Αρχαριος, επιλογη του key απο SESSION ή GET

Συζητήσεις για την βάση δεδομένων MySQL και το phpMyAdmin

Συντονιστές: WebDev Moderators, Super-Moderators

Απάντηση
mola_kalouba
Δημοσιεύσεις: 168
Εγγραφή: 17 Φεβ 2008 11:14
Επικοινωνία:

Αρχαριος, επιλογη του key απο SESSION ή GET

Δημοσίευση από mola_kalouba » 06 Σεπ 2010 22:22

Παιδιά ορίστε ένα σχεδιάγραμμα με αυτό που θέλω να κάνω

Σχεδιάγραμμα

Και ωριστε και ο κωδικας που εχω

Κώδικας: Επιλογή όλων

<?php require_once&#40;'../../Connections/Filmar.php'&#41;; ?>
<?php
if &#40;!isset&#40;$_SESSION&#41;&#41; &#123;
  session_start&#40;&#41;;
&#125;
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page&#58; Grant or deny access to this page
function isAuthorized&#40;$strUsers, $strGroups, $UserName, $UserGroup&#41; &#123; 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if &#40;!empty&#40;$UserName&#41;&#41; &#123; 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode&#40;",", $strUsers&#41;; 
    $arrGroups = Explode&#40;",", $strGroups&#41;; 
    if &#40;in_array&#40;$UserName, $arrUsers&#41;&#41; &#123; 
      $isValid = true; 
    &#125; 
    // Or, you may restrict access to only certain users based on their username. 
    if &#40;in_array&#40;$UserGroup, $arrGroups&#41;&#41; &#123; 
      $isValid = true; 
    &#125; 
    if &#40;&#40;$strUsers == ""&#41; && true&#41; &#123; 
      $isValid = true; 
    &#125; 
  &#125; 
  return $isValid; 
&#125;

$MM_restrictGoTo = "index.php";
if &#40;!&#40;&#40;isset&#40;$_SESSION&#91;'Username'&#93;&#41;&#41; && &#40;isAuthorized&#40;"",$MM_authorizedUsers, $_SESSION&#91;'Username'&#93;, $_SESSION&#91;'MM_UserGroup'&#93;&#41;&#41;&#41;&#41; &#123;   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER&#91;'PHP_SELF'&#93;;
  if &#40;strpos&#40;$MM_restrictGoTo, "?"&#41;&#41; $MM_qsChar = "&";
  if &#40;isset&#40;$QUERY_STRING&#41; && strlen&#40;$QUERY_STRING&#41; > 0&#41; 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode&#40;$MM_referrer&#41;;
  header&#40;"Location&#58; ". $MM_restrictGoTo&#41;; 
  exit;
&#125;
?>
<?php
if &#40;!function_exists&#40;"GetSQLValueString"&#41;&#41; &#123;
function GetSQLValueString&#40;$theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = ""&#41; 
&#123;
  if &#40;PHP_VERSION < 6&#41; &#123;
    $theValue = get_magic_quotes_gpc&#40;&#41; ? stripslashes&#40;$theValue&#41; &#58; $theValue;
  &#125;

  $theValue = function_exists&#40;"mysql_real_escape_string"&#41; ? mysql_real_escape_string&#40;$theValue&#41; &#58; mysql_escape_string&#40;$theValue&#41;;

  switch &#40;$theType&#41; &#123;
    case "text"&#58;
      $theValue = &#40;$theValue != ""&#41; ? "'" . $theValue . "'" &#58; "NULL";
      break;    
    case "long"&#58;
    case "int"&#58;
      $theValue = &#40;$theValue != ""&#41; ? intval&#40;$theValue&#41; &#58; "NULL";
      break;
    case "double"&#58;
      $theValue = &#40;$theValue != ""&#41; ? doubleval&#40;$theValue&#41; &#58; "NULL";
      break;
    case "date"&#58;
      $theValue = &#40;$theValue != ""&#41; ? "'" . $theValue . "'" &#58; "NULL";
      break;
    case "defined"&#58;
      $theValue = &#40;$theValue != ""&#41; ? $theDefinedValue &#58; $theNotDefinedValue;
      break;
  &#125;
  return $theValue;
&#125;
&#125;

$editFormAction = $_SERVER&#91;'PHP_SELF'&#93;;
if &#40;isset&#40;$_SERVER&#91;'QUERY_STRING'&#93;&#41;&#41; &#123;
  $editFormAction .= "?" . htmlentities&#40;$_SERVER&#91;'QUERY_STRING'&#93;&#41;;
&#125;
$colname_getUser = "-1";
&#91;color=red&#93;if &#40;$_SESSION&#91;'Username'&#93; == 'babis'&#41; &#123; //εδω κάνω τον έλεγχο για να πάρει το key απο GET ή απο SESSION
    if &#40;isset&#40;$_GET&#91;'id'&#93;&#41;&#41; &#123;
  $colname_getUser = $_GET&#91;'id'&#93;;
&#125; else &#123;
    if &#40;isset&#40;$_SESSION&#91;'Username'&#93;&#41;&#41; &#123;
    $colname_getUser = $_SESSION&#91;'Username'&#93;;
    &#125;&#91;/color&#93;
&#125;
&#125;
  mysql_select_db&#40;$database_Filmar, $Filmar&#41;;
$query_getUser = sprintf&#40;"SELECT id, username, password, first_name, last_name FROM users WHERE username = %s", GetSQLValueString&#40;$colname_getUser, "text"&#41;&#41;;
$getUser = mysql_query&#40;$query_getUser, $Filmar&#41; or die&#40;mysql_error&#40;&#41;&#41;;
$row_getUser = mysql_fetch_assoc&#40;$getUser&#41;;
$totalRows_getUser = mysql_num_rows&#40;$getUser&#41;;

if &#40;&#40;isset&#40;$_POST&#91;"MM_update"&#93;&#41;&#41; && &#40;$_POST&#91;"MM_update"&#93; == "form1"&#41;&#41; &#123;
    // Initialize array for error messages
  $error = array&#40;&#41;;
  // Remove whitespace and check first and family names
  $_POST&#91;'first_name'&#93; = trim&#40;$_POST&#91;'first_name'&#93;&#41;;
  $_POST&#91;'last_name'&#93; = trim&#40;$_POST&#91;'last_name'&#93;&#41;; 
  
  
  
  
  
  
  
  
  // set a flag that assumes the password is OK
  $pwdOK = true;
  // trim leading and trailing white space
  $_POST&#91;'password'&#93; = trim&#40;$_POST&#91;'password'&#93;&#41;;
  // if password field is empty, use existing password
    if &#40;empty&#40;$_POST&#91;'password'&#93;&#41;&#41; &#123;
    $_POST&#91;'password'&#93; = $row_getUser&#91;'password'&#93;;
    &#125; else &#123;
    // otherwise, conduct normal checks
  // if less than 6 characters, create alert and set flag to false
  if &#40;strlen&#40;$_POST&#91;'password'&#93;&#41; < 6&#41; &#123;
    $error&#91;'password_length'&#93; = 'Your password must be at least 6 characters';
    $pwdOK = false;
  &#125;
  // if no match, create alert and set flag to false
  if &#40;$_POST&#91;'password'&#93; != trim&#40;$_POST&#91;'conf_password'&#93;&#41;&#41; &#123;
    $error&#91;'password'&#93; = "Your passwords don't match";
    $pwdOK = false;
  &#125;

    &#125;
  
  // if no errors, insert the details into the database 
  if &#40;!$error&#41; &#123;
  $updateSQL = sprintf&#40;"UPDATE users SET password=%s, first_name=%s, last_name=%s WHERE id=%s",
                       GetSQLValueString&#40;$_POST&#91;'password'&#93;, "text"&#41;,
                       GetSQLValueString&#40;$_POST&#91;'first_name'&#93;, "text"&#41;,
                       GetSQLValueString&#40;$_POST&#91;'last_name'&#93;, "text"&#41;,
                       GetSQLValueString&#40;$_POST&#91;'id'&#93;, "int"&#41;&#41;;

  mysql_select_db&#40;$database_Filmar, $Filmar&#41;;
  $Result1 = mysql_query&#40;$updateSQL, $Filmar&#41;;
 if &#40;!$Result1 && mysql_error&#40;&#41;&#41; &#123;
  $error&#91;'dbError'&#93; = 'Sorry, there was a problem with the database. Please try later.';
 &#125; else &#123;
  $updateGoTo = "control_panel.php?status=1";
  if &#40;isset&#40;$_SERVER&#91;'QUERY_STRING'&#93;&#41;&#41; &#123;
    $updateGoTo .= &#40;strpos&#40;$updateGoTo, '?'&#41;&#41; ? "&" &#58; "?";
    $updateGoTo .= $_SERVER&#91;'QUERY_STRING'&#93;;
  &#125;
  header&#40;sprintf&#40;"Location&#58; %s", $updateGoTo&#41;&#41;;
&#125;
&#125;
&#125;

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http&#58;//www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http&#58;//www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/Filmar CMS_page.dwt.php" codeOutsideHTMLIsLocked="false" -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<!-- InstanceBeginEditable name="doctitle" -->
<title>Untitled Document</title>
<!-- InstanceEndEditable -->
<link href="CMS.css" rel="stylesheet" type="text/css" />
<!-- InstanceBeginEditable name="head" -->
<link href="update.css" rel="stylesheet" type="text/css" />
<!-- InstanceEndEditable -->
</head>

<body class="oneColFixCtrHdr">

<div id="container">
  <div id="header">
    <!-- end #header -->
  </div><div id="menubaset"><a href="update.php">Change Profile</a></div>
  <!-- InstanceBeginEditable name="mainContent" -->
<div id="mainContent">
  <h1>Settings for <?php echo $row_getUser&#91;'username'&#93;; ?></h1>
  <?php
if &#40;isset&#40;$error&#41;&#41; &#123;
  echo '<ul>';
  foreach &#40;$error as $alert&#41; &#123;
    echo "<li class='errormsg'>$alert</li>\n";
  &#125;
  echo '</ul>';
  // remove escape characters from POST array
  if &#40;PHP_VERSION < 6 && get_magic_quotes_gpc&#40;&#41;&#41; &#123;
    function stripslashes_deep&#40;$value&#41; &#123;
      $value = is_array&#40;$value&#41; ? array_map&#40;'stripslashes_deep', $value&#41; &#58; stripslashes&#40;$value&#41;;
      return $value;
      &#125;
    $_POST = array_map&#40;'stripslashes_deep', $_POST&#41;;
  &#125;
&#125;
?>
  <p class="maincontent_text"><form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">
    <table width="65%" border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td width="53%">Password&#58;<br />
          &#40;leave blank if unchanged&#41;</td>
        <td><input type="password" name="password" id="password" /></td>
      </tr>
      <tr>
        <td>Confirm Password&#58;</td>
        <td><input type="password" name="conf_password" id="conf_password" /></td>
      </tr>
      <tr>
        <td>First Name&#58;</td>
        <td><input value="<?php if &#40;isset&#40;$_POST&#91;'first_name'&#93;&#41;&#41; &#123; echo htmlentities&#40;$_POST&#91;'first_name'&#93;, ENT_COMPAT, 'UTF-8'&#41;;&#125; else &#123;  echo htmlentities&#40;$row_getUser&#91;'first_name'&#93;,ENT_COMPAT, 'UTF-8'&#41;;
&#125; ?>" type="text" name="first_name" id="first_name" /></td>
      </tr>
      <tr>
        <td>Last Name&#58;</td>
        <td><input value="<?php if &#40;isset&#40;$_POST&#91;'last_name'&#93;&#41;&#41; &#123; echo htmlentities&#40;$_POST&#91;'last_name'&#93;, ENT_COMPAT, 'UTF-8'&#41;;&#125; else &#123;  echo htmlentities&#40;$row_getUser&#91;'last_name'&#93;,ENT_COMPAT, 'UTF-8'&#41;;
&#125; ?>" type="text" name="last_name" id="last_name" /></td>
      </tr>
      <tr>
        <td colspan="2"><input type="submit" name="Submit" id="Submit" value="Save Settings" />
          <input name="id" type="hidden" id="id" value="<?php echo $row_getUser&#91;'id'&#93;; ?>" /></td>
        </tr>
    </table>
    <input type="hidden" name="MM_update" value="form1" />
    <p>Back to <a href="control_panel.php">Control Panel</a></p>
  </form>
  </p>
  <p class="clearev"></p>
  <!-- end #mainContent -->
</div>
<!-- InstanceEndEditable -->
<!-- end #container --></div>
</body>
<!-- InstanceEnd --></html>
<?php
mysql_free_result&#40;$getUser&#41;;
?> 
Μηπως μπορειτε να με βοηθησετε γιατι με αυτο τον κωδικα δεν μου δουλευει

Ευχαριστω πολυ

Apostolis_38
Δημοσιεύσεις: 1969
Εγγραφή: 14 Φεβ 2008 16:20
Τοποθεσία: ΠΕΙΡΑΙΑΣ

Αρχαριος, επιλογη του key απο SESSION ή GET

Δημοσίευση από Apostolis_38 » 07 Σεπ 2010 21:12

Τι πρόβλημα σε κάνει;

mola_kalouba
Δημοσιεύσεις: 168
Εγγραφή: 17 Φεβ 2008 11:14
Επικοινωνία:

Αρχαριος, επιλογη του key απο SESSION ή GET

Δημοσίευση από mola_kalouba » 08 Σεπ 2010 10:58

Απλα δεν επερνε την GET['id'] αλλα βρηκα το προβλημα

Ευχαριστω πολυ

Απάντηση

Επιστροφή στο “MySQL”

Μέλη σε σύνδεση

Μέλη σε αυτήν τη Δ. Συζήτηση: Δεν υπάρχουν εγγεγραμμένα μέλη και 0 επισκέπτες