Jump to content


Photo

A Couple Of Questions


  • Please log in to reply
4 replies to this topic

#1 Eskimo887

Eskimo887
  • Members
  • PipPip
  • Member
  • 13 posts

Posted 28 June 2006 - 07:48 AM

I have a log in script on my web site, using a modified version of the tutorial on this site.

I have copied to same script to multiple pages, as I want the log in text boxes or the message 'you are logged in' to be on every page, I can log in on one page perfectly, however, when I goto the second page, I need to log in again, and when I go back to the first page I need to log in again. I am using normal hyperlinks for both.

My second question, I am using phpMyAdmin to administer my database, in one table I have a time field. The default value seems to be HH:MM:SS, but as I want to use the field in a formula on one of my pages (to work out the time taken between two time fields, I need to be able to only have HH:MM (eg, 13:00 or just 1300).

Also, what is the best way to do calculations with times as it is currently working it out as if it were just a number.

Log in:
[a href=\"http://southerncrossairlines.ausvirtual.com/New%20Site/index.php\" target=\"_blank\"]http://southerncrossairlines.ausvirtual.co...0Site/index.php[/a]
Username - 33
Password - test

code for index.php
<?php

// database connect script.

require 'db_connect.php';

//if($logged_in == 1) {
    //die('You are already logged in, '.$_SESSION['pid'].'.');

//}


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>

<?php

if (isset($_POST['submit'])) { // if form has been submitted


    /* check they filled in what they were supposed to and authenticate */
    if(!$_POST['pid'] | !$_POST['password']) {
        die('You did not fill in a required field.');
    }

    // authenticate.

    if (!get_magic_quotes_gpc()) {
        $_POST['pid'] = addslashes($_POST['pid']);
    }

    $check = $db_object->query("SELECT pid, password FROM roster WHERE pid = '".$_POST['pid']."'");

    if (DB::isError($check) || $check->numRows() == 0) {
        die('That username does not exist in our database.');
    }

    $info = $check->fetchRow();

    // check passwords match

    $_POST['password'] = stripslashes($_POST['password']);
    $info['password'] = stripslashes($info['password']);
    //$_POST['password'] = md5($_POST['password']);

    if ($_POST['password'] != $info['password']) {
        die('Incorrect password, please try again.');
        
    }

    // if we get here username and password are correct, 
    //register session variables and set last login time.

    $date = date("d.m.Y"); 

    $update_login = $db_object->query("UPDATE roster SET last_online='$date' WHERE pid = '".$_POST['pid']."'");

    $_POST['pid'] = stripslashes($_POST['pid']);
    $_SESSION['pid'] = $_POST['pid'];
    $_SESSION['password'] = $_POST['password'];
    $db_object->disconnect();


  // Connect to the database server 
    $dbcnx = @mysql_connect("mysql12.servage.net","sca","harmony");
        if (!$dbcnx) {
            echo( "<P>Unable to connect to the " . "database server at this time.</P>" );
            exit();  }

  // Select the jokes database 
        if (! @mysql_select_db("sca") ) {
            echo( "<P>Unable to locate the " . "database at this time.</P>" );
            exit();  }

  // Request the text of all the jokes
    $result = mysql_query("SELECT first_name, pid FROM roster WHERE pid = '".$_POST['pid']."'");
        if (!$result) {
            echo("<P>Error performing query: " . mysql_error() . "</P>");
            exit();  }
            
      // Display the text of each joke in a paragraph 
   $row = mysql_fetch_array($result)     
?>

<center>
<h3 align="center">Logged in</h3>
<p align="center">Welcome back <?php echo($row["first_name"]);?>, you are logged in.</p>
<form id="form1" name="form1" method="post" action="logout.php">
  <label>
  <center><input name="logout" type="submit" id="logout" value="Log Out" /></center>
  </label>
</form>
<p class="sidebarHeader">
  <?php

} else {    // if form hasn't been submitted

?><center><h3>Login</h3></p>
</center>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
  <table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td>
<input name="pid" type="text" size="10" maxlength="5">
</td></tr>
<tr><td>Password:</td><td>
<input name="password" type="password" size="10" maxlength="20">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>

<a href="about.php">about</a>

</body>
</html>

db_connect.php:
<?php

//require the PEAR::DB classes.

require_once 'DB.php';


$db_engine = '*****';
$db_user = '*****';
$db_pass = '******';
$db_host = '*******';
$db_name = '*******';

$datasource = $db_engine.'://'.
              $db_user.':'.
              $db_pass.'@'.
               $db_host.'/'.
                $db_name;


$db_object = DB::connect($datasource, TRUE);

/* assign database object in $db_object, 

if the connection fails $db_object will contain

the error message. */

// If $db_object contains an error:

// error and exit.

if(DB::isError($db_object)) {
    die($db_object->getMessage());
}

$db_object->setFetchMode(DB_FETCHMODE_ASSOC);

// we write this later on, ignore for now.

include('check_login.php');

?>

check_login.php
<?php

/* check login script, included in db_connect.php. */

//session_start();

if (!isset($_SESSION['pid']) || !isset($_SESSION['password'])) {
    $_SESSION["logged_in"] = 0;
    return;
} else {

    // remember, $_SESSION['password'] will be encrypted.

    if(!get_magic_quotes_gpc()) {
        $_SESSION['pid'] = addslashes($_SESSION['pid']);
    }


    // addslashes to session username before using in a query.
    $pass = $db_object->query("SELECT password FROM roster WHERE pid = '".$_SESSION['pid']."'");

    if(DB::isError($pass) || $pass->numRows() != 1) {
        $_SESSION["logged_in"] = 0;
        unset($_SESSION['pid']);
        unset($_SESSION['password']);
        // kill incorrect session variables.
    }

    $db_pass = $pass->fetchRow();

    // now we have encrypted pass from DB in 
    //$db_pass['password'], stripslashes() just incase:

    $db_pass['password'] = stripslashes($db_pass['password']);
    $_SESSION['password'] = stripslashes($_SESSION['password']);



    //compare:



    if($_SESSION['password'] == $db_pass['password']) { 
        // valid password for username
        $logged_in = 1; // they have correct info
                    // in session variables.
    } else {
        $_SESSION["logged_in"] = 0;
        unset($_SESSION['pid']);
        unset($_SESSION['password']);
        // kill incorrect session variables.
    }
}


// clean up
unset($db_pass['password']);

$_SESSION['pid'] = stripslashes($_SESSION['pid']);

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
</body>
</html>

Page which uses time:
[a href=\"http://southerncrossairlines.ausvirtual.com/New%20Site/log.php?pirepview=1&pirep_id=2\" target=\"_blank\"]http://southerncrossairlines.ausvirtual.co...ew=1&pirep_id=2[/a]

Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<p>
  <?php

  // Connect to the database server 
    $dbcnx = @mysql_connect("***********","*******","***");
        if (!$dbcnx) {
            echo( "<P>Unable to connect to the " . "database server at this time.</P>" );
            exit();  }

  // Select the routes database 
        if (! @mysql_select_db("*******") ) {
            echo( "<P>Unable to locate the " . "database at this time.</P>" );
            exit();  }

  // Run query to select details of last 50 pireps, pilot, airports and aircraft
      $pirepvar = $_REQUEST['pirep_id'];
    $pirep = "SELECT pirep.id, pirep.pid, pirep.flightid, pirep.date, routes.departure, routes.arrival, routes.flight_number,         routes.aircraft, roster.first_name, roster.last_name, roster.pid
                FROM pirep, routes, roster
                    WHERE pirep.flightid = routes.flight_number AND
                            pirep.pid = roster.pid";
    $pirepresult = mysql_query($pirep);
    if (!$pirepresult) {
            echo("<P>Error performing query: " . mysql_error() . "</P>");
            exit();  }    
    
    // For individual pirep
    $indpirep = "SELECT pirep.id, pirep.pid, pirep.flightid, pirep.deptime, pirep.arrtime, pirep.depfuel, pirep.arrfuel, pirep.pax, pirep.cargo, pirep.comments, pirep.date, routes.departure, routes.arrival, routes.flight_number, routes.aircraft, roster.first_name, roster.last_name, roster.pid, (pirep.arrtime-pirep.deptime) AS totaltime, (pirep.depfuel-pirep.arrfuel) AS totalfuel
                FROM pirep, routes, roster
                    WHERE pirep.flightid = routes.flight_number AND
                            pirep.pid = roster.pid AND
                                pirep.id = '$pirepvar'
                            GROUP BY pirep.date DESC";
    $indpirepresult = mysql_query($indpirep);
    if (!$indpirepresult) {
            echo("<P>Error performing query: " . mysql_error() . "</P>");
            exit();  }

// If one of the links has been clicked, display this instead
if (isset($_GET['pirepview'])):

while ( $row = mysql_fetch_array($indpirepresult) ) { 
?>
<table border="1">
  <tr>
    <td>PIREP <br /><?php echo($row["id"]); ?></td>
    <td colspan="2">Pilot<br /><?php echo($row["first_name"]); ?> <?php echo($row["last_name"]); ?></td>
  </tr>
  <tr>
    <td>Date<br /><?php echo($row["date"]); ?></td>
    <td>Flight No.<br /><?php echo($row["flightid"]); ?> </td>
    <td>Aircraft<br /><?php echo($row["aircraft"]); ?></td>
  </tr>
  <tr>
    <td>Departure Airport<br /><?php echo($row["departure"]); ?> </td>
    <td>Departure Time <br /><?php echo($row["deptime"]); ?></td>
    <td>Departure Fuel<br /><?php echo($row["depfuel"]); ?> </td>
  </tr>
  <tr>
    <td>Arrival Airport<br /><?php echo($row["arrival"]); ?> </td>
    <td>Arrival Time<br /><?php echo($row["arrtime"]); ?> </td>
    <td>Arrival Fuel<br /><?php echo($row["arrfuel"]); ?> </td>
  </tr>
  <tr>
    <td rowspan="2"> </td>
    <td>Total Time<br /><?php echo($row["totaltime"]); ?> </td>
    <td>Total Fuel<br /><?php echo($row["totalfuel"]); ?> </td>
  </tr>
  <tr>
    <td>Passengers<br /><?php echo($row["pax"]); ?></td>
    <td>Cargo<br /><?php echo($row["cargo"]); ?></td>
  </tr>
  <tr>
    <td colspan="3">Comments<br /><?php echo($row["comments"]); ?></td>
  </tr>
</table>
<p>

<?php } else: ?>
</p>
<p> </p>
<table border="0">
  <tr>
    <td colspan="6"><div align="center">Last 50 PIREPs </div></td>
  </tr>
  <tr>
    <td>Date</td>
    <td>Flight No. </td>
    <td>Flown by </td>
    <td>Aircraft</td>
    <td>Departure</td>
    <td>Arrival</td>
  </tr>
  <?php while ( $row = mysql_fetch_array($pirepresult) ) { ?>
  <tr>
    <td><?php echo '<a href="' . $_SERVER['PHP_SELF'] . '?pirepview=1&pirep_id=' . $row["id"] . '">' . ($row["date"]) . '</a>'; ?></td>
    <td><?php echo($row["flightid"]); ?></td>
    <td><?php echo($row["first_name"]); ?> <?php echo($row["last_name"]); ?></td>
    <td><?php echo($row["aircraft"]); ?></td>
    <td><?php echo($row["departure"]); ?></td>
    <td><?php echo($row["arrival"]); ?></td>
  </tr>
  <?php } endif; ?>
</table>
<p> </p>
</body>
</html>

I think that's everything of importance. Any ideas would be appreciated.

#2 Eskimo887

Eskimo887
  • Members
  • PipPip
  • Member
  • 13 posts

Posted 29 June 2006 - 04:50 AM

Bump to get it to the top as there was been a lot of other posts.

#3 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 29 June 2006 - 05:16 AM

ansaw 1

add SESSION_START to all pages

example

<?session_start();

?>

ansaw 2


to add time to the datadase using varchar ok easy.

$time=date("h:i:s");

also add to the form name="time"


third quistion forgot sorry?
lol
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#4 Eskimo887

Eskimo887
  • Members
  • PipPip
  • Member
  • 13 posts

Posted 02 July 2006 - 09:29 AM

Cheers mate,

BTW, the third question was how to do time calculations, or will adding $time=date("h:i:s"); do that automatically?

#5 heckenschutze

heckenschutze
  • Members
  • PipPipPip
  • Advanced Member
  • 257 posts
  • LocationAustralia

Posted 02 July 2006 - 10:35 AM

if your talking about UNIX timestamps, time()




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users