Page 1 of 1

php-login-scipt mods

Posted: Tue Mar 23, 2010 5:58 am
by phphlp47
I attempting to modify a login script and wonder if somebody can assist with my modifications, the original download can be located at http://php-login-script.com/ I have added a number of DB fields to this system and have it doing most of the functions I need. I have one remaining mod that I just cannot seem to get to work, so if anybody can help here’s my problem.
The user registration side of this system, including our extra fields, works very well but before I start to put it live I would like to add a function to allow a new client appointment date to be updated in a clients records. This will update a field called Next_Appointment for a selected and registered client. For this I’m using an input form with a javascript popup date and time selection calendar. This function works fine on the page that a user sees in their own login details, but it needs to be entered by admin into a selected users records and not by the client, they will only see the date and time not be allowed to change it. As admin_main.php has a list of registered users this is where I would like to put the input box with the javascript popup calendar selector. I have made the coding changes to display the input box with the popup calendar, but no matter what registered client is used the selected date and time gets displayed on the first client record and the DB field is not updated.
The email notification works but does not display the selected date/time; the selected date/time is displayed on the first user entry and the database field is not updated for the correct or any user.
The modified admin_main.php code follows, with the input field changes, probably a number of coding errors, but hopefully somebody can suggest the correct way of achieving my requirement; Many thanks in advance.

Code: Select all

<? session_start();
if(!isset($_SESSION['user_admin'])) {
header("Location: index.php");
exit();
}
include '../dbc.php';
$page_limit = 15; 

if($_POST['doSave'] == 'Save')  
{
// Filter POST data for harmful code (sanitize)
foreach($_POST as $key => $value) {
    $data[$key] = filter($value);
}
if($_GET['cmd'] == 'appointment')
{
mysql_query("UPDATE users SET
            `Next_Appointment` = '$data[Next_Appointment]', 
            WHERE id='$_GET[id]'
            ") or die(mysql_error());    
$rs_email = mysql_query("select user_email from users where id='$_GET[id]'") or die(mysql_error());
list($to_email) = mysql_fetch_row($rs_email);

$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$login_path = @ereg_replace('admin','',dirname($_SERVER['PHP_SELF']));
$path   = rtrim($login_path, '/\\');

$message = 
"Thank you for your new appointment. You can check your new appointment date on our system...

$data[Next_Appointment]

*****LOGIN LINK*****\n
http://$host$path/login.php

Thank You

Administrator
$host_upper
______________________________________________________
THIS IS AN AUTOMATED RESPONSE. 
***DO NOT RESPOND TO THIS EMAIL****
";

    @mail($to_email, "User Activation", $message,
    "From: \"Member Registration\" <auto-reply@$host>\r\n" .
     "X-Mailer: PHP/" . phpversion());


// echo "Active";


}
}

if (!isset($_GET['page']) )
{ $start=0; } else
{ $start = ($_GET['page'] - 1) * $page_limit; }


$rs_all = mysql_query("select count(*) as total_all from users") or die(mysql_error());
$rs_active = mysql_query("select count(*) as total_active from users where approved='1'") or die(mysql_error());

$rs_pending = mysql_query("select * from users where approved='0'
                           limit $start,$page_limit
                           ") or die(mysql_error());
$rs_total_pending = mysql_query("select count(*) as tot from users where approved='0'");                           
list($total_pending) = mysql_fetch_row($rs_total_pending);

$rs_recent = mysql_query("select * from users where approved='1' order by id") or die(mysql_error());

list($all) = mysql_fetch_row($rs_all);
list($active) = mysql_fetch_row($rs_active);
$nos_pending = mysql_num_rows($rs_pending);

?>
<html>
<head>
<title>Administration Main Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<script language="JavaScript" type="text/javascript" src="../js/jquery-1.3.2.min.js"></script>
<script language="javascript" type="text/javascript" src="../js/datetimepicker.js"></script>

</head>

<body>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="8%" valign="top"><p>Admin Main</p>
      <p><br>
        <a href="newuser.php">Create User</a><br>
        <a href="admin_ban.php">Ban/Unban </a><br>
        <a href="admin_logout.php">Logout</a> <br>
      </p></td>
    <td width="89%"><h2>Administration Page</h2>
      <table width="100%" border="0" cellspacing="0" cellpadding="0">
        <tr>
          <td>Total users: <? echo $all;?></td>
          <td>Active users: <? echo $active; ?></td>
          <td>Pending users: <? echo $nos_pending; ?></td>
        </tr>
      </table>
      <p>&nbsp;</p>
      <table width="80%" border="0" align="center" cellpadding="10" cellspacing="5" bgcolor="#e5ecf9">
        <tr>
          <td><form name="form1" method="post" action="admin_results.php">
              Search 
              <input name="q" type="text" id="q">
              <input type="submit" name="Submit" value="Submit">
              [Type email or name] </form></td>
        </tr>
      </table>
      <p><strong>*Note: </strong>Once the user is banner, he/she will never be 
        able to register new account with same email address.</p>
      <h3>Users Pending Approval</h3>
      <p>Approve -> A notification email will be sent to user notifying activation.<br>
        Ban -> No notification email will be sent to the user.</p>
      <p>Total Pending: <? echo $total_pending; ?></p>
      <table width="99%" border="0" align="center" cellpadding="0" cellspacing="0">
        <tr bgcolor="#e5ecf9"> 
          <td width="4%"><strong>ID</strong></td>
          <td> <strong>Date</strong></td>
          <td><strong>User Name</strong></td>
          <td width="26%"><strong>Email</strong></td>
          <td width="9%"><strong>Approved</strong></td>
          <td width="7%"> <strong>Banned</strong></td>
          <td width="24%">&nbsp;</td>
        </tr>
        <tr> 
          <td>&nbsp;</td>
          <td width="12%">&nbsp;</td>
          <td width="18%">&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
        <? while ($prows = mysql_fetch_array($rs_pending)) {?>
    <tr> 
          <td>#<? echo $prows['id']?></td>
          <td><? echo $prows['date']?></td>
          <td><? echo $prows['user_name']?></td>
          <td><? echo $prows['user_email']?></td>
          <td> <span id="papprove<? echo $prows['id']; ?>">
            <? if(!$prows['approved']) { echo "Pending"; } else {echo "yes"; }?>
            </span>
          </td>
          <td><span id="pban<? echo $prows['id']; ?>">
            <? if(!$prows['banned']) { echo "no"; } else {echo "yes"; }?>
            </span> 
          </td>
          <td>
            <a href="javascript:void(0);" onclick='$.get("do2.php",{ cmd: "approve", id: "<? echo $prows['id']; ?>" } ,function(data){ $("#papprove<? echo $prows['id']; ?>").html(data); });'>Approve</a> 
           | <a href="javascript:void(0);" onclick='$.get("do2.php",{ cmd: "ban", id: "<? echo $prows['id']; ?>" } ,function(data){ $("#pban<? echo $prows['id']; ?>").html(data); });'>Ban</a> 
           | <a href="javascript:void(0);" onclick='$.get("do2.php",{ cmd: "unban", id: "<? echo $prows['id']; ?>" } ,function(data){ $("#pban<? echo $prows['id']; ?>").html(data); });'>Unban</a>
            </td>
        </tr>
        <? } ?>
        <tr> 
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
        <tr> 
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
      </table>
      <p>  <?php
      // generate paging here
      if ($total_pending > $page_limit)
      {
       $total_pages = ceil($total_pending/$page_limit);
       echo "<h4><font color=\"#CC0000\">Pages: </font>";
      $i = 0;
        while ($i < $total_pages) 
        {
                $page_no = $i+1;
                echo "<a href=\"admin_main.php?page=$page_no\">$page_no</a> ";
                $i++;
        }
      echo "</h4>";
      }?>
      </p>
      <p>
        <input name="doRefresh" type="button" id="doRefresh" value="Refresh All" onClick="location.reload();">
      </p>
      <h3>Recent Registrations</h3>
      <p>This shows registrations and their 
        approved / banned & next appointment status.</p>
      <table width="99%" border="1" align="center" cellpadding="0" cellspacing="0">
        <tr bgcolor="#e5ecf9"> 
          <td width="4%"><strong>ID</strong></td>
          <td> <strong>Date</strong></td>
          <td><strong>User Name</strong></td>
          <td width="29%"><strong>Email</strong></td>
          <td width="10%"><strong>Approved</strong></td>
          <td width="9%"> <strong>Banned</strong></td>
          <td width="18%"><strong>New Appointment</strong></td>
        </tr>
        <tr> 
          <td>&nbsp;</td>
          <td width="12%">&nbsp;</td>
          <td width="18%">&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
        <? while ($rrows = mysql_fetch_array($rs_recent)) {?>
    <tr> 
          <td>#<? echo $rrows['id']?></td>
          <td><? echo $rrows['date']?></td>
          <td><? echo $rrows['user_name']?></td>
          <td><? echo $rrows['user_email']?></td>
          <td> <span id="approve<? echo $rrows['id']; ?>">
            <? if(!$rrows['approved']) { echo "Pending"; } else {echo "yes"; }?>
            </span><br>
                        <a href="javascript:void(0);" onclick='$.get("do2.php",{ cmd: "approve", id: "<? echo $rrows['id']; ?>" } ,function(data){ $("#approve<? echo $rrows['id']; ?>").html(data); });'>Approve</a>
          </td>
          <td><span id="ban<? echo $rrows['id']; ?>">
            <? if(!$rrows['banned']) { echo "no"; } else {echo "yes"; }?>
            </span><br>
            <a href="javascript:void(0);" onclick='$.get("do2.php",{ cmd: "ban", id: "<? echo $rrows['id']; ?>" } ,function(data){ $("#ban<? echo $rrows['id']; ?>").html(data); });'>Ban</a> 
           | <a href="javascript:void(0);" onclick='$.get("do2.php",{ cmd: "unban", id: "<? echo $rrows['id']; ?>" } ,function(data){ $("#ban<? echo $rrows['id']; ?>").html(data); });'>Unban</a>
          </td>
          <td>
          <input name="Next_Appointment" id="Next_Appointment" type="text" size="25" value=<? echo $rrows['Next_Appointment']; ?>><a href="javascript:NewCal('Next_Appointment','ddmmyyyy',true,24)"{ cmd: "appointment", id: "<? echo $rrows['id']; ?>" }><img src="../js/cal.gif" width="16" height="16" border="0" alt="Pick a date"></a><br>
<input name="doSave" type="submit" id="doSave" value="Save"><br> 
            </td>
        </tr>
        <? } ?>
        <tr> 
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
        <tr> 
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
          <td>&nbsp;</td>
        </tr>
      </table>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p></td>
    <td width="3%">&nbsp;</td>
  </tr>
</table>
</body>
</html>
The change do.php, named and called as do2.php

