Jump to content

How Can I Hide This Form?

thefandango

By thefandango
in Third Party Scripts

Recommended Posts

thefandango Newbie

thefandango

Posted
Posted

Hi

 

In my sites admin panel I have created a form that writes a value to the database of either 1 for a seller account and 0 for a buyer account, keeping it as a value of "seller" within a table called "members".

 

I thought it would be easy to fudge a query and show or hide a sellers form, but I'm not having any luck.  My PHP skills are close to zero :

 

The file that generates the form I want to hide is below.  How can I insert a db query into this page (?) that will only show this form to someone who is a seller and display a message only to someone who is a buyer?

<?php


include("include/config.php");
include("include/functions/import.php");

if ($_SESSION['USERID'] != "" && $_SESSION['USERID'] >= 0 && is_numeric($_SESSION['USERID']))
{	
	$allowposting = "1";
	$vonly = $config['vonly'];
	if($vonly == "1")
	{
		$uverified = $_SESSION['VERIFIED'];
		if($uverified != "1")
		{
			$allowposting = "0";
		}
	}
	if($config['enable_levels'] == "1" && $config['price_mode'] == "3")
	{
		$timecheck = time() - 86400;
		$query = "select count(*) as total from posts where USERID='".mysql_real_escape_string($_SESSION['USERID'])."' AND time_added>='".mysql_real_escape_string($timecheck)."'"; 
		$executequery=$conn->execute($query);
		$lastjobs = $executequery->fields['total']+0;
		
		$query = "select level from members where USERID='".mysql_real_escape_string($_SESSION['USERID'])."'"; 
		$executequery=$conn->execute($query);
		$mlevel = intval($executequery->fields['level']);
		if($mlevel == "3")
		{
			$jlimit = $config['level3job'];
		}
		elseif($mlevel == "2")
		{
			$jlimit = $config['level2job'];
		}
		elseif($mlevel == "1")
		{
			$jlimit = $config['level1job'];
		}
		else
		{
			$jlimit = "";
		}
		if($jlimit != "")
		{
			if($lastjobs >= $jlimit)
			{
				$allowposting = "2";
			}
		}
	}
	
	if($allowposting == "1")
	{
		if($_POST['subform'] == "1")
		{
			$gtitle = cleanit($_REQUEST['gtitle']);	
			$gcat = intval(cleanit($_REQUEST['gcat']));
			$gdesc = htmlentities(strip_tags(stripslashes($_REQUEST['gdesc']), '<p><i><strong><br><font><span><em><ol><li>'), ENT_COMPAT, "UTF-8");	
			$ginst = cleanit($_REQUEST['ginst']);	
			$gtags = cleanit($_REQUEST['gtags']);
			$gtags = str_replace(".", "", $gtags);	
			$gdays = intval(cleanit($_REQUEST['gdays']));
			$gyoutube = cleanit($_REQUEST['gyoutube']);
			$shipme = intval(cleanit($_REQUEST['shipme']));
			$multipleme = intval(cleanit($_REQUEST['multipleme']));
			$extrasme = intval(cleanit($_REQUEST['extrasme']));
			$instanturl = cleanit($_REQUEST['instanturl']);
			if($gtitle == "")
			{
				$error = "<li>".$lang['92']."</li>";
			}
			elseif(strlen($gtitle) > 200)
			{
				$error = "<li>".$lang['509']."</li>";
			}
			if($shipme == "1")
			{
				include("new_ship.scriptolution.com.php");
			}
			elseif($multipleme == "1")
			{
				$multiplemax = intval(cleanit($_REQUEST['multiplemax']));
				if($multiplemax > 0)
				{
					$scriptolution_add_multiple = ", scriptolution_add_multiple='".mysql_real_escape_string($multiplemax)."'";	
				}
				$fiverrscriptdotcom = "1";
			}
			elseif($extrasme == "1")
			{
				$scriptolution_process_extras = "1";
				$fiverrscriptdotcom = "1";
			}
			else
			{
				$fiverrscriptdotcom = "1";	
			}
			if($fiverrscriptdotcom == "1")
			{
				if($config['price_mode'] == "1")
				{
					$price = intval(cleanit($_REQUEST['gprice']));
					if($price == "0")
					{
						$error = "<li>".$lang['127']."</li>";
					}
					$comper = intval($config['commission_percent']);
					$count1 = $comper / 100;
					$count2 = $count1 * $price;
					$ctp = number_format($count2, 2, '.', '');
				}
				elseif($config['price_mode'] == "3")
				{
					$PACID = intval(cleanit($_REQUEST['gprice']));
					$query = "select pprice,pcom from packs where ID='".mysql_real_escape_string($PACID)."'"; 
					$executequery=$conn->execute($query);
					$price = intval(cleanit($executequery->fields['pprice']));
					$comper = intval(cleanit($executequery->fields['pcom']));
					if($price == "0")
					{
						$error = "<li>".$lang['435']."</li>";
					}
					$count1 = $comper / 100;
					$count2 = $count1 * $price;
					$ctp = number_format($count2, 2, '.', '');
					
