restricting another login once you logout

[Psycho]

You would just display a form for each question. I would create a table for the test and have a different record for each question. Then create code to pull the "current" question and display the form. When user submits the form, record the results to the database and then display the next question.

[webguync]

I understand about creating a table for the questions, and answers. What about for the form code? Wouldn't i need different code for each question? Also with the time remaining when each question is displayed. How would I accomplish that?

[Psycho]

You really should start another thread as what you are asking now has nothing to do with the original title. But, I'll provide answers to your last post and you can start a new thread if there is additional help needed.

 

1. How you should "store" the questions depends on many factors. If the questions are all mutiple choice with say four possible answers, just create a record for each question with fields for 1) the question, 2-5) The answers, and 6) The correct answer. Of course you could always put the correct answer in position 1 and just randomize how the answers are displayed. It all depends on how YOU want to work it. Then just build a page that gets the question record from the database and then builds the form, displaying the question and the possible answers as radio button options.

 

Of course, if the questions are not simply multiple choice then it might get more difficult. I can't really provide any more help as I have no idea what format your questions/answers need to be in. If it gets too complex you can just store the entire form in the database.

 

For the time remaining, use a session value to store the start time when the users starts the test. Then on each page load you would calculate the time remaining and display it. Pretty simple concept.

 

Example Code:

<?php

//Setting start time when user starts test
$_SESSION['start_time'] = time();

?>

 

Form page code:

<?php

if(isset($_POST['question_id']))
{
    //Determine time left
    $time_left = 3600 - (time() - $_SESSION['start_time']);

    //See if thre is time left
    if ($time_left<1)
    {
        $output = "The time to take this test has expired.";
    }
    else
    {
        //Create display for the time left
        $minutes = floor($time_left/60);
        $seconds = printf("[%02s]\n", ($time_left-($minutes*60)));;
        $output = "Time remaining: {$minutes}:{$seconds}<br /><br />\n";

        $question_id = $_POST['question_id'];
        $answer_id = $_POST['answer_id'];

        //Create code to store the user's response in the DB

        //Get the next question
        $question_id++;
        $query = "SELECT question, answer1, answer2, answer3, answer4
                  FROM questions
                  WHERE id = {$question_id}";
        $result = mysql_query($query);
        $question = mysql_fetch_assoc($result);

        //create the form
        $output  = "<form action=\"\" method="POST">\n";
        $output .= "<b>{$question['question']}</b>\n";
        $output .= "<input type=\"hidden\" name=\"question_id\" value=\"$question_id\"><br /><br />\n";

        //Add questions in a random order
        foreach(shuffle(range(1,4)) as $answer_id)
        {
            $answer = $question['answer'.$answer_id];
            $output .= "<input type=\"radio\" name=\"answer_id\" value=\"$answer_id\">\n";
            $output .= "{$answer}<br />\n";
        }

        //Close out the form
        $output .= "<button type=\"submit\">Answer</button>\n";
        $output .= "</form>\n";
    }
}

?>
<html>
<head></head>

<body>
<?php echo $output; ?>
</body>
</html>

 

This is by no means complete code. There is no validation and it doesn't test to see if the last question has been reached. There is still much to do. I haven't even tested it, but the logic is sound.

[webguync]

It won't be multiple choice, just a text area for user input, then submit to MySQL DB.

[Psycho]

It won't be multiple choice, just a text area for user input, then submit to MySQL DB.

Then you just need to have a table with the questions and build a form that displays the question, has a hidden input for the question ID and a text box for the response. Veery straight forward.

[webguync]

I'll get to the form storing in the database later and start a new topic as you suggested. Right now, I am still trying to get the login part to work. Right now as it stands the username and password is not being authenticated against the data in MySQL, the time stamp isn't being entered in the database upon login and echoing the session value 'name' which is recorded in the MySQL DB isn't working wither. Please tell me what I have wrong, or how to debug.

 

<?php
ini_set("display_errors","1");
ERROR_REPORTING(E_ALL);
session_start();
$con = mysql_connect("localhost","username","pw") or die('Could not connect: ' . mysql_error());

mysql_select_db("DBName") or die(mysql_error());


//Escape user input
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);


//Update record with current time IF the account has never logged in before
$query = "UPDATE `Editor_Candidates`
          SET `login_timestamp` = NOW()
          WHERE `username` = '$username'
            AND `password` = '$password'
            AND login_timestamp = ''";
$result = mysql_query($query);
//Check if query ran succesfully
if(!$result)
{
    //Query failed, add error handling
    $response = "Query failed";
}
else
{
    //Set flag
    $error = false;
    if(mysql_affected_rows()!=1)
    {
        //Record doesn't exist OR credentials have been previously used
        //Run query to see when the initial login was
        $query = "SELECT `login_timestamp`
                  FROM `Editor_Candidates`
                  WHERE `username` = '$username'
                    AND `password` = '$password'";
        $result = mysql_query($query);

        if (mysql_num_rows($result)!=1)
        {
            //username/password doesn't exist
            $error = "That username/password is not valid.";
        }
        else
        {
            //Get record and check first login time
            $record = mysql_fetch_assoc($result);
            if ($record['login_timestamp']<strtotime("-60 minutes"))
            {
                //username/password was used more than 60 minutes ago
                $error = "That username/password has expired";
            }
        }
    }
    //Check if error occured
    if ($error == false)
    {
        // Same checking stuff all over again.
if(isset($_POST['submit'])) {
   if(empty($_POST['username']) || empty($_POST['pwid']) ) {
    echo "<h2 style='color:#039;font-size:14px;font-family:arial, helvetica,sans-serif'>Please fill in both your username and password to access the editor exam. You will be redirected back to the login screen in 5 seconds</h2>";
  echo "<meta http-equiv='refresh' content='5; url=EditorLogin.php'>";
                exit;
   }
   // Create the variables again.
   
   $username = mysql_real_escape_string($_POST['username']);
   $pwid = $_POST['pwid'];

   // Encrypt the password again with the md5 hash. 
   // This way the password is now the same as the password inside the database.
   //$pwid = md5($pwid);

   // Store the SQL query inside a variable. 
   // ONLY the username you have filled in is retrieved from the database.
   $query = "SELECT username,pwid,name
           FROM   Editor_Candidates
           WHERE
           pwid = '$pwid'
           AND
           username='$username'";

   $result = mysql_query($query) or die(mysql_error());
   if(mysql_num_rows($result) == 0) { 
      // Gives an error if the username/pw given does not exist.
      // or if something else is wrong.
     echo "<h2 style='color:#039;font-size:14px;font-family:arial, helvetica,sans-serif'>You have entered a username or password that does not match our database records. please try again. You will be directed back to the login screen in 5 seconds. </h2> " . mysql_error();
echo "<meta http-equiv='refresh' content='5; url=EditorLogin.php'>";
exit();
/*
this would benefit from a redirect to a page giving better information to
the user and maybe logging some errors.
*/
   } else {
      // Now create an object from the data you've retrieved.
      $row = mysql_fetch_object($result);
      // You've now created an object containing the data.
      // You can call data by using -> after $row.
      // For example now the password is checked if they're equal.

      // By storing data inside the $_SESSION superglobal,
      // you stay logged in until you close your browser.
  $_SESSION['name'] = $row->name;
     $_SESSION['username'] = $username;
      $_SESSION['sid'] = session_id(); 
      // Make it more secure by storing the user's IP address.
      $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
      // Now give the success message.
      // $_SESSION['username'] should print out your username.

//move this to after your redirect further below..
      
   }
}

// Start a session. If not logged in will be redirected back to login screen.

if(!isset($_SESSION['username'])){
exit;
}
echo "<div id='welcome'><h3>Welcome! You are now logged in " . $_SESSION['name'] . "</h3>";

echo "<a class='logout' href='logout.php'>Logout</a></div>";
     }
}


?>