Forum Moderators: coopster
Let's say that I have a MySQL database with 1 record for each client.
Now one client wants to modify his own record, how do you do just that using PHP?
I created a htaccess form for my clients but the problem I have is that they can edit the records of ALL my clients.
Anybody have a php script to paste here for me?
Thanks,
Mtlinfo
PHP Authentication was easy to cut & paste if you knew this web site (I learned PHP Authentication in 10 seconds flat with this tutorial hehe).
[zend.com...]
Now the problem that I have here is to associate the username/password of a user with the data he submitted in my MySQL db in order for that user to display and edit his data if he wants to.
Here's what I mean.
Say I have a guestbook...
When a user fills the form he's asked for 3 fields, a username, password and a comment.
Now let's say that this user wants to edit his comment. He then goes to the edit page and enter his username and password.
If the username/password match, the comment he made appears in a form and he can edit it and hit submit again.
HTTP Authentication is as easy as .htaccess. The script links the username and password and if they match it says access granted or it redirects you to another page.
But how the hell do you link a username/password with the Table fields attached to it?
Anyone has a PHP script like this that almost thinks by itself?
This username/password links to this message and that one links to this other message?
I guess it exist since most sites and forums let you edit your personal information by letting you enter your username and password first and then you can edit your stuff.
Thanks,
Mtlinfo
For a guestbook application I don't know if you even need authentication - just assign each entry a random string, send it to the poster as an email, and use that to approve updates.
I started playing with PHP and MySQL about hmmmm...3 days ago ;-)
I learned by tutorial and cut & pasting examples so please If you have a solution to my problem please cut & paste some stuff here otherwise you will lose me.
Btw, i'm doing more like a classified ads site then a guestbook which was just an example here.
Basically, each user will have 1 record of many fields (username, password, name, phone, email, ad, etc).
What PHP code would you insert a page so that by entering juste the username/password, it would extract the entire record of that user so that he can edit it?
Mtlinfo
[edited by: Mtlinfo at 11:40 am (utc) on Mar. 18, 2004]
SELECT id, passwd FROM classifieds WHERE user='$PHP_AUTH_USER'$passed = false;
while (<fetch_result>) {
if ($PHP_AUTH_PW == <passwd>) {
$id = <id>;
$passed = true;
break;
}
}if (!$passed) <login failed>
After the code is run then you should have a value in the $id field that corresponds to their classified id.
Really you should be using encryption on the passwd field, and your users might want to be able to log out without quitting the browser - but that's another story.
Let's see here. I guess all I have to do is add the
<?php and?> tags at both ends to make it work right (see code below)? Hey I told you I was a newbie here ;-)
I guess also that I would need the basic mysql connect codes with the username, password and localhost at the top of the script?
id his must be the first table field and classifieds be the name of the Table while user must be the username of that record. correct?
Ok this is your code with my info in it. For example my table is called Ads_Data, the username field for each user is called User_Username and User_Password for the pasword field.
Btw, it doesn't work like this...any ide why? I don't even have a username/password prompt popping up.
<?php
$connection = mysql_connect ("localhost", "username", "password");
if ($connection == false){
echo mysql_errno().": ".mysql_error()."<BR>";
exit;
}
SELECT Id, User_Password FROM Ads_Data WHERE User_Username='$PHP_AUTH_USER'
$passed = false;
while (<fetch_result>) {
if ($PHP_AUTH_PW == <User_Password>) {
$Id = <Id>;
$passed = true;
break;
}
}
if (!$passed) <login failed>
?>
Of course as a newbie my next question is where do you insert your code into the tutorial code? At the end of it? In the middle? Do you overwrite some lines in the process and if so which one?
Here's the 2 codes, if you can just cut & paste your code on top of the tutorial code i'm pasting here that would make my day.
= = = = = = Your code = = = = = =
<?php
SELECT Id, User_Password FROM Ads_Data WHERE User_Username='$PHP_AUTH_USER'
$passed = false;
while (<fetch_result>) {
if ($PHP_AUTH_PW == <User_Password>) {
$Id = <Id>;
$passed = true;
break;
}
}
if (!$passed) <login failed>
?>
= = = = = = = Tutorial code = = = = = = =
<?php
$auth = false; // Assume user is not authenticated
if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {
// Connect to MySQL
mysql_connect( 'localhost', 'username', 'password' )
or die ( 'Unable to connect to server.' );
// Select database on MySQL server
mysql_select_db( 'my_db' )
or die ( 'Unable to select database.' );
// Formulate the query
$sql = "SELECT * FROM Ads_Data WHERE
User_Username = '$PHP_AUTH_USER' AND
User_password = '$PHP_AUTH_PW'";
// Execute the query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ( $num!= 0 ) {
// A matching row was found - the user is authenticated.
$auth = true;
}
}
if (! $auth ) {
header( 'WWW-Authenticate: Basic realm="Private"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;
} else {
header( 'Location: [mysite...] .com.com/members/edit.php' );
}
?>
