Write new INT to file for login attempts

Beginners - Learning PHP
#1

Hi, Im stuck again…

Ive started building a simple admin page for my site and ive done a login session all working fine but i want to add login attempts to it…

so im trying to create a new IP log that will add a new int to each ip if it fails a login… and if the int gets to say “3” then ban the user…

ive managed to get the ip’s to log but how can i do what i want to do here… i dont want to use a database because this is just a small hobby and project of mine… its just personal use and learning…

here is my log script:

[php]//user log
if (!isset($_SESSION[‘current_user’])) {

$user_log_data = ("");//HOW CAN I ADD NEW INT HERE AND STOP INCRESE AT 3
$user_log_data .= ($_SERVER['REMOTE_ADDR']);//ip

$user_log_file = INCLUDES_BASEDIR.'_site_databases/_db_user_log.txt';//db file
if (!$open_user_log_file = @file_get_contents($user_log_file)) {//open file or create it
	
	file_put_contents($user_log_file, ($user_log_data));//put ip into file if file is empty
	$_SESSION['visitor_count'] = 1;//set counter to 1
	
} else {
	
	$exploded_users_log_file = explode(";\n", $open_user_log_file);
	
	if (!in_array($user_log_data, $exploded_users_log_file)) {//if data dose not match
		
		array_push($exploded_users_log_file, $user_log_data);//push new person to write
		
		file_put_contents($user_log_file, (implode(";\n", $exploded_users_log_file)));//write new person to file
	}
	$_SESSION['visitor_count'] = count($exploded_users_log_file);//count the list in the file
}
$_SESSION['current_user'] = $user_log_data;//set user if not already set so the script can do its process

}[/php]

i know i need to read all this for my login script and find the int line to see if its set less than 3 in the login script
but i cant do any of that untill i can work out how to do this…

thanks

#2

Here is my admin class…
ive only just started it i wont be creating the actual admin until i secure my login.

all my includes are out of the document root aswell.

[php]class admin {
function get_admin_cp() {
if (isset($_GET[‘action’])) {
$action = htmlentities($_GET[‘action’], ENT_QUOTES | ENT_SUBSTITUTE, ‘UTF-8’);
} else {
$action = htmlentities(’’, ENT_QUOTES | ENT_SUBSTITUTE, ‘UTF-8’);
}
$error = null;
$admin_user[“admin”] = “EncryptedPassword”;
if (isset($_POST[‘username’])) {
$username = $_POST[‘username’];
if (isset($_POST[‘password’])) {
$password = base64_encode($_POST[‘password’]);
if ($admin_user[$username] == $password) {
$_SESSION[‘username’] = $username;
$msg = (“Session Started!”);
} else {
//Invalid Login
$error = “Username or password is incorrect!”;
}
}
}
if ($action === ‘Logout’) {
unset($_SESSION[‘username’]);
header('Location: ’ . $_SERVER[‘PHP_SELF’]);
}
$session_username = null;
if (isset($_SESSION[‘username’])) {
$session_username = $_SESSION[‘username’];
}
if ($session_username) {
print $msg;
print (“
Welcome “.$_SESSION[‘username’].” you are logged in. <a href=”./?page=Admin&action=Logout">Logout\n");
} else {
require_once PAGES_BASEDIR.‘Admin/login.html’;
}

}

}[/php]
any help or pointers to add login attempts without database would be great

thanks

#3

Are you sure you don’t want to use a database? There’s another current thread using a text file to hold data where the OP realizes that using a database will make the process easier - http://www.phphelp.com/forum/beginners-learning-php/php-file-handling/

Note: in that other thread, the data in the file is stored using delimiters and name:value pairs, so that it will be easy to parse the data and break it into each part. The ip and the username should be used to store the count and you probably should store the date/time of the last failed login attempt so that you can allow the system to reset itself and allow more attempts after an amount of time has gone by.

You will find that the amount of code needed to manage the text file and the data in it, exceeds the amount of code using that data. Rather than spending time on the program logic to accomplish what you want, you will spend most of the time on the code just to find data in the file and read/write the file. Also, to make a text file workable in a real world situation, you need to use file locking to manage concurrent operations, which will take even more code.

A database engine already has code written and tested to perform the low level operations needed, you just have to produce and run sql query statements.

As to your program design, sit down in front of a blank sheet of paper with a pencil or an open document, and write out the steps you want the code to do.

  1. When your login form processing code is executed, what would you do first? Get the current count (and date time) for the ip address and username (if there is a current record in the file) and test if the count is less than the maximum (or if the count is greater than or equal to the maximum, is the data and time of the last failed login in attempt far enough in the past to allow more attempts.) If so, process the login attempt. If not, output a message that the login attempt isn’t allowed.

  2. In the processing of the login attempt, if it fails, increment the count (or set it to 1 if it doesn’t already exist), write the data to the file (appending a new row or replacing and existing row) , and output a message that the username/password was incorrect.

#4

I agree with moving this into a table, because you need faster searching. Looking for an IP address, or range, is going to be an expensive process when done using a flat file.

I am also an advocate of each login attempt gets a new record. It works two-fold. You can see who is logging in, where, and how many times; you can also see which accounts people are either forgetting their passwords, or are being subjected to brute force attacks.

Now, when searching the database you would define rules that you dont get when you are just incrementing a column, such as,
this IP within a 10 minute period,
this username withing a 10 minute period,
this IP as ALL

#5

OK, i will give it a shot, you will see more of me here because of it though because i dont know how to use sql that well yet… my problem is how to setup the tables columns and rows and how to set up each one for say just a number or password or even a large amount of txt even html… these are where i strugle with sql…

so if i use sql i will have a list of variables that i use for settings and i have my media with posts and pagination etc, now my admin login and logger… is there any sort of tutorial for this? i dont want to set up a sql database and then find out its all wrong.

thanks

#6

As the others have said, use a database. You could use Sqlite which would still give you a text file type simplicity.

#7

Even if you are uncomfortable in setting up tables in mysql there are ways around it. For instance if you just know how to create a database itself, you can have PHP do all the dirty work.

For example:

[php]function createTables() {
try {
if (filter_input(INPUT_SERVER, ‘SERVER_NAME’, FILTER_SANITIZE_URL) == “localhost”) {
$conn = new PDO(“mysql:host=localhost:8889;dbname=tutorial_login”, DATABASE_USERNAME, DATABASE_PASSWORD);
} else {
$conn = new PDO(‘mysql:host=’ . DATABASE_HOST . ‘;dbname=’ . DATABASE_NAME, DATABASE_USERNAME, DATABASE_PASSWORD);
}
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$table1 = “CREATE TABLE IF NOT EXISTS users (
id INT(11) AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(60) NOT NULL,
email VARCHAR(120) NOT NULL,
password VARCHAR(255) NOT NULL,
confirmation VARCHAR(255) NOT NULL,
security VARCHAR(11) NOT NULL DEFAULT ‘public’,
dateCreated DATETIME NOT NULL DEFAULT ‘0000-00-00 00:00:00’)”;
$conn->exec($table1);
$use = 'use ’ . DATABASE_NAME;
$conn->exec($use);
$conn = NULL;
} catch (PDOException $e) {
echo “Something went wrong” . $e->getMessage();
}
}[/php]

and like Kevin R already stated there is Sqlite also…

#8

i know how to set up tables etc its just setting up each column with the currect settings…

when would i use TEXT and VARCHAR? and what other common ones are used and what for? would you generaly set all to NOT NULL?

these are my main issues…

thanks

#9

All you have to do is look up the descriptions of each column type in the manual. It should then become obvious which column types to use.

#10

I didn’t quite know what you were writing about, but I went back and reviewed your most recent threads.

Site wide settings could remain in a .php file that you require into your code. If you were doing this as part of a general CMS (Content Management System), you would only store the database credentials in a .php file, and keep the site settings in a database table.

Your media related code would be greatly simplified if the data was stored in database tables. All of the logic reading and parsing information from the files would be eliminated. You would have a category table, with an id and the category name. The media data would be stored in another table with an id, category id, title, and content. To find and display any of the information would be a single sql query. To add pagination, would involve some of the same logic you have now, calculating the starting row of data, but you would just add a LIMIT clause to the sql query to match the correct range of rows.

A database based user login system (an admin is a user with privileges) would involve querying the database table for the submitted username, then retrieving any matching row, checking if the entered password matches the hashed password (you should be using php’s password_hash() and password_verify() functions, not base64), and setting a session variable to identify who the logged in user is. You should actually query on each page what privileges the current user has, so that any changes made to the user’s privileges take affect without needing the user to login again.

For the login attempt tracking system, you would have a database table to hold that information. You would run a SELECT query to find any existing, recent (using a datetime comparison in the sql statement) information for a ip/username and an INSERT query to insert rows containing the login attempt information. Per the suggestion by astonecipher, storing a row with all the who (username), when (datetime), where (ip), and why (wrong username, wrong password) information for each attempt will let you both implement the account lockout and produce reports showing the nature of the bad attempts.

Reading up on “database normalization” will help you with the design of your database tables and defining what your work-flow will be and what data is required will help you design the tables.

Learning the sql syntax for SELECT, INSERT, UPDATE, and DELETE queries, in the mysql database documentation, would get you started on how to write sql query statements.

To execute the sql query statements using php code, you should learn and use the php PDO extension and use prepared queries, with place-holders in the sql statement for data values, and supply the actual data when you execute the query.

While this sounds like a lot, the sql language for the basic queries you would be using is fairly straightforward, and using the php PDO extension and using prepared queries results in the least amount of code, compared with using other php extensions.

#11

thankyou for all this information! i will spend the next couple of days learning it befor i attack it.

ill be back…
thanks!

#12

Hi

ive fished about and managed to put this together, it needs alot of work still…

this is what i have so far…

[php]class admin {
//collect variables from outside this class.
private $conn;
public function __construct($conn) {
$this->conn = $conn;
}
public function get_admin_cp() {
if (isset($_GET[‘action’])) {
$action = htmlentities($_GET[‘action’], ENT_QUOTES | ENT_SUBSTITUTE, ‘UTF-8’);
} else {
$action = htmlentities(’’, ENT_QUOTES | ENT_SUBSTITUTE, ‘UTF-8’);
}
$error = null;
//ADMIN LOGIN SCRIPT
if (isset($_POST[‘jaminLOGIN’])) {
if (isset($_POST[‘username’])) {
$user = trim($_POST[‘username’]);
$user = strip_tags($user);
$user = htmlspecialchars($user);
}
if (isset($_POST[‘password’])) {
$pass = trim($_POST[‘password’]);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
$password = hash(‘sha256’, $pass);
}
$jamin_users_query = “SELECT id FROM admin_users WHERE username=’$user’ and password=’$password’”;
$result = mysqli_query($this->conn, $jamin_users_query);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
if ($count == 1) {
$_SESSION[‘jamin_user’] = $user;
$msg = (“User Session Started!”);
} else {
$error = “Username or Password is invalid”;
}
}

	//SET SESSION USERNAME VAR
	if (isset($_SESSION['jamin_user'])) {
		$jamin_user = $_SESSION['jamin_user'];
	} else {
		$jamin_user = null;//if its not set then set it to null.
	}
	
	
	//IF USER IS VALID
	if ($jamin_user) {
		//START ADMIN SCRIPTS
		
		//END ADMIN SCRIPTS
		//print simple messages.
		print ("$msg<br />Welcome $jamin_user, you are logged in.<br /><a href=\"./logout.php\">Logout</a>\n");
		/////////////////////
		//ADMIN DYNAMIC PAGES
		////////START////////
		##
		//ADMIN REGISTER
		if ($action === 'JaminRegister') {
			//require_once PAGES_BASEDIR.'Admin/register.html';
		}
		##
		///////////
		//END PAGES
		///////////
	} else {
			require_once PAGES_BASEDIR.'Admin/login.html';//display login if there is not session set.
	}
}

}[/php]

here is my table
i just did a export of this.
[php]CREATE TABLE IF NOT EXISTS admin_users (
id int(8) NOT NULL AUTO_INCREMENT,
username varchar(65) NOT NULL,
password varchar(65) NOT NULL,
PRIMARY KEY (id),
UNIQUE KEY username (username)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=6 ;
[/php]

i still need to try and add login attempts to this

thanks

#13

How much of a critique do you want?

#14

Go for it…

#15

The class is bound too tightly. It expects certain values that may not exists, and will cause failure.

You are dropping variables into the sql string without using prepared statements.

The class is using a broken hash formula over something like password_hash.

Using MyISAM as the database engine means that you cannot have foreign keys. Using a relational database with users, at some point you should define foreign key constraints.

#16

Im not too sure what you mean about it being too tight and the values?

I can work out the rest… I also noticed I have my scripts loading inside the admin page after the html header so I need to move all that outside my class so its loaded befor

Thanks for the help :slight_smile:

#17

I mean having this inside of the class,

[php]if (isset($_GET[‘action’])) {[/php]
What if the next thing to use the class doesn’t use GET or doesn’t have a action key?

It is better to use dependency injection and specify that something is required.

A login function

[php]public function login($user, $pass){
[/php]
$user and $pass are local variables now required by the function and must be passed in to it.

#18

hi, im still at it… i have not managed to implement all of your suggestions but i have managed to get password_hash working and done a big clean up… moved all scripts above the header and decided to just use a function for the page rather than a class

here is where im at…

[php]//ADMIN LOGIN SCRIPT
if (isset($_POST[‘jaminLOGIN’]) && isset($_POST[‘username’]) && isset($_POST[‘password’])) {
if (empty($_POST[‘username’]) || empty($_POST[‘password’])) {
$error = (“Enter Username And Password.”);
} else {
$user = $conn->real_escape_string($_POST[‘username’]);
$user = trim($user);
$user = strip_tags($user);
$user = htmlspecialchars($user);
$pass = $conn->real_escape_string($_POST[‘password’]);
$pass = trim($pass);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
}
if ($error === null) {
$sql = (“SELECT * FROM jamin_users WHERE username = ‘$user’”);
$result = $conn->query($sql);
if ($result->num_rows === 1) {
$row = $result->fetch_array(MYSQLI_ASSOC);
if (password_verify($pass, $row[‘password’])) {
//Password matches, so create the session
$_SESSION[‘jamin_user’] = $row[‘username’];
header(‘location: ./index.php?page=Admin’, true);
exit();
} else {
$error = (“The password dose not match”);
}
} else {
$error = (“The username or password do not match”);
}
}
}
//SET SESSION USERNAME VAR
if (isset($_SESSION[‘jamin_user’])) {
$jamin_user = $_SESSION[‘jamin_user’];
} else {
$jamin_user = null;//if its not set then set it to null.
}
//ADMIN LOG OUT
if ($action === ‘Logout’) {
if (isset($_SESSION[‘jamin_user’]))
{
unset($_SESSION[‘jamin_user’]);
}
header(‘location: ./index.php?page=Admin’, true);
exit();
}

//scripts that can only be run if there is a jamin session
if ($jamin_user) {
//register
if (isset($_POST[‘jamin_register’]) && isset($_POST[‘username’]) && isset($_POST[‘password’])) {
if (empty($_POST[‘username’]) || empty($_POST[‘password’])) {
$error = (“Enter Username And Password.”);
} else {
$user = $conn->real_escape_string($_POST[‘username’]);
$user = trim($user);
$user = strip_tags($user);
$user = htmlspecialchars($user);
$pass = trim($_POST[‘password’]);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
}
if ($error === null) {
$sql = “INSERT INTO jamin_users (username, password) VALUES (’$user’,’”.password_hash($pass, PASSWORD_BCRYPT)."’)";
$result = $conn->query($sql);
if (!$result->num_rows == 1) {
$error = (“Jamin Registerd.”);
} else {
$error = (“There was a problem.”);
}
}
}
}
function get_admin_cp($action, $jamin_user, $error) {
//IF USER IS VALID
if ($jamin_user) {
require_once PAGES_BASEDIR.‘Admin/panel.html’;//admin panel
/////////////////////
//ADMIN DYNAMIC PAGES
////////START////////
##
//ADMIN REGISTER
if ($action === ‘Register’) {
require_once PAGES_BASEDIR.‘Admin/register.html’;
}
##
///////////
//END PAGES
///////////
} else {
require_once PAGES_BASEDIR.‘Admin/login.html’;//display login if there is not session set.
}
}[/php]

re did my sql too…

[php]CREATE TABLE IF NOT EXISTS jamin_users (
id int(11) NOT NULL AUTO_INCREMENT,
username varchar(70) NOT NULL,
password varchar(70) NOT NULL,
PRIMARY KEY (id),
UNIQUE KEY id (id,username)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=22 ;[/php]

any suggestions?

thanks

#19

Hi sorry to spam… i think i mite have worked out how to use prepared statements

im not learning it as fast as i would like but i do this on my own. i dont know any other coders apart from these community forums…

Is what i have done so far ok? i need to add login limits still and some other stuff.
i made a users page for the admin too and i can delete and add users but i dont know how to delete more then 1 if i check more then 1 user. Would that be a array of selected users? how would i do it?
i need to update the user list and delete script to use prepared statements too…

here is the latest…

[php]if (isset($_POST[‘username’]) && isset($_POST[‘password’])) {
$user = $conn->real_escape_string($_POST[‘username’]);
$user = trim($user);
$user = strip_tags($user);
$user = htmlspecialchars($user);
$pass = $conn->real_escape_string($_POST[‘password’]);
$pass = trim($pass);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
} else {
$user = null;
$pass = null;
}
//ADMIN LOGIN SCRIPT
if (isset($_POST[‘jaminLOGIN’])) {
if (empty($user) || empty($pass)) {
$error = (“You must enter a username and password!”);
} else {
if ($error === null) {
if ($stmt = $conn->prepare(“SELECT * FROM jamin_users WHERE username = ?”)) {
$stmt->bind_param(“s”, $user);
$stmt->execute();

			$result = $stmt->get_result();
			$row = $result->fetch_assoc();
			if ($row) {
				if (password_verify($pass, $row['password'])) {
					//password matches, so create the session
					$_SESSION['jamin_user'] = $row['username'];
					header('location: ./?page=Admin', true);
					exit();
				} else {
					$error = ("Your password dose not match!");
				}
			} else {
				$error = ("Your username or password do not match!");
			}
			$stmt->close();
		}
	}
}

}
//SET SESSION USERNAME VAR
if (isset($_SESSION[‘jamin_user’])) {
$jamin_user = $_SESSION[‘jamin_user’];
} else {
$jamin_user = null;//if its not set then set it to null.
}
//ADMIN LOG OUT
if ($action === ‘Logout’) {
if (isset($_SESSION[‘jamin_user’]))
{
unset($_SESSION[‘jamin_user’]);
}
header(‘location: ./?page=Admin’, true);
exit();
}

//scripts that can only be run if there is a jamin session
if ($jamin_user) {
//REGISTER JAMIN SCRIPT
if (isset($_POST[‘jamin_register’])) {
if (empty($user) || empty($pass)) {
$error = (“Enter Username And Password.”);
} else {
if ($error === null) {
if ($stmt = $conn->prepare(“INSERT INTO jamin_users (username, password) VALUES (?, ?)”)) {
$pass = password_hash($pass, PASSWORD_BCRYPT);
$stmt->bind_param(“ss”, $user, $pass);
$stmt->execute();
if ($stmt) {
$error = (“Jamin Registerd!”);
} else {
$error = (“There was a problem!”);
}
$stmt->close();
}
}
}
}
//SELECT AND OUTPUT JAMIN USERS TABLE
$sql = “SELECT * FROM jamin_users”;
$result = $conn->query($sql);
while ($row = $result->fetch_assoc()) {
$user_table .= (“

Username: " . $row[‘username’] . “ <input type=“checkbox” name=“DeleteJaminUser” value=”” . $row[‘id’] . “”> DELETE USER ");
}
//DELETE JAMIN USER SCRIPT
if ($delete === ‘JaminUser’) {
if (!isset($_POST[DeleteJaminUser])) {
$error = (“You must check at least 1 user.”);
} else {
$jamin_id = $_POST[DeleteJaminUser];
$sql = (“DELETE FROM jamin_users WHERE id=$jamin_id”);
if ($conn->query($sql) === TRUE) {
header(‘location: ./?page=Admin&action=JaminUsers’, true);
exit();
} else {
$error = ("Error deleting record: " . $conn->error);
}
}
}
}

function get_admin_cp($action, $jamin_user, $user_table, $error) {
//IF USER IS VALID
if ($jamin_user) {
require_once PAGES_BASEDIR.‘Admin/panel.html’;//admin panel
/////////////////////
//ADMIN DYNAMIC PAGES
////////START////////
##
//ADMIN USER LIST
if ($action === ‘JaminUsers’) {
require_once PAGES_BASEDIR.‘Admin/admin_users.html’;
}
//ADMIN REGISTER
if ($action === ‘Register’) {
require_once PAGES_BASEDIR.‘Admin/register.html’;
}
##
///////////
//END PAGES
///////////
} else {
require_once PAGES_BASEDIR.‘Admin/login.html’;//display login if there is no session set.
}
}[/php]

sql still the same.

thanks

#20

realy sorry ;D im back at work tomorrow so i wont get much time to get into it in the week, here is another latest…

i have worked out how to delete more than 1 row at 1 time and added a bit in there to stop a user ID from being deleted ie Admin

i still need some one to check this for me, i cant say im regretting moving from flatfile yet :slight_smile:

here is my final spam post… (my nick name was spam years ago) lol

[php]if (isset($_POST[‘jamin_username’]) && isset($_POST[‘jamin_password’])) {
//user
$user = $_POST[‘jamin_username’];
$user = $conn->real_escape_string($user);
$user = trim($user);
$user = strip_tags($user);
$user = htmlspecialchars($user);
$user = $purifier->purify($user);
//pass
$pass = $_POST[‘jamin_password’];
$pass = trim($pass);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
} else {
$user = “”;
$pass = “”;
}
$protected_id = ‘60’;//ADMIN ID: 60 is where it has ended up because of deleteing users and adding them for some reason the row/s is still there?
//ADMIN LOGIN SCRIPT
if (isset($_POST[‘jamin_login’])) {
if (empty($user) || empty($pass)) {
$error = (“You must fill both fields!”);
} else {
if ($error === null) {
if ($stmt = $conn->prepare(“SELECT * FROM jamin_users WHERE username = ?”)) {
$stmt->bind_param(“s”, $user);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
if ($row) {
if (password_verify($pass, $row[‘password’])) {
$_SESSION[‘jamin_user’] = $row[‘username’];
header(‘location: ./?page=Admin’, true);
exit();
} else {
$error = (“Your password dose not match!”);
}
} else {
$error = (“Your username or password do not match!”);
}
$stmt->close();
}
}
}
}
//SET SESSION USERNAME VAR
if (isset($_SESSION[‘jamin_user’])) {
$jamin_user = $_SESSION[‘jamin_user’];
} else {
$jamin_user = null;//if its not set then set it to null.
}
//ADMIN LOG OUT
if ($action === ‘Logout’) {
if (isset($_SESSION[‘jamin_user’]))
{
unset($_SESSION[‘jamin_user’]);
}
header(‘location: ./?page=Admin’, true);
exit();
}

//scripts that can only be run if there is a jamin session
if ($jamin_user) {
//REGISTER JAMIN SCRIPT
if (isset($_POST[‘jamin_register’])) {
if (empty($user) || empty($pass)) {
$error = (“You must fill both fields!”);
} else {
if ($error === null) {
if ($user_check = $conn->prepare(“SELECT * FROM jamin_users WHERE username = ?”)) {
$user_check->bind_param(“s”, $user);
$user_check->execute();
$result = $user_check->get_result();
$row = $result->fetch_assoc();
}
if (!$row) {
if ($stmt = $conn->prepare(“INSERT INTO jamin_users (username, password) VALUES (?, ?)”)) {
$pass = password_hash($pass, PASSWORD_BCRYPT);
$stmt->bind_param(“ss”, $user, $pass);
$stmt->execute();
if ($stmt) {
$error = (“Jamin Registerd!”);
} else {
$error = (“There was a problem!”);
}
$stmt->close();
}
} else {
$error = (“This username already exists!”);
}
$user_check->close();
}
}
}
//SELECT AND OUTPUT JAMIN USERS TABLE
$sql = “SELECT * FROM jamin_users”;
$result = $conn->query($sql);
while ($row = $result->fetch_assoc()) {
$user_table .= (“

ID: " . $row[‘id’] . “ Username: " . $row[‘username’] . “ <input type=“checkbox” name=“DeleteJaminUser[]” value=”” . $row[‘id’] . “”> Delete ”);
}
//DELETE JAMIN USER SCRIPT
if ($delete === ‘JaminUser’) {
if (!isset($_POST[DeleteJaminUser])) {
$error = (“You must check at least 1 user.”);
} else {
$jamin_ids = $_POST[DeleteJaminUser]; 
		foreach ($jamin_ids as $jamin_id) {
			if ($jamin_id === $protected_id) {
				$admin_del_error = ("You cannot delete the Administrator!<br />");
			} else {
				$jamin_id = (int)$jamin_id;
				$sql = ("DELETE FROM jamin_users WHERE id=$jamin_id");
				$query = $conn->query($sql);
			}
		}
		if ($query === TRUE) {
			header('location: ./?page=Admin&action=JaminUsers', true);
			exit();
		} else {
			$error = ($admin_del_error."Error deleting record");
		}
	}
}

}

function get_admin_cp($action, $jamin_user, $user_table, $error) {
//IF USER IS VALID
if ($jamin_user) {
require_once INCLUDES_BASEDIR.ADMIN_BASEDIR.‘panel.html’;//admin panel
/////////////////////
//ADMIN DYNAMIC PAGES
////////START////////
##
//ADMIN USER LIST
if ($action === ‘JaminUsers’) {
require_once INCLUDES_BASEDIR.ADMIN_BASEDIR.‘users.html’;
}
//ADMIN REGISTER
if ($action === ‘Register’) {
require_once INCLUDES_BASEDIR.ADMIN_BASEDIR.‘register.html’;
require_once INCLUDES_BASEDIR.ADMIN_BASEDIR.‘users.html’;
}
##
///////////
//END PAGES
///////////
} else {
require_once INCLUDES_BASEDIR.ADMIN_BASEDIR.‘login.html’;//display login if there is no session set.
}
}[/php]

thanks

Sponsor our Newsletter | Privacy Policy | Terms of Service