user listings

eclipser221

ok i have a page that displays all the info i want from a table in MySQL.
I was looking to see how i could make the names of the columns different more meaningful names.

And also how i could make the displayed username be a link to a profile page?

Heres the code of my page so far... i think it may have to be redone completely in order to do what i want it to.

<?php
// Connects to your Database
include("/../../wamp/www/test/includes/db_connect.php");

// checks if user is logged in
require("/../../wamp/www/test/includes/userauth.php");


echo "<h1>Manage Users</h1>";

$query="select idusers,user_name,user_email,user_class,user_ip,user_isbanned,user_datejoined,user_rights from users";
$result= mysql_query($query);
echo "<table border=1>";
echo "<tr>";
for($i=0;$i<mysql_num_fields($result);$i++)
{
    echo "<th>";
    echo mysql_field_name($result, $i);
    echo "</th>";
}

while($row=mysql_fetch_row($result))
{
    echo "<tr>";
    for($j=0;$j<$i;$j++)
    {
    echo "<td>";
    echo $row[$j];
    echo "</td>";
    }
    echo "</tr>";
}
echo "</tr>";
echo "</table>";
echo "<BR><BR> Your password in MD5 is $pass.";
?>

bpat1434

Well, you could manually write out the table headers rather than relying upon the database column names. Then during your iteration through the result set, use [man]mysql_fetch_assoc/man to pull the row into an associative array, and you can then use $row['user_name'] or $row['user_email'] to reference values.

As for making the link, without knowing exactly what the profile page is, I'd expect you do something like this:

$result= mysql_query($query);
echo '<table border=1>
  <tr>
    <th>Name</th>
    <th>Email</th>
    <th>Class</th>
    <th>IP</th>
    <th>Banned?</th>
    <th>Joined</th>
    <th>Rights</th>
  </tr>';

while($row = mysql_fetch_assoc($result))
{
    echo '
  <tr>
    <td><a href="profile.php?userid=' . $row['idusers'] . '">' . $row['user_name'] . '</a></td>
    <td>' . $row['user_email'] . '</td>
    <td>' . $row['user_class'] . '</td>
    <td>' . $row['user_ip'] . '</td>
    <td>' . $row['user_isbanned'] . '</td>
    <td>' . $row['user_datejoined'] . '</td>
    <td>' . $row['user_rights'] . '</td>
  </tr>';
}
echo '</table>';

Also a side-note. I wouldn't willingly post and md5 hash of a password. md5 hashes are reversible (with enough resources & time, although the time is diminishing). You should either not show the hash (best bet) or even consider upgrading and using [man]sha1/man as your hashing function. It too can be reversed; however, it will take longer. Although you still shouldn't divulge the hash of the password.

eclipser221

Thank you very much for all your advice. The md5 wont be displayed in the final product. i jsut had it there while i was testing my change password script ( which still isnt working 🙁) but yea thanx alot

eclipser221

Ugh i ran into another problem... this time with the profile viewing. I have it so if the user_rights is admin it displays a link to the edit page. but it displays the link for everyone. please help.

Here is the code:

<?php
include("/../../wamp/www/test/includes/db_connect.php");
include("/../../wamp/www/test/includes/userauth.php");
$uid = $_GET['uid'];
$query = mysql_query("SELECT * FROM users WHERE idusers = '$uid'")or die(mysql_error());
$info = mysql_fetch_array($query);
$profuser = $info['user_name'];
$useremail = $info['user_email'];
$userclass = $info['user_class'];
$userlevel = $info['user_level'];
$userrights = $info['user_rights']; 
$check2 = mysql_query("SELECT * FROM users WHERE user_name = '$username'");
$rightcheck = mysql_fetch_array($check2);


?>
<table width="328" height="166" border="0">
  <tr>
    <td width="255" height="30"><?php echo "$profuser";?>	</td>
    <td width="57" height="30">[B]<?php 
	if($rightcheck['user_rights'] = 'admin') {
	echo '<a href="edit.php?uid='. $uid .'">Edit</a>';
	}
	?>[/B]</td>
  </tr>
  <tr>
    <td>E-mail Address:</td>
    <td><?php echo "$useremail" ?></td>
  </tr>
  <tr>
    <td>Class:</td>
    <td><?php echo "$userclass" ?></td>
  </tr>
  <tr>
    <td>Level:</td>
    <td><?php echo "$userlevel" ?></td>
  </tr>
  <tr>
    <td>User Type:</td>
    <td><?php echo "$userrights" ?></td>
  </tr>
</table>

<a href="manage.php" target="content">View Users</a>

bpat1434

Use = to assign value.
Use == to compare values.

eclipser221

Thank you o much.