Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- $file=$_GET['file'];
- //echo $file;
- $user_id = isset($_POST['user_id']) ? $_POST['user_id'] : $_SESSION['user_id'];
- $password = isset($_POST['password']) ? $_POST['password'] : $_SESSION['password'];
- //echo $user_id;
- //echo $password;
- if(!isset($user_id)) {
- ?>
- <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title> Please Log In for Access </title>
- <meta http-equiv="Content-Type"
- content="text/html; charset=iso-8859-1" />
- </head>
- <body>
- <h1> Login Required </h1>
- <p>You must log in to access this area of the site.
- <p><form method="POST" action="<?=$_SERVER['PHP_SELF']?>">
- User ID: <input type="text" name="user_id" size="8" /><br />
- Password: <input type="password" name="password" SIZE="8" /><br />
- <input type="submit" value="Log in" />
- </form></p>
- </body>
- </html>
- <?php
- //exit;
- }
- $_SESSION['user_id'] = $user_id;
- $_SESSION['password'] = $password;
- echo $_SESSION['user_id'];
- echo $_SESSION['password'];
- include'config.php';
- $sql = "SELECT * from priviledge WHERE user_id='$user_id' AND file='$file';";
- $result = mysqli_query($con ,$sql);
- if (!$result){
- error('A database error occurred while checking your '.
- 'login details.nIfhis error persists, please '.
- 'contact you@example.com.');
- }
- if (mysqli_num_rows($result) == 0)
- {
- ?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title> Access Denied </title>
- <meta http-equiv="Content-Type"
- content="text/html; charset=iso-8859-1" />
- </head>
- <body>
- <div class=error> <p style="color:red">Access denied: You are not authorized to use this module. </p></div>
- </body>
- </html>
- <?php
- exit;
- }
- //$username = mysql_result($result,0,'e_name');
- ?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title> Members-Only Page </title>
- <meta http-equiv="Content-Type"
- content="text/html; charset=iso-8859-1" />
- </head>
- <body>
- </body>
- </html>
- <div align="left">
- <?php
- echo '<ul class="nav">
- <form action="customer.php" method="get">
- <button name="file" type="submit" value="customer.php">Customer</button> </form>
- <p>
- <!-- end .sidebar1 -->';
- ?>
- </div>
- And this is the file for which access is required 'Customer.php'
- <?php include "top.php" ;?>
- <?php include "accesscontrol.php";?>
- <?php include "accesscontrolnew.php";?>
- <!DOCTYPE HTML>
- <html>
- <head>
- <style>
- .error {color: #FF0000;}
- font-size: 100%;
- </style>
- </head>
- <body>
- <?php
- function test_input($data)
- {
- $data = trim($data);
- $data = stripslashes($data);
- $data = htmlspecialchars($data);
- return $data;
- }
- // define variables and set to empty values
- $f_nameErr =$l_nameErr = $emailErr = $mobileErr = $Phone_1Err =$Phone_2Err= $pinErr ="";
- $f_name = $l_name= $add_1 = $add_2= $add_3= $city= $pin= $mobile= $Phone_1= $Phone_2= $email= $pan = "";
- if ($_SERVER["REQUEST_METHOD"] == "POST")
- {
- $valid = true;
- if (empty($_POST["f_name"])){
- $f_nameErr = "Name is required";
- $valid = false;
- }else
- {
- $f_name = test_input($_POST["f_name"]);
- // check if name only contains letters and whitespace
- // if (!preg_match("/^[a-zA-Z ]*$/",$f_name)) {
- // $f_nameErr = "Only letters and white space allowed";
- //$valid = false;
- }
- if (empty($_POST["l_name"])) {
- $l_name = "";
- } else {
- $l_name = test_input($_POST["l_name"]);
- // check if name only contains letters and whitespace
- if (!preg_match("/^[a-zA-Z ]*$/",$l_name)) {
- $l_nameErr = "Only letters and white space allowed";
- $valid = false;
- }
- }
- if (empty($_POST["add_1"])) {
- $add_1 = "";
- } else {
- $add_1 = test_input($_POST["add_1"]);
- }
- if (empty($_POST["add_2"])) {
- $add_2 = "";
- } else {
- $add_2 = test_input($_POST["add_2"]);
- }
- if (empty($_POST["add_3"])) {
- $add_3 = "";
- } else {
- $add_3 = test_input($_POST["add_3"]);
- }
- if (empty($_POST["city"])) {
- $city = "";
- } else {
- $city = test_input($_POST["city"]);
- }
- if (empty($_POST["pin"])) {
- $pin = "";
- } else {
- $pin = test_input($_POST["pin"]);
- // check if name only contains letters and whitespace
- if (!preg_match("/^[0-9]{6}$/",$pin)) {
- $pinErr = "Only six digit number allowed";
- $valid = false;
- }
- }
- if (empty($_POST["mobile"])) {
- $mobileErr = "Mobile No is required";
- $valid = false;
- } else {
- $mobile = test_input($_POST["mobile"]);
- // check if name only contains letters and whitespace
- if (!preg_match("/^[0-9]{10}$/",$mobile)) {
- $mobileErr = "Only 10 digit number allowed";
- $valid = false;
- }
- }
- if (empty($_POST["Phone_1"])) {
- $Phone_1 = "";
- } else {
- $Phone_1 = test_input($_POST["Phone_1"]);
- // check if name only contains letters and whitespace
- if (!preg_match("/^[0-9]{10}$/",$Phone_1)) {
- $Phone_1Err = "Only 10 digit number allowed";
- $valid = false;
- }
- }
- if (empty($_POST["Phone_2"])) {
- $Phone_2 = "";
- } else {
- $Phone_2 = test_input($_POST["Phone_2"]);
- // check if name only contains letters and whitespace
- if (!preg_match("/^[0-9]{10}$/",$Phone_2)) {
- $Phone_2Err = "Only 10 digit number allowed";
- $valid = false;
- }
- }
- if (empty($_POST["email"])) {
- $emailErr = "";
- } else {
- $email = test_input($_POST["email"]);
- // check if e-mail address is well-formed
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
- $emailErr = "Invalid email format";
- $valid = false;
- }
- }
- if (empty($_POST["pan"])) {
- $pan = "";
- } else {
- $pan = test_input($_POST["pan"]);
- }
- //if valid then redirect
- if($valid)
- {
- session_start();
- $_SESSION['customerform']=$_POST;
- header('Location:new_customer.php');
- //exit();
- }
- }
- ?>
- <h2>create a new customer</h2>
- <p><span class="error">* required field.</span></p>
- <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
- <table align="center">
- <tr>
- <td>First Name:</td>
- <td><input name="f_name" type="text" value="<?php echo $f_name;?>" /></td><td> <span class="error">* <?php echo $f_nameErr;?></span> </td>
- <td>Last Name:</td>
- <td><input name="l_name" type="text" value="<?php echo $l_name;?>" /></td><td> <span class="error"> <?php echo $l_nameErr;?></span> </td>
- </tr>
- <tr>
- <td>Address line 1:</td>
- <td><input name="add_1" type="text" value="<?php echo $add_1;?>" /></td><td> </td>
- <td>Address line 2:</td>
- <td><input name="add_2" type="text" value="<?php echo $add_2;?>" /></td><td> </td>
- </tr>
- <tr>
- <td>Address line 3:</td>
- <td><input name="add_3" type="text" value="<?php echo $add_3;?>" /></td><td> </td>
- <td>City</td>
- <td><input name="city" type="text" value="<?php echo $city;?>" /></td><td> </td>
- </tr>
- <tr>
- <td> Pin:</td>
- <td><input name="pin" type="text" value="<?php echo $pin;?>" /></td><td> <span class="error"> <?php echo $pinErr;?></span> </td>
- <td> Mobile:</td>
- <td><input name="mobile" type="text" value="<?php echo $mobile;?>" /></td><td> <span class="error">* <?php echo $mobileErr;?></span> </td>
- </tr>
- <tr>
- <td>Phone 1:</td> <td><input name="Phone_1" type="text" value="<?php echo $Phone_1;?>" /></td><td> <span class="error"> <?php echo $Phone_1Err;?></span> </td>
- <td>Phone 2:</td> <td><input name="Phone_2" type="text" value="<?php echo $Phone_2;?>" /></td><td> <span class="error"> <?php echo $Phone_2Err;?></span> </td>
- </tr>
- <tr>
- <td>email:</td> <td><input name="email" type="text" value="<?php echo $email;?>" /></td><td> <span class="error"> <?php echo $emailErr;?></span> </td>
- <td>PAN:</td> <td><input name="pan" type="text" value="<?php echo $pan;?>" /></td><td> </td>
- </tr> </table>
- <tr>
- <td><div align="center">
- <form action="customer.php" method="POST">
- <button name="file" type="submit" value="customer.php">Submit</button></form>
- </div></td>
- </tr>
- <tr>
- <td></form><a title="Search Customer" class="btn-profile" href="find_customer.php" >To Search Customer or to edit customer details click here</a></td>
- </tr>
- </table>
- </form>
- <!-- end .content --><?php include "bottom.php" ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement