Jump to content

Admin dashboard does not open dropdown to show html links

hendrikbez

By hendrikbez
in PHP Coding Help

 Share

Recommended Posts

hendrikbez Member

hendrikbez

Posted
Posted

I am making a new admin dashboard, and run into a problem.

My login is working, but when I am in my dashboard and hover over "API opstelling" it highlights (the down arrow is also showing) it does not open the 3 links under it.

It happens to all of my links.  I am not sure what the problem is.

header and dashboard files 

<?php error_reporting(E_ALL ^ E_NOTICE); ?>
<?php ob_start(); ?>
<?php
    session_start();
	require_once '../include/connection.php';
?>
<?php
	if (@$_SESSION['user_name_ecom']) {
        @$myusername = $_SESSION['user_name_ecom'];
        @$user_id = $_SESSION['user_id'];
    } else {
        header("location: indexnew.php");
    }
?>
<?php
    if ($_SESSION['user_id']) 
	{
        $user_id = $_SESSION['user_id'];
        $loggedin_state = 1;
        $_SESSION['loggedin_state'] = 1;
        $a_unique_id = 181050300;
        $_SESSION['a_unique_id'] = $a_unique_id;
		
    } else 
	{
        session_destroy();
        header("location: indexnew.php");
    }
?>
<?php
    $sql119 = mysqli_query($pdo, "SELECT * FROM  admin where ADMIN_ID  ='$user_id'  ");
    $productCount119 = mysqli_num_rows($sql119); // count the output amount
    if ($productCount119 > 0)
	{
        while ($row = mysqli_fetch_array($sql119)) 
		{
            $admin_name = $row["ADMIN_NAME"];
            $ADMIN_USER = $row["ADMIN_USER"];
            $ADMIN_PASS = $row["ADMIN_PASS"];
        }
    }
?>
<!DOCTYPE html>
<html lang="en">
<head>

    <meta charset="utf-8">
	 <title>Admin Panel</title>
    <meta content="width=device-width, initial-scale=1.0" name="viewport">
    <meta content="" name="keywords">
    <meta content="" name="description">
	
	 <!-- Favicon -->
    <link rel="shortcut icon" href="../img/fav-icon.png">

   

 <!-- Google Web Fonts -->
	<link rel="preconnect" href="https://fonts.googleapis.com">
    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
    <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600&family=Roboto:wght@500;700&display=swap" rel="stylesheet"> 
    
    <!-- Icon Font Stylesheet -->
    <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet">
    <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet">

    <!-- Libraries Stylesheet -->
	<link rel="stylesheet" type="text/css" href="../admin/css/owl.carousel.min.css?			<?php echo time(); ?>" />	
    <link href="../admin/css/tempusdominus-bootstrap-4.min.css" rel="stylesheet" />
	
	<!-- Customized Bootstrap Stylesheet -->
	
	<link href="../admin/css/bootstrap.min.css" rel="stylesheet" />
	<!-- Template Stylesheet -->
	<link href="../admin/css/styledark.css" rel="stylesheet" />
	
</head>

	<body>
	 <div class="container-fluid position-relative d-flex p-0">
        <!-- Spinner Start -->
        <div id="spinner" class="show bg-dark position-fixed translate-middle w-100 vh-100 top-50 start-50 d-flex align-items-center justify-content-center">
            <div class="spinner-border text-primary" style="width: 3rem; height: 3rem;" role="status">
                <span class="sr-only">Loading...</span>
            </div>
        </div>
        <!-- Spinner End -->

    <!-- Sidebar Start -->
        <div class="sidebar pe-4 pb-3">
            <nav class="navbar bg-secondary navbar-dark">
                <a href="dashbordnew.php" class="navbar-brand mx-4 mb-3">
                    <h3 class="text-primary"><i class="fa fa-user-edit me-2"></i>Kripto</h3>
                </a>
                <div class="d-flex align-items-center ms-4 mb-4">
                    <div class="position-relative">
                        <img class="rounded-circle" src="../admin/img/hen.png" alt="" style="width: 40px; height: 40px;">
                        <div class="bg-success rounded-circle border border-2 border-white position-absolute end-0 bottom-0 p-1"></div>
                    </div>
                    <div class="ms-3">
						<h6 class="mb-0"><?php echo $admin_name; ?> </h6>
							<a href="editProfilenew.php" >
								<span>Hoof Lid</span>
							</a>	
					</div>
                </div>
               <div class="navbar-nav w-100">
                    <a href="dashbordnew.php" class="nav-item nav-link active"><i class="fa fa-tachometer-alt me-2"></i>Paneelbord</a>
                    <div class="nav-item dropdown">
                        
						<a href="#" class="nav-link dropdown-toggle" data-bs-toggle="dropdown"><i class="fa fa-laptop me-2"></i>API Opstelling</a>
						
						
                        <div class="dropdown-menu bg-transparent border-0">
                            <a href="api&currencynew.php" class="dropdown-item">Verander API</a>
                            
							
							
                        </div>
                    </div>
					 <div class="nav-item dropdown">
                        <a href="#" class="nav-link dropdown-toggle" data-bs-toggle="dropdown"><i class="fa fa-laptop me-2"></i>Nomics</a>
                        <div class="dropdown-menu bg-transparent border-0">
                            <a href="NMCallemuntenew.php" class="dropdown-item">Beskikbaar</a>
                            <a href="NMCvoegmuntebynew.php" class="dropdown-item">Voeg nuwe by</a>
                            <a href="NMCinligtingnew.php" class="dropdown-item">Verander</a>
                        </div>
                    </div>
					<div class="nav-item dropdown">
                        <a href="#" class="nav-link dropdown-toggle" data-bs-toggle="dropdown"><i class="fa fa-laptop me-2"></i>Coingecko</a>
                        <div class="dropdown-menu bg-transparent border-0">
                           <a href="CGOallemuntenew.php" class="dropdown-item">Beskikbaar</a>
                            <a href="CGOvoegmuntebynew.php" class="dropdown-item">Voeg nuwe by</a>
                            <a href="CGOinligtingnew.php" class="dropdown-item">Verander</a>
                        </div>
                    </div>
					<div class="nav-item dropdown">
                        <a href="#" class="nav-link dropdown-toggle" data-bs-toggle="dropdown"><i class="fa fa-laptop me-2"></i>CoinMarketCap</a>
                        <div class="dropdown-menu bg-transparent border-0">
                          <a href="CMCallemuntenew.php" class="dropdown-item">Beskikbaar</a>
                            <a href="CMCvoegmuntebynew.php" class="dropdown-item">Voeg nuwe by</a>
                            <a href="CMCinligtingnew.php" class="dropdown-item">Verander</a>
                        </div>
                    </div>
                
                </div>
            </nav>
        </div>
        <!-- Sidebar End -->
		
        <!-- Back to Top -->
        <a href="#" class="btn btn-lg btn-primary btn-lg-square back-to-top"><i class="bi bi-arrow-up"></i></a>
	</div>
			
	    <!-- endinject -->

    <!-- JavaScript Libraries -->
    <script src="https://code.jquery.com/jquery-3.4.1.min.js"></script>
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.0/dist/js/bootstrap.bundle.min.js"></script>
    <script src="../admin/js/chart.min.js"></script>
    <script src="../admin/js/easing.min.js"></script>
    <script src="../admin/js/waypoints.min.js"></script>
    <script src="../admin/js/owl.carousel.min.js"></script>
    <script src="../admin/js/moment.min.js"></script>
    <script src="../admin/js/moment-timezone.min.js"></script>
    <script src="../admin/js/tempusdominus-bootstrap-4.min.js"></script>

    <!-- Template Javascript -->
    <script src="../admin/js/main.js"></script>
	
	
	
	
<?php include_once 'include/headnew.php';?>

<?php
    if(isset($_POST['username'])){
    
        $ADMIN_NAME = $_POST['name'];
        $ADMIN_USERNAME = $_POST['username'];
        $ADMIN_PASS = $_POST['Password'];
        
        
        $sql = mysqli_query($pdo,"UPDATE admin SET ADMIN_NAME = '$ADMIN_NAME', ADMIN_USER = '$ADMIN_USERNAME',
        ADMIN_PASS = '$ADMIN_PASS' WHERE ADMIN_ID = '$user_id' ") ;

        $desired_dir="../assets/img/admin/$user_id";
            
        if(is_dir($desired_dir)==false){
            mkdir("$desired_dir");		// Create directory if it does not exist
        }
        
        if ($_FILES['fileField']['tmp_name'] != ""){

            $newname = "1.jpg";
            move_uploaded_file($_FILES['fileField']['tmp_name'], "$desired_dir/$newname");

