|
PHP - /url.org/user/$username | Wtf?
Today I noticed something quite strange on youtube. This:
http://www.youtube.com/user/mcgloomy Not the profile by itself, but the way the username can be added there to take us to the profile. I mean, USER must be a folder, but I really doubt MCGLOOMY is another folder, even if it looks like it is. I've read about using htaccess to hide the file name of a folder, but... How does this youtube thingy happens? Similar Tutorials
Using Inline Php; <h1><font Color="000088">the Username <?php '.$username.' ?> Already Exists";</h1>
Im trying to create a website where users login, and then when they add a new entry to the database there name is put as the author. This is how my tables are set up. One table is named job and has the columns id, jobtext, jobdate, and authorid. Another table is called author. This table contains the columns id, username, password, and name. Authorid from the job table matches with id from the author table. When a user logins in this code is used to register the name...session_start(); $_SESSION['myusername'] = $_POST['myusername']; $_SESSION['mypassword'] = $_POST['mypassword']; header("location: index.php"); } else { echo "Wrong Username or Password"; } This is the form users use to add a new entry... if (isset($_GET['add'])) { $pagetitle = 'New Job'; $action = 'addform'; $text = ''; $authorid = ''; $id = ''; $button = 'Add job'; include $_SERVER['DOCUMENT_ROOT'] . '/jobs/includes/db.inc.php'; // Build the list of authors $sql = "SELECT id, name FROM author"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error fetching list of authors.'; include 'error.html.php'; exit(); } while ($row = mysqli_fetch_array($result)) { $authors[] = array('id' => $row['id'], 'name' => $row['name']); } // Build the list of categories $sql = "SELECT id, name FROM category"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error fetching list of categories.'; include 'error.html.php'; exit(); } while ($row = mysqli_fetch_array($result)) { $categories[] = array( 'id' => $row['id'], 'name' => $row['name'], 'selected' => FALSE); } include 'form.html.php'; exit(); } if (isset($_GET['addform'])) { include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php'; $text = mysqli_real_escape_string($link, $_POST['text']); $author = mysqli_real_escape_string($link, $_POST['author']); if ($author == '') { $error = 'You must choose an author for this job. Click ‘back’ and try again.'; include 'error.html.php'; exit(); } $sql = "INSERT INTO job SET jobtext='$text', jobdate=CURDATE(), authorid='$author'"; if (!mysqli_query($link, $sql)) { $error = 'Error adding submitted job.'; include 'error.html.php'; exit(); } $jobid = mysqli_insert_id($link); if (isset($_POST['categories'])) { foreach ($_POST['categories'] as $category) { $categoryid = mysqli_real_escape_string($link, $category); $sql = "INSERT INTO jobcategory SET jobid='$jobid', categoryid='$categoryid'"; if (!mysqli_query($link, $sql)) { $error = 'Error inserting job into selected category.'; include 'error.html.php'; exit(); } } } header('Location: .'); exit(); } Form.html.php = <?php include_once $_SERVER['DOCUMENT_ROOT'] . '/includes/helpers.inc.php'; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title><?php htmlout($pagetitle); ?></title> <meta http-equiv="content-type" content="text/html; charset=utf-8"/> <style type="text/css"> textarea { display: block; width: 100%; } </style> </head> <body> <?php session_start(); ?> <h1><?php htmlout($pagetitle); ?></h1> <form action="?<?php htmlout($action); ?>" method="post"> <div> <label for="text">Type your job he </label> <textarea id="text" name="text" rows="3" cols="40"><?php htmlout($text); ?></textarea> </div> <div> <label for="author">Author:</label> <select name="author" id="author"> <option value="">Select one</option> <?php foreach ($authors as $author):?> <option value="<?php htmlout($author['id']); ?>"<?php if ($author['id'] == $authorid) echo ' selected="selected"'; ?>><?php htmlout($author['name']); ?></option> <?php endforeach; ?> </select> </div> <fieldset> <legend>Categories:</legend> <?php foreach ($categories as $category): ?> <div><label for="category<?php htmlout($category['id']); ?>"><input type="checkbox" name="categories[]" id="category<?php htmlout($category['id']); ?>" value="<?php htmlout($category['id']); ?>"<?php if ($category['selected']) { echo ' checked="checked"'; } ?>/><?php htmlout($category['name']); ?></label></div> <?php endforeach; ?> </fieldset> <div> <input type="hidden" name="id" value="<?php htmlout($id); ?>"/> <input type="submit" value="<?php htmlout($button); ?>"/> </div> </form> </body> </html> Right now, under authors, it displays all the authors in the database. I want it to just show/submit the authorid of the logged in user. ISSUE. A User enters information into a form. If the 'username' is already taken, a 'message' in Red and with larger font-size will be returned, for example, "The username $username already exists." If the username is 'mattd' then the message should say, "The username mattd already exists." Within my php application, I have included 'inline html'. Here is part of the code: .... if (mysql_num_rows($query_run)==1) { // it will never = more than one because only //one user will or will not exist ?> <html> </body> <h1><font color="#FF0066">The username <?php echo $username; ?>already exists.</h1> </body> </html> <?php }else{ //start the registration process $query = "INSERT INTO `Names` VALUES .... 1. At one point I did get this: "The username mattd already exists." 2. But now I only get "The username already exists." I am not retrieving the $username variable. This screenshot is found he http://imgur.com/lIwLZ1G thanks. While we're on the subject, is there a way to ensure that the first letter of a name is captalized, and the rest lowercase? Or is this best handled later on, when the name is being used and called from the DB. PS: some of us comment are code as to WHAT we are doing because we're just not that good yet, and we need to explain it to ourselves. I would appreciate your assistance, there are tons of login scripts and they work just fine. However I need my operators to login and then list their activities for the other operators who are logged in to see and if desired send their clients on the desired activity. I have the login working like a charm and the activities are listed just beautifully. How do I combine the two tables in the MySQL with PHP so the operator Logged in can only make changes to his listing but see the others. FIRST THE ONE script the member logges in here to the one table in MSQL: <?php session_start(); require_once('config.php'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $login = clean($_POST['login']); $password = clean($_POST['password']); if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); if($result) { if(mysql_num_rows($result) == 1) { session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: member-index.php"); exit(); }else { header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> ................................................. ................................ Now I need the person who logged in to the table above to be able to make multiple entries to the table below <? $ID=$_POST['ID']; $title=$_POST['title']; $cost=$_POST['cost']; $activity=$_POST['activity']; $ayear=$_POST['aday']; $aday=$_POST['ayear']; $seats=$_POST['special']; $special=$_POST['seats']; mysql_connect("xxxxxx", "xxx350234427", "========") or die(mysql_error()); mysql_select_db("xxxx") or die(mysql_error()); mysql_query("INSERT INTO `activity` VALUES ('ID','$title', '$cost','$activity', '$aday', '$ayear', '$special', '$seats')"); Print "Your information has been successfully added to the database!" ?> Click <a href="member-profile.php">HERE</a> to return to the main menu <?php ?> hi, i have made a website where people resgister their details of them and products. they have to enter the following details in form Name of company name of the product company address email id password mobile number contact and brief details about their company
user can then login with email id and pwd. now after login ..user will get a page where he can upload the photos of products images and their price, so now my question is that when he finishes uploading (|by clicking on upload button) the product images and price text box ..then on final uploaded webspage it should show all other things which he registerd before (company name , mobile number etc) along with images and price...hence the main question that user does not need to enter mobile and address while uploading images and filling proce ..but on the final page it should show mobile and address along with price and images..as user is not going to enter mobile and address again and again as he will have multiple products to upload.
Hi, so far I have managed to set up a somewhat basic login website with a mysql database backend. Once they have logged on they go to a "main menu" page. What I need to define is that user A sees button A but only that button, etc. (Then of course that same rule would have to apply if they tried to directly go to the page, but I am guessing I can do that in the same way that I currently do to force a login). If anyone has any tutorials or sample code I would much appreciate it. Thanks, Actually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after Hi guys, I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else. I have got the system to work up as far as: 1/ The user logs in 2/ Once logged in they are re-directed to their own page using 'theirusername.php' Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page. This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working! Please find below the code I am using: LOGIN <?php session_start(); function dbconnect() { $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error()); } ?> <?php if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; $_SESSION['name'] header("Location:" . strtolower($username) . ".php"); } ?> HEADER ON EACH PHP PAGE <?php session_start(); if(!isset($_SESSION['loggedin'])) { die(Access to this page is restricted without a valid username and password); ?> --------------------------------------------------- Am I right in thinking it is something to do with the "loggedin" part? The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php" Any help would be greatly appreciated! Ta Hi, I am getting frustrated beyond belief at the moment with trying to get a very simple script to run, I am using PHP 5.3.3 and MySQL 5.1 on a Win2k8 server with IIS7.5. Basically my script is connecting to a local database, running a single select query, returning those rows and building up a string from them. The problem is that I am receiving complete BS responses from PHP that the access is denied for the user being specified. This is complete rubbish since the user can connect via mysql, sqlyog, ASP.NET MVC without issue but for some bizarre reason it is not working via PHP. The code for the script is here : Code: [Select] <?php $mysql = mysql_connect('127.0.0.1:3306', 'myuser', 'mypass', 'mydatabase'); if (!$mysql) { die(mysql_error()); $content = "<nobr></nobr>"; } else { $result = mysql_query('SELECT * FROM tblEventGroup'); $content = "<nobr>"; if ($result) { while($row = mysql_fetch_assoc($result)) { $content .= "<span>"; $content .= $row['GroupName']; $content .= "</span>"; $content .= "<a href=\"../Event/EventSearch?groupid="; $content .= $row['GroupId']; $content .= "\" target=\"_blank\">Book here</a> "; } } mysql_close($mysql); $content .= "</nobr>"; } ?> I cannot for the life of me understand what the problem is, the return error is Access denied for user 'myuser'@'localhost' (using password: YES) Hi, I used to use the php session to get the username of the user that was logged on and use that variable on our intranet. Recently we are having to redevelop the site, and we can no longer use this variable. Is there another way of getting the username of the user who is logged onto the computer? Thanks in Advance, Stuart Here's the class Code: [Select] <?php session_start(); class Train { private $_clicked; private $_name; function __construct() { $this->_name = (string) $_SESSION['nrpgusername']; $this->_clicked = (int) $_SESSION['clicked']; } public function CheckLogged() { if(isset($this->_name)) {} else{die("you must be logged in!");} } public function CheckClicked() { if(isset($_POST['go'])) { $this->MysqlUpdate(); $this->_clicked = 1; session_set_cookie_params(84600); } } public function Clicked() { if(isset($this->_clicked)) { echo' <div id="train"><img src="images/train.jpg" alt="train image"/></div> <div id="text"> <span id="click">' . $this->_name. ' has gained 7 experience,<br /> and cannot train anymore today. </span><form method ="post" name="train" action=""> </div>'; } else { echo' <div id="train"><img src="images/train.jpg" alt="train image"/></div> <div id="text"><span id="click">Click here to train your shinobi!</span> <form method ="post" name="train" action=""><input type="submit" name="go" value="train" /></div>';} } private function MysqlUpdate() { include("database.php"); $query = "UPDATE account_info SET experience = experience + 7 WHERE username = '$this->name'"; $result = mysql_query($query) or die(mysql_error()); } } ?> For some reason, it's showing 1 has gained 7 experience, and cannot train anymore today. Instead of Tony has gained 7 experience, and cannot train anymore today. I want to accomplish two things: save some server overhead and create a friendlier user experience. Thus, prior to form submission, the user should have the opportunity to check whether the chosen username is available. As I've begun researching the topic, I've discovered AJAX, Vue, and XMLHttpRequest alternatives.
Any suggestions and alternatives that would give me guidance would be appreciated.
Additionally, are there any characters that should be expressly prohibited from use in a username (or other input field) that could aid malicious hackers in causing harm to my website, database, and files?
How to show the username of the person who uploaded something? I know how to make the upload script etc. but what is the script needed for the person's username and where do I put it? Thanks. Hi! I want to add the users nickname to the urlcode. I don't have any clue how to :O And maybe add more text after the url www.url.comTEXTusername echo $row["url"];$row["username"]; Please help Hi, I used to be able to get the username of the user who was loggd onto the computer and use that as a session variable, so when they are on the intranet, they need not to add any data. The code I used to use was Code: [Select] $logon_name = basename($_SERVER['AUTH_USER']); Since I updated the webserver and put an up-to-date version of PHP on this no longer works. If you have any ideas, such as maybe using Javascript to get this variable and passing it to PHP... Your help is appreciated. Stuart how would this code work? Code: [Select] if ($_POST['username'] == "[, ., ,, _, -" ){ die('Invalid characters.'); i want it to mean if there are any characters like ", [ . - _ ' " or anything in the username then die('invalid characters.'); for extra safety I have created a simple login system but need help getting the username after login is successfull. The login page <?php session_start(); require_once 'classes/Membership.php'; $membership = new Membership(); // If the user clicks the "Log Out" link on the index page. if(isset($_GET['status']) && $_GET['status'] == 'loggedout') { $membership->log_User_Out(); } // Did the user enter a password/username and click submit? if($_POST && !empty($_POST['username']) && !empty($_POST['pwd'])) { $response = $membership->validate_User($_POST['username'], $_POST['pwd']); } ?> <div id="login"> <form method="post" action=""> <table width="200" border="0" align="center"> <tr> <th scope="col">Username:</th> <th scope="col"><input type="text" name="username" /></th> </tr> <tr> <td>Password:</td> <td><input type="password" name="pwd" /></td> </tr> <tr> <td colspan="2"><input type="submit" id="submit" value="Login" name="submit" /></td> </tr> </table> <p> </p> <p> <?php if(isset($response)) echo "<h4 class='alert'>" . $response . "</h4>"; ?> </p> </form> </div> Membership.php file <?php require 'Mysql.php'; class Membership { function validate_user($un, $pwd) { $mysql = New Mysql(); $ensure_credentials = $mysql->verify_Username_and_Pass($un, md5($pwd)); if($ensure_credentials) { $_SESSION['status'] = 'authorized'; header("location: myaccount.php"); } else return "Please enter a correct username and password"; } function log_User_Out() { if(isset($_SESSION['status'])) { unset($_SESSION['status']); if(isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 1000); session_destroy(); } } function confirm_Member() { session_start(); if($_SESSION['status'] !='authorized') header("location: login.php"); } } myaccount page <?php require_once 'classes/Membership.php'; $membership = New Membership(); $membership->confirm_Member(); ?> <p>Welcome <?= $_SESSION['status'] ?></p I have written the code for email check, but how and where can I put the code to check if a username has been used twice? Thanks in advance. Code: [Select] <?php $servername = "localhost"; $username = ""; $password = ""; //validate fields if(!$_POST["username"] || !$_POST["email"] || !$_POST["password1"] || !$_POST["password2"]){ echo "<p> </p><p> </p><p> </p><br />Please fill the required fields, <p> </p><p> </p><a href='register.php'>Go to register page</a>"; //validate password }else if($_POST["password1"] != $_POST["password2"]){ echo "<p> </p><p> </p><p> </p><br />Please go back, PASSWORDS do not match! <p> </p><p> </p><a href='register.php'>Go to register page</a>"; //validate email }else if(!(eregi("^.+@.+\\..+$", $_POST['email']))){ echo "<p> </p><p> </p><p> </p><br />Please enter a valid EMAIL! <a href='register.php'><p> </p><p> </p>Go to register page</a>"; //validate captcha }else if(($_SESSION['security_code'] != $_POST['security_code']) || (empty($_SESSION['security_code'])) ){ echo "<p> </p><p> </p><p> </p><br />CAPTCHA CODE does not match! <p> </p><p> </p><a href='register.php'>Go to register page</a>"; }else{ $conn= mysql_connect($servername,$username,$password)or die(mysql_error()); mysql_select_db("genesis_members",$conn); // check if already registered $sql_check = "SELECT * FROM users WHERE email = '".