Help please with PHP- want admin to view all results in displayed table

Discussion in 'Web Design and Development' started by macmanone, Mar 18, 2009.

  1. macmanone macrumors newbie

    Joined:
    Mar 18, 2009
    #1
    im using this code to display who is logged in and all the projects they are apart of and it works
    but what i want i is the user whos logged in is admin it diplays all the table info
    i tried a if statement and it wouldnt work for me if someone doesnt mind helping it would be greatly appreciated
    the code is:
     
  2. SrWebDeveloper macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #2
    This is not clear. You mean only admins see the table info, or you mean include in the table info only users who are admins?

    In either situation, you need to tell me what makes a user an admin. If it's a field in a table, I need the table name and field name and value. If it's something else, please explain. Thanks! I don't want to guess on any of this and waste your time.

    -jim
     
  3. macmanone thread starter macrumors newbie

    Joined:
    Mar 18, 2009
    #3
    before this is a login page
    eg.
    right now if i login with joe myusername = joe and shows all of joe's projects
    i want it so if myusername = admin it will list all of the projects for everyone

    if that makes more sence at the moment theres only one admin and i plan on them logging with a account called admin
     
  4. SrWebDeveloper macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #4
    Based on your stated requirements:

    Find:

    PHP:
    $result mysql_query("SELECT id, filename, filesize, filetype, username FROM $table WHERE username = '" mysql_real_escape_string($_SESSION['myusername']) . "'");
    Replace with:

    PHP:
    // If current logged in user is admin show all user info from the database....
    if (strtolower($_SESSION['myusername'])=='admin'){
    $result mysql_query("SELECT id, filename, filesize, filetype, username   FROM $table");
    }
    else {
    // If not an admin, display info for the current user only...
    $result mysql_query("SELECT id, filename, filesize, filetype, username FROM $table WHERE username = '" mysql_real_escape_string($_SESSION['myusername']) . "'");
    }
    Note: The "else" condition uses the same query as in your original code

    Obviously this is untested since you have your own DB stuff, but give it a shot and please let me know.

    -jim
     
  5. NoNameBrand macrumors 6502

    Joined:
    Nov 17, 2005
    Location:
    Halifax, Canada
    #5
    If security is at all important, you should add an exit() call after your header(location) call. You're trusting the browser to call up the page you've returned in the HTTP header rather than the rest of the page, which you continue to generate and send to the browser, even after determining that the user isn't logged in.
     
  6. SrWebDeveloper macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #6
    Good tip, and there are plenty of other suggestions I would have made, but right now I'm waiting for the OP to reply back stating the changes in code are working for them. Once that's out of the way I will suggest improvements in other segments of the code as I usually do. Thank you for posting, however, as the OP will appreciate your advice, as I do.

    -jim
     
  7. macmanone thread starter macrumors newbie

    Joined:
    Mar 18, 2009
    #7
    sorry for the late reply

    it worked great
    thanks

    im a newbie so im open to your suggestions so please dont hesitate
     
  8. SrWebDeveloper macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #8
    Great to hear it's working.

    Beyond what NoNameBrand suggested, I would also suggest using the link tag in the head section to load your style sheet. Import loads slower as link is loaded before the page displays, but the main function of import is to load a CSS file within a CSS file, only when necessary to do so. Also, in PHP4 it's not a big deal to simply assume a session variable exists, i.e. in your code you use:

    <title>Current Projects for <?= $_SESSION['myusername'] ?></title>

    I prefer to test for a variable, i.e.:

    PHP:
    $title=(isset($_SESSION['myusername'])) ? $_SESSION['myusername'] : "Nobody";
    print 
    "<title>Current Projects for $title</title>";
    This approach ensures the variable is set (in some PHP5 setups, this matters) and also accounts for the situation where it is not, adjusting your title accordingly. A little extra work but worth it, I think. Others may disagree, so consider this an informal suggestion and not nit-picking by any means. I need to scoot, take care and glad I could help.

    -jim
     
  9. macmanone thread starter macrumors newbie

    Joined:
    Mar 18, 2009
    #9
    i wanted a download link in the table that printed out so i figured id concat it
    so i changed line 38 from
    $result = mysql_query("SELECT id, filename, filesize, filetype, username FROM $table");

    to

    $result = mysql_query("SELECT id, filename, filesize, filetype, username, CONCAT('<a href="localhost/upload/dltest.php?id=',id,'">') FROM $table;");

    but it doesnt work i get

    "error: syntax error, unexpected T_STRING in /Applications/MAMP/htdocs/Project/login_success.php on line 38"

    any ideas
     
  10. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #10
    Believe you need to use \' and \" insite that CONCAT statement:

    Code:
    CONCAT(\'<a href=\"localhost/upload/dltest.php?id=\',id,\'\">\')   FROM $table;")
    
     

Share This Page