Code: Select all

<? 

session_start();
if(!isset($_SESSION['user_admin'])) {
header("Location: index.php");
exit();
}

$ret = $_SERVER['HTTP_REFERER'];



include '../dbc.php';
if($_GET['cmd'] == 'appointment')
{
mysql_query("UPDATE users SET
            `Next_Appointment` = '$data[Next_Appointment]', 
            WHERE id='$_GET[id]'
            ") or die(mysql_error());    
$rs_email = mysql_query("select user_email from users where id='$_GET[id]'") or die(mysql_error());
list($to_email) = mysql_fetch_row($rs_email);

$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$login_path = @ereg_replace('admin','',dirname($_SERVER['PHP_SELF']));
$path   = rtrim($login_path, '/\\');

$message = 
"Thank you for your new appointment. You can check your new appointment date on our system...

$data[Next_Appointment]

*****LOGIN LINK*****\n
http://$host$path/login.php

Thank You

Administrator
$host_upper
______________________________________________________
THIS IS AN AUTOMATED RESPONSE. 
***DO NOT RESPOND TO THIS EMAIL****
";

    @mail($to_email, "User Activation", $message,
    "From: \"Member Registration\" <auto-reply@$host>\r\n" .
     "X-Mailer: PHP/" . phpversion());


// echo "Active";


}

if($_GET['cmd'] == 'approve')
{
mysql_query("update users set approved='1' where id='$_GET[id]'") or die(mysql_error());
$rs_email = mysql_query("select user_email from users where id='$_GET[id]'") or die(mysql_error());
list($to_email) = mysql_fetch_row($rs_email);

$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$login_path = @ereg_replace('admin','',dirname($_SERVER['PHP_SELF']));
$path   = rtrim($login_path, '/\\');

$message = 
"Thank you for registering with us. Your account has been activated...

*****LOGIN LINK*****\n
http://$host$path/login.php

Thank You

Administrator
$host_upper
______________________________________________________
THIS IS AN AUTOMATED RESPONSE. 
***DO NOT RESPOND TO THIS EMAIL****
";

    @mail($to_email, "User Activation", $message,
    "From: \"Member Registration\" <auto-reply@$host>\r\n" .
     "X-Mailer: PHP/" . phpversion());


 echo "Active";


}

if($_GET['cmd'] == 'ban')
{
mysql_query("update users set banned='1' where id='$_GET[id]'");

//header("Location: $ret");  
echo "yes";
exit();

}

if($_GET['cmd'] == 'unban')
{
mysql_query("update users set banned='0' where id='$_GET[id]'");
echo "no";

//header("Location: $ret");  
// exit();

}


?>

Re: php-login-scipt mods

Posted: Tue Mar 23, 2010 10:34 am
by Goofan
plz use php tags =) helps us all to read ure code.

Re: php-login-scipt mods

Posted: Tue Mar 23, 2010 5:26 pm
by phphlp47
Goofan wrote:plz use php tags =) helps us all to read ure code.
Sorry, are you asking me to input the PHP parts with <?PHP
my code is as supplied by the author.
I would like to input in an imbedded window with line numbers,
but, I cannot work out how thats achieved.

Changed the first post to include <?PHP in all the PHP sections.

Re: php-login-scipt mods

Posted: Wed Mar 24, 2010 5:41 am
by Goofan
Well no i were more regarding the code tags like following:

Code: Select all

 
[code=php]
write these tags before and after the code
[/code]
 

Re: php-login-scipt mods

Posted: Fri Mar 26, 2010 5:40 am
by phphlp47
Goofan wrote:Well no i were more regarding the code tags like following:
Code in first post changed as required, now I understand how to list it that way. many thanks

Re: php-login-scipt mods

Posted: Sat Mar 27, 2010 3:47 am
by phphlp47
Just in case you people need to see the original code before I changed it, here it is;

Code: Select all

 
<?
 session_start();
if(!isset($_SESSION['user_admin'])) {
header("Location: index.php");
exit();
}
?>
<title>Ban / Remove Bans</title><form name="form1" method="post" action="">
  <h3>Ban/Unban Users</h3>
  <p>To ban/unban multiple users type <strong>EMAILS</strong> separated by <strong>spaces. 
    </strong>Banned users will not be able to login.<strong> <br>
    </strong>To ban/unban a single user, just enter one email. </p>
  <p><strong>*Note:</strong> Once the user is banner, he/she will never be able 
    to register new account with same email address.</p>
  <p> 
    <textarea name="id" cols="40" id="id"></textarea>
  </p>
  <p> 
    <input type="submit" name="Submit" value="Ban">
    <input name="Submit" type="submit" id="Submit" value="Unban">
  </p>
</form>
<?php
include('../dbc.php');

if (($_POST['Submit'] == 'Ban') )
{
$did = explode(' ',$_POST['id']);

    foreach ($did as $del)
    {
    if (!empty($del))
    {
     mysql_query("update users set banned='1'
                  WHERE `user_email`='$del'
                    ",$link) or die("Failed:" . mysql_error());
        }           
     }
     echo "done..";
 }
if (($_POST['Submit'] == 'Unban') )
{
$did = explode(' ',$_POST['id']);

    foreach ($did as $del)
    {
    if (!empty($del))
    {
     mysql_query("update users set banned='0'
                  WHERE `user_email`='$del'
                    ",$link) or die("Failed:" . mysql_error());
        }           
     }
     echo "<h3>done..</h3>";
 }
?>
<br>
Back to <a href="admin_main.php">Admin main</a>
And the do.php code here;

Code: Select all

 
<? 

session_start();
if(!isset($_SESSION['user_admin'])) {
header("Location: index.php");
exit();
}

$ret = $_SERVER['HTTP_REFERER'];



include '../dbc.php';
if($_GET['cmd'] == 'approve')
{
mysql_query("update users set approved='1' where id='$_GET[id]'") or die(mysql_error());
$rs_email = mysql_query("select user_email from users where id='$_GET[id]'") or die(mysql_error());
list($to_email) = mysql_fetch_row($rs_email);

$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$login_path = @ereg_replace('admin','',dirname($_SERVER['PHP_SELF']));
$path   = rtrim($login_path, '/\\');

$message = 
"Thank you for registering with us. Your account has been activated...

*****LOGIN LINK*****\n
http://$host$path/login.php

Thank You

Administrator
$host_upper
______________________________________________________
THIS IS AN AUTOMATED RESPONSE. 
***DO NOT RESPOND TO THIS EMAIL****
";

    @mail($to_email, "User Activation", $message,
    "From: \"Member Registration\" <auto-reply@$host>\r\n" .
     "X-Mailer: PHP/" . phpversion());


 echo "Active";


}

if($_GET['cmd'] == 'ban')
{
mysql_query("update users set banned='1' where id='$_GET[id]'");

//header("Location: $ret");  
echo "yes";
exit();

}

if($_GET['cmd'] == 'unban')
{
mysql_query("update users set banned='0' where id='$_GET[id]'");
echo "no";

//header("Location: $ret");  
// exit();

}


?>

Re: php-login-scipt mods

Posted: Thu Apr 01, 2010 5:43 pm
by phphlp47
Has anybody got any ideas on how I can solve my problems on this yet?
Thanks for looking at this so far.