Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 36
  1. #16
    New Coder
    Join Date
    Oct 2012
    Posts
    29
    Thanks
    10
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Arcticwarrio View Post
    ok, so take that line back out and post the code your setting the variable with
    PHP Code:
    <?php

    include 'connect.php';

        if(
    $_SERVER['REQUEST_METHOD'] != 'POST')
        {
            
    $sql "SELECT * from gs04";
            
            
    $result mysql_query($sql);
            
                if(!
    $result)
                    {
                        
    //the query failed, uh-oh :-(
                        
    echo 'Error while selecting from database. Please try again later.';
                    }
                    else
                    {
                        if(
    mysql_num_rows($result) > 0)
                        {
                            if(isset(
    $_SESSION['profile'])){
                            echo 
    '<form method="post" action="">';
                            if(
    $_SESSION['profile'] == 'Student')
                            {
                                
                                echo 
    '<p>Thesis Title: <br> <textarea cols="50" rows="5" name="thesis_title" wrap="hard"></textarea></p>';
                                echo 
    '<p>Propsal Date: <input type="text" id="datepicker" /></p>';
                                echo 
    '<p>Proposal Supervisor: <input type="text" name="prop_supervisor" /></p>';
                            }
                            if (
    $_SESSION['profile'] == 'Lecturer'){
                                echo 
    '<p>=Lecturer Comments: <input type="text" name="lecturer_comment" /></p>';
                            }
                            if (
    $_SESSION['profile'] == 'Admin'){
                                echo 
    '<p>=Admin Comments: <input type="text" name="admin_comment" /></p>
                                <input type="submit" value="Submit" />'
    ;
                            
                            }
                            echo 
    '</form>';
                        }  
                    }
                }
            }
        else
            {
                
    $sql "INSERT INTO gs04(thesis_title, date, prop_supervisor, superisor_comment, dean_comment, user_id, s_reg)
                        VALUES('" 
    mysql_real_escape_string($_POST['thesis_title']) . "',
                                   NOW(),
                                   " 
    mysql_real_escape_string($_POST['prop_supervisor']) . ",
                                   " 
    mysql_real_escape_string($_POST['supervisor_comment']) . ",
                                   " 
    mysql_real_escape_string($_POST['dean_comment']) . ",
                                   " 
    $_SESSION['user_id'] . ",
                                   " 
    $_SESSION['s_reg'] . "
                                   )"
    ;
                                   
                
    $result mysql_query($sql);
                if(!
    $result)
                {
                        
    //something went wrong, display the error
                        
    echo 'An error occured while inserting your post. Please try again later.<br /><br />' mysql_error();
                        
    $sql "ROLLBACK;";
                        
    $result mysql_query($sql);
                }
                else
                {
                        
    $sql "COMMIT;";
                        
    $result mysql_query($sql);
                        
                        
    //after a lot of work, the query succeeded!
                        
    echo 'You have succesfully inserted your data.';
                }
            }

    ?>
    Last edited by hujan; 03-25-2013 at 10:09 PM.

  2. #17
    Regular Coder Arcticwarrio's Avatar
    Join Date
    May 2012
    Location
    UK
    Posts
    721
    Thanks
    20
    Thanked 84 Times in 84 Posts
    you need to set $_SESSION['profile'] with your login script
    There are 10 types of people on CodingForums,
    Those who understand Binary and those who dont.
    Get Cloud Hosting now from only£59 / month

  3. #18
    New Coder
    Join Date
    Oct 2012
    Posts
    29
    Thanks
    10
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Arcticwarrio View Post
    you need to set $_SESSION['profile'] with your login script
    Still give me blank page. BTW below is my check_login.php page:

    PHP Code:
    <?php
    $_SESSION
    ['profile'];
    // Connect to server and select databse.
    mysql_connect("localhost""root""")or die("cannot connect"); 
    mysql_select_db("test")or die("cannot select DB");

    // username and password sent from form 
    $myusername=$_POST['myusername']; 
    $mypassword=$_POST['mypassword']; 

    // To protect MySQL injection (more detail about MySQL injection)
    $myusername stripslashes($myusername);
    $mypassword stripslashes($mypassword);
    $myusername mysql_real_escape_string($myusername);

    $path "wrong.php";
    $usercond true;
    preg_match("/^\w{2,10}$/"$myusername,$match);
    $row 0;
    if (!empty(
    $match[0]))
    {
        
    //$sql="SELECT * FROM user WHERE username='$myusername'";//only for user table not for student
        //$sql = "SELECT * FROM user WHERE username = '$myusername' AND password = '$mypassword' 
        //        UNION
        //        SELECT * FROM student WHERE username = '$myusername' AND password = '$mypassword'";
        /*$sql= "SELECT *, NULL as s_reg, NULL as s_gender, NULL as s_ic, NULL as s_dob, NULL as _contact, NULL as s_email, NULL as s_addr1, 
        NULL as s_addr2, NULL as country, NULL as s_dept, NULL as s_post FROM user WHERE username='$myusername' and password='$mypassword'

        UNION

        SELECT *, NULL as id, NULL as profile, NULL as name, NULL as gender, NULL as dob, NULL as contact, NULL as addr, NULL as email FROM
        student WHERE username='$myusername' and password='$mypassword'";        */
        
        /*$sql="SELECT * FROM student WHERE username='$myusername' and password='$mypassword'
            UNION
            SELECT * FROM user WHERE username='$myusername' and password='$mypassword'";*/
        
        /*$sql="select  'U' as userType, id, username from user where username = '$myusername' and password='$mypassword' 
       union 
       select  'C' as userType, s_reg, s_name from student where username = '$myusername' and password_hash = '$mypassword'";*/
       
       
    $sql="SELECT * from user where username='$myusername'";
         
        
    $result=mysql_query($sql);
        
    $row=mysql_fetch_assoc($result);
        
    $mypassword mysql_real_escape_string($mypassword);
        if(
    $mypassword != $row['password'])
        
    $row 0;
    }

    if ( !empty(
    $row) > 0
    {
    $_SESSION['myusername']=$myusername;
    $_SESSION['profile']=$row['profile'];

    if(
    $row['profile']=='Administrator'//admin user
    {
    $path "admin/admin_menu.php";
    }
    elseif(
    $row['profile']=='Lecturer'//dean

    $path ="lec/lec_menu.html";
    }
    elseif(
    $row['profile']=='Student'//student

    $path ="student/student_menu.php";
    }
    elseif(
    $row['profile'] =='Lecturer'//lecturer
    {
    $path ="lecturer/lecturer_menu.html";
    }
    }
    header("Location: ".$path);
    ?>
    Last edited by hujan; 03-26-2013 at 10:24 AM.

  4. #19
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,849
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    PHP Code:
    $result=mysql_query($sql);
        
    $row=mysql_fetch_assoc($result);
        
    $mypassword mysql_real_escape_string($mypassword);
        if(
    $mypassword != $row['password'])
        
    $row 0;
    }

    if ( !empty(
    $row) > 0
    This is not the way to code.

    You may change it like
    PHP Code:
    $sql="SELECT * from user where username='$myusername' and password='$mypassword'"// real_escape_string need to applied before this line 
    $result=mysql_query($sql);

    if ( 
    mysql_num_rows($result)!=0) {
    //login
    //set session

    }
    else{
    // invalid username/password

    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  5. #20
    New Coder
    Join Date
    Oct 2012
    Posts
    29
    Thanks
    10
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by abduraooft View Post
    This is not the way to code.

    You may change it like
    PHP Code:
    $sql="SELECT * from user where username='$myusername' and password='$mypassword'"// real_escape_string need to applied before this line 
    $result=mysql_query($sql);

    if ( 
    mysql_num_rows($result)!=0) {
    //login
    //set session

    }
    else{
    // invalid username/password

    After the changes, it only display blank page .

    Below is the changed code for the check_login.php
    PHP Code:
    <?php

    // Connect to server and select databse.
    mysql_connect("localhost""root""")or die("cannot connect"); 
    mysql_select_db("test")or die("cannot select DB");

    // username and password sent from form 
    $myusername=$_POST['myusername']; 
    $mypassword=$_POST['mypassword']; 

    // To protect MySQL injection (more detail about MySQL injection)
    $myusername stripslashes($myusername);
    $mypassword stripslashes($mypassword);
    $myusername mysql_real_escape_string($myusername);

    $path "wrong.php";
    $usercond true;
    preg_match("/^\w{2,10}$/"$myusername,$match);
    $row 0;
    if (!empty(
    $match[0]))
    {
        
    $mypassword mysql_real_escape_string($mypassword);
        
    $sql="SELECT * from user where username='$myusername' and password='$mypassword'"// real_escape_string need to applied before this line 
        
    $result=mysql_query($sql);

    if (
    mysql_num_rows($result)!=0

        
    $_SESSION['myusername']=$myusername;
        
    $_SESSION['profile']=$row['profile'];

            if(
    $row['profile']=='Administrator'//admin user
            
    {
            
    $path "admin/admin_menu.php";
            
    $_SESSION['profile'] = 'Administrator';  
            }
            elseif(
    $row['profile']=='Dean'//dean
            

            
    $path ="dean/dean_menu.html";
            
    $_SESSION['profile'] = 'Dean';  
            }
            elseif(
    $row['profile']=='Student'//student
            

            
    $path ="student/student_menu.php";
            
    $_SESSION['profile'] = 'Student';  
            }
            elseif(
    $row['profile'] =='Lecturer'//lecturer
            
    {
            
    $path ="lecturer/lecturer_menu.html";
            
    $_SESSION['profile'] = 'Lecturer';  
            }
    }
    else {
        
    header("location: ".$path);
        }
    }
    ?>
    please help me :'(

  6. #21
    New Coder
    Join Date
    Oct 2012
    Posts
    29
    Thanks
    10
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by abduraooft View Post
    This is not the way to code.

    You may change it like
    PHP Code:
    $sql="SELECT * from user where username='$myusername' and password='$mypassword'"// real_escape_string need to applied before this line 
    $result=mysql_query($sql);

    if ( 
    mysql_num_rows($result)!=0) {
    //login
    //set session

    }
    else{
    // invalid username/password

    After the changes, it only display blank page .

    Below is the changed code for the check_login.php
    PHP Code:
    <?php

    // Connect to server and select databse.
    mysql_connect("localhost""root""")or die("cannot connect"); 
    mysql_select_db("test")or die("cannot select DB");

    // username and password sent from form 
    $myusername=$_POST['myusername']; 
    $mypassword=$_POST['mypassword']; 

    // To protect MySQL injection (more detail about MySQL injection)
    $myusername stripslashes($myusername);
    $mypassword stripslashes($mypassword);
    $myusername mysql_real_escape_string($myusername);

    $path "wrong.php";
    $usercond true;
    preg_match("/^\w{2,10}$/"$myusername,$match);
    $row 0;
    if (!empty(
    $match[0]))
    {
        
    $mypassword mysql_real_escape_string($mypassword);
        
    $sql="SELECT * from user where username='$myusername' and password='$mypassword'"// real_escape_string need to applied before this line 
        
    $result=mysql_query($sql);

    if (
    mysql_num_rows($result)!=0

        
    $_SESSION['myusername']=$myusername;
        
    $_SESSION['profile']=$row['profile'];

            if(
    $row['profile']=='Administrator'//admin user
            
    {
            
    $path "admin/admin_menu.php";
            
    $_SESSION['profile'] = 'Administrator';  
            }
            elseif(
    $row['profile']=='Dean'//dean
            

            
    $path ="dean/dean_menu.html";
            
    $_SESSION['profile'] = 'Dean';  
            }
            elseif(
    $row['profile']=='Student'//student
            

            
    $path ="student/student_menu.php";
            
    $_SESSION['profile'] = 'Student';  
            }
            elseif(
    $row['profile'] =='Lecturer'//lecturer
            
    {
            
    $path ="lecturer/lecturer_menu.html";
            
    $_SESSION['profile'] = 'Lecturer';  
            }
    }
    else {
        
    header("location: ".$path);
        }
    }
    ?>
    please help me

  7. #22
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,849
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Add
    PHP Code:
     echo "num rows : ".mysql_num_rows($result); 
    after
    PHP Code:
    $result=mysql_query($sql); 
    and see if it displays anything.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  8. #23
    New Coder
    Join Date
    Oct 2012
    Posts
    29
    Thanks
    10
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by abduraooft View Post
    Add
    PHP Code:
     echo "num rows : ".mysql_num_rows($result); 
    after
    PHP Code:
    $result=mysql_query($sql); 
    and see if it displays anything.
    it gives me:

    Code:
    num rows : 1

  9. #24
    Regular Coder Arcticwarrio's Avatar
    Join Date
    May 2012
    Location
    UK
    Posts
    721
    Thanks
    20
    Thanked 84 Times in 84 Posts
    what does this show?

    echo $row['profile'];
    There are 10 types of people on CodingForums,
    Those who understand Binary and those who dont.
    Get Cloud Hosting now from only£59 / month

  10. #25
    Regular Coder Arcticwarrio's Avatar
    Join Date
    May 2012
    Location
    UK
    Posts
    721
    Thanks
    20
    Thanked 84 Times in 84 Posts
    have just also noticed if login works you dont have a redirect.

    PHP Code:

    //blah blah
            
    elseif($row['profile'] =='Lecturer'//lecturer
            
    {
            
    $path ="lecturer/lecturer_menu.html";
            
    $_SESSION['profile'] = 'Lecturer';  
            }
        
    header("location: ".$path); // added this line
    }
    else {
        
    header("location: ".$path);
        }
    }
    ?> 
    There are 10 types of people on CodingForums,
    Those who understand Binary and those who dont.
    Get Cloud Hosting now from only£59 / month

  11. #26
    New Coder
    Join Date
    Oct 2012
    Posts
    29
    Thanks
    10
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Arcticwarrio View Post
    have just also noticed if login works you dont have a redirect.

    PHP Code:

    //blah blah
            
    elseif($row['profile'] =='Lecturer'//lecturer
            
    {
            
    $path ="lecturer/lecturer_menu.html";
            
    $_SESSION['profile'] = 'Lecturer';  
            }
        
    header("location: ".$path); // added this line
    }
    else {
        
    header("location: ".$path);
        }
    }
    ?> 
    What do u mean?i dont understand... It was working before but now i only got num rows : 1

  12. #27
    New Coder
    Join Date
    Oct 2012
    Posts
    29
    Thanks
    10
    Thanked 0 Times in 0 Posts
    Below is my original check_login.php script

    PHP Code:
     <?php

    // Connect to server and select databse.
    mysql_connect("localhost""root""")or die("cannot connect"); 
    mysql_select_db("test")or die("cannot select DB");

    // username and password sent from form 
    $myusername=$_POST['myusername']; 
    $mypassword=$_POST['mypassword']; 

    // To protect MySQL injection (more detail about MySQL injection)
    $myusername stripslashes($myusername);
    $mypassword stripslashes($mypassword);
    $myusername mysql_real_escape_string($myusername);

    $path "wrong.php";
    $usercond true;
    preg_match("/^\w{2,10}$/"$myusername,$match);
    $row 0;
    if (!empty(
    $match[0]))
    {
        
    //$sql="SELECT * FROM user WHERE username='$myusername'";//only for user table not for student
        //$sql = "SELECT * FROM user WHERE username = '$myusername' AND password = '$mypassword' 
        //        UNION
        //        SELECT * FROM student WHERE username = '$myusername' AND password = '$mypassword'";
        /*$sql= "SELECT *, NULL as s_reg, NULL as s_gender, NULL as s_ic, NULL as s_dob, NULL as _contact, NULL as s_email, NULL as s_addr1, 
        NULL as s_addr2, NULL as country, NULL as s_dept, NULL as s_post FROM user WHERE username='$myusername' and password='$mypassword'

        UNION

        SELECT *, NULL as id, NULL as profile, NULL as name, NULL as gender, NULL as dob, NULL as contact, NULL as addr, NULL as email FROM
        student WHERE username='$myusername' and password='$mypassword'";        */
        
        /*$sql="SELECT * FROM student WHERE username='$myusername' and password='$mypassword'
            UNION
            SELECT * FROM user WHERE username='$myusername' and password='$mypassword'";*/
        
        /*$sql="select  'U' as userType, id, username from user where username = '$myusername' and password='$mypassword' 
       union 
       select  'C' as userType, s_reg, s_name from student where username = '$myusername' and password_hash = '$mypassword'";*/
       
       
    $sql="SELECT * from user where username='$myusername'";
         
        
    $result=mysql_query($sql);
        
    $row=mysql_fetch_assoc($result);
        
    $mypassword mysql_real_escape_string($mypassword);
        if(
    $mypassword != $row['password'])
        
    $row 0;
    }

    if ( !empty(
    $row) > 0
    {
    $_SESSION['myusername']=$myusername;
    $_SESSION['profile']=$row['profile'];

    if(
    $row['profile']=='Administrator'//admin user
    {
    $path "admin/admin_menu.php";
    }
    elseif(
    $row['profile']=='Lecturer'//dean

    $path ="lec/lec_menu.html";
    }
    elseif(
    $row['profile']=='Student'//student

    $path ="student/student_menu.php";
    }
    elseif(
    $row['profile'] =='Lecturer'//lecturer
    {
    $path ="lecturer/lecturer_menu.html";
    }
    }
    header("Location: ".$path);
    ?>
    Last edited by hujan; 03-26-2013 at 03:20 PM.

  13. #28
    New Coder
    Join Date
    Oct 2012
    Posts
    29
    Thanks
    10
    Thanked 0 Times in 0 Posts
    I already added header("location: ".$path); // added this line. and it bring me to the respective page.

    PHP Code:

            
    ......
        elseif(
    $row['profile'] =='Lecturer'//lecturer
        
    {
            
    $path ="lecturer/lecturer_menu.html";
            
        }
        
    header("location: ".$path); // added this line
    }
    else{
        
    header("Location: ".$path);
    }

    ?> 
    Last edited by hujan; 03-26-2013 at 03:17 PM.

  14. #29
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,849
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    PHP Code:
    if (mysql_num_rows($result)!=0

        
    $_SESSION['myusername']=$myusername;
        
    $_SESSION['profile']=$row['profile']; 
    The above code has to be like
    Code:
    if (mysql_num_rows($result)!=0) 
    { 
    $row=mysql_fetch_assoc($result);   
     $_SESSION['myusername']=$myusername;
        $_SESSION['profile']=$row['profile'];
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  15. #30
    New Coder
    Join Date
    Oct 2012
    Posts
    29
    Thanks
    10
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by abduraooft View Post
    The above code has to be like
    Code:
    if (mysql_num_rows($result)!=0) 
    { 
    $row=mysql_fetch_assoc($result);   
     $_SESSION['myusername']=$myusername;
        $_SESSION['profile']=$row['profile'];
    I only edit to if ( !empty($row) != 0) cause if i add $row=mysql_fetch_assoc($result); it gives me back to wrong.php

    So far, my log in is doing great. My problem is when:

    1) Student sign in and open a form; which display Thesis title, Proposal date and Proposal supervisor

    2) For Lecturer; will should display all the data that had been entered by student (view the data that was enter by a student) and a comment field for Lecturer to fill in.

    3) For Admin, it should display all the entered data by the Student and Lecturer; and a comment field for Admin to fill in

    all this requirements still not yet success
    Last edited by hujan; 03-26-2013 at 04:32 PM.


 
Page 2 of 3 FirstFirst 123 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •