PHP - Friend System

Hey everyone,

I'm currently working on a friends online script and i have a slight problem that i need help with.

Basically the code first searches "TBL_Friends" to see if you have any friends added. If it returns results it then turns your friends ID's into a variable. It then searches "TBL_Users_Online" to see if any body is logged based on the friend's ID it returned before. The first bit of the code works and it retrieves all the friends i got added. The second half is odd, if i have one or two friends added it will show that one is online. If i have more then three friends added it returns no results. I know my code is a bit sloppy and probably not the best way of writing it, im still learning PHP.

Anyways this is the code, any help is appreciated.

Code: [Select]
<?php
$FriendsOnline = mysql_query("SELECT Sender_ID FROM TBL_User_Friends WHERE Reciever_ID = $UserID");
while($fo=mysql_fetch_array($FriendsOnline))
{
     $FriendsOnlineID = $fo[Sender_ID];

     $FriendsOnlineNumber = mysql_query("SELECT * FROM TBL_Users_Online WHERE User_ID = $FriendsOnlineID");
     $FriendsNumber = mysql_num_rows($FriendsOnlineNumber);

     echo $FriendsNumber;
}
?>
$SenderID = Friends ID
$Reciever_ID = User ID
$UserID = User ID

hello dear PHP-Fans - greetings to you - and a happy new year!!


i set up a WAMP-System on my openSuse 11.4 system.  In order to learn as much as i can bout PHP i want to do some tests and write some scripts.

Well the WAMP is allready up and running.  Now i try to give the writing access to the folder

mkdir /srv/www/

where the php-scripts should go in...

i want  to give write permission to all to all files in /srv/www

As root I generally:

mkdir /srv/www/
chown <webmaster usrername> /srv/www/

/srv/www/ should be readable and traversable by all, but only writeable by it's owner (the user designated as the webmaster.)

can i do this like mentioned above,...

Love to hear from you

greetings
db1

Right i want to have friends displayed on peoples profiles but i can only ave there name and not the avater displayed here is the code ive got which doesnt work

        <? 
$picture = mysql_query("SELECT * FROM users WHERE username = '$dip->person'");
$pc = mysql_fetch_object($picture);
$query_friends=mysql_query("SELECT * FROM friends WHERE username='$viewuser' AND type='Friend'");

$rows=mysql_num_rows($query_friends);
if ($rows == "0"){ echo "<center>No friends</center>"; }
$friend = 0;
while($dip=mysql_fetch_object($query_friends)){

echo "&nbsp;&nbsp;<img src='$pc->image' width='50' height='50' border='1'><br><a href='profile.php?viewuser=$dip->person'>$dip->person</a>,"; 
$friend++; 
echo ($friend % 3 == 0)? "<br>" : ""; }
?>


The friends are from the friends database and the avater is from the users database how can i link them so the name and the avater show ive tried this but only the names are displayed and the avaters dont show

Right ive got a user profile that i want a add friend button but i coded a little something what i fort wud work but no luck
<?php
session_start();
include "includes/db_connect.php";
include "includes/functions.php";
include"includes/smile.php";
logincheck();
$username=$_SESSION['username'];
$viewuser=$_GET['viewuser'];

$fetch=mysql_fetch_object(mysql_query("SELECT * FROM users WHERE username='$viewuser'"));
if (!$fetch){
echo "No such user";


$totalf = mysql_num_rows(mysql_query("SELECT * FROM friends WHERE username = '$viewuser' AND active='1'"));

$invite_text="<div>$username Has Sent You A Friend Request<br>
<input name=Yes_Accept type=submit id=yes value=Accept Invite class=abutton>&nbsp;<input name=No_accept type=submit value=Decline Invite class=abutton></div><input type=hidden name=invite_id value=$bar2>";
if (($_GET['fri'])){
$exicst=mysql_query("SELECT * FROM users WHERE username='$viewuser'");
$nums=mysql_num_rows($exicst);
$adding=mysql_fetch_object($exicst);
$already=mysql_num_rows(mysql_query("SELECT * FROM friends WHERE type='Friend' AND person='$viewuser' AND username='$username'"));
if ($already != "0"){
echo "<center><font color=orange><b><br>This user is already your friend.<br><br></font>";
}elseif ($already == "0"){


mysql_query("INSERT INTO `friends` ( `id` , `username` , `person` , `type` , `active`) 
VALUES (
'', '$username', '$viewuser', 'Friend' , '0'
)");
mysql_query("INSERT INTO `friends` ( `id` , `username` , `person` , `type` , `active`) 
VALUES (
'', '$viewuser', '$username', 'Friend' , '0'
)");
mysql_query("INSERT INTO `inbox` ( `id` , `to` , `from` , `message` , `subject` , `date` , `read`) 
VALUES (
'', '$viewuser', '$username', '$invite_text' , 'Friend Request' , '$date' , '0'
)");
$bar2=mysql_insert_id();
echo "<center><font color=orange><br>Your Friend Invitation Was Sent To $viewuser<br><br></font>";
exit();
}
}}
?>
<a href=?fri=Yes>Add Friend +</a>

It just adds a blank person and comes back with No Such User and Your Friend Invitation Was Sent To

I think ive put some things in the wrong place to be honest but as im not a pro i easily miss things

Im working on a "Friend-request"-script, but something is wrong in my "answer"-script...

See the script below:

Code: [Select]
    if (isset($_POST['submit_ansReq_answer'])) {
   
        $answer = $_POST['ansReq_what'];
        $uid= $_SESSION['userid'];
        $fid= $_POST['fid'];
       
       
        $db=friend_db;
        $dbname=bannaky_basic;
        include('config.php');
       
       
        ///////////// IF ACCEPTED
       
        if ($answer == "acceptReq") {
       
        $reqStat = "YES";
        $reqEcho = "Answered YES";
       
        }
   
        ///////////// ELSE IF DENIED
   
        else if ($answer == "denyReq") {
       
        $reqStat = "NO";
        $reqEcho = "Answered NO";
       
        }
       
        $query = "UPDATE $db SET req_accept='$reqStat' WHERE friend_id='$uid' AND user_id='$fid'";
           
            mysql_query($query);
           
           
            echo "$reqEcho";

If the user hits the Accept-button, everything works fine and is registered in the SQL database. But when hitting the Deny-button nothing happens... I get to the page and $regEcho works, but $reqStat=NO; wont save in the SQL database...

Probably a simple solution to this that im not seeing.... Please help me out before i loose my mind.

Hi all

I have been looking though loads of tutorials regarding log in method for websites (not APIs), and cant help find that they are outdated.

So I am asking what is the correct way to create a log in system using php?

Modern websites use JavaScript for asynchronous web requests so this requirement should also be catered for. APIs and mobile apps use access tokens which is very secure if implemented correctly.

Can we use the token principle for websites? As the way I see it that most php log in systems use php sessions and they create a session and save some data in this session when the user successfully authenticates, however the session id is held in a cookie so if the cookie is stolen then they have access to your account.

API access tokens are expired and refreshed periodically so is there such a implementation method for web sites too?

i am trying to add a like system to my forum similar to facebook where it shows how many people like a post.

this is my code so far:

$like_list = "";
            
            $likes = explode("|", $post_info['post_likes']);
            $amount_likes = count($likes);
            $ac_likes = ($amount_likes / 2);
            $slice = array_slice($likes, 0, 4, true);
            $remain = array_slice($likes, 4, $ac_likes, true);
            $remain_num = count($remain);
            
            if ($ac_likes >= 4)
            {
                for($i=0; $i<$ac_likes; $i+=2)
                {
                    $like_list .= $likes[$i].", ";
                }
                $like_list .= " and $remain_num others like this";
            }
            elseif ($amount_likes == 1    )
            {
                $like_list .= "0 people like this";
            }
            elseif ($ac_likes == 1)
            {
                $like_list = implode(", ", $likes);
                $like_list .= " likes this";
            }
            else
            {
                $like_list = implode(", ", $likes);
                $like_list .= " like this";
            }

$post_info['post_likes'] contains data like:

Code: [Select]
user1|123456789|user2|123456789
where the number is the timestamp.

unfortunatly $like_list prints the username and the timestamp when i would like it to only display the username. This means
printing every 2nd element in the array starting from 0. I have seen this done with for loops but i am not using one therefore i am stuck. Any ideas? and is this the best database setup for likes? the post_likes column is added on to the end of the post table.

  Hi this is my login script i do have the html if you need to see it please ask & i was wondering if anyone would be kind enough to tell me how i can get my ban system to work Thanks

<?php

require 'connect.php';

if(isset($_POST['submit'])) {

	$username = $_POST['username'];
	$password = $_POST['password'];

	//Prevent hackers from using SQL Injection
	$username = stripslashes($username);
	$password = stripslashes($password);
	$username = mysql_real_escape_string($username);
	$password = mysql_real_escape_string($password);

	$sql = "SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'";
	$result = mysql_query($sql);
	$count = mysql_num_rows($result);

	$user_level = $_GET['user_level'];

	$_SESSION['user_level'] = $user_level;

	if($count == 1) {

		$_SESSION['username'];
		$_SESSION['password'];
		header("Location: index.php");
	} else {

		echo "Please check the username and password you entered is correct.";
	} if($_SESSION['user_level'] == 0) {
		$_SESSION['username'];
		$_SESSION['password'];
		header("Location: index.php");
		
	} else if($_SESSION['user_level'] == -1) {

		die();
		header("Location: banned.php");

	} else if($_SESSION['user_level'] < -1) {
		die();
		echo "An error has occurred please contact your administrator.";

	} else if($_SESSION['user_level'] == 1) {
		$_SESSION['username'];
		$_SESSION['password'];
		header("Location: admin.php");

	}


}

?>

Edited by Tom8001, 23 November 2014 - 12:18 PM.

ok i need directing to a tutorial, an easyish one that can help me do a secure login and registration system. Something that uses sessions and mysql. something with sql injection and other security. i need it very secure.


hope you can help.

