homepage Welcome to WebmasterWorld Guest from 54.196.207.55
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Need help on HTML front end and PHP scripting at back end
nani nisha06




msg:4489368
 7:10 am on Aug 29, 2012 (gmt 0)

HI All,

I am a beginner with HTML & PHP so I am expecting some help from you guys.


I am planning to build a HTML front end with PHP as a back end module for my usage in which I have created a useful login scrip but messing with 3 things.

1) when user is directly entering the path of any other page with out login he is able to access suspenseful & also able to run php server scripts tag to that option:Which is not acceptable in my case so help me to solve this....

2) When I am executing a scrip from the menu button I am getting results on a white web page :In reality I am expecting it should use my basic HTML template on which results should be outputted.

3) I am building a database with the table contains multiple columns and rows, when I try to show the same results in HTML it should be projected as table and on Basic HTML template as background.

Pls help me solve this !

Reragds,
Nani

 

cffrost2




msg:4489408
 12:19 pm on Aug 29, 2012 (gmt 0)

Hi. I'm not sure I follow exactly what you're needing without more details. But for starters
1) when user is directly entering the path of any other page with out login he is able to access suspenseful & also able to run php server scripts tag to that option:Which is not acceptable in my case so help me to solve this....


I would assume you are setting a session var upon successful login. One solution would be to check for the session var being set at the top of every page and if it's not (meaning the user is not logged in) then denie access to the page.
I.E.
<?php if(!isset($_SESSION['login']))
{
die('Access denied!');
} ?>

This will cause the page to stop loading at that point and show access denied if the session var 'login' doesn't exist.

As far as your number 2 and number 3, you may want to post a little code where you think the problem is. Where is the form action pointing? Where is the script? Same page? Different page? Are you setting redirects?

And welcome to webmasterworld.

nani nisha06




msg:4489662
 4:38 am on Aug 30, 2012 (gmt 0)

HI Cffrost,

Thanks for the help, on point 2 & 3 which are already resolved. now just waiting for the point 1, As you suggested I will try to update my script and post back results...In between as I already mention the build i am working for is to project a ticket details by click & update them as well. Now I am stuck here, I have created a DB with all the headers (Columns) for which I need them to be projected on HTML but when I am particularly running this query $sql="show columns FROM $tbl_name"; It is showing only headers as a result but not the data entered against it ...can I pleas request you for some code help to solve the same.

For example:

I have created a below table in the db.

P_IdLastNameFirstNameAddressCity
1HansenOlaTimoteivn 10Sandnes
2SvendsonToveBorgvn 23Sandnes
3PettersenKariStorgt 20Stavanger
4NilsenJohanBakken 2Stavanger
5TjessemJakobNissestien 67Sandnes

By using above query it is projecting only P_IdLastName,FirstName,Address,City but not all the details of 1,2,3,4,5.....as I have almost 29 headers(columns)in my DB I would not be able to created sql command with where function and project here can any other way to solve this ?

please advise.
Thanks a head...

Regards,
Nani

nani nisha06




msg:4489690
 7:44 am on Aug 30, 2012 (gmt 0)

HI Cffrost,

Also still I am getting accesses to the pages after adding code in the first line.

For Example:

I have a logout.php file in the folder which is accessible via URL after adding the above code..

Can you suggest me where I am doing wrong in this below:

<?php
if(!isset($_SESSION['myusername']))
{
die('Access denied!');
}
else
session_start();
session_destroy();
?>

cffrost2




msg:4489778
 12:42 pm on Aug 30, 2012 (gmt 0)

Hi. If you truly have not set the myusername session var anywhere already, then that should work. I would suggest that you clear all your session vars, then try to reach the page via a direct URL. And just to point out, you should be able to reach the page ok but nothing should execute. The only thing that you should see is the 'Access Denied'.

Hope that helps.

cffrost2




msg:4489790
 1:00 pm on Aug 30, 2012 (gmt 0)

$sql="show columns FROM $tbl_name";

headers as a result but not the data entered against it


Ok. I'm assuming that you want to list the data from the table rows and not the column names, correct?

If so, the query you're using will not work. You need to use a SELECT statement to get the data and then display it.

$query = mysql_query("SELECT * FROM $tbl_name");
while($result = mysql_fetch_array($query))
{
echo $result['col_name'].' '.$result['col_name2'].' '.$result['col_name3'].'<br>';
}


The WHILE loop will loop through each row from row 1 till the last row displaying each row as you have in the echo statement. You can even drill the rows down by adding a WHERE clause. "WHERE col_mane = 'something'".

There is a lot more you can do here but this is a stripped down way to achieve what I think you need to do and hopefully get you going in the right direction.

Hope this helps.

nani nisha06




msg:4490241
 6:39 pm on Aug 31, 2012 (gmt 0)

HI Cffrost,

I am sorry I really did not understand the session Var which your talking (I think this take some time to me to understand) about so, I though if I share my login code it would help you understand where I am doing wrong

<?php
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
//echo "Wrong Username or Password";
header("location:wrong.html");
}
?>

cffrost2




msg:4490523
 9:25 pm on Sep 1, 2012 (gmt 0)

Ok. For starters, the session_register function is depreciated as of php5. You should switch to setting you session variables like this:
$_SESSION["myusername"] = $myusername;
$_SESSION["mypassword"] = $mypassword;
header("location:login_success.php");


Then at the top of every page you don't want access granted to non logged in users put:
if(!isset($_SESSION["myusername"]))
{
die('Access Denied');
}


I hope that makes sense.

nani nisha06




msg:4490595
 7:29 am on Sep 2, 2012 (gmt 0)

Cffrost2,

Yes your write this should work because in the login_sucess.php page i am have use $session to hold the connection but not in the above scrip now I will change & post back with reviews to you.

I have kind request to you to help me on another PHP based SQL thing, I will come back in the next post.

Thanks :)

--Nani

nani nisha06




msg:4490604
 8:20 am on Sep 2, 2012 (gmt 0)

Cffrost2,

Still this code is not working below:

<?php
if(!isset($_SESSION["myusername"]))
{
die(header("location:index.html"));
}
else
{
session_start();
$_SESSION['myusername'] = 'myusername';
{
header("location:ticket.html");
}
}
?>

Please advise if I am doing anything wrong:

Result it is showing redirect to index.html although login is scusess full I think it is not executing next half function pls help....

cffrost2




msg:4490644
 1:35 pm on Sep 2, 2012 (gmt 0)

else
{
session_start();
$_SESSION['myusername'] = 'myusername';
{
header("location:ticket.html");
}
}


Looks like you have an unneeded pair of curley brackets after else. Should be
else
{
session_start();
$_SESSION['myusername'] = 'myusername';
header("location:ticket.html");
}


Also, when using sessions, you need to have session_start() at the very top of each page before you can set a session var or access a session var. you are starting the session in the else block. That should be at the very top of the page. And at the very top of you login page. And why are you setting the myusername session var in the else block? That should already be set from being logged in like in the login code changes I gave earlier.

Hope that helps.

nani nisha06




msg:4490876
 10:23 am on Sep 3, 2012 (gmt 0)

cffrost2,

I have added in every page at top but it is by default giving Access denied even I have try to use If else still it throws the same error pls help me.

if(!isset($_SESSION["myusername"]))
{
die('Access Denied');
}

I hope that makes sense.

nani nisha06




msg:4491250
 1:18 pm on Sep 4, 2012 (gmt 0)

this suppose to be solved now .....but have some glitches on other pages.....

nani nisha06




msg:4494175
 9:37 am on Sep 12, 2012 (gmt 0)

Confirmed solved :)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved