Hi sorry to spam… i think i mite have worked out how to use prepared statements
im not learning it as fast as i would like but i do this on my own. i dont know any other coders apart from these community forums…
Is what i have done so far ok? i need to add login limits still and some other stuff.
i made a users page for the admin too and i can delete and add users but i dont know how to delete more then 1 if i check more then 1 user. Would that be a array of selected users? how would i do it?
i need to update the user list and delete script to use prepared statements too…
here is the latest…
[php]if (isset($_POST[‘username’]) && isset($_POST[‘password’])) {
$user = $conn->real_escape_string($_POST[‘username’]);
$user = trim($user);
$user = strip_tags($user);
$user = htmlspecialchars($user);
$pass = $conn->real_escape_string($_POST[‘password’]);
$pass = trim($pass);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
} else {
$user = null;
$pass = null;
}
//ADMIN LOGIN SCRIPT
if (isset($_POST[‘jaminLOGIN’])) {
if (empty($user) || empty($pass)) {
$error = (“You must enter a username and password!”);
} else {
if ($error === null) {
if ($stmt = $conn->prepare(“SELECT * FROM jamin_users WHERE username = ?”)) {
$stmt->bind_param(“s”, $user);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
if ($row) {
if (password_verify($pass, $row['password'])) {
//password matches, so create the session
$_SESSION['jamin_user'] = $row['username'];
header('location: ./?page=Admin', true);
exit();
} else {
$error = ("Your password dose not match!");
}
} else {
$error = ("Your username or password do not match!");
}
$stmt->close();
}
}
}
}
//SET SESSION USERNAME VAR
if (isset($_SESSION[‘jamin_user’])) {
$jamin_user = $_SESSION[‘jamin_user’];
} else {
$jamin_user = null;//if its not set then set it to null.
}
//ADMIN LOG OUT
if ($action === ‘Logout’) {
if (isset($_SESSION[‘jamin_user’]))
{
unset($_SESSION[‘jamin_user’]);
}
header(‘location: ./?page=Admin’, true);
exit();
}
//scripts that can only be run if there is a jamin session
if ($jamin_user) {
//REGISTER JAMIN SCRIPT
if (isset($_POST[‘jamin_register’])) {
if (empty($user) || empty($pass)) {
$error = (“Enter Username And Password.”);
} else {
if ($error === null) {
if ($stmt = $conn->prepare(“INSERT INTO jamin_users (username, password) VALUES (?, ?)”)) {
$pass = password_hash($pass, PASSWORD_BCRYPT);
$stmt->bind_param(“ss”, $user, $pass);
$stmt->execute();
if ($stmt) {
$error = (“Jamin Registerd!”);
} else {
$error = (“There was a problem!”);
}
$stmt->close();
}
}
}
}
//SELECT AND OUTPUT JAMIN USERS TABLE
$sql = “SELECT * FROM jamin_users”;
$result = $conn->query($sql);
while ($row = $result->fetch_assoc()) {
$user_table .= (“
Username: " . $row[‘username’] . “ |
<input type=“checkbox” name=“DeleteJaminUser” value=”” . $row[‘id’] . “”> DELETE USER |
");
}
//DELETE JAMIN USER SCRIPT
if ($delete === ‘JaminUser’) {
if (!isset($_POST[DeleteJaminUser])) {
$error = (“You must check at least 1 user.”);
} else {
$jamin_id = $_POST[DeleteJaminUser];
$sql = (“DELETE FROM jamin_users WHERE id=$jamin_id”);
if ($conn->query($sql) === TRUE) {
header(‘location: ./?page=Admin&action=JaminUsers’, true);
exit();
} else {
$error = ("Error deleting record: " . $conn->error);
}
}
}
}
function get_admin_cp($action, $jamin_user, $user_table, $error) {
//IF USER IS VALID
if ($jamin_user) {
require_once PAGES_BASEDIR.‘Admin/panel.html’;//admin panel
/////////////////////
//ADMIN DYNAMIC PAGES
////////START////////
##
//ADMIN USER LIST
if ($action === ‘JaminUsers’) {
require_once PAGES_BASEDIR.‘Admin/admin_users.html’;
}
//ADMIN REGISTER
if ($action === ‘Register’) {
require_once PAGES_BASEDIR.‘Admin/register.html’;
}
##
///////////
//END PAGES
///////////
} else {
require_once PAGES_BASEDIR.‘Admin/login.html’;//display login if there is no session set.
}
}[/php]
sql still the same.
thanks