I have a form where I enter a username and it gets the users information. after calling for the users information I have another form wtih a checkbox for "banned" where I can ban or unban the user. But how can I store the entered username from the first form, to later use it in the second form where I check the banned checkbox?
code:
<form action="" method="post" id="msform">
<input type="text" name="datausername" placeholder="Username" maxlength="64" readonly onfocus="this.removeAttribute('readonly');"/>
<input type="submit" name="userdata" value="Get Data" class="databutton">
</form>
<?php
if(isset($_POST['userdata'])){
$datausername = $_POST['datausername'];
$sql = "SELECT * FROM users WHERE username = '$datausername'";
$result = $db->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo '
<div class="container" style="width:100%;">
<div class="flag note note--secondary">
<div class="flag__body note__text" style="width:100%;">
<h1>Personal Information</h1>
ID : <div class="fr">'.$row['id'].'</div><br />
E-mail: <div class="fr">'.$row['email'].'</div><br />
Username: <div class="fr">'.$row['username'].'</div><br />
Firstname: <div class="fr">'.$row['firstname'].'</div><br />
Lastname: <div class="fr">'.$row['lastname'].'</div><br />
<br />
Activated: <div class="fr">'.$row['active'].'</div><br />
Banned: <div class="fr">'.$row['banned'].'</div><br />
<br />
<h1>Data Information</h1>
Title: <div class="fr">'.$row['title'].'</div><br />
Rank: <div class="fr">'.$row['rank'].'</div><br />
Level: <div class="fr">'.$row['level'].'</div><br />
Exp: <div class="fr">'.$row['exp'].'</div><br />
<br />
<h1>Forum / Profile stats</h1>
Forum Posts: <div class="fr">0</div><br />
Forum Threaths: <div class="fr">0</div><br />
Comments: <div class="fr">0</div><br />
Awards: <div class="fr">0</div><br />
Friends: <div class="fr">0</div><br />
Followers: <div class="fr">0</div><br />
<br />
<h1>Security Information</h1>
IP: <div class="fr">'.$row['ip'].'</div><br />
Last IP: <div class="fr">'.$row['active_ip'].'</div><br />
Secret Question: <div class="fr">'.$row['question'].'</div><br />
Timestamp: <div class="fr">'.$row['timestamp'].'</div><br />
Activate Link: <div class="fr"><a href="/activate/'.$row['activate_link'].'">link</a></div><br />
<br />
</div>
<a href="#" class="note__close">
<i class="fa fa-times"></i>
</a>
</div>
</div>';
if($title == 'Head Admin' || $title == 'Admin'){
if($row['banned'] == '1'){
$checkbox = '<label><input type="checkbox" name="confirm" checked/></label>';
} else {
$checkbox = '<label><input type="checkbox" name="confirm" /></label>';
}
echo '
<div class="container" style="margin-top:20px; width:100%;">
<div class="flag note note--secondary">
<div class="flag__body note__text" style="width:100%;">
<h1>Settings</h1>
<form method="post" action="" id="msform" style="text-align:left;">
Ban: <div class="fr">'.$checkbox.'</div>
<div style="padding:10px;"></div>
<input type="submit" name="dataset" value="Update" class="databutton">
</form>
</div>
<a href="#" class="note__close">
<i class="fa fa-times"></i>
</a>
</div>
</div>
';
}
}
} else {
echo '
<div class="container" style="margin:0 auto; width:100%;">
<div class="flag note note--secondary">
<div class="flag__image note__icon">
<i class="fa fa-user"></i>
</div>
<div class="flag__body note__text">
User not found!
</div>
<a href="#" class="note__close">
<i class="fa fa-times"></i>
</a>
</div>
</div>';
}
}
$db->close();
?>
This is the second form where I want to have the username stored to re use i to update the "banned" checkmark:
if($title == 'Head Admin' || $title == 'Admin'){
if($row['banned'] == '1'){
$checkbox = '<label><input type="checkbox" name="confirm" checked/></label>';
} else {
$checkbox = '<label><input type="checkbox" name="confirm" /></label>';
}
echo '
<div class="container" style="margin-top:20px; width:100%;">
<div class="flag note note--secondary">
<div class="flag__body note__text" style="width:100%;">
<h1>Settings</h1>
<form method="post" action="" id="msform" style="text-align:left;">
Ban: <div class="fr">'.$checkbox.'</div>
<div style="padding:10px;"></div>
<input type="submit" name="dataset" value="Update" class="databutton">
</form>
</div>
<a href="#" class="note__close">
<i class="fa fa-times"></i>
</a>
</div>
</div>
PS: title in
if($title == 'Head Admin' || $title == 'Admin'){
Is your logged in title, so this will only be an option if you are either Head Admin or Admin
You can create a hidden text field to store it, then pass it via the POST data to the next stage:
(instead of using datausername here, you should be using the row ID returned from your SQL query)
<form method="post" action="" id="msform" style="text-align:left;">
Ban: <div class="fr">'.$checkbox.'</div>
<div style="padding:10px;"></div>
<input type="submit" name="dataset" value="Update" class="databutton">
<input type="hidden" name="username" value="<?=$datausername?>">
</form>
Then in the next stage $_POST['datausername'] will exist.
OR
Use sessions (the better solution to be honest, less prone to hacking) For example, you can start a new session, shove some data into it and unset the session after your finished with it.
In your index.php / config.php / whatever
session_start();
In your php file:
$datausername = $_POST['datausername'];
$_SESSION['customdata']['username'] = $datausername;
if($title == 'Head Admin' || $title == 'Admin') {
if ( isset($_SESSION['customdata']) ) {
$username = $_SESSION['customdata']['userid'];
//ban the user here, update SQL etc.
//Unset the session variable
unset($_SESSION['customdata'];
}
}
In your form add a hidden field to contain the id of the user. You can then use that as a key for the update query in the second form
<form method="post" action="" id="msform" style="text-align:left;">
<input type="hidden" name="key" value="<?php echo $row['id']; ?>">
Ban: <div class="fr">'.$checkbox.'</div>
<div style="padding:10px;"></div>
<input type="submit" name="dataset" value="Update" class="databutton">
</form>
Alternativley use the session
In form one add thsi at the top of the script
<?php
session_start();
then load a value ito the session
$_SESSION['Users_id'] = $row['id'];
Now in the second form you will use that value in the UPDATE
<?php
session_start();
if ( isset($_SESSION['users_id']) ) {
$key = $_SESSION['users_id'];
} else {
// we really should not be in this form
header('Location: somewhere_else.php');
}