<?php session_start(); $file=$_GET['file']; //echo $file; $us

1. <?php
2. session_start();
3. $file=$_GET['file'];
4. //echo $file;
5. $user_id = isset($_POST['user_id']) ? $_POST['user_id'] : $_SESSION['user_id'];
6. $password = isset($_POST['password']) ? $_POST['password'] : $_SESSION['password'];
7. //echo $user_id;
8. //echo $password;
9.  
10. if(!isset($user_id)) {
11. ?>
12. <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
13. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
14. <html xmlns="http://www.w3.org/1999/xhtml">
15. <head>
16. <title> Please Log In for Access </title>
17. <meta http-equiv="Content-Type"
18. content="text/html; charset=iso-8859-1" />
19. </head>
20. <body>
21. <h1> Login Required </h1>
22. <p>You must log in to access this area of the site.
23. <p><form method="POST" action="<?=$_SERVER['PHP_SELF']?>">
24. User ID: <input type="text" name="user_id" size="8" /><br />
25. Password: <input type="password" name="password" SIZE="8" /><br />
26. <input type="submit" value="Log in" />
27. </form></p>
28. </body>
29. </html>
30. <?php
31. //exit;
32. }
33. $_SESSION['user_id'] = $user_id;
34. $_SESSION['password'] = $password;
35. echo $_SESSION['user_id'];
36. echo $_SESSION['password'];
37. include'config.php';
38. $sql = "SELECT * from priviledge WHERE user_id='$user_id' AND file='$file';";
39. $result = mysqli_query($con ,$sql);
40. if (!$result){
41. error('A database error occurred while checking your '.
42. 'login details.nIfhis error persists, please '.
43. 'contact you@example.com.');
44. }
45. if (mysqli_num_rows($result) == 0)
46. {
47. ?>
48. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
49. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
50. <html xmlns="http://www.w3.org/1999/xhtml">
51. <head>
52. <title> Access Denied </title>
53. <meta http-equiv="Content-Type"
54. content="text/html; charset=iso-8859-1" />
55. </head>
56. <body>
57. <div class=error> <p style="color:red">Access denied: You are not authorized to use this module. </p></div>
58. </body>
59. </html>
60. <?php
61.  
62. exit;
63. }
64. //$username = mysql_result($result,0,'e_name');
65. ?>
66. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
67. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
68. <html xmlns="http://www.w3.org/1999/xhtml">
69. <head>
70. <title> Members-Only Page </title>
71. <meta http-equiv="Content-Type"
72. content="text/html; charset=iso-8859-1" />
73. </head>
74. <body>
75. </body>
76. </html>
77.  
78. <div align="left">
79. <?php
80. echo '<ul class="nav">
81. <form action="customer.php" method="get">
82. <button name="file" type="submit" value="customer.php">Customer</button> </form>
83. <p>
84.  
85.  
86. <!-- end .sidebar1 -->';
87. ?>
88. </div>
89. And this is the file for which access is required 'Customer.php'
90.  
91. <?php include "top.php" ;?>
92. <?php include "accesscontrol.php";?>
93. <?php include "accesscontrolnew.php";?>
94. <!DOCTYPE HTML>
95. <html>
96. <head>
97. <style>
98. .error {color: #FF0000;}
99. font-size: 100%;
100. </style>
101. </head>
102. <body>
103.  
104. <?php
105. function test_input($data)
106. {
107. $data = trim($data);
108. $data = stripslashes($data);
109. $data = htmlspecialchars($data);
110. return $data;
111. }
112. // define variables and set to empty values
113. $f_nameErr =$l_nameErr = $emailErr = $mobileErr = $Phone_1Err =$Phone_2Err= $pinErr ="";
114. $f_name = $l_name= $add_1 = $add_2= $add_3= $city= $pin= $mobile= $Phone_1= $Phone_2= $email= $pan = "";
115.  
116. if ($_SERVER["REQUEST_METHOD"] == "POST")
117. {
118. $valid = true;
119. if (empty($_POST["f_name"])){
120. $f_nameErr = "Name is required";
121. $valid = false;
122. }else
123. {
124. $f_name = test_input($_POST["f_name"]);
125. // check if name only contains letters and whitespace
126. // if (!preg_match("/^[a-zA-Z ]*$/",$f_name)) {
127. // $f_nameErr = "Only letters and white space allowed";
128. //$valid = false;
129. }
130.  
131.  
132.  
133. if (empty($_POST["l_name"])) {
134. $l_name = "";
135. } else {
136. $l_name = test_input($_POST["l_name"]);
137. // check if name only contains letters and whitespace
138. if (!preg_match("/^[a-zA-Z ]*$/",$l_name)) {
139. $l_nameErr = "Only letters and white space allowed";
140. $valid = false;
141. }
142. }
143. if (empty($_POST["add_1"])) {
144. $add_1 = "";
145. } else {
146. $add_1 = test_input($_POST["add_1"]);
147. }
148. if (empty($_POST["add_2"])) {
149. $add_2 = "";
150. } else {
151. $add_2 = test_input($_POST["add_2"]);
152.  
153. }
154. if (empty($_POST["add_3"])) {
155. $add_3 = "";
156. } else {
157. $add_3 = test_input($_POST["add_3"]);
158. }
159. if (empty($_POST["city"])) {
160. $city = "";
161. } else {
162. $city = test_input($_POST["city"]);
163. }
164. if (empty($_POST["pin"])) {
165. $pin = "";
166. } else {
167. $pin = test_input($_POST["pin"]);
168. // check if name only contains letters and whitespace
169. if (!preg_match("/^[0-9]{6}$/",$pin)) {
170. $pinErr = "Only six digit number allowed";
171. $valid = false;
172. }
173. }
174. if (empty($_POST["mobile"])) {
175. $mobileErr = "Mobile No is required";
176. $valid = false;
177. } else {
178. $mobile = test_input($_POST["mobile"]);
179. // check if name only contains letters and whitespace
180. if (!preg_match("/^[0-9]{10}$/",$mobile)) {
181. $mobileErr = "Only 10 digit number allowed";
182. $valid = false;
183. }
184. }
185.  
186. if (empty($_POST["Phone_1"])) {
187. $Phone_1 = "";
188. } else {
189. $Phone_1 = test_input($_POST["Phone_1"]);
190. // check if name only contains letters and whitespace
191. if (!preg_match("/^[0-9]{10}$/",$Phone_1)) {
192. $Phone_1Err = "Only 10 digit number allowed";
193. $valid = false;
194. }
195. }
196. if (empty($_POST["Phone_2"])) {
197. $Phone_2 = "";
198. } else {
199. $Phone_2 = test_input($_POST["Phone_2"]);
200. // check if name only contains letters and whitespace
201. if (!preg_match("/^[0-9]{10}$/",$Phone_2)) {
202. $Phone_2Err = "Only 10 digit number allowed";
203. $valid = false;
204. }
205. }
206.  
207. if (empty($_POST["email"])) {
208. $emailErr = "";
209. } else {
210. $email = test_input($_POST["email"]);
211. // check if e-mail address is well-formed
212. if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
213. $emailErr = "Invalid email format";
214. $valid = false;
215. }
216. }
217. if (empty($_POST["pan"])) {
218. $pan = "";
219. } else {
220. $pan = test_input($_POST["pan"]);
221. }
222. //if valid then redirect
223.  
224. if($valid)
225. {
226. session_start();
227. $_SESSION['customerform']=$_POST;
228. header('Location:new_customer.php');
229. //exit();
230. }
231. }
232. ?>
233.  
234. <h2>create a new customer</h2>
235. <p><span class="error">* required field.</span></p>
236. <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
237. <table align="center">
238. <tr>
239. <td>First Name:</td>
240. <td><input name="f_name" type="text" value="<?php echo $f_name;?>" /></td><td> <span class="error">* <?php echo $f_nameErr;?></span> </td>
241. <td>Last Name:</td>
242. <td><input name="l_name" type="text" value="<?php echo $l_name;?>" /></td><td> <span class="error"> <?php echo $l_nameErr;?></span> </td>
243. </tr>
244. <tr>
245. <td>Address line 1:</td>
246. <td><input name="add_1" type="text" value="<?php echo $add_1;?>" /></td><td> </td>
247. <td>Address line 2:</td>
248. <td><input name="add_2" type="text" value="<?php echo $add_2;?>" /></td><td> </td>
249. </tr>
250. <tr>
251. <td>Address line 3:</td>
252. <td><input name="add_3" type="text" value="<?php echo $add_3;?>" /></td><td> </td>
253. <td>City</td>
254. <td><input name="city" type="text" value="<?php echo $city;?>" /></td><td> </td>
255. </tr>
256. <tr>
257. <td> Pin:</td>
258. <td><input name="pin" type="text" value="<?php echo $pin;?>" /></td><td> <span class="error"> <?php echo $pinErr;?></span> </td>
259. <td> Mobile:</td>
260. <td><input name="mobile" type="text" value="<?php echo $mobile;?>" /></td><td> <span class="error">* <?php echo $mobileErr;?></span> </td>
261. </tr>
262. <tr>
263. <td>Phone 1:</td> <td><input name="Phone_1" type="text" value="<?php echo $Phone_1;?>" /></td><td> <span class="error"> <?php echo $Phone_1Err;?></span> </td>
264. <td>Phone 2:</td> <td><input name="Phone_2" type="text" value="<?php echo $Phone_2;?>" /></td><td> <span class="error"> <?php echo $Phone_2Err;?></span> </td>
265. </tr>
266. <tr>
267. <td>email:</td> <td><input name="email" type="text" value="<?php echo $email;?>" /></td><td> <span class="error"> <?php echo $emailErr;?></span> </td>
268. <td>PAN:</td> <td><input name="pan" type="text" value="<?php echo $pan;?>" /></td><td> </td>
269. </tr> </table>
270. <tr>
271. <td><div align="center">
272. <form action="customer.php" method="POST">
273. <button name="file" type="submit" value="customer.php">Submit</button></form>
274.  
275. </div></td>
276. </tr>
277. <tr>
278. <td></form><a title="Search Customer" class="btn-profile" href="find_customer.php" >To Search Customer or to edit customer details click here</a></td>
279. </tr>
280. </table>
281.  
282. </form>
283.  
284.  
285. <!-- end .content --><?php include "bottom.php" ?>