				}
				elseif($config['price_mode'] == "2")
				{
					$price = intval($config['price']);
					$comper = intval($config['commission_percent']);
					$count1 = $comper / 100;
					$count2 = $count1 * $price;
					$ctp = number_format($count2, 2, '.', '');
				}
				else
				{
					$price = intval($config['price']);
					$mysetc = $config['commission'];
					$ctp = number_format($mysetc, 2);
				}
			}
			if($gcat == "0")
			{
				$error .= "<li>".$lang['93']."</li>";
			}
			if($gdesc == "")
			{
				$error .= "<li>".$lang['94']."</li>";
			}
			elseif(strlen($gdesc) > 5000)
			{
				$error = "<li>".$lang['510']."</li>";
			}
			if($ginst == "")
			{
				$error .= "<li>".$lang['95']."</li>";
			}
			if($gtags == "")
			{
				$error .= "<li>".$lang['96']."</li>";
			}

			if(scriptolution_banned_words_chk($gtitle))
			{
				$error .= "<li>".$lang['556']."</li>";
			}
			if(scriptolution_banned_words_chk($gdesc))
			{
				$error .= "<li>".$lang['586']."</li>";
			}
			if(scriptolution_banned_words_chk($gtags))
			{
				$error .= "<li>".$lang['587']."</li>";
			}
			if(scriptolution_banned_words_chk($ginst))
			{
				$error .= "<li>".$lang['588']."</li>";
			}

			if($gdays == "0")
			{
				if($instanturl=="" && $_FILES['instantfile']['tmp_name']=="")
				{
					$error .= "<li>".$lang['97']."</li>";
				}
			}
			if($instanturl!="" || $_FILES['instantfile']['tmp_name']!="")
			{
				include("new_instant.scriptolution.com.php");
			}
			$gphoto = $_FILES['gphoto']['tmp_name'];
			if($gphoto != "")
			{
				$ext = substr(strrchr($_FILES['gphoto']['name'], '.'), 1);
				$ext2 = strtolower($ext);
				if($ext2 == "jpeg" || $ext2 == "jpg" || $ext2 == "gif" || $ext2 == "png")
				{
					$theimageinfo = getimagesize($gphoto);
					if($theimageinfo[2] != 1 && $theimageinfo[2] != 2 && $theimageinfo[2] != 3)
					{
						$error .= "<li>".$lang['100']."</li>";
					}
				}
				else
				{
					$error .= "<li>".$lang['100']."</li>";
				}
			}
			else
			{
				$error .= "<li>".$lang['101']."</li>";
			}
			if($gyoutube != "")
			{
				$gyoutube = str_replace("https://", "http://", $gyoutube);
				$pos = strpos($gyoutube, "http://www.youtube.com/watch?v=");
				$posb = strpos($gyoutube, "http://www.youtu.be/");
				$posc = strpos($gyoutube, "http://youtu.be/");
				if ($pos === false)
				{
					if ($posb === false)
					{
						if ($posc === false)
						{
							$error .= "<li>".$lang['133']."</li>";
						}
					}
				}
			}
			if($error == "")
			{			
				$approve_stories = $config['approve_stories'];
				if($approve_stories == "1")
				{
					$active = "0";
				}
				else
				{
					$active = "1";
				}
				$query="INSERT INTO posts SET USERID='".mysql_real_escape_string($_SESSION['USERID'])."', gtitle='".mysql_real_escape_string($gtitle)."',gtags='".mysql_real_escape_string($gtags)."', gdesc='".mysql_real_escape_string($gdesc)."', ginst='".mysql_real_escape_string($ginst)."', days='".mysql_real_escape_string($gdays)."', youtube='".mysql_real_escape_string($gyoutube)."', category='".mysql_real_escape_string($gcat)."', price='".mysql_real_escape_string($price)."', time_added='".time()."', date_added='".date("Y-m-d")."', pip='".$_SERVER['REMOTE_ADDR']."', active='$active', ctp='".mysql_real_escape_string($ctp)."' $scriptolution_add_multiple $addship $scriptolution_add_instant";
				$result=$conn->execute($query);
				$pid = mysql_insert_id();
				
				if($scriptolution_process_extras == "1")
				{
					include("new_extras.scriptolution.com.php");
				}
				if($gphoto != "")
				{
					$thepp = $pid."-1";
					if($theimageinfo[2] == 1)
					{
						$thepp .= ".gif";
					}
					elseif($theimageinfo[2] == 2)
					{
						$thepp .= ".jpg";
					}
					elseif($theimageinfo[2] == 3)
					{
						$thepp .= ".png";
					}
					if($error == "")
					{
						$myvideoimgnew=$config['pdir']."/".$thepp;
						if(file_exists($myvideoimgnew))
						{
							unlink($myvideoimgnew);
						}
						move_uploaded_file($gphoto, $myvideoimgnew);
						do_resize_image($myvideoimgnew, "380", "265", false, $config['pdir']."/t/".$thepp);
						do_resize_image($myvideoimgnew, "102", "72", false, $config['pdir']."/t2/".$thepp);
						do_resize_image($myvideoimgnew, "678", "458", false, $config['pdir']."/t3/".$thepp);
						do_resize_image($myvideoimgnew, "214", "132", false, $config['pdir']."/t4/".$thepp);
						if(file_exists($config['pdir']."/".$thepp))
						{
							$query = "UPDATE posts SET p1='$thepp' WHERE PID='".mysql_real_escape_string($pid)."'";
							$conn->execute($query);
						}
					}
				}
				$gphoto2 = $_FILES['gphoto2']['tmp_name'];
				if($gphoto2 != "")
				{
					$ext = substr(strrchr($_FILES['gphoto2']['name'], '.'), 1);
					$ext2 = strtolower($ext);
					if($ext2 == "jpeg" || $ext2 == "jpg" || $ext2 == "gif" || $ext2 == "png")
					{
						$theimageinfo = getimagesize($gphoto2);
						if($theimageinfo[2] != 1 && $theimageinfo[2] != 2 && $theimageinfo[2] != 3)
						{
							$gstop = "1";
						}
						else
						{
							$gstop = "0";
						}
					}
					if($gstop == "0")
					{
						$thepp = $pid."-2";
						if($theimageinfo[2] == 1)
						{
							$thepp .= ".gif";
						}
						elseif($theimageinfo[2] == 2)
						{
							$thepp .= ".jpg";
						}
						elseif($theimageinfo[2] == 3)
						{
							$thepp .= ".png";
						}
	
						$myvideoimgnew=$config['pdir']."/".$thepp;
						if(file_exists($myvideoimgnew))
						{
							unlink($myvideoimgnew);
						}
						move_uploaded_file($gphoto2, $myvideoimgnew);
						do_resize_image($myvideoimgnew, "380", "265", false, $config['pdir']."/t/".$thepp);
						do_resize_image($myvideoimgnew, "102", "72", false, $config['pdir']."/t2/".$thepp);
						do_resize_image($myvideoimgnew, "678", "458", false, $config['pdir']."/t3/".$thepp);
						do_resize_image($myvideoimgnew, "214", "132", false, $config['pdir']."/t4/".$thepp);
						if(file_exists($config['pdir']."/".$thepp))
						{
							$query = "UPDATE posts SET p2='$thepp' WHERE PID='".mysql_real_escape_string($pid)."'";
							$conn->execute($query);
						}
					}
				}
				$gphoto3 = $_FILES['gphoto3']['tmp_name'];
				if($gphoto3 != "")
				{
					$ext = substr(strrchr($_FILES['gphoto3']['name'], '.'), 1);
					$ext2 = strtolower($ext);
					if($ext2 == "jpeg" || $ext2 == "jpg" || $ext2 == "gif" || $ext2 == "png")
					{
						$theimageinfo = getimagesize($gphoto3);
						if($theimageinfo[2] != 1 && $theimageinfo[2] != 2 && $theimageinfo[2] != 3)
						{
							$gstop = "1";
						}
						else
						{
							$gstop = "0";
						}
					}
					if($gstop == "0")
					{
						$thepp = $pid."-3";
						if($theimageinfo[2] == 1)
						{
							$thepp .= ".gif";
						}
						elseif($theimageinfo[2] == 2)
						{
							$thepp .= ".jpg";
						}
						elseif($theimageinfo[2] == 3)
						{
							$thepp .= ".png";
						}
	
						$myvideoimgnew=$config['pdir']."/".$thepp;
						if(file_exists($myvideoimgnew))
						{
							unlink($myvideoimgnew);
						}
						move_uploaded_file($gphoto3, $myvideoimgnew);
						do_resize_image($myvideoimgnew, "380", "265", false, $config['pdir']."/t/".$thepp);
						do_resize_image($myvideoimgnew, "102", "72", false, $config['pdir']."/t2/".$thepp);
						do_resize_image($myvideoimgnew, "678", "458", false, $config['pdir']."/t3/".$thepp);
						do_resize_image($myvideoimgnew, "214", "132", false, $config['pdir']."/t4/".$thepp);
						if(file_exists($config['pdir']."/".$thepp))
						{
							$query = "UPDATE posts SET p3='$thepp' WHERE PID='".mysql_real_escape_string($pid)."'";
							$conn->execute($query);
						}
					}
				}
				if($approve_stories == "1")
				{
					$message = $lang['126'];
					if($config['scriptolution_notify_gigval'] == "1")
					{
						$scriptolution_notify_gigval_email = $config['scriptolution_notify_gigval_email'];
						if($scriptolution_notify_gigval_email != "")
						{
							$sendername = $config['site_name'];
							$from = $config['site_email'];
							$subject = $lang['553'];
							$sendmailbody = $lang['554']."<br><br>";
							$sendmailbody .= $lang['555']."<br>";
							$sendmailbody .= "<a href=".$config['baseurl']."/administrator/gigs_validate.php>".$config['baseurl']."/administrator/gigs_validate.php</a><br><br>";
							$sendmailbody .= $lang['23'].",<br>".stripslashes($sendername);
							mailme($scriptolution_notify_gigval_email,$sendername,$from,$subject,$sendmailbody,$bcc="");
						}
					}					
				}
				else
				{
					$gurl = $config['baseurl']."/".get_cat_seo($gcat)."/".$pid."/".seo_clean_titles($gtitle);
					$feurl = $config['baseurl']."/feature?id=".$pid;
					header("Location:$feurl");exit;
				}
			}
			else
			{
				STemplate::assign('gtitle',$gtitle);
				STemplate::assign('gcat',$gcat);
				STemplate::assign('gdesc',$gdesc);
				STemplate::assign('ginst',$ginst);
				STemplate::assign('gtags',$gtags);
				STemplate::assign('gdays',$gdays);
				STemplate::assign('gyoutube',$gyoutube);
			}
		}
		else
		{
			$gtitle = cleanit($_REQUEST['quicktitle']);
			STemplate::assign('gtitle',$gtitle);
		}
		$templateselect = "new.tpl";
	}
	elseif($allowposting == "2")
	{
		$error = $lang['498'];
		$templateselect = "new2.tpl";
	}
	else
	{
		$error = $lang['445'];
		$templateselect = "new2.tpl";
	}
	$pagetitle = $lang['61'];
	STemplate::assign('pagetitle',$pagetitle);
}
else
{
	header("Location:$config[baseurl]/");exit;
}

//TEMPLATES BEGIN
STemplate::assign('sm0',"1");
STemplate::assign('error',$error);
STemplate::assign('message',$message);
STemplate::display('scriptolution_header.tpl');
STemplate::display($templateselect);
STemplate::display('scriptolution_footer_nobottom.tpl');
//TEMPLATES END
?>
Link to comment
https://forums.phpfreaks.com/topic/296998-how-can-i-hide-this-form/
Share on other sites
mac_gyver Prolific Member

mac_gyver

Posted
Posted

you need a user/permission system. see the following basic example -

// roles
define('BUYER',0);
define('SELLER',1);
// other roles would go here...

// permissions
define('CREATE_LISTING',1);
define('POST_REPLY',2);
// other permissions would go here....

class user
{
    private $permissions = array();

    public function __construct($user_id){
        // this code retrieves the user's permissions based on their assigned role

        // define permissions to roles. this would normally be in a database table      
        // for demo purposes, these are just assigned here...
        $permissions[BUYER][] = POST_REPLY;
        $permissions[SELLER][] = CREATE_LISTING;
        $permissions[SELLER][] = POST_REPLY;
        
        // fake code to assign a role based on dummy user id's
        // actual code would retrieve the role from wherever it is stored
        if($user_id == 123){ // a dummy buyer
            $role = BUYER;
        }
        if($user_id == 456){ // a dummy seller
            $role = SELLER;
        }
        
        $this->permissions = $permissions[$role]; // store this user's permissions
    }
    
    public function has_permission($var) {
        return in_array($var,$this->permissions);
    }
}


$_SESSION['USERID'] = 123; // a fake user - with role of buyer

// example usage -
$user = new user($_SESSION['USERID']); // get this user's permissions

if($user->has_permission(CREATE_LISTING)){
    // code for creating or processing a listing...
    echo 'you can create a listing';
}

if(!$user->has_permission(CREATE_LISTING)){ // note the ! (not)
    echo 'you cannot access this page';
}

if($user->has_permission(POST_REPLY)){
    echo 'you can post a reply';
}

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.