[Work ON] User Control Panel

10/31/2015 10:42 beetols#16
Quote:
Originally Posted by DevilOfSun View Post
PHP Code:
<?php

require_once('db.config.php');

$character '';

?>
-- Script From [DEV]Viro

<html>
    <head>
        <title>[Dev]Viro Faction Change</title>
    <style type="text/css">
        h2         {text-align:center; color:yellow;}
        h4         {text-align:center; color:white;}
        div#adminLogin    {background-color:#111111; width:160px; padding:10px;}
        div#formArea    {background-color:#595959; padding:5px; position:relative; left:0px;}
        .submitButton    {position:relative; left:40px;}
        
    </style>
    </head>
    <body>
        <div id="adminLogin">
            
            <div id="factionChange"><h4>Faction Change</h4>

                <div id="formArea">
                    <form action="factionchange.php" method="POST">
                        Account<br/><input type="text" name="character" value="<?php echo $account?>"><br/>
                        Passwort<br/><input type="text" name="password" value="<?php echo $password?>"><br/>
                        <br/><input type="submit" name="formSubmit" value="Submit" class="submitButton">
                    </form>
                </div>
            </div>
        </div>
    </body>
</html>
<?php

if ($_POST['formSubmit'] == "Submit") {
    
$account $_POST['account'];
    
$password $_POST ['Pw'];
    
$dbhost $_ENV['LOCAL_DOMAIN'];

    
$sql "SELECT UserUID FROM PS_UserData.dbo.Users_Master WHERE UserID = ? and Pw = ?";
    
$stmt odbc_prepare($GLOBALS['dbConn'],$sql);
    
$args = array($account);
    
$args = array ($password);
    
odbc_execute($stmt,$args,);
    
'<br/>';
    
$userUID odbc_result($stmt,'UserUID');
    
    
$sql "SELECT Country FROM PS_GameData.dbo.UserMaxGrow WHERE UserUID = ?";
    
$stmt odbc_prepare($GLOBALS['dbConn'],$sql);
    
$args = array($userUID);
    
odbc_execute($stmt,$args);
    
'<br/>';
    
$country odbc_result($stmt,'Country');
    
    if (
$country==0) {
        
$sql "UPDATE PS_GameData.dbo.UserMaxGrow
            SET Country = 1
            WHERE UserUID = ?"
;
        
$stmt odbc_prepare($GLOBALS['dbConn'],$sql);
        
$args = array($userUID );
        
odbc_execute($stmt,$args);
        echo 
$character.' was successfully factioned changed from light to fury!';
    }

    if (
$country==1) {
        
$sql "UPDATE PS_GameData.dbo.UserMaxGrow
            SET Country = 0
            WHERE UserUID = ?"
;
        
$stmt odbc_prepare($GLOBALS['dbConn'],$sql);
        
$args = array($userUID );
        
odbc_execute($stmt,$args);
        echo 
$character.' was successfully factioned changed from fury to light!';
    }

    
odbc_close($GLOBALS['dbConn']);
}

?>
Use a session is always better but don't forget to start it else won't work:
PHP Code:
if (session_id() == ""){
    
session_start();

after you can check your SESSION:
PHP Code:
if(!isset($_SESSION['UserUID'])){
header('location: login.php');
exit();
    }else{
        
$uid $_SESSION['UserUID'];

A secure and nice login form is gived by castor in 'Web Service Tutorial'.

Another suggestion is move the html side after the php code, and the <? echo $account; ?> before that you declare the variable will in any case not work. also <? echo $_POST['accaunt']; ?>

during the code php is more nice if you use variables instead use echo.
example:
Code:
begin:
$newfaction = '';
in code:
$newfaction  = $character.' was successfully factioned changed from light to fury!';
in html:
<p><? echo $newfaction; ?></p>
or as i like more when have many variables in html code:
<?
echo '
<html>
<body>
<p>'.$newfaction.'</p>
</body>
</html>
';
?>
Else than this i cannot help you, because I don't use ODBC but PDO, anyway goodluck.
10/31/2015 15:57 DevilOfSun#17
Thank you all, atm i work on a database, that work will finish today than i will take a look back at the ucp ^^
10/31/2015 21:21 SugarD-x#18
I may be wrong on this as I haven't looked very carefully at it, but I believe you may be causing a web validation error in your HTML code with the following comment:
Code:
-- Script From [DEV]Viro
If my memory serves me correctly, (it has been a long day, so again, I may be wrong here), it should be written like this:
Code:
<!-- Script From [DEV]Viro -->