Jump to content

thomaslian

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by thomaslian

  1. Yes, the coding in Dreamweaver is a mess. I also see when i edit my "Server behaviors" it does only add a new code, it does not delete the old one. This will make a red "!", and the code will not work before you delete the old codes. So I read about sessions, and it finally worked. I counted on the session Username like you said and that worked fine for me, my link looks like this "/pages/update.php" (very clean). One last problem, when i click my update button, it opens a new tab, so i get two tabs with the "update.php". Is it anyway preventing the button to open a new tab? I only want to refresh the page i stay on. Thanks for your time and help!
  2. Okay, i got the diffrence now. Well, with a little help from dreamweaver i got this code (i dont know if i got it sortet right). At first i got it working, but not anymore... I don't know what happend. //Get database info<?php require_once('../Connections/lager.php'); ?><?phpif (!isset($_SESSION)) { session_start();}$MM_authorizedUsers = "0,1";$MM_donotCheckaccess = "false";// *** Restrict Access To Page: Grant or deny access to this pagefunction isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && false) { $isValid = true; } } return $isValid; }$MM_restrictGoTo = "login.php";if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) $MM_referrer .= "?" . $_SERVER['QUERY_STRING']; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit;}if (!function_exists("GetSQLValueString")) {function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue;}}$editFormAction = $_SERVER['PHP_SELF'];if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);}if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "register")) { $updateSQL = sprintf("UPDATE Users SET FirstName=%s, LastName=%s, Email=%s, UserName=%s, Password=%s WHERE UserID=%s", GetSQLValueString($_POST['FirstName'], "text"), GetSQLValueString($_POST['LastName'], "text"), GetSQLValueString($_POST['Email'], "text"), GetSQLValueString($_POST['UserName'], "text"), GetSQLValueString($_POST['Password'], "text"), GetSQLValueString($_POST['UserID'], "int")); mysql_select_db($database_lager, $lager); $Result1 = mysql_query($updateSQL, $lager) or die(mysql_error());}$colname_GetUserInfo = "-1";if (isset($_SESSION['UserName'])) { $colname_GetUserInfo = $_SESSION['UserName'];}mysql_select_db($database_lager, $lager);$query_GetUserInfo = sprintf("SELECT * FROM Users WHERE UserName = %s", GetSQLValueString($colname_GetUserInfo, "text"));$GetUserInfo = mysql_query($query_GetUserInfo, $lager) or die(mysql_error());$row_GetUserInfo = mysql_fetch_assoc($GetUserInfo);$totalRows_GetUserInfo = mysql_num_rows($GetUserInfo);?>
  3. Yes, i made the "User" and "UserName" before creating the boxes(i have also double checked that they have both big and smal characters), i also have a registration page that sends information to the database without problem. Will the Update data in database toturial at w3schools do this? mysqli_query($con,"UPDATE Persons SET Age=36WHERE FirstName='Peter' AND LastName='Griffin'"); So i have this from my database "FirstName", "LastName", "Email", "UserName" and "Password". I am not sure about the diffrence between "SET" and "WHERE". Would i example do this "SET FirstName=(to my textbox first name), LastName=(to my textbox last name) and so on" and then "WHERE FirstName=(old firstame in database) and so on" So the code would be like this mysqli_query($con,"UPDATE User SET FirstName=(textbox), LastName=(textbox)WHERE FirstName='(Firstname in database)' AND LastName='(Lastname in database)'"); Will this still work even if i am changing the value i am setting as "WHERE"? Sorry if i am asking silly questions, trying to learn this!
  4. I have a file called update.php and controlpanel.php. The update file is a place where a registered user can update their information, i have a text that links to update file from the controlpanel file. I am using Dreamweaver CS6, at first i make it fill the text boxes i have made, the code shows {RegistrerUsers.FirstName} on the firstname box. Then i go to Server Behaviors and udate my recordset(User). There i set filter to "UserName, =, URL Parameter, UserName" and click ok. I would then add a "update" button and a hidden field as normal. Now i go to my controlpanel file and edit my recordset(User), i will set this one to "UserName, =, Session Variable, UserName". I now mark my update text and link it to the update file, before clicking ok i press the Parameters button, on name i fill "UserName" and value i fill "<?php echo $row_User['UserName']; ?>". Then when i try this it would not work, i do see that the link is like this "update.php?UserName=". I am currently logged in as admin, so when i put admin in the link like this "update.php?UserName=admin", all the information would show up. So it does not do this automatically. Another problem is that i have access to edit other users, example if i put the username "user" in the link like this "update.php?UserName=user", i would get all information from user still if i am logged in as admin. I can also login as "user" and show admin information. Any idea of what i could have done wrong?
×
×
  • Create New...