Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Help please with PHP- want admin to view all results in displayed table

M

macmanone

macrumors newbie
Original poster
Mar 18, 2009
4
0
im using this code to display who is logged in and all the projects they are apart of and it works
but what i want i is the user whos logged in is admin it diplays all the table info
i tried a if statement and it wouldnt work for me if someone doesnt mind helping it would be greatly appreciated
the code is:
<?
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>
<html>
<body>
Login Successful
<div id="welcome"><span class="welcomeHead">
Welome, <?= $_SESSION['myusername'] ?>.</span><br />
</body>
</html>
<html><head><title>Current Projects for <?= $_SESSION['myusername'] ?></title>
<style type="text/css">
<!--
@import url("csstable.css");
-->
</style>
</head><body>
<?php
$db_host = 'localhost';
$db_user = 'root';
$db_pwd = 'root';

$database = 'test';
$table = 'uploads';

if (!mysql_connect($db_host, $db_user, $db_pwd))
die("Can't connect to database");

if (!mysql_select_db($database))
die("Can't select database");

// sending query


$result = mysql_query("SELECT id, filename, filesize, filetype, username FROM $table WHERE username = '" . mysql_real_escape_string($_SESSION['myusername']) . "'");
if (!$result) {
die("Query to show fields from table failed");
}

$fields_num = mysql_num_fields($result);

echo "<h1>Table: {$table}</h1>";
echo "<table border='1'><tr>";
// printing table headers
for($i=0; $i<$fields_num; $i++)
{
$field = mysql_fetch_field($result);
echo "<td><b><u>{$field->name}</td>";
}
echo "</tr>\n";
// printing table rows
while($row = mysql_fetch_row($result))
{
echo "<tr>";

// $row is array... foreach( .. ) puts every element
// of $row to $cell variable
foreach($row as $cell)
echo "<td>$cell</td>";

echo "</tr>\n";
}
mysql_free_result($result);
?>

</body></html>
Click to expand...
 
but what i want i is the user whos logged in is admin it diplays all the table info
Click to expand...

This is not clear. You mean only admins see the table info, or you mean include in the table info only users who are admins?

In either situation, you need to tell me what makes a user an admin. If it's a field in a table, I need the table name and field name and value. If it's something else, please explain. Thanks! I don't want to guess on any of this and waste your time.

-jim
 
SrWebDeveloper said:
This is not clear. You mean only admins see the table info, or you mean include in the table info only users who are admins?

In either situation, you need to tell me what makes a user an admin. If it's a field in a table, I need the table name and field name and value. If it's something else, please explain. Thanks! I don't want to guess on any of this and waste your time.

-jim
Click to expand...

before this is a login page
eg.
right now if i login with joe myusername = joe and shows all of joe's projects
i want it so if myusername = admin it will list all of the projects for everyone

if that makes more sence at the moment theres only one admin and i plan on them logging with a account called admin
 
Based on your stated requirements:

Find:

PHP: 
$result = mysql_query("SELECT id, filename, filesize, filetype, username FROM $table WHERE username = '" . mysql_real_escape_string($_SESSION['myusername']) . "'");

Replace with:

PHP: 
// If current logged in user is admin show all user info from the database....
if (strtolower($_SESSION['myusername'])=='admin'){
$result = mysql_query("SELECT id, filename, filesize, filetype, username   FROM $table");
}
else {
// If not an admin, display info for the current user only...
$result = mysql_query("SELECT id, filename, filesize, filetype, username FROM $table WHERE username = '" . mysql_real_escape_string($_SESSION['myusername']) . "'");
}

Note: The "else" condition uses the same query as in your original code

Obviously this is untested since you have your own DB stuff, but give it a shot and please let me know.

-jim
 
If security is at all important, you should add an exit() call after your header(location) call. You're trusting the browser to call up the page you've returned in the HTTP header rather than the rest of the page, which you continue to generate and send to the browser, even after determining that the user isn't logged in.
 
NoNameBrand said:
If security is at all important, you should add an exit() call after your header(location) call. You're trusting the browser to call up the page you've returned in the HTTP header rather than the rest of the page, which you continue to generate and send to the browser, even after determining that the user isn't logged in.
Click to expand...

Good tip, and there are plenty of other suggestions I would have made, but right now I'm waiting for the OP to reply back stating the changes in code are working for them. Once that's out of the way I will suggest improvements in other segments of the code as I usually do. Thank you for posting, however, as the OP will appreciate your advice, as I do.

-jim
 
SrWebDeveloper said:
Good tip, and there are plenty of other suggestions I would have made, but right now I'm waiting for the OP to reply back stating the changes in code are working for them. Once that's out of the way I will suggest improvements in other segments of the code as I usually do. Thank you for posting, however, as the OP will appreciate your advice, as I do.

-jim
Click to expand...

sorry for the late reply

it worked great
thanks

im a newbie so im open to your suggestions so please dont hesitate
 
Great to hear it's working.

Beyond what NoNameBrand suggested, I would also suggest using the link tag in the head section to load your style sheet. Import loads slower as link is loaded before the page displays, but the main function of import is to load a CSS file within a CSS file, only when necessary to do so. Also, in PHP4 it's not a big deal to simply assume a session variable exists, i.e. in your code you use:

<title>Current Projects for <?= $_SESSION['myusername'] ?></title>

I prefer to test for a variable, i.e.:

PHP: 
$title=(isset($_SESSION['myusername'])) ? $_SESSION['myusername'] : "Nobody";
print "<title>Current Projects for $title</title>";

This approach ensures the variable is set (in some PHP5 setups, this matters) and also accounts for the situation where it is not, adjusting your title accordingly. A little extra work but worth it, I think. Others may disagree, so consider this an informal suggestion and not nit-picking by any means. I need to scoot, take care and glad I could help.

-jim
 
i wanted a download link in the table that printed out so i figured id concat it
so i changed line 38 from
$result = mysql_query("SELECT id, filename, filesize, filetype, username FROM $table");

to

$result = mysql_query("SELECT id, filename, filesize, filetype, username, CONCAT('<a href="localhost/upload/dltest.php?id=',id,'">') FROM $table;");

but it doesnt work i get

"error: syntax error, unexpected T_STRING in /Applications/MAMP/htdocs/Project/login_success.php on line 38"

any ideas
 
macmanone said:
i wanted a download link in the table that printed out so i figured id concat it
so i changed line 38 from
$result = mysql_query("SELECT id, filename, filesize, filetype, username FROM $table");

to

$result = mysql_query("SELECT id, filename, filesize, filetype, username, CONCAT('<a href="localhost/upload/dltest.php?id=',id,'">') FROM $table;");

but it doesnt work i get

"error: syntax error, unexpected T_STRING in /Applications/MAMP/htdocs/Project/login_success.php on line 38"

any ideas
Click to expand...

Believe you need to use \' and \" insite that CONCAT statement:

Code: 
CONCAT(\'<a href=\"localhost/upload/dltest.php?id=\',id,\'\">\')   FROM $table;")
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back