please if u can help me
i have created a log in on dreamweaver and i had created one intranet in one company coz i have on study project to do
i have created emploeys with their datas
and created a log in form on dreamweaver
but the problem is: when i log in as a username :grisel with the pasword :grisel the programs showed me my datas and all the other users datas
i want a restrict acces when i log in as grisel, program show me only grisel datas and not the others users datas
if u got it the problem,please give me an asnwer
griselndria 0 Newbie Poster
ainosilva 0 Light Poster
you need to filter the sql syntax that you are using, can you post the code here?
griselndria 0 Newbie Poster
prova _db.php :
<?php
# FileName="Connection_php_mysql.htm"
# Type="MYSQL"
# HTTP="true"
$hostname_prova_db = "localhost";
$database_prova_db = "intranet_db";
$username_prova_db = "root";
$password_prova_db = "";
$prova_db = mysql_pconnect($hostname_prova_db, $username_prova_db, $password_prova_db) or trigger_error(mysql_error(),E_USER_ERROR);
?>
prova.php :
<?php require_once('../Connections/prova_db.php'); ?>
<?php
mysql_select_db($database_prova_db, $prova_db);
$query_rs1 = "SELECT * FROM punonjesit ";
$rs1 = mysql_query($query_rs1, $prova_db) or die(mysql_error());
$row_rs1 = mysql_fetch_assoc($rs1);
$totalRows_rs1 = mysql_num_rows($rs1);
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<?php echo $row_rs1['Emri_Depart']; ?>
<p>
<?php
mysql_free_result($rs1);
?>
</p>
<p><?php echo $row_rs1['Emri_drejtor']; ?></p>
<body>
</body>
</html>
loglog.php :
<?php require_once('../../../Connections/user1_db.php'); ?><?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "Connections/user1.php";
$MM_redirectLoginFailed = "loglog.php";
$MM_redirecttoReferrer = true;
mysql_select_db($database_user1_db, $user1_db);
$LoginRS__query=sprintf("SELECT username, mbiemri FROM punonjesit WHERE username='%s' AND mbiemri='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $user1_db) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && true) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?><!DOCTYPE html>
<html lang="en">
<head>
<title>Home</title>
<meta charset="utf-8">
<meta name="description" content="Your description">
<meta name="keywords" content="Your keywords">
<meta name="author" content="Your name">
<link rel="stylesheet" href="css/style.css">
<script src="js/jquery-1.6.4.min.js"></script>
<script src="js/cufon-yui.js"></script>
<script src="js/Franklin_Gothic_Medium_400.font.js"></script>
<script src="js/cufon-replace.js"></script>
<script src="js/script.js"></script>
<!--[if lt IE 7]>
<div class='aligncenter'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://storage.ie6countdown.com/assets/100/images/banners/warning_bar_0000_us.jpg"border="0"></a></div>
<![endif]-->
<!--[if lt IE 9]>
<script src="js/html5.js"></script>
<link rel="stylesheet" href="css/ie.css">
<![endif]-->
</head>
<body>
<div class="bg">
<!--==============================header=================================-->
<header>
<div class="main">
<h1> </h1>
<nav>
<ul class="sf-menu">
<li class="current"><a href="index.html">home</a><ul>
<li><a href="../../../Home.htm">Historik</a></li>
<li><a href="more.html">Struktura Organizative</a></li>
<li><a href="Kushtet_e_pergjithshme_te_punes_te_Bankes_se_Shqiperise.pdf">Rregulla Administrative </a></li>
</ul>
</li>
<li><a href="../../../POLITIKA MONETARE.docx">politika monetare </a></li>
<li><a href="../../../ISO_14001_TRAINING_ALB.pdf">trajnime</a></li>
<li><a href="index-4.html">blog</a></li>
<li></a></li>
<li></li>
</ul>
<form action="/webroot/intranet_site/intranet_result.php" method="get" name="fmsearch" id="fmsearch">
<table width="323">
<!--DWLayoutTable-->
<tr>
<th width="40" height="35"><!--DWLayoutEmptyCell--> </th>
<th width="150" valign="top"><!--DWLayoutEmptyCell--> </th>
<th width="52" valign="top"><!--DWLayoutEmptyCell--> </th>
</tr></table>
</form>
</nav>
<div class="clear"></div>
<div class="shadow">
<div class="main-img"></div>
<img src="../../../images/banka2.bmp" alt="banka" longdesc="../../../images/banka2.bmp">
<ul class="links">
<li></li>
<li></li>
<li></li>
</ul>
</div>
</div>
</header>
<!--==============================content================================-->
<section id="content">
</div>
</div>
<h3>User Login</h3>
<table border="0">
<form method="POST" action="<?php echo $loginFormAction; ?>">
<tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20"></td></tr>
<tr><td>Password</td><td>:</td>
<td><a href="http://localhost/webroot/intranet_site/Templates/free_extended-package-templates_udwl2lyk39k5pqr9/site/user1.php"></a>
<input type="password" name="password" size="20"></td></tr>
<tr><td> </td><td> </td>
<td><a href="http://localhost/webroot/intranet_site/Templates/free_extended-package-templates_udwl2lyk39k5pqr9/site/user1.php">
<input name="submit" type="submit" value="Login" >
</a></td>
</tr>
</form>
</table>
<form name="form1" method="post" action="">
<label></label>
</form>
</body>
</html>
griselndria 0 Newbie Poster
tell me if i have wrong query coz shows me the table with the attributes but dosnt show me the uesers data
ainosilva 0 Light Poster
I dont understant what's line 58: mysql_select_db($database_user1_db, $user1_db);
there's no variables ..._user1 are they on user1_db.php?
griselndria 0 Newbie Poster
and the right query should be ?
ainosilva 0 Light Poster
and it goes to "Connections/user1.php"? are the sessions with the correct values on the other page?
griselndria 0 Newbie Poster
ok thats mt worng,user 1 is not variabel.u w right,but i didnt change to prova.db that connect to the other page,here is the my right code,and i wanna know if u can give me an answer how i will get user details display
lolog.php
<?php require_once('../../../Connections/prova_db.php'); ?><?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "Connections/prova.php";
$MM_redirectLoginFailed = "loglog.php";
$MM_redirecttoReferrer = true;
mysql_select_db($database_user1_db, $user1_db);
$LoginRS__query=sprintf("SELECT username, mbiemri FROM punonjesit WHERE username='%s' AND mbiemri='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $user1_db) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && true) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?><!DOCTYPE html>
<html lang="en">
<head>
<title>Home</title>
<meta charset="utf-8">
<meta name="description" content="Your description">
<meta name="keywords" content="Your keywords">
<meta name="author" content="Your name">
<link rel="stylesheet" href="css/style.css">
<script src="js/jquery-1.6.4.min.js"></script>
<script src="js/cufon-yui.js"></script>
<script src="js/Franklin_Gothic_Medium_400.font.js"></script>
<script src="js/cufon-replace.js"></script>
<script src="js/script.js"></script>
<!--[if lt IE 7]>
<div class='aligncenter'><a href="http://www.microsoft.com/windows/internet-explorer/default.aspx?ocid=ie6_countdown_bannercode"><img src="http://storage.ie6countdown.com/assets/100/images/banners/warning_bar_0000_us.jpg"border="0"></a></div>
<![endif]-->
<!--[if lt IE 9]>
<script src="js/html5.js"></script>
<link rel="stylesheet" href="css/ie.css">
<![endif]-->
</head>
<body>
<div class="bg">
<!--==============================header=================================-->
<header>
<div class="main">
<h1> </h1>
<nav>
<ul class="sf-menu">
<li class="current"><a href="index.html">home</a><ul>
<li><a href="../../../Home.htm">Historik</a></li>
<li><a href="more.html">Struktura Organizative</a></li>
<li><a href="Kushtet_e_pergjithshme_te_punes_te_Bankes_se_Shqiperise.pdf">Rregulla Administrative </a></li>
</ul>
</li>
<li><a href="../../../POLITIKA MONETARE.docx">politika monetare </a></li>
<li><a href="../../../ISO_14001_TRAINING_ALB.pdf">trajnime</a></li>
<li><a href="index-4.html">blog</a></li>
<li></a></li>
<li></li>
</ul>
<form action="/webroot/intranet_site/intranet_result.php" method="get" name="fmsearch" id="fmsearch">
<table width="323">
<!--DWLayoutTable-->
<tr>
<th width="40" height="35"><!--DWLayoutEmptyCell--> </th>
<th width="150" valign="top"><!--DWLayoutEmptyCell--> </th>
<th width="52" valign="top"><!--DWLayoutEmptyCell--> </th>
</tr></table>
</form>
</nav>
<div class="clear"></div>
<div class="shadow">
<div class="main-img"></div>
<img src="../../../images/banka2.bmp" alt="banka" longdesc="../../../images/banka2.bmp">
<ul class="links">
<li></li>
<li></li>
<li></li>
</ul>
</div>
</div>
</header>
<!--==============================content================================-->
<section id="content">
</div>
</div>
<h3>User Login</h3>
<table border="0">
<form method="POST" action="<?php echo $loginFormAction; ?>">
<tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20"></td></tr>
<tr><td>Password</td><td>:</td>
<td><a href="http://localhost/webroot/intranet_site/Templates/free_extended-package-templates_udwl2lyk39k5pqr9/site/user1.php"></a>
<input type="password" name="password" size="20"></td></tr>
<tr><td> </td><td> </td>
<td><a href="http://localhost/webroot/intranet_site/Templates/free_extended-package-templates_udwl2lyk39k5pqr9/site/user1.php">
<input name="submit" type="submit" value="Login" >
</a></td>
</tr>
</form>
</table>
<form name="form1" method="post" action="">
<label></label>
</form>
</body>
</html>
ainosilva 0 Light Poster
ok, questions: when you type your username everything is fine? it goes to success page?
after line 26 put this:
echo $LoginRS__query;
what appears?
go to your mysql console or phpmyadmin and paste the query that will appear on the page
Yorkiebar14 0 Junior Poster in Training
Hey, I may be able to help if I understand your question correctly. You want to make it so only the user grisel can see grisel's data and no-one else can see grisel's data?
griselndria 0 Newbie Poster
yes of course,only grisel can see the grisel datas and no only can see grisel datas,thats my question,when i log in as user 1 only user 1 can see his datas
phorce 131 Posting Whiz in Training Featured Poster
@griseindria - Just select it off SESSIONS then..?
I.e.
<?php
if(!isset($_SESSION['user_session']))
exit("You do not have permission to access this page, sorry");
$query = "SELECT * FROM profile WHERE user_id='{$_SESSION['user_id']}'";
$res = mysql_query($query);
if(!mysql_affected_rows() == 1)
exit("Couldn't find the details");
while($row = mysql_fetch_array($res))
{
// only display the users details
}
?>
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.