Jump to content

A Couple Of Questions

Eskimo887

By Eskimo887
in PHP Coding Help

 Share

Recommended Posts

Eskimo887 Newbie

Eskimo887

Posted
Posted
I have a log in script on my web site, using a modified version of the tutorial on this site.

I have copied to same script to multiple pages, as I want the log in text boxes or the message 'you are logged in' to be on every page, I can log in on one page perfectly, however, when I goto the second page, I need to log in again, and when I go back to the first page I need to log in again. I am using normal hyperlinks for both.

My second question, I am using phpMyAdmin to administer my database, in one table I have a time field. The default value seems to be HH:MM:SS, but as I want to use the field in a formula on one of my pages (to work out the time taken between two time fields, I need to be able to only have HH:MM (eg, 13:00 or just 1300).

Also, what is the best way to do calculations with times as it is currently working it out as if it were just a number.

Log in:
[a href=\"http://southerncrossairlines.ausvirtual.com/New%20Site/index.php\" target=\"_blank\"]http://southerncrossairlines.ausvirtual.co...0Site/index.php[/a]
Username - 33
Password - test

code for index.php
[code]<?php

// database connect script.

require 'db_connect.php';

//if($logged_in == 1) {
    //die('You are already logged in, '.$_SESSION['pid'].'.');

//}


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>

<?php

if (isset($_POST['submit'])) { // if form has been submitted


    /* check they filled in what they were supposed to and authenticate */
    if(!$_POST['pid'] | !$_POST['password']) {
        die('You did not fill in a required field.');
    }

    // authenticate.

    if (!get_magic_quotes_gpc()) {
        $_POST['pid'] = addslashes($_POST['pid']);
    }

    $check = $db_object->query("SELECT pid, password FROM roster WHERE pid = '".$_POST['pid']."'");

    if (DB::isError($check) || $check->numRows() == 0) {
        die('That username does not exist in our database.');
    }

    $info = $check->fetchRow();

    // check passwords match

    $_POST['password'] = stripslashes($_POST['password']);
    $info['password'] = stripslashes($info['password']);
    //$_POST['password'] = md5($_POST['password']);

    if ($_POST['password'] != $info['password']) {
        die('Incorrect password, please try again.');
        
    }

    // if we get here username and password are correct,
    //register session variables and set last login time.

    $date = date("d.m.Y");

    $update_login = $db_object->query("UPDATE roster SET last_online='$date' WHERE pid = '".$_POST['pid']."'");

    $_POST['pid'] = stripslashes($_POST['pid']);
    $_SESSION['pid'] = $_POST['pid'];
    $_SESSION['password'] = $_POST['password'];
    $db_object->disconnect();


  // Connect to the database server
    $dbcnx = @mysql_connect("mysql12.servage.net","sca","harmony");
        if (!$dbcnx) {
            echo( "<P>Unable to connect to the " . "database server at this time.</P>" );
            exit();  }

  // Select the jokes database
        if (! @mysql_select_db("sca") ) {
            echo( "<P>Unable to locate the " . "database at this time.</P>" );
            exit();  }

  // Request the text of all the jokes
    $result = mysql_query("SELECT first_name, pid FROM roster WHERE pid = '".$_POST['pid']."'");
        if (!$result) {
            echo("<P>Error performing query: " . mysql_error() . "</P>");
            exit();  }
            
      // Display the text of each joke in a paragraph
   $row = mysql_fetch_array($result)    
?>

<center>
<h3 align="center">Logged in</h3>
<p align="center">Welcome back <?php echo($row["first_name"]);?>, you are logged in.</p>
<form id="form1" name="form1" method="post" action="logout.php">
  <label>
  <center><input name="logout" type="submit" id="logout" value="Log Out" /></center>
  </label>
</form>
<p class="sidebarHeader">
  <?php

} else {    // if form hasn't been submitted

?><center><h3>Login</h3></p>
</center>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
  <table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td>
<input name="pid" type="text" size="10" maxlength="5">
</td></tr>
<tr><td>Password:</td><td>
<input name="password" type="password" size="10" maxlength="20">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>

<a href="about.php">about</a>

</body>
</html>
[/code]

db_connect.php:
[code]<?php

//require the PEAR::DB classes.

require_once 'DB.php';


$db_engine = '*****';
$db_user = '*****';
$db_pass = '******';
$db_host = '*******';
$db_name = '*******';

$datasource = $db_engine.'://'.
              $db_user.':'.
              $db_pass.'@'.
               $db_host.'/'.
                $db_name;


$db_object = DB::connect($datasource, TRUE);

/* assign database object in $db_object,

if the connection fails $db_object will contain

the error message. */

// If $db_object contains an error:

// error and exit.

if(DB::isError($db_object)) {
    die($db_object->getMessage());
}

$db_object->setFetchMode(DB_FETCHMODE_ASSOC);

// we write this later on, ignore for now.

include('check_login.php');

?>
[/code]

check_login.php
[code]<?php

/* check login script, included in db_connect.php. */

//session_start();

if (!isset($_SESSION['pid']) || !isset($_SESSION['password'])) {
    $_SESSION["logged_in"] = 0;
    return;
} else {

    // remember, $_SESSION['password'] will be encrypted.

    if(!get_magic_quotes_gpc()) {
        $_SESSION['pid'] = addslashes($_SESSION['pid']);
    }


    // addslashes to session username before using in a query.
    $pass = $db_object->query("SELECT password FROM roster WHERE pid = '".$_SESSION['pid']."'");

    if(DB::isError($pass) || $pass->numRows() != 1) {
        $_SESSION["logged_in"] = 0;
        unset($_SESSION['pid']);
        unset($_SESSION['password']);
        // kill incorrect session variables.
    }

    $db_pass = $pass->fetchRow();

    // now we have encrypted pass from DB in
    //$db_pass['password'], stripslashes() just incase:

    $db_pass['password'] = stripslashes($db_pass['password']);
    $_SESSION['password'] = stripslashes($_SESSION['password']);



    //compare:



    if($_SESSION['password'] == $db_pass['password']) {
        // valid password for username
        $logged_in = 1; // they have correct info
                    // in session variables.
    } else {
        $_SESSION["logged_in"] = 0;
        unset($_SESSION['pid']);
        unset($_SESSION['password']);
        // kill incorrect session variables.
    }
}


// clean up
unset($db_pass['password']);

$_SESSION['pid'] = stripslashes($_SESSION['pid']);

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
</body>
</html>
[/code]

Page which uses time:
[a href=\"http://southerncrossairlines.ausvirtual.com/New%20Site/log.php?pirepview=1&pirep_id=2\" target=\"_blank\"]http://southerncrossairlines.ausvirtual.co...ew=1&pirep_id=2[/a]

Code:
[code]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<p>
  <?php

  // Connect to the database server
    $dbcnx = @mysql_connect("***********","*******","***");
        if (!$dbcnx) {
            echo( "<P>Unable to connect to the " . "database server at this time.</P>" );
            exit();  }

  // Select the routes database
        if (! @mysql_select_db("*******") ) {
            echo( "<P>Unable to locate the " . "database at this time.</P>" );
            exit();  }

  // Run query to select details of last 50 pireps, pilot, airports and aircraft
      $pirepvar = $_REQUEST['pirep_id'];
    $pirep = "SELECT pirep.id, pirep.pid, pirep.flightid, pirep.date, routes.departure, routes.arrival, routes.flight_number,         routes.aircraft, roster.first_name, roster.last_name, roster.pid
                FROM pirep, routes, roster
                    WHERE pirep.flightid = routes.flight_number AND
                            pirep.pid = roster.pid";
    $pirepresult = mysql_query($pirep);
    if (!$pirepresult) {
            echo("<P>Error performing query: " . mysql_error() . "</P>");
            exit();  }    
    
