Jump to content

wmeredith

Members
  • Posts

    22
  • Joined

  • Last visited

wmeredith's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. Hey guys if the user exits the browser will this code still run the user_logout.php ? Thanks session_cache_expire( 20 ); session_start(); // NEVER FORGET TO START THE SESSION!!! $inactive = 1200; //20 minutes *60 if(isset($_SESSION['start']) ) { $session_life = time() - $_SESSION['start']; if($session_life > $inactive){ header("Location: user_logout.php"); } } $_SESSION['start'] = time(); if($_SESSION['valid_user'] != true){ header('Location: ../....php'); }else{
  2. Thanks for the responses guys. I added a simple notification at the update page reminding all users to logout correctly and that seems to be working.
  3. I need to run a query when the user exits the browser with out properly logging out. Currently when a user logs out there is a query that runs that logs the users entry: $sql2 = "INSERT INTO provider_submits (provider_sub) values( '$provider_id')"; $result2 = sqlsrv_query($link, $sql2); [\code] but if the user doesn't logout and exits the browser with out clicking on the logout link the query won't run. Any ideas?
  4. How can you run a query or a piece of code when a session ends or the user exits the browser with out logging out? Thanks. <?php session_start(); include('C:\inetpub\wwwroot\connect.php'); $provider_id = $_SESSION['provider_id']; $sql2 = "INSERT INTO provider_submits (provider_sub) values( '$provider_id')"; $result2 = sqlsrv_query($link, $sql2); exec('c:\\dblocal\\notes.bat'); ?>
  5. That seemed to work but removing the last three lines returnes Hex values. Not sure if the Unpack Hex is in the wrong area when removing the 3 lines you requested. Hers is the whole file; <?php session_start(); include('C:\inetpub\wwwroot\connect.php'); // echo "<pre>"; // print_r($_SESSION); // echo "</pre>"; function mssql_escape($data) { if(is_numeric($data)) return $data; $unpacked = unpack('H*hex', $data); return '0x' . $unpacked['hex']; } $provider_id = $_SESSION['provider_id']; $password = $_SESSION['password']; if(isset($_SESSION['provider_id'])) { $provider_id = $_SESSION['provider_id']; $password = $_SESSION['password']; $sql = " SELECT COUNT(1) as cnt FROM providers WHERE provider_id = '$provider_id' AND password = '$password' "; $params = array(); $options = array( "Scrollable" => SQLSRV_CURSOR_KEYSET ); //$results = sqlsrv_query( $link, $sql, $params, $options); $row = sqlsrv_fetch_array(sqlsrv_query( $link, $sql, $params, $options)); //$row_count = sqlsrv_num_rows( $results ); //echo $row['cnt'] ; if($row['cnt'] == 1){ //echo "logging in"; $logged_in = true; $_SESSION['provider_id'] = $provider_id; $_SESSION['password'] = $password; } else { $logged_in = false; //echo "not logging in"; } } if(!$logged_in){ header("Location: index.php"); } else { //Create Edit Form Here (Should verify if 'appointment_id' is associated with 'provider_id') if(isset($_POST['appointment_id'])){ $appointment_id = mssql_escape($_POST['appointment_id']); $provider_id = mssql_escape($_SESSION['provider_id']); $sql = " SELECT COUNT(*) as count FROM session_notes WHERE appointment_id = '$appointment_id' AND provider_id = '$provider_id' "; $results = sqlsrv_query( $link, $sql, $params, $options); $row_count = sqlsrv_num_rows( $results ); if($row_count == 1){ if(isset($_POST['edit'])){ $_SESSION['appointment_id'] = $appointment_id; //OUTPUT UPDATE FORM $sql = " SELECT provider_id, patient_id, CONVERT(VARCHAR(10),appointment,110) as appt, notes,notes2,notes3 FROM session_notes WHERE appointment_id = '$appointment_id' "; $row = sqlsrv_fetch_array(sqlsrv_query($link,$sql)); $tpl_vars = array(); $tpl_vars['{{title}}'] = "Session Notes Update Form"; $tpl_vars['{{appointment_id}}'] = $appointment_id; $tpl_vars['{{provider_id}}'] = $row['provider_id']; $tpl_vars['{{patient_id}}'] = $row['patient_id']; $tpl_vars['{{appointment}}'] = $row['appt']; $tpl_vars['{{notes}}'] = $row['notes']; $tpl_vars['{{notes2}}'] = $row['notes2']; $tpl_vars['{{notes3}}'] = $row['notes3']; //get template & load data $tpl = file_get_contents('tpl/update_form.html'); echo str_replace (array_keys ($tpl_vars),array_values($tpl_vars),$tpl); } elseif (isset($_POST['update'])){ $notes = mssql_escape($_POST['notes']); $notes2 = mssql_escape($_POST['notes2']); $notes3 = mssql_escape($_POST['notes3']); //$notes = $_POST['notes']; //$notes2 = $_POST['notes2']; //$notes3 = $_POST['notes3']; $tpl_vars = array(); $tpl_vars['{{title}}'] = "Session Notes Update Complete"; $sql1 = "UPDATE session_notes SET notes = '$notes', notes2 = '$notes2', notes3 = '$notes3' WHERE appointment_id = '$appointment_id'"; $sql2 = "INSERT INTO provider_submits (provider_sub) values( '$provider_id')"; $result1 = sqlsrv_query($link, $sql1); //$result2 = sqlsrv_query($link, $sql2); //include('C:\inetpub\wwwroot\notes\trigg.php'); if ( $result1 ) { // your staff } else if ( $result2 ) { // your staff } if(sqlsrv_query($link,$sql)){ $tpl_vars['{{message}}'] = "Note Edited Successfully"; $Name = "Session Notes Entry App"; //senders name $email = "email@adress.com"; //senders e-mail adress $recipient = "notes@nipinst.org"; //recipient $mail_body = "Appointment ID: $appointment_id\nProvider ID: $provider_id"; //mail body $subject = "Note For AppID[$appointment_id] Updated"; //subject $header = "From: ". $Name . " <" . $email . ">\r\n"; //optional headerfields mail($recipient, $subject, $mail_body, $header); //mail command //mail("wm@nipinst.org","Note For AppID[$appointment_id] Updated","Appointment ID: $appointment_id\nProvider ID: $provider_id"); } else { //$tpl_vars['{{message}}'] = "Error! Please contact administrator."; die('Error: ' . mssql_get_last_message()); } //get template & load data $tpl = file_get_contents('tpl/update_complete.html'); echo str_replace(array_keys($tpl_vars),array_values($tpl_vars),$tpl); } else { header("Location: index.php"); //echo "A<br>"; } } else { header("Location: index.php"); //echo "B<br>"; } } else { header("Location: index.php"); //echo "C<br>"; } } Thanks for your response thus far.
  6. Hi Guy's I have an issue when posting text that has a single quote " ' ". The data just won't load. //get template & load data $tpl = file_get_contents('tpl/update_form.html'); echo str_replace(array_keys($tpl_vars),array_values($tpl_vars),$tpl); } elseif(isset($_POST['update'])){ $notes = mssql_escape($_POST['notes']); $notes2 = mssql_escape($_POST['notes2']); $notes3 = mssql_escape($_POST['notes3']); $notes = $_POST['notes']; $notes2 = $_POST['notes2']; $notes3 = $_POST['notes3']; $tpl_vars = array(); $tpl_vars['{{title}}'] = "Session Notes Update Complete"; $sql1 = "UPDATE session_notes SET notes = '$notes', notes2 = '$notes2', notes3 = '$notes3' WHERE appointment_id = '$appointment_id'"; If any text contains an ' Single quote it won't updat the data in the table.
  7. Hey guys I need help in to creating a second php file running just the second underlined query to run it when the user logs out. $sql1 = "UPDATE session_notes SET notes = '$notes',update.phpupdate.phpupdate.php notes2 = '$notes2', notes3 = '$notes3' WHERE appointment_id = '$appointment_id'"; $sql2 = "INSERT INTO provider_submits (provider_sub) values( '$provider_id')"; $result1 = sqlsrv_query($link, $sql1); $result2 = sqlsrv_query($link, $sql2); Attached is the full file with the session info Thanks
  8. I managed to figure out the Date formatting. I do need help with the equivalent of : mysql_escape for sqlsrv if(isset($_POST['login'])){ $provider_id = mysql_escape($_POST['provider_id']); $password = mysql_escape($_POST['password']); Thanks!
  9. I tried this: <?php session_start();?> <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <title>Session Notes Entry Form</title> <meta name="description" content=""> <link rel="stylesheet" href="css/normalize.css"> <link rel="stylesheet" href="http://yui.yahooapis.com/pure/0.2.0/pure-min.css"> <link rel="stylesheet" href="css/main.css"> <link rel="icon" type="image/ico" href="favicon.ico"> </head> <?php include('C:\inetpub\wwwroot\connect.php'); ?> <?php if(isset($_POST['login'])){ $provider_id = mysql_real_escape_string($_POST['provider_id']); $password = mysql_real_escape_string($_POST['password']); $sql = " SELECT COUNT(*) as count FROM providers WHERE provider_id = '$provider_id' AND password = '$password' "; $res = mysql_fetch_assoc(mysql_query($sql)); if($res['count'] == 1){ $logged_in = true; $_SESSION['provider_id'] = $provider_id; $_SESSION['password'] = $password; } else { $logged_in = false; } } elseif(isset($_SESSION['provider_id'])) { $provider_id = $_SESSION['provider_id']; $password = $_SESSION['password']; $sql = " SELECT COUNT(*) as count FROM providers WHERE provider_id = '$provider_id' AND password = '$password' "; $res = mysql_fetch_assoc(mysql_query($sql)); if($res['count'] == 1){ $logged_in = true; } else { $_SESSION = array(); session_destroy(); $logged_in = false; } } else { $logged_in = false; } if(!$logged_in){ $tpl_vars = array(); $tpl_vars['{{title}}'] = "Session Entry | Login"; $provider_id = isset($_POST['provider_id']) ? $_POST['provider_id'] : ''; $tpl_vars['{{content}}'] = str_replace('{{provider_id}}',$provider_id,file_get_contents('tpl/login_form.html')); } else { $session_provider_id = $_SESSION['provider_id']; $sql = "SELECT *,DATE_FORMAT(appointment,'%b %d %Y %h:%i %p') as appt FROM session_notes WHERE provider_id = '$session_provider_id'"; $res = mysql_query($sql); //Table Headers $table = "<table><tr><th>Appointment ID</th><th>Patient ID</th><th>Appointment</th><th>Method(s) Provided</th><th>Response/Goals</th><th>Plan/Comments</th></tr>"; while($row = mysql_fetch_assoc($res)){ $table .= "<tr>"; $table .= "<td>$row[appointment_id]</td>"; $table .= "<td>$row[patient_id]</td>"; $table .= "<td>$row[appt]</td>"; $table .= "<td>".nl2br($row['notes'])."</td>"; $table .= "<td>".nl2br($row['notes2'])."</td>"; $table .= "<td>".nl2br($row['notes3'])."</td>"; $table .= "<td>"; $table .= "<form action='update.php' method='post'>"; $table .= "<input type='submit' value='edit' name='edit'>"; $table .= "<input type='hidden' name='appointment_id' value='$row[appointment_id]'>"; $table .= "</form>"; $table .= "</td>"; $table .= "</tr>"; } $table .= "</table>"; $tpl_vars['{{title}}'] = "Session Notes Entry"; $tpl_vars['{{content}}'] = str_replace('{{table}}',$table,file_get_contents('tpl/notes_form.html')); } //get template & load data $tpl = file_get_contents('tpl/template.html'); echo str_replace(array_keys($tpl_vars),array_values($tpl_vars),$tpl); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ to this: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <?php session_start();?> <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <title>Session Notes Entry Form</title> <meta name="description" content=""> <link rel="stylesheet" href="css/normalize.css"> <link rel="stylesheet" href="http://yui.yahooapis.com/pure/0.2.0/pure-min.css"> <link rel="stylesheet" href="css/main.css"> <link rel="icon" type="image/ico" href="favicon.ico"> </head> <?php include('C:\inetpub\wwwroot\connect.php'); ?