Hi guys. I have been battling a severe cold the last few of days.
I kept getting lots of error, and decided to start over as in the beginning. I created a free online account and posted the files there for you to see how is all working.
Go to http://javierbooks.comuf.com/administrar/ and enter the login info:
username: test
password: test
I modified the script a bit so as if someone deletes all the users, the test user is recreated automatically
Here’s where I am right now:
a) I can and delete, or modify users and posts without major problems
b) The main issue is when you are trying to edit an user. If you click on the edit link and change the text of anything there but the username, it keeps sending you to “username exist.” In other words, the script is forcing you change the username once you have clicked on the Edit link, unless you get out by going back to display all users by clicking on the (users link).
Here I am going to paste the code again as I have it. I missed one step that I for got to show you, and that’s why you were thrown off a bit when you asked if I had an ID field in my database. Here we go…
-
First, as I said before, I have a file called functions.php, which contains all the relevant functions that are called for edit, deleting, showing, etc. I forgot to mention that there is a function called getUser($id). This function pulls any specific or selected user:
[php]function getUser($id){
$id = (int) $id;// TYPECASTING to avoind SLQ injections
$query = mysql_query("SELECT * FROM authorized_users WHERE id =’$id’ ") or die(mysql_error()) ;
return mysql_fetch_assoc($query);
}//Get selected user so it can be updated[/php]
-
There’s a file called editUsers.php, and this is the HTML form to update the users. Here I make a function call to the getUser($id) function to populate the form with content from MYSQL.
[php]
<?php
include ('includes/functions.php');
$user = [b]getUser($_GET['id']);[/b]
?>
| Username |
|
<tr>
<td> <label for="userPassword">Password</label></td>
<td> <input name="userPassword" type="text" class="editUserform_HL" onFocus="this.value='';this.onfocus=null;" value="ENTER NEW PASSWORD HERE" size="33" maxlength="32" ></td>
</tr>
<tr>
<td> <label for="userPassword_OLD">Old Password</label></td>
<td><input name="userPassword_OLD" type="text" class="editUserform" value="<?php echo $user['password'];?>" size="33" maxlength="32" readonly="readonly" /></td>
</tr>
<tr>
<td> <label for="userEmail">e-Mail</label></td>
<td> <input type="text" name="userEmail" value="<?php echo $user['email'];?>" class="editUserform" size="33" maxlength="32" ></td>
</tr>
<tr>
<td> <label for="userRealname">Real Name</label></td>
<td> <input type="text" name="userRealname" value="<?php echo $user['realname'];?>" class="editUserform" size="33" maxlength="32"></td>
</tr>
<tr>
<td> </td>
<td align="center"><input name="submit" type="submit" value="Send"></td>
</tr>
<tr>
<td align="center"><input type="hidden" name="id" value="<?php echo $_GET['id'];?>"></td>
</tr>
<tr>
<td> <?php echo '<br>Go Back to <a href="users_authorized.php">Users</a>';?></td>
</tr>
[/php]
- After the form is submitted, doEditUsers.php is called to process it. Here user inputs are escaped and the password is hashed.
[php]<?php
include(‘includes/functions.php’);
//create short varaibles
$submit = $_POST[‘submit’];
$userUsername = mysql_real_escape_string($_POST[‘userUsername’]);
$userPassword = mysql_real_escape_string($_POST[‘userPassword’]);
$userEmail = mysql_real_escape_string($_POST[‘userEmail’]);
$userRealname = mysql_real_escape_string($_POST[‘userRealname’]);
$id = mysql_real_escape_string($_POST[‘id’]);
//md5($userPassword)
if (isset($submit)){
//check if category name is entered. Description is no requireD, so we don't check it here
if (isset($_POST['userUsername'])){
editUser($userUsername, (md5($userPassword)), $userEmail, $userRealname, $id);
//header('location:users_authorized.php');
} else {
echo 'Please Set a Username!';
include ('editUsers.php');
}
}
?>[/php]
A called is made to a third function editUser(), and here’s is where I am tripping. Here’s that function
4) [php]function editUser($userUsername, $userPassword, $userEmail, $userRealname,$id){
//select users to see if they exist
$query = mysql_query("SELECT * FROM authorized_users where username =’$userUsername’ ") or die(mysql_error());
if (mysql_num_rows($query) >= 1 ){
/* Username already exists */
echo "<p><p><span class='current_admin'>Username already exists</span>";
echo '<p>Please <a href="javascript:history.go(-1)">Go Back</a> and complete the form<br>';
echo '<META HTTP-EQUIV="Refresh" CONTENT="8; URL=users_authorized.php">';
} else {
$query = mysql_query("UPDATE authorized_users SET username ='$userUsername', password = '$userPassword', email='$userEmail', realname='$userRealname' WHERE id='$id' ") or die (mysql_error());
echo '<p><p><b> 1 User Updated</b>';
echo '<p>Go Back to <a href="users_authorized.php">Users</a>';
echo '<META HTTP-EQUIV="Refresh" CONTENT="4; URL=users_authorized.php">';}
} [/php]
- One last thing I noticed is that a username is updated and nothing else is changed, the password is re-hashed, which would block the user from login in again because he would never know what the already hashed password would be rehashed to. Right now I am just getting away with it by retype the same password again, that is if I want to keep the same one.
I encourage you to test the admin panel manage users and manage posts in and out so you can better understand what I mean. Any changes made in manage post will be reflected immediately and can be viewed by clicking on the view website link at the bottom right of the tables. I have back-up of the database so I don’t worry about the changes… plus this is not the live server of the website.
I know this a mouthful, but I just wanted to break it down as much as I could. And thahks for your help phpHelp and the rest of the crew. 