        } 
        
        
    }
    
?> 
  
   <meta charset="utf-8">
	 <title>Admin Panel</title>
    <meta content="width=device-width, initial-scale=1.0" name="viewport">
    <meta content="" name="keywords">
    <meta content="" name="description">
  
  <!--  <link rel="stylesheet" type="text/css" href="css/style.default.css?<?php echo time(); ?>" />-->
  
	<link rel="stylesheet" type="text/css" href="css/style.css?<?php echo time(); ?>" />
	<link rel="stylesheet" type="text/css" href="css/tempusdominus-bootstrap-4.min.css?<?php echo time(); ?>" />
	<link rel="stylesheet" type="text/css" href="css/owl.carousel.min.css? <?php echo time(); ?>" />	
    <link rel="stylesheet" type="text/css" href="css/tempusdominus-bootstrap-4.min.css?<?php echo time(); ?>" />
	<link rel="stylesheet" type="text/css" href="css/bootstrap.min.css?<?php echo time(); ?>" />
	<link rel="stylesheet" type="text/css" href="css/all.min.css?<?php echo time(); ?>" />
	<link rel="stylesheet" type="text/css" href="css/main.css?<?php echo time(); ?>" />
	<!-- Google Web Fonts -->
	<link rel="preconnect" href="https://fonts.googleapis.com">
    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
    <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600&family=Roboto:wght@500;700&display=swap" rel="stylesheet"> 
    
    <!-- Icon Font Stylesheet -->
   
    <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet">

   <script src="https://code.iconify.design/iconify-icon/1.0.0-beta.3/iconify-icon.min.js"></script>
	
	
	<br><br>
	
<div class="container-fluid position-relative d-flex p-0">
	<div class="content">
		<div class="container-fluid pt-4 px-4">
            <div class="row g-4">
                <div class="col-sm-6 col-xl-3">
                    <div class="bg-secondary rounded d-flex align-items-center justify-content-between p-4">
			            <iconify-icon icon="wpf:administrator" height="48" style="color: #FF0000"></iconify-icon>
			                <div class="ms-3">
                                <h4 class="mb-2">Paneelbord</h4>
                            </div>
                    </div>
				</div>
                    <div class="col-sm-6 col-xl-5">
                        <div class="bg-secondary rounded d-flex align-items-center justify-content-between p-4">
						<iconify-icon icon="fluent-emoji-high-contrast:latin-cross" height="48" style="color: #FF0000"></iconify-icon>
                           
                            <div class="ms-3">
                               <h1 "title2">JESUS CHRISTUS IS MY HEER</h1>
                            </div>
                        </div>
                    </div>
                   
                </div>
        </div>
            <!-- Sale & Revenue End -->
	
	
	
	
		
		<div class="container-fluid pt-4 px-4">
            <div class="row g-4">
                <div class="col-sm-6 col-xl-12">
                    <div class="bg-secondary rounded d-flex align-items-center justify-content-between p-4">
                       
                            <div class="ms-3">
                                <img src="../admin/img/vis3.png" width="250px" height="140px">
							</div>
							<div class="ms-3">
								<img src="../admin/img/pry.jpg" width="140px" height="140px">
                            </div>
							<div class="ms-3">
                                <img src="../admin/img/pry1.png" width="140px" height="140px" color="lime">
							</div>
							<div class="ms-3">
								<img src="../admin/img/3bid.png" width="140px" height="140px">
                            </div>
							<div class="ms-3">
                               <img src="../admin/img/faith.png" width="140px" height="140px">
							</div>
							<div class="ms-3">
								<img src="../admin/img/hope.png" width="140px" height="140px">
                            </div>
							<div class="ms-3">
                                <img src="../admin/img/love.png" width="250px" height="140px">
							</div>
							<div class="ms-3">
								<img src="../admin/img/hart.png" width="140px" height="140px">
                            </div>
							<div class="ms-3">
								<img src="../admin/img/bybel.png" width="140px" height="140px">
                            </div>
					</div>
                </div>
			</div>
		</div>
		
		<div class="container-fluid pt-4 px-4">
            <div class="row g-4">
                <div class="col-sm-6 col-xl-12">
                    <div class="bg-secondary rounded d-flex align-items-center justify-content-between p-4">
                            <div class="ms-3">
							
                                <h2 "title2">Jesus Christ is Lord Not a swear word</h2>
							</div>
							<div class="ms-3">
							
                                <h2 "title2">He is the truth the way and the life</h2>
							</div>
                    </div>
                </div>
			</div>
		</div>
		
		
		
		<div class="container-fluid pt-4 px-4">
			<div class="row g-4">
				<div class="col-sm-12 col-md-6 col-xl-2">
					<div class="h-100 bg-secondary rounded p-1">
						<div class="d-flex align-items-center justify-content-between mb-4">
								<h6 class="mb-0">Kalender</h6>
						</div>
						<div id="calender">
						</div>
					</div>
					
					
					
				</div>
				
								
				<div class="col-sm-12 col-md- col-xl-6">
					<div class="h-100 bg-secondary rounded p-4">
					<iframe src="https://www.meteoblue.com/en/weather/widget/three/isando_south-africa_994526?geoloc=fixed&nocurrent=0&noforecast=0&days=7&tempunit=CELSIUS&windunit=KILOMETER_PER_HOUR&layout=image"  frameborder="0" scrolling="NO" allowtransparency="true" sandbox="allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox" style="width: 805px; height: 620px"></iframe><div><!-- DO NOT REMOVE THIS LINK --><a href="https://www.meteoblue.com/en/weather/week/isando_south-africa_994526?utm_source=weather_widget&utm_medium=linkus&utm_content=three&utm_campaign=Weather%2BWidget" target="_blank" rel="noopener">meteoblue</a></div>
				
					</div>
				</div>
			</div>
		</div>	
		
		
		
		
		
		
	</div>  
	
</div>
<script src="https://apps.elfsight.com/p/platform.js" defer></script>
         <script src="https://code.jquery.com/jquery-3.4.1.min.js"></script>
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.0/dist/js/bootstrap.bundle.min.js"></script>
    <script src="js/chart.min.js"></script>
    <script src="js/easing.min.js"></script>
    <script src="js/waypoints.min.js"></script>
    <script src="js/owl.carousel.min.js"></script>
    <script src="js/moment.min.js"></script>
    <script src="js/moment-timezone.min.js"></script>
    <script src="js/tempusdominus-bootstrap-4.min.js"></script>

    <!-- Template Javascript -->
    <script src="../admin/js/main.js"></script>
	
    </body>
</html>

 

Link to comment
Share on other sites
mac_gyver Prolific Member

mac_gyver

Posted
Posted

the code on any php page should be laid out in this general order -

  1. initialization
  2. post method form processing
  3. get method business logic - get/produce data needed to display the page
  4. html document

if you build any or all of these sections using separate .php files, use 'require' for things that your page must have.

the html document that you produce must be valid and should not repeatedly load the same external elements. i recommend that you validate the resulting html output at validator.w3.org  the current result contains a large number of errors, which may account for the incorrect operation in the browser. also, have you checked the browser's developer console for errors?

 

Link to comment
Share on other sites
benanamen Prolific Member

benanamen

Posted
Posted
  1. Stop using the @ error suppressor.
  2. Do not put variables in your query. Use Prepared Statements. Your code is vulnerable to an XSS Attack.
  3. Never trust user supplied data
  4. Stop changing the case of your variables. Just always use lowercase
  5. You need to kill the script after a header redirect or the code will keep running that follows.
Link to comment
Share on other sites
hendrikbez Member

hendrikbez

Posted
  • Author
Posted
7 hours ago, benanamen said:
  1. Stop using the @ error suppressor.
  2. Do not put variables in your query. Use Prepared Statements. Your code is vulnerable to an XSS Attack.
  3. Never trust user supplied data
  4. Stop changing the case of your variables. Just always use lowercase
  5. You need to kill the script after a header redirect or the code will keep running that follows.

Thank you for info, it did help

1. did take out the @ error suppressor.

2. This is only on my private laptop, I am the only one that will use this.

3. 

4. Did change all cases to lowercase

5. Do not understand what you are saying here.

Link to comment
Share on other sites
hendrikbez Member

hendrikbez

Posted
  • Author
Posted
12 hours ago, benanamen said:
  1. Stop using the @ error suppressor.
  2. Do not put variables in your query. Use Prepared Statements. Your code is vulnerable to an XSS Attack.
  3. Never trust user supplied data
  4. Stop changing the case of your variables. Just always use lowercase
  5. You need to kill the script after a header redirect or the code will keep running that follows.