> <?php if(isset($_POST['login'])){ $provider_id = sqlsrv_escape($_POST['provider_id']); ??? $password = sqlsrv_escape($_POST['password']); ??? $sql = " SELECT COUNT(*) as count FROM [session_entry].[dbo].[providers] WHERE provider_id = '$provider_id' AND password = '$password' "; $results = sqlsrv_fetch_array(sqlsrv_query($sql)); if($res['count'] == 1){ $logged_in = true; $_SESSION['provider_id'] = $provider_id; $_SESSION['password'] = $password; } else { $logged_in = false; } } elseif(isset($_SESSION['provider_id'])) { $provider_id = $_SESSION['provider_id']; $password = $_SESSION['password']; $sql = " SELECT COUNT(*) as count FROM providers WHERE provider_id = '$provider_id' AND password = '$password' "; $results = sqlsrv_fetch_array(sqlsrv_query($sql)); if($res['count'] == 1){ $logged_in = true; } else { $_SESSION = array(); session_destroy(); $logged_in = false; } } else { $logged_in = false; } if(!$logged_in){ $tpl_vars = array(); $tpl_vars['{{title}}'] = "Session Entry | Login"; $provider_id = isset($_POST['provider_id']) ? $_POST['provider_id'] : ''; $tpl_vars['{{content}}'] = str_replace('{{provider_id}}',$provider_id,file_get_contents('tpl/login_form.html')); } else { $session_provider_id = $_SESSION['provider_id']; $sql = "SELECT *,DATE_FORMAT(appointment,'%b %d %Y %h:%i %p') as appt FROM session_notes WHERE provider_id = '$session_provider_id'"; $results = sqlsrv_query($sql); //Table Headers $table = "<table><tr><th>Appointment ID</th><th>Patient ID</th><th>Appointment</th><th>Method(s) Provided</th><th>Response/Goals</th><th>Plan/Comments</th></tr>"; while($row = sqlsrv_fetch_array($results)){ $table .= "<tr>"; $table .= "<td>$row[appointment_id]</td>"; $table .= "<td>$row[patient_id]</td>"; $table .= "<td>$row[appt]</td>"; $table .= "<td>".nl2br($row['notes'])."</td>"; $table .= "<td>".nl2br($row['notes2'])."</td>"; $table .= "<td>".nl2br($row['notes3'])."</td>"; $table .= "<td>"; $table .= "<form action='update.php' method='post'>"; $table .= "<input type='submit' value='edit' name='edit'>"; $table .= "<input type='hidden' name='appointment_id' value='$row[appointment_id]'>"; $table .= "</form>"; $table .= "</td>"; $table .= "</tr>"; } $table .= "</table>"; $tpl_vars['{{title}}'] = "Session Notes Entry"; $tpl_vars['{{content}}'] = str_replace('{{table}}',$table,file_get_contents('tpl/notes_form.html')); } //get template & load data $tpl = file_get_contents('tpl/template.html'); echo str_replace(array_keys($tpl_vars),array_values($tpl_vars),$tpl); doesn't work
  10. Thats what I finally decided to do, wrote my own code to execute the bat file. Thanks
  11. I figured it out. I was making changes to the wrong php.ini file. The phpinfo page revealed where the actual php.ini file was residing and when I added the changes it worked! You would thing it would be c:\php and c:\php\ext for all the needed extentions but no it was "C:\Program Files (x86)\PHP\php.ini" and "C:\Program Files (x86)\PHP\ext"
  12. I'm having the same problem. I made the additions needed to the php.ini and added the "php ext" path, installed Microsoft SQL Server 2012 Native Client, but when runnin the phpinfo script it doesn't reflect that the php drivers are loaded for SQL SRV. Also the dll files that should be loaded according to documentatiion is php_sqlsrv_54_nts_vc9.dll but the extracted files don't have that file listed. The one listed is php_sqlsrv_54_nts.dll Any thoughts?
  13. Actually this worked; <?php exec('c:\\folder\\whatever.bat'); ?> Now I actually want a trigger in MYSQL to execute the php file after an INSERT of a certain table. Have any ideas?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.