PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
XPS710
Forum Newbie
Posts: 5 Joined: Tue Jan 31, 2012 2:09 pm
Post
by XPS710 » Sun Feb 19, 2012 12:09 pm
Hi All
I have this piece of code here, what it does it pulls out all the payment transaction from mysql to the page, I have a membership site setup and everything and every user has its own profile section, but this piece of code shows all the other users payment and records as well,
How Do I restrict each user to view their own payment based on a user? Can I do a quick hardcode?
Code: Select all
<?php
define("_VALID_PHP", true);
require_once("init.php");
if (!$user->logged_in)
redirect_to("index.php");
?>
<?php
$transrow = $member->getPayments($user);
?>
<p class="info">Here you can view all your payment transactions.</p>
<h2><span><a href="controller.php?exportTransactions" title="Export To Excel Format" class="tooltip"><img src="../images/xls.png" alt="" class="img-wrap2"/></a> <a href="index.php?do=transactions&action=salesyear" title="View Sales Report" class="tooltip"><img src="../images/chart.png" alt="" class="img-wrap2"/></a></span>Viewing Transactions</h2>
<table cellpadding="0" cellspacing="0" class="display" border="1">
<thead>
<tr>
<th width="20">#</th>
<th class="left">Membership Title</th>
<th class="left"> </th>
<th class="left">Amount</th>
<th class="left">Payment Date</th>
<th>Type of OS</th>
<th>Status</th>
</tr>
</thead>
<tbody>
<?php if($transrow == 0):?>
<tr>
<td colspan="8"><?php echo $core->msgAlert('<span>Alert!</span>You don\'t have any transactions yet...',false);?></td>
</tr>
<?php else:?>
<?php foreach ($transrow as $row):?>
<?php $image = ($row['status'] == 0) ? "pending":"completed";?>
<?php $status = ($row['status'] == 0) ? 1:0;?>
<tr>
<th></th>
<td><?php echo $row['title'];?> <em>(<?php echo $row['pp'];?>)</em></td>
<td><?php /*?><a href="index.php?do=users&action=edit&userid=<?php echo $row['user_id'];?>"><?php */?><?php echo $row['username'];?></a></td>
<td><?php echo $core->formatMoney($row['rate_amount']);?></td>
<td><?php echo $row['created'];?></td>
<td align="center"><img src="http://www.hhpc.ca/membership/images/<?php echo $row['pp'];?>.png"/></td>
<td align="center"><img src="http://www.hhpc.ca/membership/images/<?php echo $image;?>.png" alt="" class="tooltip img-wrap2" title="Status: <?php echo ucfirst($image);?>"/></td>
</tr>
<?php endforeach;?>
<?php unset($row);?>
<?php if($pager->items_total >= $pager->items_per_page):?>
<tr style="background-color:transparent">
<td colspan="8"><div class="pagination"><span class="inner"><?php echo $pager->display_pages();?></span></div></td>
</tr>
<?php endif;?>
<?php endif;?>
</tbody>
</table>
social_experiment
DevNet Master
Posts: 2793 Joined: Sun Feb 15, 2009 11:08 am
Location: .za
Post
by social_experiment » Sun Feb 19, 2012 3:40 pm
You would have to modify the "SELECT" query that retrieves the information to only selection information where something is unique to a specific user. In the code you've pasted there is no way to do this; you will likely have to modify getPayments() to achieve it;
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
XPS710
Forum Newbie
Posts: 5 Joined: Tue Jan 31, 2012 2:09 pm
Post
by XPS710 » Sun Feb 19, 2012 4:04 pm
social_experiment wrote: You would have to modify the "SELECT" query that retrieves the information to only selection information where something is unique to a specific user. In the code you've pasted there is no way to do this; you will likely have to modify getPayments() to achieve it;
Thanks for your reply, how would i edit this then?
this is my getPayments()
Code: Select all
public function getPayments($where = false, $from = false)
{
global $db, $core, $pager, $row, $user;
require_once(BASEPATH . "lib/class_paginate.php");
$pager = new Paginator();
$counter = countEntries($this->pTable);
$pager->items_total = $counter;
$pager->default_ipp = $core->perpage;
$pager->paginate();
if ($counter == 0) {
$pager->limit = null;
}
$clause = ($where) ? " WHERE p.rate_amount LIKE '%" . intval($where) . "%'" : "";
if (isset($_GET['sort'])) {
list($sort, $order) = explode("-", $_GET['sort']);
$sort = sanitize($sort);
$order = sanitize($order);
if (in_array($sort, array("user_id", "rate_amount", "pp", "date"))) {
$ord = ($order == 'DESC') ? " DESC" : " ASC";
$sorting = " p." . $sort . $ord;
} else {
$sorting = " p.date DESC";
}
} else {
$sorting = " p.date DESC";
}
if (isset($_POST['fromdate']) && $_POST['fromdate'] <> "" || isset($from) && $from != '') {
$enddate = date("Y-m-d");
$fromdate = (empty($from)) ? $_POST['fromdate'] : $from;
if (isset($_POST['enddate']) && $_POST['enddate'] <> "") {
$enddate = $_POST['enddate'];
}
$clause .= " WHERE p.date BETWEEN '" . trim($fromdate) . "' AND '" . trim($enddate) . " 23:59:59'";
}
$sql = "SELECT p.*, p.id as id, u.username, m.title,"
. "\n DATE_FORMAT(p.date, '%d. %b. %Y.') as created"
. "\n FROM ".$this->pTable." as p"
. "\n LEFT JOIN users as u ON u.id = p.user_id"
. "\n LEFT JOIN ".$this->mTable." as m ON m.id = p.membership_id"
. "\n " . $clause . " ORDER BY " . $sorting . $pager->limit;
$row = $db->fetch_all($sql);
return ($row) ? $row : 0;
}
social_experiment
DevNet Master
Posts: 2793 Joined: Sun Feb 15, 2009 11:08 am
Location: .za
Post
by social_experiment » Sun Feb 19, 2012 4:53 pm
Code: Select all
$clause = ($where) ? " WHERE p.rate_amount LIKE '%" . intval($where) . "%'" : "";
I would say this variable needs to be modified;
Make a back-up (if you haven't already) before you edit it
Hth
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
XPS710
Forum Newbie
Posts: 5 Joined: Tue Jan 31, 2012 2:09 pm
Post
by XPS710 » Sun Feb 19, 2012 4:56 pm
social_experiment wrote: Code: Select all
$clause = ($where) ? " WHERE p.rate_amount LIKE '%" . intval($where) . "%'" : "";
I would say this variable needs to be modified;
Make a back-up (if you haven't already) before you edit it
Hth
Thanks for your input, this is also my user class you think i gotta do something here as well?
Code: Select all
<?php
/**
* User Class
*
* @copyright 2010
* @version $Id: class_user.php, v2.00 2011-07-10 10:12:05 gewa Exp $
*/
if (!defined("_VALID_PHP"))
die('Direct access to this location is not allowed.');
class Users
{
private $uTable = "users";
public $logged_in = null;
public $uid = 0;
public $userid = 0;
public $username;
public $email;
public $name;
public $membership_id = 0;
public $userlevel;
private $lastlogin = "NOW()";
/**
* Users::__construct()
*
* @return
*/
function __construct()
{
$this->getUserId();
$this->startSession();
}
/**
* Users::getUserId()
*
* @return
*/
private function getUserId()
{
global $core;
if (isset($_GET['userid'])) {
$userid = (is_numeric($_GET['userid']) && $_GET['userid'] > -1) ? intval($_GET['userid']) : false;
$userid = sanitize($userid);
if ($userid == false) {
$core->error("You have selected an Invalid Userid","Users::getUserId()");
} else
return $this->userid = $userid;
}
}
/**
* Users::startSession()
*
* @return
*/
private function startSession()
{
session_start();
$this->logged_in = $this->loginCheck();
if (!$this->logged_in) {
$this->username = $_SESSION['username'] = "Guest";
$this->userlevel = 0;
}
}
/**
* Users::loginCheck()
*
* @return
*/
private function loginCheck()
{
if (isset($_SESSION['username']) && $_SESSION['username'] != "Guest") {
$row = $this->getUserInfo($_SESSION['username']);
$this->uid = $row['id'];
$this->username = $row['username'];
$this->email = $row['email'];
$this->name = $row['fname'].' '.$row['lname'];
$this->userlevel = $row['userlevel'];
$this->membership_id = $row['membership_id'];
return true;
} else {
return false;
}
}
/**
* Users::is_Admin()
*
* @return
*/
public function is_Admin()
{
return($this->userlevel == 9);
}
/**
* Users::login()
*
* @param mixed $username
* @param mixed $pass
* @return
*/
public function login($username, $pass)
{
global $db, $core;
if ($username == "" && $pass == "") {
$core->msgs['username'] = 'Please enter valid username and password.';
} else {
$status = $this->checkStatus($username, $pass);