I already have a web based RPG game I am developing. Here is a small video to showcase the loot animation.     My problem is, I want to add combat. I will be using html 5 websockets. I already have a websockets server up so multiplayer isn't the issue.   A good combat system I found is on this game: http://treasurearena.clay.io/   I'm not going to dig out the source code, and try to extract the combat system from this game. Just trying to find something similar that I can use, does anyone have any recommendations?   Thanks!   Edit: It can be as simple as swinging a freaking sword and moving. That's all I really want, I just don't want the boring 'click', 'click', and 'click' bullshit.

Hi All!   This is my first post here, so if there are some things I miss or something more I need to do please let me know.   I tried searching the forum for the answer first but could not find anything.   So here is the thing; I followed a tutorial I found about building a login system for my website. The tutorial worked perfectly, except I needed it to redirect to a user specific page instead of a static page on login. I made the necessary changes to the script, and now it redirects to the user specific page, but does not recognize that I am logged in so it will not show me the content.   In the interest of full disclosure, I am not very good at PHP and lack a fundamental understanding of it. I am enrolled in some Udemy courses to try to rectify that, but I needed the login system ASAP, so copy and paste programming was my only option. I know, I know. I am a terrible human being and should be thrown into the sun. I agree. I am in counseling to try to deal with it.   The tutorial I used can be found he  http://www.wikihow.c...n-PHP-and-MySQL.   Here is the relevant code:   process_login.php:  

<?php


include_once 'db_connect.php';
include_once 'functions.php';


sec_session_start(); // Our custom secure way of starting a PHP session.


if (isset($_POST['email'], $_POST['p'])) {
    $email = $_POST['email'];
    $password = $_POST['p']; // The hashed password.


$page = login($email, $password, $mysqli);
if ($page == true) {
  // Login success        
  header('Location: '. $page);
   exit();


    } else {
        // Login failed 
        header('Location: ../error.php?error=1');
    }
} else {
    // The correct POST variables were not sent to this page. 
    echo 'Invalid Request';
}

Looking for the best way to set-up the db of a messaging system. Here's what I have so far (basically pulled from another forum), don't know if Table1 is even really necessary:

Table1:
id
user_message_id
recepient_id
recepient_read

Table2:
user_message_id
sender_id
sender_read
subject
message
created_at
updated_at



Basically it needs to function where, someone submits a message to the admin or moderator, the admin/moderators can review and reply, and then the user can submit another reply, and keeps going indefinitely. I want each reply to show up almost like a forum thread.

How would I chain the reply messages to the original messages?

is there any available for me to enhanced on /etc?

How would I go about starting 1

i want 1 with 32 numbers and i need to have to run a query every 1hour how would i go about this?

Hello,

I have the following code


Code: [Select]
class Uploads extends Controller
{
 public function __construct()
 {
  parent::__construct();

  if (empty($_FILES))
  {
   log_message('error', 'Uploads - files empty');
   exit('No files uploaded');
  }

  ini_set('memory_limit', '128M');

  $this->load->helper('file');
  $this->load->helper('helpers');
  $this->load->model('uploads_model');

 }

 public function font_handler()
 {
  $this->uploads_model->font_handler();
 }

}

class Uploads_model extends Model
{
    public function font_handler()
    {
  $config = array(
   'max_size'     => '8388',
   'allowed_types' => 'ttf',
   'upload_path'   => 'assets/fonts/'
  );

  $this->load->library('upload', $config);

  if ($this->upload->do_upload('Filedata'))
  {
   $file = $this->upload->data();
   $jsFile = $file['raw_name'].'.js';
   $query = $this->db->where('location', 'menuFont')->get('fonts')->row();

   if ($query->customFile != '' && file_exists('assets/fonts/'.$query->customFile))
         {
    unlink('assets/fonts/'.$query->customFile);
   }

   $path    = getcwd() . '/assets/fonts/cufon/convert.php';
   $command = 'php ' . $path . ' -u "U+??" ' . $file['full_path'] . ' 1> ' . getcwd() . '/assets/fonts/' . $jsFile;

   system($command);
  }
 }

}


Ok so, the ttf file is uploaded correctly and I can run $command from the command promt in putty and it works perfect, but when I try to run the same command from system() the js file just contains (from the controller) "No files uploaded" I have no idea why this is happening? Anyone have any ideas?  Also one thing i'm not sure about is if it should be 1> or > when creating the js file?!?


Thanks guys!

Hi could you help me get this login page working? I made a form which posts to login.php the "user" and "pass".   Then this is my code for login.php:

<?php include("mysql_connect.inc.php"); ?>

<?php
$user = $_POST['user'];
$pass = $_POST['pass'];

session_start();
$query = mysqli_query("SELECT * FROM users WHERE username='$user'");
$results = mysqli_query($con, $query) or die(mysqli_error($con));
$resultsarray = mysql_fetch_array($userresults);

if (isset($_POST['user']) && $_POST['user'] == $query && isset($_POST['pass']) && $_POST['pass'] == $query) {
$_SESSION['username'] = $_POST['user'];
echo "<p>Login success. You are logged in as: " . $_SESSION['username'] . "</p>Return to mainpage, click <a href='index.php'>here</a>!";
} else {
echo "<p>Wrong username or password.</p>";

}
mysqli_close($con);
?>