Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12

Thread: Admin Panel?

  1. #1
    Regular Coder GSimpson's Avatar
    Join Date
    Aug 2006
    Location
    New Zealand
    Posts
    268
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Admin Panel?

    ok so on my website i have a mysql database named 'test_06' with a table named 'productions'. The table is set out with one column that has the name 'link' where i want to have a link to my applications or webpages for download. My second column is named 'name' and it is a formal name for the link. My goal is to make a page where I can fill in one form with a link and another with a formal name. Then click submit and it sends to the table with the new row with a new link and a formal name from the form.

    and then...
    can I have it so on my productions page it has all the formal names from the table. And all the formal names have the links from the link column.

    thanks a million,
    GSimpson.
    Last edited by GSimpson; 08-22-2006 at 08:38 AM.
    The internet is my Sandbox, and notepad is my Spade n' Bucket.

  • #2
    Regular Coder musher's Avatar
    Join Date
    Jan 2005
    Location
    Minnesota
    Posts
    203
    Thanks
    0
    Thanked 0 Times in 0 Posts
    GSimpson,
    Here's a link to a tutorial on how to set up what your trying to do http://www.freewebmasterhelp.com/tutorials/phpmysql/1

    you can google "PHP MySQL tutorial" and find a bunch of them. Try and go thru the tutorial, (give it a shot) and then ask questions if you need.
    Thanks
    Jim M

    "Lord, help me to become the person my dog thinks I am" - Dawn Ewing
    "If you must know. Yes, I do enjoy running after the dog sled when I fall off" - Me

    www.huskyzone.com -- Woodland Siberians

  • #3
    Regular Coder GSimpson's Avatar
    Join Date
    Aug 2006
    Location
    New Zealand
    Posts
    268
    Thanks
    9
    Thanked 0 Times in 0 Posts
    ok so i got my productions page to display the mysql database thing er ma jig
    and i wrote a script that uses something similar to js - I cant figure out why this page doesn't upload to the database table can someone help -

    <html>
    <body>
    <?php
    function upload(){
    $recordname1=document.info.recordname2.value;
    $recordlink1=document.info.recordlink2.value;
    $con = mysql_connect("localhost","23819","*******");
    if (!$con)
    {
    die('Could not connect: ' . mysql_error());
    }mysql_select_db("test_06", $con);mysql_query("INSERT INTO productions (Name, Link)
    VALUES ($recordname1, $linkname1)");mysql_close($con);}
    ?>
    <br><br><br>
    <form name="info">
    Name:<input type="text" name="recordname2"><br>
    Link:<input type="text" name="recordlink2"><br>
    <input type="button" value="Update To Directory" onclick="upload()"><br>
    </form>
    </body>
    </html>

    and of course i do know that my pass isn't entered.
    thanks everybody.
    The internet is my Sandbox, and notepad is my Spade n' Bucket.

  • #4
    Regular Coder musher's Avatar
    Join Date
    Jan 2005
    Location
    Minnesota
    Posts
    203
    Thanks
    0
    Thanked 0 Times in 0 Posts
    GSimpson, here's a simple example of a form that stores entires into a db (the function is to help prevent sql injection attacks)

    PHP Code:
    <?php
      
    function GetSQLValueString($theValue$theType$theDefinedValue ""$theNotDefinedValue "") {
        
    $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
        switch (
    $theType) {
          case 
    "text":
            
    $theValue = ($theValue != "") ? "'" $theValue "'" "NULL";
          break;    
          case 
    "long":
          case 
    "int":
            
    $theValue = ($theValue != "") ? intval($theValue) : "NULL";
          break;
          case 
    "double":
            
    $theValue = ($theValue != "") ? "'" doubleval($theValue) . "'" "NULL";
          break;
          case 
    "date":
            
    $theValue = ($theValue != "") ? "'" $theValue "'" "NULL";
          break;
          case 
    "defined":
            
    $theValue = ($theValue != "") ? $theDefinedValue $theNotDefinedValue;
          break;
        }
        return 
    $theValue;
      }
    ?>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
      <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
      <title>Untitled Document</title>
    </head>

    <body>
      <?php
      
    if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
        
    // process form
        
    $db mysql_connect("localhost""user-id""password");
        
    mysql_select_db("table",$db);
        
    $sql sprintf("INSERT INTO table (name,link) VALUES (%s, %s)",
          
    GetSQLValueString($_POST['name'], "text"),
          
    GetSQLValueString($_POST['link'], "text"));
       
    $result mysql_query($sql);
       echo 
    "Thank you! Information entered.\n";
      }else{
       
    // display form
      
    ?>
      <form method="post" name="form1" action="<?php echo $_SERVER['PHP_SELF']?>">
        Link Title:<input type="Text" name="name"><br>
        Link:<input type="Text" name="link"><br>
        <input type="submit" name="submit" value="submit">
        <input type="hidden" name="MM_insert" value="form1">
      </form>
      <?php
      
    // end if
      
    ?>
    </body>
    </html>
    Thanks
    Jim M

    "Lord, help me to become the person my dog thinks I am" - Dawn Ewing
    "If you must know. Yes, I do enjoy running after the dog sled when I fall off" - Me

    www.huskyzone.com -- Woodland Siberians

  • #5
    Regular Coder GSimpson's Avatar
    Join Date
    Aug 2006
    Location
    New Zealand
    Posts
    268
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Ok thanks I have it working, man i cant express i thankful i am for this,
    but whats an injection attack? it just sounds like spamming databases?

    thanks
    The internet is my Sandbox, and notepad is my Spade n' Bucket.

  • #6
    New Coder
    Join Date
    Aug 2006
    Posts
    64
    Thanks
    0
    Thanked 0 Times in 0 Posts
    An injection attack is when the user enters something in the text field, that they know will be inserted into the database, and they alter the query with it, and it take a lot of trial and error, but isnt that complex and can be done if theres no protection against it. If you are volnurable, they can virtually do anything they want to your database.

  • #7
    Regular Coder GSimpson's Avatar
    Join Date
    Aug 2006
    Location
    New Zealand
    Posts
    268
    Thanks
    9
    Thanked 0 Times in 0 Posts
    can i just have a form that sends the information to a varible inside a function.
    then i hit a button and the function inserts the varible into the table? if so that would certainly be easier.

    thanks
    Last edited by GSimpson; 08-23-2006 at 03:44 AM.
    The internet is my Sandbox, and notepad is my Spade n' Bucket.

  • #8
    Regular Coder musher's Avatar
    Join Date
    Jan 2005
    Location
    Minnesota
    Posts
    203
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by GSimpson
    Ok, so i need to password protect?
    Yes if this is page is on a public server and you dont want any one else to be able to add/change/delete records. There are two ways you can do this 1. if you have access to the server you can put your maint files in a directory that is user-id password protected 2. add new table (user) and some php to your maint files that prompt for user-id password prior to letting them change/add records.

    let me know if you dont have access to your server and I can give you a hand setting up a login file and the code you would need to put in your other pages to ensure some one has used a valid login to get to that page.
    Thanks
    Jim M

    "Lord, help me to become the person my dog thinks I am" - Dawn Ewing
    "If you must know. Yes, I do enjoy running after the dog sled when I fall off" - Me

    www.huskyzone.com -- Woodland Siberians

  • #9
    Regular Coder GSimpson's Avatar
    Join Date
    Aug 2006
    Location
    New Zealand
    Posts
    268
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Ok so i have a login system, but when i use this it completes the php script, how ever it doesn't insert it. whats wrong?
    The internet is my Sandbox, and notepad is my Spade n' Bucket.

  • #10
    Regular Coder musher's Avatar
    Join Date
    Jan 2005
    Location
    Minnesota
    Posts
    203
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Here's the way I normaly work it.

    1. index.php - is the just the login script. If a valid user-id and password has been entered, It will set a session variable, then call (open) the maint page

    2. maint.php - page to add/mod/del info in production table. first thing this page will do is check to see if the session variable is set if it is then show form to add/mod/del stuff from your production table, if the session variable is not set then send them to index.php to enter a valid user-id / password.

    (post the code you have so far)
    Thanks
    Jim M

    "Lord, help me to become the person my dog thinks I am" - Dawn Ewing
    "If you must know. Yes, I do enjoy running after the dog sled when I fall off" - Me

    www.huskyzone.com -- Woodland Siberians

  • #11
    Regular Coder GSimpson's Avatar
    Join Date
    Aug 2006
    Location
    New Zealand
    Posts
    268
    Thanks
    9
    Thanked 0 Times in 0 Posts
    NOW I DO KNOW THAT JS ISN'T A SECURE PASSWORD PROTECT, BUT WROTE UP ONE SO BASIC, YET I CAN'T FIND AWAY AROUND IT.

    WELL HERES MY PAGE THE UPLOADS TO DATABASE:
    <?php
    function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") {
    $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
    switch ($theType) {
    case "text":
    $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
    break;
    case "long":
    case "int":
    $theValue = ($theValue != "") ? intval($theValue) : "NULL";
    break;
    case "double":
    $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
    break;
    case "date":
    $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
    break;
    case "defined":
    $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
    break;
    }
    return $theValue;
    }
    ?>
    <HTML>
    <HEAD>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <meta http-equiv="Content-Language" content="en">
    <meta name="Author" content="GSimpson">
    <TITLE>Ambitous Spirit | Edit Productions</TITLE>
    <link rel="stylesheet" type="text/css" href="../stylesheet.css" />
    <script language="javascript" type="javascript/text">
    var password;
    var pass1="GSimpson";
    var pass1="mypassword";
    password=prompt('Please Enter Username:');
    password=prompt('Please Enter Password:');
    if (username==user1 && password==pass1)
    alert('Password Correct! Click OK to enter!');
    else
    {
    window.location="";
    }
    </script>
    </HEAD>
    <BODY CLASS="special" vlink="#oooooo" link="#oooooo" alink="#oooooo">

    <table cellpadding="0" cellspacing="0" class="navigationt">
    <tr><td><div class="navigation"><font face="verdana" size="1"><BR><B>| NAVIGATION |</B><br><br>| <a href="../index.htm">Home</a> |<BR><BR>| <a href="../productions.php">Productions</a> |<BR><BR>| <a href="../about.htm">About</a> |<BR><BR>| <a href="../contact.htm">Contact</a> |<br><br>| <a href="../affilates.htm">Affilates</a> |<BR><BR>| <a href="index.php">Admin Index</a> | <BR><BR>| <a href="../index.htm">Logout</a> |<BR><BR>___________________</div></td><td><div class="content"><font face="verdana" size="6"><center>

    <!-- TITLE OF WEBSITE -->

    Ambitous Spirits

    <!-- TITLE OF WEBSITE -->
    <BR><font face="verdana"size="1">__________________________________________</center><BR>
    <font face="verdana"size="3">| Edit Productions |<BR>
    <font face="verdana"size="1">
    <!-- CONTENT -->
    <b>Upload To Productions Page:</b><br>
    <?php
    if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
    // process form
    $db = mysql_connect("mysql2.freehostia.com", "glysim_userpass", "*****");
    mysql_select_db("glysim_userpass",$db);
    $sql = sprintf("INSERT INTO productions (Name,Link) VALUES (%s, %s)",
    GetSQLValueString($_POST['Name'], "text"),
    GetSQLValueString($_POST['Link'], "text"));
    $result = mysql_query($sql);
    echo "File Uploaded Into Productions Directory.<br><a href='uploadtodirectory.php'>New Download?</a> / <a href='index.htm'>Home</a>";
    }else{
    // display form
    ?>
    <form method="post" name="form1" action="<?php echo $_SERVER['PHP_SELF']?>">
    <input SIZE=50 type="Text" name="name"><br>
    <input SIZE=50 type="Text" name="link"><br>
    <input type="submit" name="submit" value="submit">
    <input type="hidden" name="MM_insert" value="form1">
    </form>
    <?php
    } // end if
    ?>
    <br><br><b>Current Files In Productions Page:</b><br>
    <?php
    $con = mysql_connect("mysql2.freehostia.com","glysim_userpass","*******");
    if (!$con)
    {
    die('Could not connect: ' . mysql_error());
    }

    mysql_select_db("glysim_userpass", $con);

    $result = mysql_query("SELECT * FROM productions");

    while($row = mysql_fetch_array($result))
    {
    echo $row['Name'] . " - " . $row['Link'];
    echo "<br>";
    }

    mysql_close($con);
    ?>
    <!-- CONTENT -->
    </div></td><td></td></tr></table><table class="navigationt" cellpadding="0" cellspacing="0"><tr><td><div class="footer"><font face="verdana" size="1"><BR>This website is &#169;Copyright Ambitious Spirit.<BR>All rights reserved. 2006.</div></td><tr></table>
    </table>


    </BODY>
    </HTML>
    I will eventually add a more secure password protection, after I can upload stuff.
    The internet is my Sandbox, and notepad is my Spade n' Bucket.

  • #12
    Regular Coder GSimpson's Avatar
    Join Date
    Aug 2006
    Location
    New Zealand
    Posts
    268
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Ok so I made an admin panel, secured it with .htaccess I made it post form information to a page where it inserts it. then redirects back to the previous page.
    The internet is my Sandbox, and notepad is my Spade n' Bucket.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •