter a search term we give them an error if ($find == "") { echo "<p>You forgot to enter a search term"; exit; } // Otherwise we connect to our Database mysql_connect('localhost', 'root', '') or die(mysql_error()); mysql_select_db('dvdff2') or die(mysql_error()); // We preform a bit of filtering $find = strtoupper($find); $find = strip_tags($find); $find = trim ($find); //Now we search for our search term, in the field the user specified $data = mysql_query("SELECT * FROM tbl_product WHERE upper($field) LIKE'%$find%'"); //And we display the results while($result = mysql_fetch_array( $data )) { echo $result['pd_name']; echo " "; echo $result['pd_dir']; echo "<br>"; echo $result['pd_cast']; echo "<br>"; echo "<br>"; } //This counts the number or results - and if there wasn't any it gives them a little //message explaining that $anymatches=mysql_num_rows($data); if ($anymatches == 0) { echo "Sorry, but we can not find an entry to match your query<br><br>"; } //And we remind them what they searched for echo "<b>Searched For:</b> " .$find; } ?> <h2>Search</h2> <form name="search" method="post" action="<?=$PHP_SELF?>"> Seach for: <input type="text" name="find" /> in <Select NAME="field"> <Option VALUE="pd_name">Title</option> <Option VALUE="pd_dir">Director</option> <Option VALUE="pd_cast">Actors</option> </Select> <input type="hidden" name="searching" value="yes" /> <input type="submit" name="search" value="Search" /> </form>
  7. djlfreak
    The table in the database looks like this. site_users user_id (fine) email (taking in the password) password (taking in the username) name (taking in email) username (username is taking in name) age (fine) phone (fine) address (county) county (address) access_level (fine)
  8. djlfreak
    Ok this is weird. It's uploading the formdata into the database but its putting the data in all the wrong fields. I thought you didn't have to match form field names with database column names. I looked through the files and there is no pattern that I can see it's weird. Have you come across this before. What causes this to happen.
  9. djlfreak
    The registration form is set up so once you sign up your automatically logged in. I attached the two related files. But I'll give you the code anyway. These are just excerpts. You can see all the code in attachments. CMS TRANSACT USER.PHP case 'Create Account': $name = (isset($_POST['name'])) ? $_POST['name'] : ''; $email = (isset($_POST['email'])) ? $_POST['email'] : ''; $username = (isset($_POST['username'])) ? $_POST['username'] : ''; $age = (isset($_POST['age'])) ? $_POST['age'] : ''; $phone = (isset($_POST['phone'])) ? $_POST['phone'] : ''; $address = (isset($_POST['address'])) ? $_POST['address'] : ''; $county = (isset($_POST['county'])) ? $_POST['county'] : ''; $password_1 = (isset($_POST['password_1'])) ? $_POST['password_1'] : ''; $password_2 = (isset($_POST['password_2'])) ? $_POST['password_2'] : ''; $password = ($password_1 == $password_2) ? $password_1 : ''; if (!empty($name) && !empty($email) && !empty($username) && !empty($password) && !empty($age) && !empty($phone)&& !empty($address) && !empty($county)) { $sql = 'INSERT INTO site_users (name, email, username, password, age, phone, address, county) VALUES ("' . mysql_real_escape_string($email, $db) . '", PASSWORD("' . mysql_real_escape_string($password, $db) . '"), "' . mysql_real_escape_string($name, $db) . '", "' . mysql_real_escape_string($username, $db) . '", "' . mysql_real_escape_string($age, $db) . '", "' . mysql_real_escape_string($phone, $db) . '", "' . mysql_real_escape_string($county, $db) . '", "' . mysql_real_escape_string($address, $db) . '")'; mysql_query($sql, $db) or die(mysql_error($db)); session_start(); $_SESSION['user_id'] = mysql_insert_id($db); $_SESSION['access_level'] = 1; $_SESSION['name'] = $name; $_SESSION['username'] = $username; } redirect('cms_index.php'); break; CMS USER ACCOUNT.PHP <?php $db = mysql_connect('localhost', 'root', '') or die ('Unable to connect. Check your connection parameters.'); mysql_select_db('dvdff2', $db) or die(mysql_error($db)); $user_id = (isset($_GET['user_id']) && ctype_digit($_GET['user_id'])) ? $_GET['user_id'] : ''; if (empty($user_id)) { $name = ''; $email = ''; $username = ''; $access_level = ''; } else { $sql = 'SELECT name, email, access_level, username FROM site_users WHERE user_id =' . $user_id; $result = mysql_query($sql, $db) or die(mysql_error($db)); $row = mysql_fetch_array($result); extract($row); mysql_free_result($result); } include 'cms_header.inc.php'; if (empty($user_id)) { echo '<h2 class="blue">Create Account</h2>'; } else { echo '<h2 class="blue">Modify Account</h2>'; } ?> <table width="400" style="border:1px #0094ff dashed; align="center" cellpadding="30" cellspacing="1" bgcolor="#ffffff"> <tr> <form method="post" action="cms_transact_user.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong></strong></td> </tr> <tr> <td> </td> </tr> <tr> <td><label for="name">Full Name: </label></td> <td><input type="text" id="name" name="name" maxlength="100" style="width: 200px;" value="<?php echo htmlspecialchars($name); ?>"/></td> </tr> <tr> <td><label for="name">User Name: </label></td> <td><input type="text" id="username" name="username" maxlength="100" style="width: 200px;" value="<?php echo htmlspecialchars($username); ?>"/></td> </tr><tr> <td><label for="email">Email Address:</label></td> <td><input type="text" id="email" name="email" maxlength="100" style="width: 200px;" value="<?php echo htmlspecialchars($email); ?