Page 4 of 4 First ... 234
  • Jump to page:
    #46
  1. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    You don't send all data back. Just the data that requires manual confirmation.

    From all updates, probably most of them are uncritical and require no human intervention whatsoever. You just execute them. The rest you collect in an array. Then you build a new form with this data as hidden fields, a bunch of messages and a big "confirmation" button. When this button is clicked, all pending updates are submitted again, this time with an additional "confirmed" parameter, which tells the script to do the critical update.

    You can do all that in the script above.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  2. #47
  3. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    451
    Rep Power
    8
    ok, should I do this with a kind of queue or something like that? Or updating every "insignificant" value and then asking for confirmation?
  4. #48
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    7
    Rep Power
    0
    if you get this working can i use it? i would like to do the same thing except have it saying what "team" a member is on.
  6. #49
  7. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    451
    Rep Power
    8
    Originally Posted by itzdustin
    if you get this working can i use it? i would like to do the same thing except have it saying what "team" a member is on.
    IT WORKS
    I put it online yes, also because I sure have made some mistakes I didn't see or just because I'm relative new to php if we look at Jacques1 and all the other pro's on this forum

    And I have edited it to my preferences, so I added some rules at some points, the most are between lines 80 and 170. Those will not go up for your teams I think... And please send me a private message, I want to know what you're making

    here is clan_member_functions.php:

    PHP Code:
    <?php 

        
    require("common.php"); 
        require(
    "lib/functions.php");
        
        if(empty(
    $_SESSION['user'])) 
        { 
            
    header("Location: login.php"); 
            exit;
        } 
        
    $user_data_stmt $db->prepare('  
        SELECT 
            clan 
            , stand  
        FROM 
            users  
        WHERE 
            user_id = :user_id  
        '
    ); 
        
    $user_data_stmt->execute(array( 
            
    ':user_id' => $_SESSION['user']['user_id'
        )); 
        
    $user_data $user_data_stmt->fetch(); 
        
        if ( 
    $user_data    && $user_data['clan'] && ($user_data['stand'] == || $user_data['stand'] == 2) ) {                         
            
    $clan_members_stmt $db->prepare('
                SELECT user_id, username, stand
                FROM users
                WHERE clan = :clan
                    AND request = 0
                '
    );
            
    $clan_members_stmt->execute(array(
                
    ':clan' => $user_data['clan']
            ));
            
    $clan_members $clan_members_stmt->fetchAll();
            
        }
        else
        {
            
    header("Location: clan_list.php");
            exit; 
        }
        
    ?><html>
        <body>
               Change functions
            <?php echo $system_message "<br>"?>
            <table> 
                <tr> 
                    <th>Kick</th>
                    <th>Username</th>
                    <th>Function</th>
                </tr> 
                <form action="confirm_function_change.php" method="post">
                    <input type="hidden" name="action_token" value="<?php echo html_escape($_SESSION['action_token']) ?>"> 
                    <?php foreach($clan_members as $clan_member): ?> 
                        <tr>     
                            <td>
                                <?php if($clan_member['stand'] != 1): ?>                                                                                                            
                                    <input type="hidden" name="user_id" value="<?php echo $clan_member['user_id'];?>"> 
                                    <input type="checkbox" name="kick_user_id[<?php echo $clan_member['user_id'];?>]" value="<?php echo $clan_member['user_id'];?>">                                                                                                      
                                <?php endif; ?>
                            </td>
                            <td><a href="http://www.domain.com/profile.php?user_id=<?php echo $clan_member['user_id'];?>"><?php echo html_escape($clan_member['username']); ?></a></td>                                                                                      
                            <?php if($user_data['stand'] == || ($user_data['stand'] == && $clan_member['stand'] != 1)): ?>
                                <td>
                                    <select name=<?php echo "stand[" $clan_member['user_id'] . "]";?>>                                                          <!-- output will be something like "$_POST[stand][5284]" -->
                                        <?php if($user_data['stand'] == 1) {
                                            echo 
    '<option value="1"';
                                            if(
    $clan_member['stand'] == 1) echo "selected";
                                            echo 
    ">Leader</option>"
                                        }
                                        
    ?>
                                        <option value="2" <?php if($clan_member['stand'] == 2) echo "selected";?>>Underboss</option>
                                        <option value="3" <?php if($clan_member['stand'] == 3) echo "selected";?>>bankkeeper</option>
                                        <option value="4"  <?php if($clan_member['stand'] == 4) echo "selected";?>>recruiter</option>
                                        <option value="5"  <?php if($clan_member['stand'] == 5) echo "selected";?>>member</option>                                                                                    
                                    </select>
                                </td>
                            <?php endif; ?>
                        </tr> 
                    <?php endforeach; ?>
                    <input type="submit" name="action" value="Change Functions">
                    <input type="submit" name="action" value="Kick">
                </form>
            </table> 
        </body>
    </html>
    and confirm_function_change.php:
    PHP Code:
    <?php 

        
    require("common.php"); 
        require(
    "lib/functions.php");
        
        if(empty(
    $_SESSION['user'])) 
        { 
            
    header("Location: login.php"); 
            exit;
        } 
        
    $user_data_stmt $db->prepare('  
        SELECT 
            clan 
            , stand  
        FROM 
            users  
        WHERE 
            user_id = :user_id  
        '
    ); 
        
