please, i want your help...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
empe7or
Forum Newbie
Posts: 1
Joined: Sun Dec 04, 2011 3:31 pm

please, i want your help...

Post by empe7or »

helloevery body

I'm new in this site and i want your help to create registration form.
i have finished all the codes except one.
* if statment that check whenthe adminestrator login, desplay all users details and he can block any user he want.

this is the codes....

Code: Select all

<?php
session_start(); 
if(isset($_SESSION["user"])){
     print_secure_content();
}else{

    if(isset($_POST["submit"]))
    {  

    
    if((checkpass()==1){
	if(admin()==1){
	$colname_userDets = "-1";
if (isset($_SESSION['user'])) {
  $colname_userDets = $_SESSION['user'];
}
mysql_select_db("test", $conn);
$query_userDets = sprintf("SELECT * FROM users 
                          WHERE username = %s",
  GetSQLValueString($colname_userDets, "text"));
$userDets = mysql_query("localhost", $conn) or
die(mysql_error());
$row_userDets = mysql_fetch_assoc($userDets);
$totalRows_userDets = mysql_num_rows($userDets);

	}
	else{	
	 $_SESSION['user']=$_POST['userlogin'];
	 print"<h1>you have loged in successfully</h1>";
	 print_secure_content();}
    }else{
     print "wrong pawssword or username, please try again";	
     loginform();
    }

    }
    else{
    loginform();
    }
 }      
     
function loginform()
{
print "<h2>Please, enter your login information:</h2>";
print ("<table border='3'><tr><td>username</td><td><input type='text' name='userlogin' size'20'></td></tr><tr><td>password</td><td><input type='password' name='password' size'20'></td></tr></table>");
print "<input name= 'submit' type='submit' >";	
print "<h3><a href='registerform.php'>register now!</a></h3>";	
}

function checkpass()
{
$password = md5($_POST['password']);
$servername="localhost";
$username="root";
$conn=  mysql_connect($servername,$username)or die(mysql_error());
mysql_select_db("test",$conn);
$sql="select * from users where name='$_POST[userlogin]' and password='$password'";
$result=mysql_query($sql,$conn) or die(mysql_error());
return  mysql_num_rows($result);
}

function print_secure_content()
{
	print("<b><h1>Hello $_SESSION[user]</h1>");
	print "<br><h2>You can change your details from here</h2><a href='update.php'>Click here</a><br>";	
    print "<br><h2>You are login now. You can logout from this link...</h2><a href='logout.php'>Logout</a><br>";	
	
}
?>
[/b]
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: please, i want your help...

Post by twinedev »

I'm not getting what you are needing help with? Is it not working? are you getting errors? or just looking for advice on the code you have?

For advice on your code, it could defiantly use some restructuring and be cleaned up (main thing, database connection should be in a separate file, and just do require_once() everywhere you will do sql (think about if you change you password, how many places do you have to update (and worse, you have that many places to accidentally forget to change it and break your site).

Also needs code to fix the issue that a login can be faked. Big security rule: NEVER trust data that comes from end user, things such as $_POST/$_GET/$_COOKIE/$_SERVER['PHP_SELF']/$_SERVER['HTTP_USER_AGENT'] check out http://php.net/mysql_real_escape_string

-Greg
phphelpme
Forum Contributor
Posts: 261
Joined: Sun Nov 21, 2010 3:32 pm

Re: please, i want your help...

Post by phphelpme »

you could always have a column in your database which would be with your usernames and it would be for admin or not. So admin=1 is true, admin=0 is false etc. Your code when connecting to the database could pull this value and then you could code an if statement that checks the value of say $admin and if $admin == "1" then display other options, if $admin =="0" then do not display options.

I think that is what your getting at. I would personally set account access privilages like this so you could potentially have more than one type of access and more than one admin if required. Plus you set standard users to the value of $admin="0" etc in the database.

I think this is what your trying to get at but not too sure. :)
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: please, i want your help...

Post by social_experiment »

empe7or wrote:i want your help to create registration form.
A register option will have to do a few things;
1. Check if the username is available
2. If username is taken, ask for a new one
3. Check password strength (this is commonly defined as a longer password)
4. If all conditions are met; write user info to the database

There is also the issue of account activation; how will this be done? A good option is to have a url that is only valid for x amount of time
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
phphelpme
Forum Contributor
Posts: 261
Joined: Sun Nov 21, 2010 3:32 pm

Re: please, i want your help...

Post by phphelpme »

empe7or wrote: i have finished all the codes except one.
* if statment that check whenthe adminestrator login, desplay all users details and he can block any user he want.
It's kind of confusing as to what is actually required here as this states that you have done everything apart from the if statement which check if admin is logged in or not etc. But you mention a user registration form etc like 'social_experiment' has stated.

I think it would be better to clarify what your exact needs are and exactly what you have coded so far so we know what is missing. :)
Post Reply