|
PHP - Code Request - Link To Users Profile
I am having trouble figuring this out myself, so hopefully someone can help me out.
What I am trying to do is write a code to link an image to a logged in users "edit profile" page. Right now, the page address the image needs to be linked to would be: "MyCollegeFleaMarket.com/users/Username" Currently, the code I have in place is this: "users/<?php global $user; if ($user->uid) { print $user->name; } ?>"> but this is creating a link to, "MyCollegeFleaMarket.com/content/users/Username. Thanks for your help! Similar TutorialsHello. Say i want to view another user profile. I click on user name and i see the profile page. So how can i link user name to his profile? I have tried linking it to $id (this is where user id is stored in the database), but no luck. Thank you. Hi all, I am currently facing a problem, if you look at 'viewprofile.jpg' attachment, you can see that there is an uploaded profile picture. However when I click to edit the profile, the picture is missing (editprofile.jpg), I am just wondering what went wrong? Can someone guide me in troubleshooting this problem? Code: [Select] <?php if (isset($_POST['submit'])) { // Validate and move the uploaded picture file, if necessary if (!empty($new_picture)) { if ((($new_picture_type == 'image/gif') || ($new_picture_type == 'image/jpeg') || ($new_picture_type == 'image/pjpeg') || ($new_picture_type == 'image/png')) && ($new_picture_size > 0) && ($new_picture_size <= CT_MAXFILESIZE)) { //0 indicates a success, other values indicate failure if ($_FILES['file']['error'] == 0) { // Move the file to the target upload folder $target = CT_UPLOADPATH . basename($new_picture); if (move_uploaded_file($_FILES['new_picture']['tmp_name'], $target)) { // The new picture file move was successful, now make sure any old picture is deleted if (!empty($old_picture) && ($old_picture != $new_picture)) { @unlink(CT_UPLOADPATH . $old_picture); } } else { // The new picture file move failed, so delete the temporary file and set the error flag @unlink($_FILES['new_picture']['tmp_name']); $error = true; echo '<p class="error">Sorry, there was a problem uploading your picture.</p>'; } } } else { // The new picture file is not valid, so delete the temporary file and set the error flag @unlink($_FILES['new_picture']['tmp_name']); $error = true; echo '<p class="error">Your picture must be a GIF, JPEG, or PNG image file no greater than ' . (CT_MAXFILESIZE / 1024). '</p>'; } } // Grab the profile data from the POST $name = mysqli_real_escape_string($dbc, trim($_POST['name'])); $nric = mysqli_real_escape_string($dbc, trim($_POST['nric'])); $gender = mysqli_real_escape_string($dbc, trim($_POST['gender'])); $old_picture = mysqli_real_escape_string($dbc, trim($_POST['old_picture'])); $new_picture = mysqli_real_escape_string($dbc, trim($_FILES['new_picture']['name'])); $new_picture_type = $_FILES['new_picture']['type']; $new_picture_size = $_FILES['new_picture']['size']; list($new_picture_width, $new_picture_height) = getimagesize($_FILES['new_picture']['tmp_name']); $error = false; // Update the profile data in the database if (!$error) { if (!empty($name) && !empty($nric) && !empty($gender)) { $query = "UPDATE tutor_profile SET name = '$name', nric = '$nric', gender = '$gender' WHERE tutor_id = '" . $_GET['tutor_id'] . "'"; mysqli_query($dbc, $query) or die(mysqli_error($dbc)); // Confirm success with the user echo '<p>Your profile has been successfully updated. Would you like to <a href="viewprofile.php?tutor_id=' . $_GET['tutor_id'] . '">view your profile</a>?</p>'; mysqli_close($dbc); exit(); } else { echo '<p class="error">You must enter all of the profile data (the picture is optional).</p>'; } } } // End of check for form submission else { // Grab the profile data from the database $query = "SELECT name, nric, gender FROM tutor_profile WHERE tutor_id = '" . $_GET['tutor_id'] . "'"; $data = mysqli_query($dbc, $query) or die(mysqli_error($dbc)); // The user row was found so display the user data if (mysqli_num_rows($data) == 1) { $row = mysqli_fetch_array($data); if ($row != NULL) { $name = $row['name']; $nric = $row['nric']; $gender = $row['gender']; } else { echo '<p class="error">There was a problem accessing your profile.</p>'; } } } mysqli_close($dbc); ?> <form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo CT_MAXFILESIZE; ?>" /> <ul id="tabSet_ep"> <li><a href="#panel1">Personal Profile</a></li> <li><a href="#panel2">Qualifications</a></li> <li><a href="#panel3">Tutor\'s Comments/Commitment</a></li> <li><a href="#panel4">Tutoring Levels/Subjects</a></li> </ul> <!--Personal Profile--> <div id="panel1"> <label for="new_picture">Pictu </label> <input type="file" id="new_picture" name="new_picture" /> <?php if (!empty($old_picture)) { echo '<img class="profile" src="' . CT_UPLOADPATH . $old_picture . '" alt="Profile Picture" />'; } ?><br /> <label for="firstname">First name:</label> <input type="text" id="firstname" name="firstname" value="<?php if (!empty($name)) echo $name; ?>" /><br /> <label for="lastname">Last name:</label> <input type="text" id="lastname" name="lastname" value="<?php if (!empty($nric)) echo $nric; ?>" /><br /> <label for="gender">Gender:</label> <select id="gender" name="gender"> <option value="M" <?php if (!empty($gender) && $gender == 'M') echo 'selected = "selected"'; ?