    $user_data_stmt->execute(array( 
            
    ':user_id' => $_SESSION['user']['user_id'
        )); 
        
    $user_data $user_data_stmt->fetch(); 
        
        if ( 
    $user_data    && $user_data['clan'] && ($user_data['stand'] == || $user_data['stand'] == 2) ) {             
            if(!empty(
    $_POST)) {
                if (isset(
    $_POST['action_token']) && isset($_SESSION['action_token']) && $_POST['action_token'] === $_SESSION['action_token']) 
                {
                    if(
    $_POST['action'] === "Cancel") {
                        
    header("Location: clan_member_functions.php");
                        exit;
                    }
                    if(
    $_POST['action'] === "Confirm") {
                        
    $important_function_change $_POST['important_function_change'];
                        
    reset($important_function_change);
                        
    $imp_func_change_key key($important_function_change);
                        
    $posted_user_id $imp_func_change_key;    // to get one user_id for line 52
                    
    }
                    else {
                        
    $posted_user_id $_POST['user_id'];
                    }
                    
    $clan_member_data_stmt $db->prepare('
                        SELECT clan
                                ,stand
                        FROM users
                        WHERE user_id = :user_id
                    '
    );
                    
    $clan_member_data_stmt->execute(array(
                        
    ':user_id' => $posted_user_id
                    
    ));
                    
    $clan_member_data $clan_member_data_stmt->fetch(); 
                    if(
    $clan_member_data['clan'] == $user_data['clan']) {                    
                        if(
    $_POST['action'] === "Kick")
                        {
                            
    // initialise 'kickscript'  
                            
    if ( $clan_member_data    && $clan_member_data['clan'] && $clan_member_data['stand'] != 1  ) {
                                if(!empty(
    $_POST['kick_user_id'])) {
                                    foreach(
    $_POST['kick_user_id'] as $kick_user_ids) {
                                        
    $kick_stmt $db->prepare('
                                                UPDATE users
                                                SET clan = NULL,
                                                    request = 0,
                                                    stand = NULL
                                                WHERE user_id = :user_id
                                                '
    );
                                        
    $kick_stmt->execute(array(
                                            
    ':user_id' => $kick_user_ids
                                        
    ));   
                                    }
                                }
                            }

                        }
                        elseif(
    $_POST['action'] === "Change Functions")
                        {
                            
    // initialise 'function changing script'
                        
                           
    foreach ($_POST['stand'] as $user_id => $stand) {
                                if(
    $user_data['stand'] == 1)
                                {
                                    if(
    $stand == 1)
                                    {
                                        
    $check_change_stmt $db->prepare('
                                            SELECT stand
                                            FROM users
                                            WHERE user_id = :user_id
                                        '
    );
                                        
    $check_change_stmt->execute(array(
                                            
    ':user_id' => $user_id
                                        
    ));
                                        
    $check_change $check_change_stmt->fetchColumn();
                                        if(
    $check_change !== $stand) {
                                            
    $important_function_change = array(
                                                
    $user_id => $stand
                                                
    ,$_SESSION['user']['user_id']  => 5
                                            
    );
                                            
    // error message, confirm changing $_SESSION['user']['username'] for $user_id (search with a query)                                    
                                        
    }                                    
                                    }
                                    if(
    $stand == 2)
                                    {
                                        
    $underboss_check_stmt $db->prepare('
                                            SELECT user_id, username
                                            FROM users
                                            WHERE clan = :clan
                                                AND request = 0
                                                AND stand = 2
                                        '
    );
                                        
    $underboss_check_stmt->execute(array(
                                            
    ':clan' => $user_data['clan']
                                        ));
                                        
    $underboss_check $underboss_check_stmt->fetch();
                                        if(
    $underboss_check)
                                        {
    // there is an underboss
                                            
    $check_change_stmt $db->prepare('
                                                SELECT stand
                                                FROM users
                                                WHERE user_id = :user_id
                                            '
    );
                                            
    $check_change_stmt->execute(array(
                                                
    ':user_id' => $user_id
                                            
    ));
                                            
    $check_change $check_change_stmt->fetchColumn();
                                            if(
    $check_change !== $stand) {// stand is really being changed
                                                
    $important_function_change = array(
                                                    
    $user_id => $stand
                                                    
    ,$underboss_check['user_id'] => 5
                                                
    );
                                                
    // error message, confirm changing $underboss_check['username'] for $user_id (search with a query)                                                                                
                                            
    }
                                        }
                                        else{
                                            
    $update_stand_stmt $db->prepare('
                                                UPDATE users
                                                SET stand = :stand
                                                WHERE user_id = :user_id
                                                '
    );
                                            
    $update_stand_stmt->execute(array(
                                                
    ':stand' => $stand,
                                                
    ':user_id' => $user_id
                                            
    ));
                                        }
                                    }
                                    if(
    $user_id === $_SESSION['user']['user_id'] && $stand != 1)
                                    {
                                        
    $system_message "It is impossible to do this, there has to be a leader.";
                                    }
                                }
                                if(
    $user_data['stand'] === 2)
                                {
                                    if(
    $stand === 2)
                                    {
                                        
    $check_change_stmt $db->prepare('
                                            SELECT stand
                                            FROM users
                                            WHERE user_id = :user_id
                                        '
    );
                                        
    $check_change_stmt->execute(array(
                                            
    ':user_id' => $user_id
                                        
    ));
                                        
    $check_change $check_change_stmt->fetchColumn();
                                        if(
    $check_change !== $stand) {
                                            
    $important_function_change = array(
                                                
    $user_id => $stand
                                                
    ,$_SESSION['user']['user_id'] => 5
                                            
    );
                                            
    // error message, confirm changing $_SESSION['user']['username'] for $user_id (search with a query)                                    
                                        
    }
                                    }
                                }
                                else {
                                    
    $update_stand_stmt $db->prepare('
                                        UPDATE users
                                        SET stand = :stand
                                        WHERE user_id = :user_id
                                        '
    );
                                    
    $update_stand_stmt->execute(array(
                                        
    ':stand' => $stand,
                                        
    ':user_id' => $user_id
                                    
    ));
                                }
                            }
                            
    $system_message "The functions are changed.";
                        }
                        elseif (
    $_POST['action'] === "Confirm") {
                            foreach(
    $important_function_change as $user_id => $stand) {
                                
    $update_stand_stmt $db->prepare('
                                    UPDATE users
                                    SET stand = :stand
                                    WHERE user_id = :user_id
                                    '
    );
                                
    $update_stand_stmt->execute(array(
                                    
    ':stand' => $stand,
                                    
    ':user_id' => $user_id
                                
    ));
                            }
                            
    header("Location: clan_member_functions.php");
                            exit; 
                        }
                        else {
                            
    header("Location: clan_member_functions.php");
                            exit; 
                        }
                    }           
                }
                else
                {
                    echo 
    'invalid submission'
                    
    trigger_error('possible CSRF attack'E_USER_ERROR);    // add details for logging like the user ID, the referrer (as a possible source of the attack) etc. 
                    
    exit; 
                }
            }
        }
        else
        {
            
    header("Location: clan_list.php");
            exit; 
        }
        if(!
    $important_function_change) {
            
    header("Location: clan_member_functions.php");
            exit; 
        }
       
    ?><html>
        <body>
           Confirm
            <form action="confirm_function_change.php" method="post">
                <input type="hidden" name="action_token" value="<?php echo html_escape($_SESSION['action_token']); ?>">                             
                <?php foreach($important_function_change as $user_id => $stand): ?>
                    <input type="hidden" name="important_function_change[<?php echo $user_id ?>]" value="<?php echo $stand?>">
                <?php endforeach; ?>
                <input type="submit" name="action" value="Confirm">
                <input type="submit" name="action" value="Cancel">
            </form>
        </body>
    </html>
  8. #50
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    7
    Rep Power
    0
    dude youre awesome! thanks a lot!
    ps; i couldn't pm you, i guess cause i recently made my account. you have skype or IRC?
  10. #51
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    7
    Rep Power
    0
    what are the functions for this? i'm not sure how to use this without that or sql table
  12. #52
  13. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    451
    Rep Power
    8
    you mean the "specified functions" like "if the user replaces someone, this or that happens" or "html_escape"?

    Further I can't help you if I don't know what you want


    And can someone please check my scripts for faults
  14. #53
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    7
    Rep Power
    0
    yeah like if functions. i want to create something so that users could create their own "team" that would update in the sql. and show on my page, and then have a page that shows all the teams. i'm not sure how to do this because i've never seen anything written how to do it
  16. #54
  17. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    451
    Rep Power
    8
    Well this is an other thing you want... this is about changing the functions in a clan, like general, sergeant or private in the army. But what you want is a list of the teams.

    I will tell you how I started programming, I bought a book on php. It was a good start, it thought me a lot of the basics. But a pity was that the code was not secure, the first time I ever heard of prepared statements was on this forum...

    However, it thought me the basics, and from there on you can build your "house".

    One more thing is that when you build a website, not everything will be done by others in the way you want, or the code is not given. Try to draw how the system should work, then try to think what's needed to do this. Do you know how your drawing should be encoded to php or any other language? If yes, try it, test it, and if it doesn't work, try to get the errors out of the script and try again. If you don't know how, you can ask how to on this forum, or any other forum if you like.

    I posted some problems I couldn't figure out
  18. #55
  19. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2013
    Posts
    451
    Rep Power
    8
    I got a new version, I removed the part where a leader can assign a new leader. For this a new script is made and it works. I will post it in the coming days with commentary. And could someone please check it
Page 4 of 4 First ... 234
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo