Jump to content

Restrcting and UPDATE page

PHPilliterate

By PHPilliterate
in PHP Coding Help

Recommended Posts

PHPilliterate Member

PHPilliterate

Posted
Posted

Howdy!

I have a page that shows the schedule for a baseball league. All the info is drawn from my DB. For each line of the schedule, I have a link to update that item so users can enter their score after each game.

What I want to do is password protect the UPDATE page so that only someone from the visitor or home team can enter the score.

How can this be done? ???

 

I am not very php skilled. ANy and all help is greatly appreciated.

Link to comment
https://forums.phpfreaks.com/topic/102960-restrcting-and-update-page/
Share on other sites
PHPilliterate Member

PHPilliterate

Posted
  • Author
Posted

create a username and password for each user who can edit it , and make a login form on the page, then check the data they enter against the database then set them a session and check for that session on the protected pafge

 

I already have the login page set-up and the DB of names/passwords. My problem (so far) is that my login page does not direct a succesfull login properly. Say the item they are updating is line 25 from my DB, they should have an URL that is something like schedule/alfl/ALFL_Score.php?ID=25....but after a successfull login they are directed to schedule/alfl/ALFL_Score.php which shows no information.

PHPilliterate Member

PHPilliterate

Posted
  • Author
Posted

ok...now i'm confused...

:'(

 

I created a login page, then set the restriction on the UPDATE page. So once a user clicks on my ENTER SCORE link, it gives them an URL like schedule/alfl/ALFL_Score.php?ID=25 (or whichever ID=XX for that line item)...and redirects to the LOGIN page... But once they login, the URL is schedule/alfl/ALFL_Score.php...so it does not show any info from ID=25. How do I have a successful login go to the proper page?

 

Sorry if I'm not making much sense. I'm very new to php.

 

I should also mention that I am using DW8 and it's "easy to use" features.

PHPilliterate Member

PHPilliterate

Posted
  • Author
Posted

Would it be easier if I posted my code for my pages? Then you can see what I have and be able to better direct me as to how I can make it work...

 

From my login page...

<?php
mysql_select_db($database_alflregister, $alflregister);
$query_Login = "SELECT username, userpass FROM login";
$Login = mysql_query($query_Login, $alflregister) or die(mysql_error());
$row_Login = mysql_fetch_assoc($Login);
$totalRows_Login = mysql_num_rows($Login);
?><?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['select'])) {
  $loginUsername=$_POST['select'];
  $password=$_POST['textfield'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "ALFL_Score.php";
  $MM_redirectLoginFailed = "../../About us.html";
  $MM_redirecttoReferrer = true;
  mysql_select_db($database_alflregister, $alflregister);
  
  $LoginRS__query=sprintf("SELECT username, userpass FROM login WHERE username='%s' AND userpass='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
   
  $LoginRS = mysql_query($LoginRS__query, $alflregister) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;	      

    if (isset($_SESSION['PrevUrl']) && true) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

 

From the page that they enter their score...

 

<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "ALFL_Schedule.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.