switch ($status) {
case 0:
$core->msgs['username'] = 'Login and/or password did not match to the database.';
break;
case 1:
$core->msgs['username'] = 'Your account has been banned.';
break;
case 2:
$core->msgs['username'] = 'Your account it\'s not activated.';
break;
case 3:
$core->msgs['username'] = 'You need to verify your email address.';
break;
}
}
if (empty($core->msgs) && $status == 5) {
$row = $this->getUserInfo($username);
$this->uid = $_SESSION['userid'] = $row['id'];
$this->username = $_SESSION['username'] = $row['username'];
$this->email = $_SESSION['email'] = $row['email'];
$this->name = $_SESSION['userlevel'] = $row['userlevel'];
$this->userlevel = $_SESSION['userlevel'] = $row['userlevel'];
$this->membership_id = $_SESSION['membership_id'] = $row['membership_id'];
$data = array(
'lastlogin' => $this->lastlogin,
'lastip' => sanitize($_SERVER['REMOTE_ADDR'])
);
$db->update($this->uTable, $data, "username='" . $this->username . "'");
if(!$this->validateMembership()) {
$data = array(
'membership_id' => 0,
'mem_expire' => "0000-00-00 00:00:00"
);
$db->update($this->uTable, $data, "username='" . $this->username . "'");
}
return true;
} else
$core->msgStatus();
}
/**
* Users::logout()
*
* @return
*/
public function logout()
{
unset($_SESSION['username']);
unset($_SESSION['email']);
unset($_SESSION['name']);
unset($_SESSION['membership_id']);
unset($_SESSION['userid']);
session_destroy();
session_regenerate_id();
$this->logged_in = false;
$this->username = "Guest";
$this->userlevel = 0;
}
/**
* Users::getUserInfo()
*
* @param mixed $username
* @return
*/
private function getUserInfo($username)
{
global $db;
$username = sanitize($username);
$username = $db->escape($username);
$sql = "SELECT * FROM " . $this->uTable . " WHERE username = '" . $username . "'";
$row = $db->first($sql);
if (!$username)
return false;
return ($row) ? $row : 0;
}
/**
* Users::checkStatus()
*
* @param mixed $username
* @param mixed $pass
* @return
*/
public function checkStatus($username, $pass)
{
global $db;
$username = sanitize($username);
$username = $db->escape($username);
$pass = sanitize($pass);
$sql = "SELECT password, active FROM " . $this->uTable
. "\n WHERE username = '".$username."'";
$result = $db->query($sql);
if ($db->numrows($result) == 0)
return 0;
$row = $db->fetch($result);
$entered_pass = sha1($pass);
switch ($row['active']) {
case "b":
return 1;
break;
case "n":
return 2;
break;
case "t":
return 3;
break;
case "y" && $entered_pass == $row['password']:
return 5;
break;
}
}
/**
* Users::getUsers()
*
* @param bool $from
* @return
*/
public function getUsers($from = false)
{
global $db, $pager, $core;
require_once(BASEPATH . "lib/class_paginate.php");
$pager = new Paginator();
$counter = countEntries($this->uTable);
$pager->items_total = $counter;
$pager->default_ipp = $core->perpage;
$pager->paginate();
if ($counter == 0) {
$pager->limit = null;
}
if (isset($_GET['sort'])) {
list($sort, $order) = explode("-", $_GET['sort']);
$sort = sanitize($sort);
$order = sanitize($order);
if (in_array($sort, array("username", "fname", "lname", "email", "created"))) {
$ord = ($order == 'DESC') ? " DESC" : " ASC";
$sorting = " u." . $sort . $ord;
} else {
$sorting = " u.created DESC";
}
} else {
$sorting = " u.created DESC";
}
$clause = (isset($clause)) ? $clause : null;
if (isset($_POST['fromdate']) && $_POST['fromdate'] <> "" || isset($from) && $from != '') {
$enddate = date("Y-m-d");
$fromdate = (empty($from)) ? $_POST['fromdate'] : $from;
if (isset($_POST['enddate']) && $_POST['enddate'] <> "") {
$enddate = $_POST['enddate'];
}
$clause .= " WHERE u.created BETWEEN '" . trim($fromdate) . "' AND '" . trim($enddate) . " 23:59:59'";
}
$sql = "SELECT u.*, CONCAT(u.fname,' ',u.lname) as name, m.title, m.id as mid,"
. "\n DATE_FORMAT(u.created, '%d. %b. %Y.') as cdate,"
. "\n DATE_FORMAT(u.lastlogin, '%d. %b. %Y.') as adate"
. "\n FROM " . $this->uTable . " as u"
. "\n LEFT JOIN memberships as m ON m.id = u.membership_id"
. "\n " . $clause
. "\n ORDER BY " . $sorting . $pager->limit;
$row = $db->fetch_all($sql);
return ($row) ? $row : 0;
}
social_experiment
DevNet Master
Posts: 2793 Joined: Sun Feb 15, 2009 11:08 am
Location: .za
Post
by social_experiment » Mon Feb 20, 2012 1:18 am
I wouldn't since the method to update isn't part of this class; A quick glance reveals no method from the 'Users' class being used elsewhere in the code pasted innitially
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering