Hey people
If I have made a page with login system, are there any possibilities to let a special group of people edit the page or some of the text on the page, just by clicking a edit button on the page?
With that I mean those with a special ID?
I have seen pages that have this "edit button", and that include a simple field with text where you can re-write the text, and then submit it.
I have a little problem for where I should start...
I'm thankful for any advise or code help..
Skuer
8  6219  Markus 6,050
Recognized Expert Expert
There are no possibilities in PHP, only challenges. ;)
First of all, it depends how you are with PHP? Are you able to write login scripts and use sessions/cookies? Are you able to use databases?
Just some basic information of your page structure would help.
Most websites store their articles in a database, and then they have a dynamic webpage which pulls the article from the database. Now, the nifty thing with databases is you can easily edit the information in the database - something that you're looking for?
If you're using a database it will make things much, much easier.
Regards.
There are no possibilities in PHP, only challenges. ;)
First of all, it depends how you are with PHP? Are you able to write login scripts and use sessions/cookies? Are you able to use databases?
Just some basic information of your page structure would help.
Most websites store their articles in a database, and then they have a dynamic webpage which pulls the article from the database. Now, the nifty thing with databases is you can easily edit the information in the database - something that you're looking for?
If you're using a database it will make things much, much easier.
Regards.
Well I have wrote a simple login script, where every page starts with
[PHP]session_start() ;
if(!session_is_ registered(user name)){
header("locatio n:main_login.ph p");
}[/PHP]
And have done a little programming that allows user to registrate there self as users. The info is registarted in a simple mysql databse
[PHP]
<html>
<body>
<?php
include('config .php');
// table name
$tbl_name=temp_ members;
// values sent from form
$username=$_POS T['username'];
$password=$_POS T['password'];
$email=$_POST['email'];
$checkuser = mysql_query("SE LECT username FROM members WHERE username='$user name'");
$username_exist = mysql_num_rows( $checkuser);
if($username_ex ist > 0){
echo "I'm sorry but the username you specified has already been taken. Please pick another one.";
unset($username );
include 'signup.php';
exit();
}
// Insert data into database
$sql="INSERT INTO temp_members(co nfirm_code, username, password, email)VALUES('$ confirm_code', '$username', '$password', '$email')";
$result=mysql_q uery($sql);
if($result){
echo "Please login";
?>
<br>click<a href="index.php ">here</a>
</body>
</html>
[/PHP]
Here is the link I used http://www.phpeasystep.com/workshopview.php?id=24
If you need more info, please tell me..
Skuer
Markus 6,050
Recognized Expert Expert
Sorry for the late reply, mate - i've been a tad busy!
Anyway, to the problem at hand:
When you say 'edit the text on the page', what do you mean?
If you have a page which pulls data out of a database, say an article, you could have a link which takes you to articleedit.php and also the article id in the url to locate the article articleedit.php ?art_id=8763
Then you'd supply the text into a textarea and allow someone to modify it, then save it.
I suggest you have a good read through some tutorials on mysql as it will make things a hell of alot easier
Sorry about the late reply again!
Also, i have been pretty vague about how i can help but we have a policy for not just supplying code - we like you to learn while you're at it!
Regards.
Just as a tip, you may want to consider adding something to code such as this, see my comment in your code below: -
// values sent from form
-
$username=$_POST['username'];
-
$password=$_POST['password'];
-
$email=$_POST['email'];
-
-
// Add here: validate that the user supplied information from the POST array
-
// does not contain malicious code, e.g. filter out anything dangerous.
-
-
$checkuser = mysql_query("SELECT username FROM members WHERE username='$username'");
-
As an example, imagine if I could guess my way to the name of your database table "members", and then supply this string to the username input field:
XYZ'; delete from members;'
Your query would then look like this:
mysql_query("SE LECT username FROM members WHERE
username='XYZ'; delete from members;' '
This is syntactically correct and contains 3 queries, the last one being just empty. I don't think you want the second one to happen, which will empty out your table.
Always check or clean up inputs from users before using them in executable code.
 Markus 6,050
Recognized Expert Expert
Just as a tip, you may want to consider adding something to code such as this, see my comment in your code below:
-
// values sent from form
-
$username=$_POST['username'];
-
$password=$_POST['password'];
-
$email=$_POST['email'];
-
-
// Add here: validate that the user supplied information from the POST array
-
// does not contain malicious code, e.g. filter out anything dangerous.
-
-
$checkuser = mysql_query("SELECT username FROM members WHERE username='$username'");
-
As an example, imagine if I could guess my way to the name of your database table "members", and then supply this string to the username input field:
XYZ'; delete from members;'
Your query would then look like this:
mysql_query("SE LECT username FROM members WHERE
username='XYZ'; delete from members;' '
This is syntactically correct and contains 3 queries, the last one being just empty. I don't think you want the second one to happen, which will empty out your table.
Always check or clean up inputs from users before using them in executable code.
Adding to this: mysql provides a nice fundtion for cleansing input: mysql_real_esca pe_string()
:)
correction on the previous post by coolsti: the 3-in-1 query will not work in a mysql_query() command, it will return a syntax error.
However, you are still open to other attacks like when you enter
that will generate 1 command - mysql_query("SELECT username FROM members WHERE username='ABC' or '1'='1'");
meaning that the query always returns a result and you could be logged in.
Ronald
Thanks for all the help..
I'll try my best to find my answer..
And i hope I'll still get mye questions answered if i hit a wall, and can't find the door..
Skuer
:)
I stand corrected and thanks for the fine example of what could go wrong, Ron!
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: bengee |
last post by:
Hi
Does anyone know of a way to edit "live" javascript (that i have no
control over) in IE?
Example, i visit a website and see a webpage in IE containing
Javascript. Can i edit that javascript and get IE to accept any changes
i've done to it?
So what i'm saying really, is that i want to hack the javascript served
|
by: sygsix |
last post by:
Hello all.
I am a Java programmer who sometimes dabbles in simple PHP stuff, and
had a question that's way over my head, for you DHTML experts.
I would like to know how to dynamically edit a currently static HTML
page which contains a map of a stands at a convention center. The
static version of the page can be found here:
...
|
by: Steve Bishop |
last post by:
I have a form with a search text box and a grid that displays the
results. Within the grid, I have edit command links set up to
response.redirect to another page that puts the DataKey value in the
query string.
The problem is, when I return to my initial page and do another search
by entering a value in the text box then hitting enter, it...
|
by: Alex |
last post by:
Interested in more .NET stuff visit www.dedicatedsolutions.co.uk
The DataList is not as powerful as the DataGrid. It requires more work
from you since it has no default data presentation format. However,
the DataGrid begins to get very cumbersome as the number of columns of
data you present increases. Anything more than half a dozen columns...
|
by: Glenn M |
last post by:
I have a shared XML file on a server .
i also have one xslt file that performs a simple transform on in to
view the data.
now i want to have another page that lets users modify the shared xml
file via some editable controls such as text boxes , option boxes etc.
how can i implment this , should i use another xslt file with <INPUT>...
| | |
by: Leo |
last post by:
I have a datagrid with the first column as a Edit,Update,Cancel button
column. The other 5 columns are template columns. When I click the Edit
button in IE6 the row correctly displays the controls defined in the
<EditItemTemplate> however when I right click and do a view source I cannot
find any of the input textboxes in the source. I have...
|
by: Mike |
last post by:
Hello,
I am developing a simple web editor to enable my users to update their websites and add simple formatting to the text.
The page content is recovered from a SQL Server database and displayed in the Microsoft DHTML Edit control ( I am working in Visual Studio 2003 - VB ). I have experimented with the ExecCommand function but all I want...
|
by: Hyperion |
last post by:
Hello all,
Im very new to php ,when I check execute this progrm the values from the database are retrieving and didplyed in a row.When I click the particul;ar edit button of a row ,I should take a vlue($id),by which I can edit that prticula data.what i should do?
plese help.
<html>
<body>
<table width="53%" border="0"...
|
by: awclemen |
last post by:
I have a page with a GridView. I've added a CommandField with the ShowEditButton set to true. When I run the page and click on the edit button, the row does NOT go to into edit mode (i.e. I do not see the update and cancel buttons). Anyone know where I went wrong....
Thanks in advance for the help
StupidGridView.aspx:
<%@ Page...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |
