[Work ON] User Control Panel

beetols · 10/31/2015, 10:42

Quote:

Originally Posted by DevilOfSun

PHP Code:

<?php require_once('db.config.php'); $character = ''; ?> -- Script From [DEV]Viro <html> <head> <title>[Dev]Viro Faction Change</title> <style type="text/css"> h2 {text-align:center; color:yellow;} h4 {text-align:center; color:white;} div#adminLogin {background-color:#111111; width:160px; padding:10px;} div#formArea {background-color:#595959; padding:5px; position:relative; left:0px;} .submitButton {position:relative; left:40px;} </style> </head> <body> <div id="adminLogin"> <div id="factionChange"><h4>Faction Change</h4> <div id="formArea"> <form action="factionchange.php" method="POST"> Account<br/><input type="text" name="character" value="<?php echo $account; ?>"><br/> Passwort<br/><input type="text" name="password" value="<?php echo $password; ?>"><br/> <br/><input type="submit" name="formSubmit" value="Submit" class="submitButton"> </form> </div> </div> </div> </body> </html> <?php if ($_POST['formSubmit'] == "Submit") { $account = $_POST['account']; $password = $_POST ['Pw']; $dbhost = $_ENV['LOCAL_DOMAIN']; $sql = "SELECT UserUID FROM PS_UserData.dbo.Users_Master WHERE UserID = ? and Pw = ?"; $stmt = odbc_prepare($GLOBALS['dbConn'],$sql); $args = array($account); $args = array ($password); odbc_execute($stmt,$args,); '<br/>'; $userUID = odbc_result($stmt,'UserUID'); $sql = "SELECT Country FROM PS_GameData.dbo.UserMaxGrow WHERE UserUID = ?"; $stmt = odbc_prepare($GLOBALS['dbConn'],$sql); $args = array($userUID); odbc_execute($stmt,$args); '<br/>'; $country = odbc_result($stmt,'Country'); if ($country==0) { $sql = "UPDATE PS_GameData.dbo.UserMaxGrow SET Country = 1 WHERE UserUID = ?"; $stmt = odbc_prepare($GLOBALS['dbConn'],$sql); $args = array($userUID ); odbc_execute($stmt,$args); echo $character.' was successfully factioned changed from light to fury!'; } if ($country==1) { $sql = "UPDATE PS_GameData.dbo.UserMaxGrow SET Country = 0 WHERE UserUID = ?"; $stmt = odbc_prepare($GLOBALS['dbConn'],$sql); $args = array($userUID ); odbc_execute($stmt,$args); echo $character.' was successfully factioned changed from fury to light!'; } odbc_close($GLOBALS['dbConn']); } ?>

Use a session is always better but don't forget to start it else won't work:

PHP Code:


			
if (session_id() == ""){

    session_start();

}

after you can check your SESSION:

PHP Code:


			
if(!isset($_SESSION['UserUID'])){

header('location: login.php');

exit();

    }else{

        $uid = $_SESSION['UserUID'];

}

A secure and nice login form is gived by castor in 'Web Service Tutorial'.

Another suggestion is move the html side after the php code, and the <? echo $account; ?> before that you declare the variable will in any case not work. also <? echo $_POST['accaunt']; ?>

during the code php is more nice if you use variables instead use echo.
example:

Code:

begin:
$newfaction = '';
in code:
$newfaction  = $character.' was successfully factioned changed from light to fury!';
in html:
<p><? echo $newfaction; ?></p>
or as i like more when have many variables in html code:
<?
echo '
<html>
<body>
<p>'.$newfaction.'</p>
</body>
</html>
';
?>

Else than this i cannot help you, because I don't use ODBC but PDO, anyway goodluck.

DevilOfSun · 10/31/2015, 15:57

Thank you all, atm i work on a database, that work will finish today than i will take a look back at the ucp ^^

SugarD-x · 10/31/2015, 21:21

I may be wrong on this as I haven't looked very carefully at it, but I believe you may be causing a web validation error in your HTML code with the following comment:

Code:

-- Script From [DEV]Viro

If my memory serves me correctly, (it has been a long day, so again, I may be wrong here), it should be written like this:

Code:

<!-- Script From [DEV]Viro -->