1

Hi all

im a newbie web programmer and I wanted to make my first avdvanced website using php-ajax etc but i have many problems with it.(I'm familiar with HTML4 CCS2 and PHP, as for other parts (JS,Ajax ...) I simply read stackOverFlow threads or Educational websites to learn just now, so i dont have a deep understanding yet!)

Sorry it is a bit long but please bear with it :) i searched here and net, but didnt find any proper answer

here are my main files

Login.html: 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Login</title>
  <link rel="shortcut icon" href="favicon.ico">
</head>
<link href="reset.css" rel="stylesheet" type="text/css" />
<link href="css/Style.css" rel="stylesheet" type="text/css" />
<link href="css/login.css" rel="stylesheet" type="text/css" />

<body>
  <div class="container">
    <img src="images/logo.png" alt="? Hospital">
    <div class="box" id="login">
      <form name="loginform" action="login.php" method="post">
        <label for="user_login">user</label>
        <br />
        <input type="text" name="log" id="user_login" class="input" value="" size="20" />
        <label for="user_pass">pass</label>
        <br />
        <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" />
        <input name="rememberme" type="checkbox" id="rememberme" value="forever" />
        <label for="rememberme" id="rememberme">remember me</label>
        <input type="submit" name="submit" id="submit" class="submit" value="login" />
      </form>
    </div>
  </div>
</body>

</html>
Login.php: 

<?php
session_start();
include('include/dbInfo.php');
mysql_connect("$server", "$username", "$pass")or die("cannot connect");
mysql_select_db("$dbName")or die("cannot select DB");
$myusername=$_POST['log'];
$mypassword=$_POST['pwd'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$sql="SELECT * FROM user WHERE UserId='$myusername' and Password='$mypassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
//print_r(error_get_last());
if($count==1){
    $row = mysql_fetch_array($result);
    $_SESSION['username']= $myusername;
    $_SESSION['accessLevel'] =$Roles[$row['Role']];
//print_r(error_get_last());
    header('location:userarea.php');
//print_r(error_get_last());
//die();
    $message="<a class='center' href='userarea.php'>Login Successful , Click here IF u were not redirected Automatically</a>";
}
else {
    $message="User Or Pass is Wrong, plz Return to Login Page And Try Again";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Login</title>
    <link rel="shortcut icon" href="favicon.ico">
</head>
    <link href="reset.css" rel="stylesheet" type="text/css" />
    <link href="css/Style.css" rel="stylesheet" type="text/css" />
    <link href="css/login.css" rel="stylesheet" type="text/css" />
<body>
<div class="container">
<img src="images/logo.png" alt="? Hospital"> 
<div class="box" id="warning">
<span> <?php echo("$message"); ?></span>
</div>
<span>
<span><a class="center" href="login.html">Return to Login Page</a></span>
</span>
</div>
</body>
</html>
UserArea.php: 

<?php
session_start();
if(!isset($_SESSION['username'])){
header("location:login.html");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <script src="include/jquery.min.js"></script>
    <script>
        $(function(){
            $("#searchbtn").on('click',function(event){
                var fname  = $("#fname").val();
    var lname  = $("#lname").val();
                var pname  = ($("#pname").val());
                var nid  = ($("#nid").val());
                var tel  = ($("#tel").val());
                var roomno  = ($("#roomno").val());
                var city  = ($("#city").val());
                var ally  = ($("#ally").val());
                var plateno  = ($("#plateno").val());
    var select =0;
                $.ajax({
                    type: "POST",
                    url: "include/useraction.php" ,
                  dataType: "json",
                    data: {
                        fname:fname,
      lname:lname,
      pname:pname,
      nid:nid,
      tel:tel,
      roomno:roomno,
      city:city,
      ally:ally,
      plateno:plateno,
      select:select
                    }
                }).done(function(data) {
                        var info = data;
                     //   var info = JSON.parse(data);
                       // alert(info);
                        if (info.length>0){
                            var result ="";
                            for(var i=0;i<info.length;i++)
                            {
                             result = result + info[i].LName + "<br/>";
                               // alert(result);
                            }
                           // alert(result);
                            $("#testt").html(result);
                            for(i=1;i<info.length+1;i++){
                                //alert(result);
                                $("#i"+i+"0").html(i);
    $("#i"+i+"1").html(info[i-1].FName);
                                $("#i"+i+"2").html(info[i-1].LName);
                                $("#i"+i+"3").html(info[i-1].Pname);
                                $("#i"+i+"4").html(info[i-1].NationalId);
                                $("#i"+i+"5").html(info[i-1].BirthDay);
                                $("#i"+i+"6").html(info[i-1].Tel);
                                $("#i"+i+"7").html(info[i-1].Roomno);
                                $("#i"+i+"8").html(info[i-1].City);
                                $("#i"+i+"9").html(info[i-1].Ave);
                                $("#i"+i+"10").html(info[i-1].Plateno);
                              //  var y = document.getElementById("i10");
                             //   y.innerText = info[i-1].LName;
                            }
                        } else {
       alert("Couldnt Find it!");
                        }
                    }
                );
            });
        });
  $(function(){
  $("#addbtn").on('click',function(event){
                var fname  = $("#fname").val();
    var lname  = $("#lname").val();
                var pname  = ($("#pname").val());
                var nid  = ($("#nid").val());
                var tel  = ($("#tel").val());
                var roomno  = ($("#roomno").val());
                var city  = ($("#city").val());
                var ally  = ($("#ally").val());
                var plateno  = ($("#plateno").val());
    var select=1;
                $.ajax({
                    type: "POST",
                    url: "include/useraction.php" ,
                  dataType: "json",
                    data: {
                        fname:fname,
      lname:lname,
      pname:pname,
      nid:nid,
      tel:tel,
      roomno:roomno,
      city:city,
      ally:ally,
      plateno:plateno,
      select:select
                    }
                }).done(function(data) {
                        var info = data;
                        if(info){
          alert("Success");
                        }
                        else{
                            alert("Error, SomeThing is Wrong!");
                        }
                    }
                );
            });
  });
    </script>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>UserArea</title>
    <link rel="shortcut icon" href="favicon.ico">
</head>
    <link href="reset.css" rel="stylesheet" type="text/css" />
    <link href="css/Style.css" rel="stylesheet" type="text/css" />
    <link href="css/userarea.css" rel="stylesheet" type="text/css" />
<body>
<!--<div class="box" id="sidebar">
</div>-->
<div class="tabs">
<?php
include('include/dbInfo.php');
$conn = new mysqli($server, $username, $pass, $dbName);
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
print_r(error_get_last());
$conn->set_charset("utf8");
switch ($_SESSION['accessLevel']){
    case "Admin":
        include('include/adminView.php');
        break;
    case "Clerk":
        include('include/clerkView.php');
        break;
    case "Dr":
        include('include/doctorView.php');
        break;
    case "Nurse":
        include('include/nurseView.php');
        break;
}
//echo $_SESSION['accessLevel'];
//print_r(error_get_last());
?>    
</div>
</body>
</html>
UserAction.php 

<?
    include('dbInfo.php');
    $conn = new mysqli($server, $username, $pass, $dbName);
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }
    $conn->set_charset("utf8");
    $fname = $_REQUEST["fname"];
 $pname = $_REQUEST["pname"];
 $lname = $_REQUEST["lname"];
 $nid = $_REQUEST["nid"];
 $tel = $_REQUEST["tel"];
 $roomno = $_REQUEST["roomno"];
 $city = $_REQUEST["city"];
 $ally = $_REQUEST["ally"];
 $plateno = $_REQUEST["plateno"];
 $select = $_REQUEST["select"];
if(!$select) {
    $and=false;
    $where = "WHERE ";
    if(!empty($fname)){
        if($and){
        $where .=" AND ";
        }$and=true;
        $where .= "FName = '$fname'";
    }
    if(!empty($lname)){
        if($and){
            $where .=" AND ";
            }$and=true;
        $where .= "LName = '$lname'";
    }
    if(!empty($pname)){
        if($and){
            $where .=" AND ";
        }$and=true;
        $where .= "Pname = '$pname'";
    }
    if(!empty($nid)){
        if($and){
            $where .=" AND ";
            }$and=true;
        $where .= "NationalId = '$nid'";
    }
    if(!empty($tel)){
        if($and){
            $where .=" AND ";
            }$and=true;
        $where .= "Tel = '$tel'";
    }
    if(!empty($roomno)){
        if($and){
            $where .=" AND ";
            }$and=true;
        $where .= "Roomno = '$roomno'";
    }
    if(!empty($city)){
        if($and){
            $where .=" AND ";
            }$and=true;
        $where .= "City = '$city'";
    }
    if(!empty($ally)){
        if($and){
            $where .=" AND ";
            }$and=true;
        $where .= "Ave = '$ally'";
    }
    if(!empty($plateno)){
        if($and){
            $where .=" AND ";
            }$and=true;
        $where .= "Plateno = '$plateno'";
    }
    //echo($where);
    $sql="SELECT * FROM patient 
   $where";//WHERE FName LIKE '%{$fname}%' OR Pname LIKE '%{$pname}%' AND LName LIKE '%{$lname}%' AND NationalId LIKE '%{$nid}%' AND Tel LIKE '%{$tel}%' AND Roomno LIKE '%{$roomno}%' AND City LIKE '%{$city}%' AND Ave LIKE '%{$ally}%' AND Plateno LIKE '%{$plateno}%'";
    //echo $sql;
 $result=$conn->query($sql);
$frist  = true;
    while($row = $result->fetch_assoc())
    {
        if($frist){
            echo "[";
        $frist = false;
        }
        else echo ",";
        echo json_encode($row);
    }
if($frist)
    echo "[]";
else echo "]";
}
if($select) {
    $into=" INTO patient (";
    $values=" VALUES ('";
    $and=false;
    $where = "WHERE ";
    if(!empty($fname)){
        if($and){
            $into.=",";
            $values.="','";
        }$and=true;
        $into.="FName";
        $values.="$fname";
    }
    if(!empty($lname)){
        if($and){
            $into.=",";
            $values.="','";
        }$and=true;
        $into.="LName";
        $values.="$lname";
    }
    if(!empty($pname)){
        if($and){
            $into.=",";
            $values.="','";
        }$and=true;
        $into.="Pname";
        $values.="$pname";
    }
    if(!empty($nid)){
        if($and){
            $into.=",";
            $values.="','";
        }$and=true;
        $into.="NationalId";
        $values.= "$nid";
    }
    if(!empty($tel)){
        if($and){
            $into.=",";
            $values.="','";
        }$and=true;
        $into.="Tel";
        $values.="$tel";
    }
    if(!empty($roomno)){
        if($and){
            $into.=",";
            $values.="','";
        }$and=true;
        $into.="Roomno";
        $values.="$roomno";
    }
    if(!empty($city)){
        if($and){
            $into.=",";
            $values.="','";
        }$and=true;
        $into.="City";
        $values.="$city";
    }
    if(!empty($ally)){
        if($and){
            $into.=",";
            $values.="','";
        }$and=true;
        $into.="Ave";
        $values.="$ally";
    }
    if(!empty($plateno)){
        if($and){
            $into.=",";
            $values.="','";
        }$and=true;
        $into.="Plateno";
        $values.="$plateno";
    }
    $into.=")";
    $values.="')";
//$sql="INSERT INTO patient (FName,LName,Pname,NationalId,Tel,Roomno,City,Ave,Plateno)
//  VALUES ('$fname','$lname','$pname','$nid','$tel','$roomno','$city','$ally','$plateno')";
    $sql= "insert" . $into . $values;
    $success=0;
    if($conn->query($sql))
        $success=1;
    echo $success;
}
    $conn->close();
?>
Now for a Quick explanation about what happens:

1. in Login.html user tries to login and then we will check login with Login.php, and if user & pass were correct we will Save userID and User Roles in $_Seassion, (Later we check these at top of pages to see user is logged in or not -> redirect to login if not)
2. after successful login, Login.php redirects the user to UserArea.php,where depending of Role stored in $_Session a view is loaded (Included in php)for user to See and access.
3. user can do its stuff with database and etc using this page and UserAction.php via Ajax.

My problems are :

*first i must say it worked pretty well when i was building it on my local host (easyphp) but somehow it stoped working on my live host (DirectAdmin) some parts were not working correctly from start (redirectors -> header )and some stoped functioning after some time! (including userView)!!
*My host is a well known one and i have multipy website ruuning on it so i dont think the problem is on their side

1. Header Wont Work - e.g.: in Login.php we wont b redirected after login was successful
2. Including UserView (e.g:AdminView.php) stopped fuctioning! for past 24/hrs when i log in to UserArea page I can just see a Blank page with only background color :)

* I think im missing some fundamental facts duo to my Inexperience

3. After those 2 main problems im working on another issue, I dont know how to create tables dynamically, i mean the number of rows should b equal to row return from my SQL query result! :)

Thanks A lot!

Mansour M
  • 11
  • 2
  • If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) [statements](http://php.net/manual/en/pdo.prepared-statements.php) instead, and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Jul 08 '15 at 13:41
  • Are you seeing errors in the console? How about your error log? – Jay Blanchard Jul 08 '15 at 13:42
  • Why don't use escape the password like you do the username? Maybe there is an error/notice being displayed on `login.php`, that would stop the header from loading.. Does the console show anything in the response of the request? – chris85 Jul 08 '15 at 13:51
  • well, i tried to use php to print the last error,for header it said already sent, as for not including the view to the user area it said the is someting wrong with your Roles arrays! i doubled check these part -they seemfine to me – Mansour M Jul 08 '15 at 13:53
  • @http://stackoverflow.com/users/4333555/chris85 , im pretty new to this, :) , howshould i check console? is it in phpMYadmin? – Mansour M Jul 08 '15 at 13:54
  • Can you include the exact messages you are receiving? Depends on the browser. In chrome, open developer console, go to `Network` tab, then click the ajax request. In there should be options, click `response`. – chris85 Jul 08 '15 at 13:56
  • @chris85 this is for header in login.php : Array ( [type] => 2 [message] => Cannot modify header information - headers already sent by (output started at /home2/relefilm/domains/warden.ir/public_html/login.php:1) [file] => /home2/relefilm/domains/warden.ir/public_html/login.php [line] => 24 ) – Mansour M Jul 08 '15 at 13:59
  • this one for not loading the view after include :Array ( [type] => 2 [message] => session_start(): Cannot send session cache limiter - headers already sent (output started at /home2/relefilm/domains/warden.ir/public_html/userarea.php:1) [file] => /home2/relefilm/domains/warden.ir/public_html/userarea.php [line] => 2 ) ---! still errored but view loaded this time! seemlike it works randomely :| - and line numbers in error might b different since i deleted emply lines in stackoverflow – Mansour M Jul 08 '15 at 14:01
  • Is line 1 of your file an empty line, or what is line 1? – chris85 Jul 08 '15 at 14:08
  • Something is wrong with your configuration paths, so you should check if you are using localhost/path/to/project if yes you should change it to your domain.com/path/to/project. From your description that must be the base cause. – Clain Dsilva Jul 08 '15 at 14:12

0 Answers0