Αρχαριος, επιλογη του key απο SESSION ή GET

Συζητήσεις για την βάση δεδομένων MySQL και το phpMyAdmin

Συντονιστές: WebDev Moderators, Super-Moderators

Απάντηση
mola_kalouba
Δημοσιεύσεις: 168
Εγγραφή: 17 Φεβ 2008 11:14
Επικοινωνία:

Αρχαριος, επιλογη του key απο SESSION ή GET

Δημοσίευση από mola_kalouba » 06 Σεπ 2010 22:22

Παιδιά ορίστε ένα σχεδιάγραμμα με αυτό που θέλω να κάνω

Σχεδιάγραμμα

Και ωριστε και ο κωδικας που εχω

Κώδικας: Επιλογή όλων

<?php require_once&#40;'../../Connections/Filmar.php'&#41;; ?>
<?php
if &#40;!isset&#40;$_SESSION&#41;&#41; &#123;
 session_start&#40;&#41;;
&#125;
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page&#58; Grant or deny access to this page
function isAuthorized&#40;$strUsers, $strGroups, $UserName, $UserGroup&#41; &#123; 
 // For security, start by assuming the visitor is NOT authorized. 
 $isValid = False; 

 // When a visitor has logged into this site, the Session variable Username set equal to their username. 
 // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
 if &#40;!empty&#40;$UserName&#41;&#41; &#123; 
  // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
  // Parse the strings into arrays. 
  $arrUsers = Explode&#40;",", $strUsers&#41;; 
  $arrGroups = Explode&#40;",", $strGroups&#41;; 
  if &#40;in_array&#40;$UserName, $arrUsers&#41;&#41; &#123; 
   $isValid = true; 
  &#125; 
  // Or, you may restrict access to only certain users based on their username. 
  if &#40;in_array&#40;$UserGroup, $arrGroups&#41;&#41; &#123; 
   $isValid = true; 
  &#125; 
  if &#40;&#40;$strUsers == ""&#41; && true&#41; &#123; 
   $isValid = true; 
  &#125; 
 &#125; 
 return $isValid; 
&#125;

$MM_restrictGoTo = "index.php";
if &#40;!&#40;&#40;isset&#40;$_SESSION&#91;'Username'&#93;&#41;&#41; && &#40;isAuthorized&#40;"",$MM_authorizedUsers, $_SESSION&#91;'Username'&#93;, $_SESSION&#91;'MM_UserGroup'&#93;&#41;&#41;&#41;&#41; &#123;  
 $MM_qsChar = "?";
 $MM_referrer = $_SERVER&#91;'PHP_SELF'&#93;;
 if &#40;strpos&#40;$MM_restrictGoTo, "?"&#41;&#41; $MM_qsChar = "&";
 if &#40;isset&#40;$QUERY_STRING&#41; && strlen&#40;$QUERY_STRING&#41; > 0&#41; 
 $MM_referrer .= "?" . $QUERY_STRING;
 $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode&#40;$MM_referrer&#41;;
 header&#40;"Location&#58; ". $MM_restrictGoTo&#41;; 
 exit;
&#125;
?>
<?php
if &#40;!function_exists&#40;"GetSQLValueString"&#41;&#41; &#123;
function GetSQLValueString&#40;$theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = ""&#41; 
&#123;
 if &#40;PHP_VERSION < 6&#41; &#123;
  $theValue = get_magic_quotes_gpc&#40;&#41; ? stripslashes&#40;$theValue&#41; &#58; $theValue;
 &#125;

 $theValue = function_exists&#40;"mysql_real_escape_string"&#41; ? mysql_real_escape_string&#40;$theValue&#41; &#58; mysql_escape_string&#40;$theValue&#41;;

 switch &#40;$theType&#41; &#123;
  case "text"&#58;
   $theValue = &#40;$theValue != ""&#41; ? "'" . $theValue . "'" &#58; "NULL";
   break;  
  case "long"&#58;
  case "int"&#58;
   $theValue = &#40;$theValue != ""&#41; ? intval&#40;$theValue&#41; &#58; "NULL";
   break;
  case "double"&#58;
   $theValue = &#40;$theValue != ""&#41; ? doubleval&#40;$theValue&#41; &#58; "NULL";
   break;
  case "date"&#58;
   $theValue = &#40;$theValue != ""&#41; ? "'" . $theValue . "'" &#58; "NULL";
   break;
  case "defined"&#58;
   $theValue = &#40;$theValue != ""&#41; ? $theDefinedValue &#58; $theNotDefinedValue;
   break;
 &#125;
 return $theValue;
&#125;
&#125;

$editFormAction = $_SERVER&#91;'PHP_SELF'&#93;;
if &#40;isset&#40;$_SERVER&#91;'QUERY_STRING'&#93;&#41;&#41; &#123;
 $editFormAction .= "?" . htmlentities&#40;$_SERVER&#91;'QUERY_STRING'&#93;&#41;;
&#125;
$colname_getUser = "-1";
&#91;color=red&#93;if &#40;$_SESSION&#91;'Username'&#93; == 'babis'&#41; &#123; //εδω κάνω τον έλεγχο για να πάρει το key απο GET ή απο SESSION
  if &#40;isset&#40;$_GET&#91;'id'&#93;&#41;&#41; &#123;
 $colname_getUser = $_GET&#91;'id'&#93;;
&#125; else &#123;
  if &#40;isset&#40;$_SESSION&#91;'Username'&#93;&#41;&#41; &#123;
  $colname_getUser = $_SESSION&#91;'Username'&#93;;
  &#125;&#91;/color&#93;
&#125;
&#125;
 mysql_select_db&#40;$database_Filmar, $Filmar&#41;;
$query_getUser = sprintf&#40;"SELECT id, username, password, first_name, last_name FROM users WHERE username = %s", GetSQLValueString&#40;$colname_getUser, "text"&#41;&#41;;
$getUser = mysql_query&#40;$query_getUser, $Filmar&#41; or die&#40;mysql_error&#40;&#41;&#41;;
$row_getUser = mysql_fetch_assoc&#40;$getUser&#41;;
$totalRows_getUser = mysql_num_rows&#40;$getUser&#41;;

if &#40;&#40;isset&#40;$_POST&#91;"MM_update"&#93;&#41;&#41; && &#40;$_POST&#91;"MM_update"&#93; == "form1"&#41;&#41; &#123;
  // Initialize array for error messages
 $error = array&#40;&#41;;
 // Remove whitespace and check first and family names
 $_POST&#91;'first_name'&#93; = trim&#40;$_POST&#91;'first_name'&#93;&#41;;
 $_POST&#91;'last_name'&#93; = trim&#40;$_POST&#91;'last_name'&#93;&#41;; 
 
 
 
 
 
 
 
 
 // set a flag that assumes the password is OK
 $pwdOK = true;
 // trim leading and trailing white space
 $_POST&#91;'password'&#93; = trim&#40;$_POST&#91;'password'&#93;&#41;;
 // if password field is empty, use existing password
  if &#40;empty&#40;$_POST&#91;'password'&#93;&#41;&#41; &#123;
  $_POST&#91;'password'&#93; = $row_getUser&#91;'password'&#93;;
  &#125; else &#123;
  // otherwise, conduct normal checks
 // if less than 6 characters, create alert and set flag to false
 if &#40;strlen&#40;$_POST&#91;'password'&#93;&#41; < 6&#41; &#123;
  $error&#91;'password_length'&#93; = 'Your password must be at least 6 characters';
  $pwdOK = false;
 &#125;
 // if no match, create alert and set flag to false
 if &#40;$_POST&#91;'password'&#93; != trim&#40;$_POST&#91;'conf_password'&#93;&#41;&#41; &#123;
  $error&#91;'password'&#93; = "Your passwords don't match";
  $pwdOK = false;
 &#125;

  &#125;
 
 // if no errors, insert the details into the database 
 if &#40;!$error&#41; &#123;
 $updateSQL = sprintf&#40;"UPDATE users SET password=%s, first_name=%s, last_name=%s WHERE id=%s",
            GetSQLValueString&#40;$_POST&#91;'password'&#93;, "text"&#41;,
            GetSQLValueString&#40;$_POST&#91;'first_name'&#93;, "text"&#41;,
            GetSQLValueString&#40;$_POST&#91;'last_name'&#93;, "text"&#41;,
            GetSQLValueString&#40;$_POST&#91;'id'&#93;, "int"&#41;&#41;;

 mysql_select_db&#40;$database_Filmar, $Filmar&#41;;
 $Result1 = mysql_query&#40;$updateSQL, $Filmar&#41;;
 if &#40;!$Result1 && mysql_error&#40;&#41;&#41; &#123;
 $error&#91;'dbError'&#93; = 'Sorry, there was a problem with the database. Please try later.';
 &#125; else &#123;
 $updateGoTo = "control_panel.php?status=1";
 if &#40;isset&#40;$_SERVER&#91;'QUERY_STRING'&#93;&#41;&#41; &#123;
  $updateGoTo .= &#40;strpos&#40;$updateGoTo, '?'&#41;&#41; ? "&" &#58; "?";
  $updateGoTo .= $_SERVER&#91;'QUERY_STRING'&#93;;
 &#125;
 header&#40;sprintf&#40;"Location&#58; %s", $updateGoTo&#41;&#41;;
&#125;
&#125;
&#125;

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http&#58;//www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http&#58;//www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/Filmar CMS_page.dwt.php" codeOutsideHTMLIsLocked="false" -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<!-- InstanceBeginEditable name="doctitle" -->
<title>Untitled Document</title>
<!-- InstanceEndEditable -->
<link href="CMS.css" rel="stylesheet" type="text/css" />
<!-- InstanceBeginEditable name="head" -->
<link href="update.css" rel="stylesheet" type="text/css" />
<!-- InstanceEndEditable -->
</head>

<body class="oneColFixCtrHdr">

<div id="container">
 <div id="header">
  <!-- end #header -->
 </div><div id="menubaset"><a href="update.php">Change Profile</a></div>
 <!-- InstanceBeginEditable name="mainContent" -->
<div id="mainContent">
 <h1>Settings for <?php echo $row_getUser&#91;'username'&#93;; ?></h1>
 <?php
if &#40;isset&#40;$error&#41;&#41; &#123;
 echo '<ul>';
 foreach &#40;$error as $alert&#41; &#123;
  echo "<li class='errormsg'>$alert</li>\n";
 &#125;
 echo '</ul>';
 // remove escape characters from POST array
 if &#40;PHP_VERSION < 6 && get_magic_quotes_gpc&#40;&#41;&#41; &#123;
  function stripslashes_deep&#40;$value&#41; &#123;
   $value = is_array&#40;$value&#41; ? array_map&#40;'stripslashes_deep', $value&#41; &#58; stripslashes&#40;$value&#41;;
   return $value;
   &#125;
  $_POST = array_map&#40;'stripslashes_deep', $_POST&#41;;
 &#125;
&#125;
?>
 <p class="maincontent_text"><form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">
  <table width="65%" border="0" cellspacing="0" cellpadding="0">
   <tr>
    <td width="53%">Password&#58;<br />
     &#40;leave blank if unchanged&#41;</td>
    <td><input type="password" name="password" id="password" /></td>
   </tr>
   <tr>
    <td>Confirm Password&#58;</td>
    <td><input type="password" name="conf_password" id="conf_password" /></td>
   </tr>
   <tr>
    <td>First Name&#58;</td>
    <td><input value="<?php if &#40;isset&#40;$_POST&#91;'first_name'&#93;&#41;&#41; &#123; echo htmlentities&#40;$_POST&#91;'first_name'&#93;, ENT_COMPAT, 'UTF-8'&#41;;&#125; else &#123; echo htmlentities&#40;$row_getUser&#91;'first_name'&#93;,ENT_COMPAT, 'UTF-8'&#41;;
&#125; ?>" type="text" name="first_name" id="first_name" /></td>
   </tr>
   <tr>
    <td>Last Name&#58;</td>
    <td><input value="<?php if &#40;isset&#40;$_POST&#91;'last_name'&#93;&#41;&#41; &#123; echo htmlentities&#40;$_POST&#91;'last_name'&#93;, ENT_COMPAT, 'UTF-8'&#41;;&#125; else &#123; echo htmlentities&#40;$row_getUser&#91;'last_name'&#93;,ENT_COMPAT, 'UTF-8'&#41;;
&#125; ?>" type="text" name="last_name" id="last_name" /></td>
   </tr>
   <tr>
    <td colspan="2"><input type="submit" name="Submit" id="Submit" value="Save Settings" />
     <input name="id" type="hidden" id="id" value="<?php echo $row_getUser&#91;'id'&#93;; ?>" /></td>
    </tr>
  </table>
  <input type="hidden" name="MM_update" value="form1" />
  <p>Back to <a href="control_panel.php">Control Panel</a></p>
 </form>
 </p>
 <p class="clearev"></p>
 <!-- end #mainContent -->
</div>
<!-- InstanceEndEditable -->
<!-- end #container --></div>
</body>
<!-- InstanceEnd --></html>
<?php
mysql_free_result&#40;$getUser&#41;;
?> 
Μηπως μπορειτε να με βοηθησετε γιατι με αυτο τον κωδικα δεν μου δουλευει

Ευχαριστω πολυ

Apostolis_38
Δημοσιεύσεις: 1969
Εγγραφή: 14 Φεβ 2008 16:20
Τοποθεσία: ΠΕΙΡΑΙΑΣ

Αρχαριος, επιλογη του key απο SESSION ή GET

Δημοσίευση από Apostolis_38 » 07 Σεπ 2010 21:12

Τι πρόβλημα σε κάνει;

mola_kalouba
Δημοσιεύσεις: 168
Εγγραφή: 17 Φεβ 2008 11:14
Επικοινωνία:

Αρχαριος, επιλογη του key απο SESSION ή GET

Δημοσίευση από mola_kalouba » 08 Σεπ 2010 10:58

Απλα δεν επερνε την GET['id'] αλλα βρηκα το προβλημα

Ευχαριστω πολυ

Απάντηση

Επιστροφή στο “MySQL”

Μέλη σε σύνδεση

Μέλη σε αυτήν τη Δ. Συζήτηση: Δεν υπάρχουν εγγεγραμμένα μέλη και 0 επισκέπτες