    // For individual pirep
    $indpirep = "SELECT pirep.id, pirep.pid, pirep.flightid, pirep.deptime, pirep.arrtime, pirep.depfuel, pirep.arrfuel, pirep.pax, pirep.cargo, pirep.comments, pirep.date, routes.departure, routes.arrival, routes.flight_number, routes.aircraft, roster.first_name, roster.last_name, roster.pid, (pirep.arrtime-pirep.deptime) AS totaltime, (pirep.depfuel-pirep.arrfuel) AS totalfuel
                FROM pirep, routes, roster
                    WHERE pirep.flightid = routes.flight_number AND
                            pirep.pid = roster.pid AND
                                pirep.id = '$pirepvar'
                            GROUP BY pirep.date DESC";
    $indpirepresult = mysql_query($indpirep);
    if (!$indpirepresult) {
            echo("<P>Error performing query: " . mysql_error() . "</P>");
            exit();  }

// If one of the links has been clicked, display this instead
if (isset($_GET['pirepview'])):

while ( $row = mysql_fetch_array($indpirepresult) ) {
?>
<table border="1">
  <tr>
    <td>PIREP <br /><?php echo($row["id"]); ?></td>
    <td colspan="2">Pilot<br /><?php echo($row["first_name"]); ?> <?php echo($row["last_name"]); ?></td>
  </tr>
  <tr>
    <td>Date<br /><?php echo($row["date"]); ?></td>
    <td>Flight No.<br /><?php echo($row["flightid"]); ?> </td>
    <td>Aircraft<br /><?php echo($row["aircraft"]); ?></td>
  </tr>
  <tr>
    <td>Departure Airport<br /><?php echo($row["departure"]); ?> </td>
    <td>Departure Time <br /><?php echo($row["deptime"]); ?></td>
    <td>Departure Fuel<br /><?php echo($row["depfuel"]); ?> </td>
  </tr>
  <tr>
    <td>Arrival Airport<br /><?php echo($row["arrival"]); ?> </td>
    <td>Arrival Time<br /><?php echo($row["arrtime"]); ?> </td>
    <td>Arrival Fuel<br /><?php echo($row["arrfuel"]); ?> </td>
  </tr>
  <tr>
    <td rowspan="2"> </td>
    <td>Total Time<br /><?php echo($row["totaltime"]); ?> </td>
    <td>Total Fuel<br /><?php echo($row["totalfuel"]); ?> </td>
  </tr>
  <tr>
    <td>Passengers<br /><?php echo($row["pax"]); ?></td>
    <td>Cargo<br /><?php echo($row["cargo"]); ?></td>
  </tr>
  <tr>
    <td colspan="3">Comments<br /><?php echo($row["comments"]); ?></td>
  </tr>
</table>
<p>

<?php } else: ?>
</p>
<p> </p>
<table border="0">
  <tr>
    <td colspan="6"><div align="center">Last 50 PIREPs </div></td>
  </tr>
  <tr>
    <td>Date</td>
    <td>Flight No. </td>
    <td>Flown by </td>
    <td>Aircraft</td>
    <td>Departure</td>
    <td>Arrival</td>
  </tr>
  <?php while ( $row = mysql_fetch_array($pirepresult) ) { ?>
  <tr>
    <td><?php echo '<a href="' . $_SERVER['PHP_SELF'] . '?pirepview=1&pirep_id=' . $row["id"] . '">' . ($row["date"]) . '</a>'; ?></td>
    <td><?php echo($row["flightid"]); ?></td>
    <td><?php echo($row["first_name"]); ?> <?php echo($row["last_name"]); ?></td>
    <td><?php echo($row["aircraft"]); ?></td>
    <td><?php echo($row["departure"]); ?></td>
    <td><?php echo($row["arrival"]); ?></td>
  </tr>
  <?php } endif; ?>
</table>
<p> </p>
</body>
</html>
[/code]

I think that's everything of importance. Any ideas would be appreciated.
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.