You are viewing our Forum Archives. To view or take place in current topics click here.
Quick question about $_POST
Posted:

Quick question about $_POSTPosted:

Appetite
  • TTG Master
Status: Offline
Joined: Jul 26, 201211Year Member
Posts: 824
Reputation Power: 34
Status: Offline
Joined: Jul 26, 201211Year Member
Posts: 824
Reputation Power: 34
So, in reading about the $_POST method, I have learned that data is stored in an associative array. This all makes sense to me. I was working through some of the examples in the notes for my Database class, and was required to make a login.php page where the user enters in a username/password combo and I check for isAdmin, etc.
I was wondering if/how I could use the same data that is entered and stored in the login page to make a sort of log changes table, where I would record what user was logged in, and the changes that they made (obviously only admins would make changes)

Any help would be appreciated!
#2. Posted:
MLP
  • TTG Contender
Status: Offline
Joined: Oct 26, 201013Year Member
Posts: 3,869
Reputation Power: 177
Status: Offline
Joined: Oct 26, 201013Year Member
Posts: 3,869
Reputation Power: 177
In the database, you would have a table called users.

When they login, you would get the $_POST data for their username and password, and check them against the database information.

If they match, then the user has logged in. You would then do another query to the database, updating a field called something like lastlogin, which is a timestamp.

For example, here is a way to record when the user has last logged in:


<?php
//Get database connection info
//This defines $dbc as mysql_connect() with all connection info
require_once('db_connect.php');

//Get the user submitted login details
$username = $_POST['username'];
$password = $_POST['password'];

//Set the query to check to see if the user has the right details
$query = "SELECT * FROM users WHERE username='$username' AND password=SHA('$password')";
$result = mysql_query($dbc, $query);

//Check to see if the user has entered the right info
if(mysql_num_rows($result) == 1) {
    $logged_in = true;
    $update_time = true;
    //You would also set the sessions/cookies here
}
else {
    $logged_in = false;
    $update_time = false;
}

//If the user has logged in, then update the time
if($update_time) {
    $query = "UPDATE users SET lastlogin=NOW() WHERE username='$username'";
    mysql_query($dbc, $query);
}
?>


Of course, this code is unsafe and should not be used on a website unless you have got rid of all of the security holes, like escaping the users data, getting rid of harmful characters etc. I just quickly wrote this as a simple example. I'm also sorry if there are any errors in this code.
#3. Posted:
iyop45
  • Prospect
Status: Offline
Joined: Apr 15, 201113Year Member
Posts: 614
Reputation Power: 83
Status: Offline
Joined: Apr 15, 201113Year Member
Posts: 614
Reputation Power: 83
You could always log the ip addresses of whom logged into the admin account, as for logging the changes made by the admin you could always write a text file recording specific changes that are made, I guess. Either way it's gonna be a right bitch to log very specific events and so it depends on what the admin user can actually do. Can't you just copy the pages source code at the start of the admins session and copy another at the end of the session and cross compare? Correct me If I'm looking at your question in the wrong way.
Jump to:
You are viewing our Forum Archives. To view or take place in current topics click here.