$_POST[email]."'"; $result_check = mysql_query($sql_check,$conn) or die(mysql_error()); $row = mysql_fetch_assoc($result_check); if($row['id']){ echo "<p> </p><p> </p><p> </p><br />EMAIL already registered! <p> </p><p> </p><a href='register.php'>Go to register page</a>"; }else{ // insert in db $sql = "INSERT INTO users (username, email, password, company, phone, services) VALUES ('".$_POST[username]."', '".$_POST[email]."', '".$_POST[password1]."', '".$_POST[company]."', '".$_POST[phone]."', '".$_POST[services]."')"; $result = mysql_query($sql,$conn) or die(mysql_error()); echo "<p> </p><p> </p><p> </p><br /><h1>You Have Successfully Registered</h1>"; echo "<p> </p><p> </p><br /><a href='main_login.php'>go to login page</a>"; } } ?> Hello, After searching for some hours I don't get an answer for my question . I have a login index with session_start and register the user information with : Code: [Select] $_SESSION['user'] = $r['username']; $_SESSION['loggedin'] = true; In that index file, it echo the right username that's logged in. On the other files, it echo always "root". My other files are combined with - Header.php ( Start of validation of session ) - Page.php ( Validate again ) - Footer.php ( End the validation of footer ) All files have a session start and if not logged in redirects to index file to login again. The problem, somewhere I have an error that I can't discover.. Could you please help me ? Header.php Code: [Select] <?php session_start(); include("connect.php"); include("../inc/config.php"); if( isset($_SESSION['user']) and $_SESSION['loggedin'] == true){ ?> MY OWN CODE <?php } else{ Header("Location:index.php"); } ?> PAGE.PHP Code: [Select] <?php session_start(); if( isset($_SESSION['user']) and $_SESSION['loggedin'] == true){ ?> <?php include("header.php"); $session = session_decode(session_id()); $result = mysql_query("SELECT * FROM admutilizador WHERE id='$session'") or die(mysql_error()); $row = mysql_fetch_array($result); ?> MY OWN CODE <?php include("footer.php"); ?> <?php } else{ Header("Location:index.php"); } FOOTER.PHP Code: [Select] <?php session_start(); if( isset($_SESSION['user']) and $_SESSION['loggedin'] == true){ ?> MY OWN CODE <?php } else{ Header("Location:index.php"); } Can someone help me ? thanks in advance. P.S. I used a test session var $_SESSION['test'] = "TEST"; and it keeps the records in other pages. Using the $_SESSION['user'] = $r['username']; ( info from DB that returns the right username in the same page, echoing it in other pages always output root. Hope this test could help anyone too. Hello I am trying to add an IF statement to my login script so that if the username entered is 'admin' it directs to 'adminpage.php Here is my script: <?php include ("connection.php"); session_start(); // Collect data from form and save in variables //See if any info was submitted $Username = $_GET['Username']; //Clean data - trim space $Username = trim ( $Username); //Check its ok - if not then add an error message to the error string if (empty($Username)) $errorString = $errorString."<br>Please supply Username."; //See if any info was submitted $Password = $_GET['Password']; //Clean data - trim space $Password = trim ( $Password); //Check its ok - if not then add an error message to the error string if (empty($Password)) $errorString = $errorString."<br>Please supply Password."; // Query to search the user table $query= "SELECT * FROM Users WHERE Username='$Username' AND Password='$Password'"; // Run query through connection $result = mysql_query ($query); $row = mysql_fetch_assoc($result); // if rows found set authenticated user to the user name entered if (mysql_num_rows($result) > 0) { $_SESSION["authenticatedUser"] = $Username; $_SESSION['UserID'] = $row['UserID']; // Relocate to the logged-in page header("Location: loggedon.php"); } else // login failed redirect back to login page with error message { $_SESSION["message"] = "Could not connect as $Username " ; header("Location: login.php"); } ?> Thank you |
|||||||