Jump to content

alpine

Members
  • Posts

    759
  • Joined

  • Last visited

About alpine

  • Birthday 03/26/1973

Profile Information

  • Gender
    Male
  • Location
    Norway

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

alpine's Achievements

Member

Member (2/5)

3

Reputation

  1. You can also define a variable, and echo that. This means the variable will always be defined. $notes = (!empty($rows['notes'] ? $rows['notes'] : ''); echo $notes; // if $rows['notes'] contains info, it will be printed, else it prints out nothing ( '' ).
  2. Its really hard to read your code, please put it inside code tags. Bootstrap modal isnt visible by default, so if you post to the same page, the post normally wont be handleded if the handler is inside the modal. Look into jquery ajax to handle forms from modal, search around for examples on the interweb
  3. Instead of storing passwords anywhere client side for client identification, one approach is to create a unique code (temp generated password) each time a user logs in. Store it in the users table, set it in cookie or session and match against that instead. On logout, clear it. Even better, update it on sertain pageload intervals to prevent it from being static and match it against a timestamp when last generated. Password should never be pulled out of table, only matched at the point of login.
  4. $thematches->linkset->link is obviously not an array (anymore), thats why its flagged as invalid Simple test: if(is_array($thematches->linkset->link)){ echo '<p>is array:</p>'; print_r($thematches->linkset->link); } else{ echo '<p>is not an array:</p>'; echo $thematches->linkset->link; }
  5. If you match 2 rows with the same username AND password, its impossible to differ those users apart. I would rather deny access under this circumstance rather than doing 'limit 1' that may give the wrong user access to his twin account. If user id 1 and user id 2 have the same creditentials, a default ascending query 'limit 1' login attemt performed by user 2 will give access to user id 1 account. A sensible design should as we all know prevent this from ever happening in the first place. I would match with rows = 1 or deny access
  6. You shouldnt use json to transport html formatted content as it will most lightly break (as it does right now in your example - its json that breaks it), and if you are sending content to JQM you should send pure data and format it in JQM for best result. JQM can be a real pain to work with even if you try to do it according to standars, especially when moving outside utf8 (as some of us have to). When working with mobile content you also want to send as little amount of data as possible between server and mobile unit for best possible performance and smallest data size. This alltogether would save you from the trouble you are experiencing at this stage. So if this is a new db/content setup you should reconcider storing pure data in db, if not you probably need to clean away any html before sending it through json_encode. Your alternative is to drop json and send it as html through ajax. Your best option is probably to run the query with default encoding and adapt the data with php before sending it.
  7. Something like this function utf8_apply($val){ return utf8_encode($val); } $employees = array_map("utf8_apply", $employees);
  8. You cannot utf8_encode an array, apply utf8_encode to the values (string)
  9. In cases where the database charset is different from utf8 you should always encode the text before sending it through ajax, this is also the case with JQM as its no way to override utf8 charset unless you edit the JQM source Replacing special chars is probably not your best option // you have some control in this example, no special characters as we can avoid them $js_return['status'] = 'saved'; // this however might contain special characters depending of db charset etc, convert it to utf8 before sending it $js_return['text'] = utf8_encode($db_data); echo json_encode($js_return);
  10. I would check that there is none with that username, if you have 2 or more already stored while comparing with "1", it will always allow yet another one. if(mysql_num_rows($run) === 0){ echo 'nobody with that username was found in database'; } else{ echo 'You cannot use this username'; }
  11. Okay, remove the print_r if($_SESSION['login'] && $_SESSION['type'] === 'ADMINISTRATION'){ You have 3 comparisors === Try with only 2 == Other than that its hard to say whats going on. You just have to do some faultfinding within your files and functions.
  12. Try this, what do you get ? <?php include '../../core.php'; echo "<pre>"; print_r($_SESSION); echo "</pre>"; exit(); if($_SESSION['login'] && $_SESSION['type'] === 'ADMINISTRATION'){ ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <link rel="stylesheet" type="text/css" href="../css/main.css"/> </head> <body> This is Admin. <a href="../../logout.php">Log Out!</a> </body> </html> <?php }else{ header('Location:Webpage/index.php'); } ?>
  13. Hard to follow what you are using at this stage, are you using this ? if(!isset($_SESSION['login']) || (isset($_SESSION['type']) && $_SESSION['type'] != 'ADMINISTRATION')) { header('Location:Webpage/index.php'); exit; // stop the script } Its passing you on to Webpage/index.php if session "login" isnt set, and i cannot see its being set anywhere ? This means this will always send you to Webpage/index.php. And if Webpage/index.php is checking to see if session "type" is set, it will send you "back" i presume.. and there you have a loop
  14. I noticed my error on form names but was unable to edit. Rename form inputs to eusername and epassword as commented above. I dont generally dont provide cut and paste code, only suggested methods. You still have to learn php yourself. Here is what you need to run the query in my example. Still not tested and it requires a little kung fu from you. if(!empty($err)){ echo "<ul><li>".implode("</li><li>",$err)."</li></ul>"; } else{ $query = "SELECT LogUsername FROM tbl_account WHERE LogUsername='".$eusername."' AND LogPassword = '".$epassword."' AND type = '".$logintype."'"; $query_run = mysql_query($query); if(mysql_num_rows($query_run) == '1'){ $row = mysql_fetch_row($query_run); $_SESSION['user_id'] = $row[0]; $_SESSION['type'] = $logintype; echo "<script>alert('".$logintype." Login')</script>"; switch($logintype){ case 'ADMINISTRATION': header('Location: ../../ADMIN.php'); exit(); break; default: header('Location: ../../EMPLOYEE.php'); exit(); } }else{ echo "<script>alert('Incorrect Pass or User')</script>"; } }
  15. as a sidenote, you can optimize your loginform with an option list instead of 2 login forms, untested version: <?php if(isset($_POST['submit'])){ $err = array(); $required = array( 'eusername', 'epassword' ); foreach($_POST as $field => $value){ if(in_array($field,$required) && empty($value)){ $err[] = $field." cannot be empty"; } else{ ${$field} = mysql_real_escape_string($value); } } switch($_POST['id_type']){ case 'employee': $logintype = 'EMPLOYEE'; break; case 'admin': $logintype = 'ADMINISTRATION'; break; default: $err[] = "Incorrect login type"; } if(!empty($err)){ echo "<ul><li>".implode("</li><li>",$err)."</li></ul>"; } else{ $query = "SELECT * FROM tbl_account WHERE LogUsername='".$eusername."' AND LogPassword = '".$epassword."' AND type = '".$logintype."'"; // run query and set sessions etc } } ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> ID: <input type="text" name="username"> </br> Password: <input type="password" name="password"> Type: <select name="id_type"> <option value="employee">Employee</option> <option value="admin">Admin</option> </select> <input type="submit" name="submit" id="adminsubmit" value="Log in"> </form>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.