>"/></td> </tr> <?php if (isset($_SESSION['access_level']) && $_SESSION['access_level'] == 3) { echo '<tr><td>Access Level</td><td>'; $sql = 'SELECT access_level, access_name FROM site_access_levels ORDER BY access_level DESC'; $result = mysql_query($sql, $db) or die(mysql_error($db)); while ($row = mysql_fetch_array($result)) { echo '<input type="radio" id="acl_' . $row['access_level'] . '" name="access_level" value="' . $row['access_level'] . '"'; if ($row['access_level'] == $access_level) { echo ' checked="checked"'; } echo '/> <label for="acl_' . $row['access_level'] . '">' . $row['access_name'] . '</label><br/>'; } mysql_free_result($result); echo '</td></tr>'; } if (empty($user_id)) { ?> <tr> <td><label for="password_1">Password:</label></td> <td><input type="password" id="password_1" name="password_1" maxlength="50" style="width: 200px;"/> </td> </tr><tr> <td><label for="password_2">Password (again):</label></td> <td><input type="password" id="password_2" name="password_2" maxlength="50" style="width: 200px;"/> </td> </tr> <tr> <td><label for="age">Age:</label></td> <td><input type="text" id="age" name="age" maxlength="10" style="width: 200px;"/> </td> </tr> <tr> <td><label for="phone">Phone:</label></td> <td><input type="text" id="phone" name="phone" maxlength="20" style="width: 200px;"/> </td> </tr> <tr> <td><label for="address">Address:</label></td> <td><input type="text" id="address" name="address" maxlength="50" style="width: 200px;"/> </td> </tr> <tr> <td><label for="county">County:</label></td> <td><input type="text" id="county" name="county" maxlength="50" style="width: 200px;"/> </td> </tr> <tr> <td> </td> <td> </td> <td> <input type="submit" name="action" value="Create Account"/> </td> </tr> <?php } else { ?> <tr> <td> </td> <td> </td> <td> <input type="hidden" name="user_id" value="<?php echo $user_id; ?>"/> <input type="submit" name="action" value="Modify Account"/> </td> </tr> <?php } ?> </table> </td> </form>
  10. djlfreak
    Hi all, Sorry I'm asking so many questions, but I'm under REAL pressure, this one will be the last and I'd say it's something simple. I just can't see it. You know when your stressed and tired, you miss the obvious. It's a registration form. It's logging me in but not taking the info into the database. Files- cms transact user: 76-109 cms user account : has the registration form Thanks again. [attachment deleted by admin]
  11. djlfreak
    I have 3 fields in tbl_product that I want to search : pd_dir, pd_cast, pd_name. It's a movie product table and I want users to be able to search the movies by name, director and cast. Not sure of code to display them as it involves getting an image from database. This is what I've tried but of course it's not working. Am I even close? Search Products Table $search = (isset($_GET['search'])) ? $_GET['search'] : ''; $sql = 'SELECT pd_id FROM tbl_product WHERE MATCH (pd_name, pd_dir, pd_cast) AGAINST ("' . mysql_real_escape_string($search, $db) . '" IN BOOLEAN MODE) ORDER BY MATCH (pd_name, pd_dir,pd_cast) AGAINST ("' . mysql_real_escape_string($search, $db) . '" IN BOOLEAN MODE) DESC'; $result = mysql_query($sql, $db) or die(mysql_error($db)); if (mysql_num_rows($result) == 0) { echo '<p><strong>No movies found that match the search terms.</strong></p>'; } else { while ($row = mysql_fetch_array($result)) { output_movie($db, $row['pd_id']); } } mysql_free_result($result);?> Search Box <form method="get" action="movie_search.php"> <div style="padding-left: 25px;"> <label for="search"><b>Search Movies</b></label> <br> <?php echo '<input type="text" id="search" name="search" '; if (isset($_GET['keywords'])) { echo ' value="' . htmlspecialchars($_GET['keywords']) . '" ';} echo '/>'; ?> <input type="submit" value="Search" /> </div> </form> Display a movie from the database. function output_movie($db, $pd_id) { if (empty($pd_id)) { return; } $sql = 'SELECT pd_name, pd_dir, pd_cast, pd_thumbnail FROM tbl_product WHERE pd_id = ' . $pd_id; $result = mysql_query($sql, $db) or die(mysql_error($db)); if ($row = mysql_fetch_assoc($result)) { extract($row); echo '<h2>' . htmlspecialchars($pd_name) . '</h2>'; echo '<p>Dir: ' . htmlspecialchars($pd_dir) . '</p>'; echo '<p>Cast: ' . htmlspecialchars($pd_cast) . '</p>'; echo '$pd_thumbnail = WEB_ROOT . 'images/product/' . $pd_thumbnail; } else { echo 'No Movies match your search.'; } } mysql_free_result($result); }
  12. djlfreak
    I want to hide the shopping cart if the user is not logged in? How do I change this? <div class="col2"><!-- Column 2 start --> <div id="leftnav"> <?php require_once 'include/leftNav.php'; ?> </div> <div id="minicart"> <?php require_once 'include/miniCart.php'; ?> </div> </div> </div> I tried this but it didn't work. <?php if (isset($_SESSION['name'])) { echo '<div id="minicart">'; } else { echo ' '; } ?> <?php if (isset($_SESSION['name'])) { require_once 'include/miniCart.php'; ?> } else { require_once ' '; } ?> </div> </div>
  13. djlfreak
    No joy Karl! Thanks for trying to help, but I think I'm screwed. I'm going to try and get rid of the second users table but since I have about a million php files connected to tbl_user, it's going to be hard. I think PHP is not for me, I love web design but I find PHP incomprehensible. To be honest in the real world I would use apps built by experts like yourself, or open source. Looks like I'm going to fail, which is a bitch cause I tried so hard.
  14. djlfreak
    Hi Karl, Where exactly do I put that in? Is it here? case 'LOGIN': $email = (isset($_POST['user_email'])) ? $_POST['user_email'] : ''; $password = (isset($_POST['user_password'])) ? $_POST['user_password'] : ''; if (!empty($_SESSION['user_first_name'])) { $sql = 'SELECT user_id, user_access_level, user_name FROM cms_users WHERE user_email = "' . mysql_real_escape_string($email, $db) . '" AND user_password = PASSWORD("' . mysql_real_escape_string($password, $db) . '")'; $result = mysql_query($sql, $db) or die(mysql_error($db)); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_array($result); extract($row); session_start(); $_SESSION['user_id'] = $user_id; $_SESSION['user_access_level'] = $access_level; $_SESSION['user_name'] = $name; } mysql_free_result($result); redirect('index.php'); break; I tried it and I got Parse error: syntax error, unexpected T_CASE in C:\xampp\htdocs\OLDFILMforwardPHP\cms_transact_user.php on line 61
  15. djlfreak
    Hi all,it's me again, Could anyone help to figure out how to go about this. I'm burning the midnight oil on my project due tomorrow and my brain seems to have shut down. So I have 3 fields in tbl_product that I want to search : pd_dir, pd_cast, pd_name. It's a movie product table and I want users to be able to search the movies by name, director and cast. Not sure of code to display them as it involves getting an image from database. This is what I've tried but of course it's not working. Thanks in advance [b]Search Products Table[/b] $search = (isset($_GET['search'])) ? $_GET['search'] : ''; $sql = 'SELECT pd_id FROM tbl_product WHERE MATCH (pd_name, pd_dir, pd_cast) AGAINST ("' . mysql_real_escape_string($search, $db) . '" IN BOOLEAN MODE) ORDER BY MATCH (pd_name, pd_dir,pd_cast) AGAINST ("' . mysql_real_escape_string($search, $db) . '" IN BOOLEAN MODE) DESC'; $result = mysql_query($sql, $db) or die(mysql_error($db)); if (mysql_num_rows($result) == 0) { echo '<p><strong>No movies found that match the search terms.</strong></p>'; } else { while ($row = mysql_fetch_array($result)) { output_movie($db, $row['pd_id']); } } mysql_free_result($result); ?> [b]Search Box[/b] <form method="get" action="movie_search.php"> <div style="padding-left: 25px;"> <label for="search"><b>Search Movies</b></label> <br> <?php echo '<input type="text" id="search" name="search" '; if (isset($_GET['keywords'])) { echo ' value="' . htmlspecialchars($_GET['keywords']) . '" '; } echo '/>'; ?> <input type="submit" value="Search" /> </div> </form> [b] Display a movie from the database. [/b] function output_movie($db, $pd_id) { if (empty($pd_id)) { return; } $sql = 'SELECT pd_name, pd_dir, pd_cast, pd_thumbnail FROM tbl_product WHERE pd_id = ' . $pd_id; $result = mysql_query($sql, $db) or die(mysql_error($db)); if ($row = mysql_fetch_assoc($result)) { extract($row); echo '<h2>' . htmlspecialchars($pd_name) . '</h2>'; echo '<p>Dir: ' . htmlspecialchars($pd_dir) . '</p>'; echo '<p>Cast: ' . htmlspecialchars($pd_cast) . '</p>'; echo '$pd_thumbnail = WEB_ROOT . 'images/product/' . $pd_thumbnail; } else { echo 'No Movies match your search.'; } } mysql_free_result($result); }
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.