Did change code to and did change all that I understand, still not working 

if ($_SESSION['user_name_ecom']) {
        $myusername = $_SESSION['user_name_ecom'];
        $user_id = $_SESSION['user_id'];
    } else {
        header("location: indexnew.php");
		die();
	//	exit(header("Location: indexnew.php"));
    }


    if ($_SESSION['user_id']) 
	{
        $user_id = $_SESSION['user_id'];
        $loggedin_state = 1;
        $_SESSION['loggedin_state'] = 1;
        $a_unique_id = 181050300;
        $_SESSION['a_unique_id'] = $a_unique_id;
		
    } else 
	{
        session_destroy();
        header("location: indexnew.php");
		die();
		//exit(header("Location: indexnew.php"));
    }

 

Link to comment
Share on other sites
mac_gyver Prolific Member

mac_gyver

Posted
Posted (edited)
6 hours ago, hendrikbez said:

This is only on my private laptop, I am the only one that will use this.

that doesn't matter. the main point of using prepared queries is to prevent any sql special characters in a value from breaking the sql query syntax (which is how sql injection is accomplished.) currently, a value that contains a ' (singe-quote) will break the sql query syntax and produce an error, rather than to allow the UPDATE query to execute. what if the user on your site has a name that contains a ' or wants to use one in their username? using a prepared query also simplifies the sql query syntax, making it easier to write a query that doesn't contain typos.

6 hours ago, hendrikbez said:

Do not understand what you are saying here.

a header() statement doesn't stop php code execution. you must use an exit/die statement with/after a header() redirect to stop php code execution. currently (before the last posted code), all the rest of the code on the page executes every time it gets requested, even if the user isn't logged in.

6 hours ago, hendrikbez said:

did not know you can use it only one time.

it's not about using them only one time (you can use them any number of times.) this is about writing code that doesn't contain a lot of unnecessary clutter that you want someone else to look at and help you with. when you post code that contains as much as 2x the amount of typing in it that is necessity, it makes it harder for the people who would help you. it also takes your time typing and fixing mistakes in all the unnecessary typing.

the points that were made about the php code are coding practices that will help make the code secure, simplify it, help reduce mistakes, ...

here are some more points about just the posted php code -

  1. error_reporting should always be set to E_ALL and the setting should be in the php.ini on your system, so that you can change it in a single place.
  2. don't use output buffering to make bad code work. find and fix whatever is preventing your code from working. using output buffering also makes debugging harder because it hides non-fatal php errors and any debugging echo output you use, when you execute a header() redirect.
  3. the only value you should store in a session when the user logs in is the user_id. query on each page request to get any other user information (which you are doing) such as the username, permissions, ... this insures that any changes made to the other user information will take effect on the next page request. 
  4. don't copy variables to other variables for nothing. this is a waste of typing time. just use the original variables.
  5. don't unconditionally destroy the session. the session can hold things other then the logged in user_id. the session user_id will either be set or it won't. you don't need to create a bunch of variables and logic to detect if there is a logged in user or not.
  6. your should build the sql query statements in a php variable. this makes testing easier and help prevent typo mistakes by separate the sql query syntax as much as possible from the php code.
  7. don't use variables ending in numbers. this just makes more work for you keeping track of what you are doing in your code.
  8. you should list the columns you are selecting in queries. this help make your code self-documenting and helps prevent mistakes.
  9. outside of the log in code, you should NOT select and fetch passwords.
  10. don't use a loop to fetch data from a query that will match at most one row of data. just fetch the data.
  11. don't store passwords in plain text. use php's password_hash() and password_verify().
  12. don't attempt to detect if a form submit button is set. there are cases where it won't be. instead detect if a post method form was submitted.
  13. one case where the submit button won't be set is if you upload a file that exceeds the post_max_size setting. in this case, both the $_POST and $_FILES arrays will be empty. your post method form processing code must detect this and setup a message for the user that the size of the post data was too large and could not be processed.
  14. after you have detected that there is $_FILES data, you must test the ['error'] element and only use the uploaded file information if there was not an upload error (the errors are listed in the php documentation.)
  15. your post method form processing code should trim then validate all $_POST inputs before using them.
  16. apply htmlentities() to any dynamic value when you output it on a web page to help prevent cross site scripting.

finally, these points just apply to the php code. your makeup is not working due to the mistakes in the html document. you need to clean up the html document so that it only loads each external element once and is valid markup.

Edited by mac_gyver
  • Like 1
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.