>>Male</option> <option value="F" <?php if (!empty($gender) && $gender == 'F') echo 'selected = "selected"'; ?>>Female</option> </select><br /> </div> <input type="submit" value="Save Profile" name="submit" /> </form> Hi, I would like to send a value in a link and request it back in ajax and set it as a variable in php in the same page, can anyone help me here? thanks Hello, This is supposed to be a sample soap request. I don't know how to actually send the request with php. Code: [Select] POST /sendSms.asmx HTTP/1.1 Host: host_site.com Content-Type: text/xml; charset=utf-8 Content-Length: length SOAPAction: "http://some_uri.com/sendSms" <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <sendSms xmlns="http://some_uri.com/"> <username>string</username> <password>string</password> <smsContent> <string>string</string> <string>string</string> </smsContent> <cell> <string>string</string> <string>string</string> </cell> <from>string</from> </sendSms> </soap:Body> </soap:Envelope> How am I supposed to so send this info? What is soapAction there? I tried: Code: [Select] $client = new SoapClient("host_site.com/sendSms.asmx"); and I'm getting: Quote Fatal error: Uncaught SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from 'host_site.com/sendSms.asmx' : Premature end of data in tag html line 3 in ... So I am trying to create a table where users can be disabled and enabled with the press of a radio button. So for the most part it works but for some reason it only allows me to disable a user it wont let me enable them and I can't seem to figure out why. I've checked that all the names were correct with the database and I have also tried both single ' quotes and double " quotes on the prepared statements to see if that makes a difference... it did not These are the functions to disable and enable users
function inactive($userId){
$conn = db_connect();
$disable_user = pg_prepare($conn, 'disable', "UPDATE users SET Enabled = false, Status = 'd' WHERE Id = $userId");
$result = pg_execute($conn, 'disable', array());
}
//Create a function to activate a salesperson
function active($userId){
$conn = db_connect();
$enable_user = pg_prepare($conn, 'enable', "UPDATE users SET Enabled = true, Status = 'a' WHERE Id = $userId");
$result = pg_execute($conn, 'enable', array());
}
$id = (array_keys($_POST['active'])[0]);
$status = $_POST['active'][$id];
if($status == "t"){
active($id);
}
else{
inactive($id);
}
And this is where it gets put into action ^^
In the database I have a boolean for enabled which is either true or false and then I have a varchar for status which is either 'd' or 'a'
Any help would be greatly appreciated
Thanks in advance I want to offer my site visitors the opportunity to use some of my content on their sites. For example, a Quote of the Day or This Date in History snippet that they can place on their site. I want to host and manage the content on my site and allow the visitors to syndicate it on their sites easily. The key word here is "easily". I don't want to do this through RSS, which can be tricky for entry-level webmasters and bloggers. I want to be able to offer a line of code, say in Javascript, that the visitor can copy and paste into their site (Wordpress widget etc.) and have my content appear there. Does anyone have any starting points for how to do this? I have several years of experience with PHPP, MySQL, CSS, HTML, etc., but I don't want to re-invent the wheel. I've done something similar in JSP, but not using PHP. Hi, For about a month, I have been trying to figure out why my code will not return anything after posting a wwwForm (I have also tried the newer equivalent of this function but I had no luck with that either.) The nameField and passwordField are taken from text boxes within the game and the code used in my login script is copied and pasted from a Register script but I have changed the file location to the login.php file. The register script works fine and I can add new users to my database but the login script only outputs "Form Sent." and not the "present" that should return when the form is returned and it never gets any further than that point meaning that it lets the user through with no consequence if they use an invalid name because the script never returns an answer. What should I do to fix this? Thanks, Unity Code:
using System.Collections;
using UnityEngine;
using UnityEngine.UI;
using UnityEngine.Networking;
public class Login : MonoBehaviour
{
public InputField nameField;
public InputField passwordField;
public Button acceptSubmissionButton;
public void CallLogInCoroutine()
{
StartCoroutine(LogIn());
}
IEnumerator LogIn()
{
WWWForm form = new WWWForm();
form.AddField("username", nameField.text);
form.AddField("password", passwordField.text);
WWW www = new WWW("http://localhost/sqlconnect/login.php", form);
Debug.Log("Form Sent.");
yield return www;
Debug.Log("Present"); if (www.text[0] == '0')
{
Debug.Log("Present2");
DatabaseManager.username = nameField.text;
DatabaseManager.score = int.Parse(www.text.Split('\t')[1]);
Debug.Log("Log In Success.");
}
else
{
Debug.Log("User Login Failed. Error #" + www.text);
}
}
public void Validation()
{
acceptSubmissionButton.interactable = nameField.text.Length >= 7 && passwordField.text.Length >= 8;
}
}
login.php:
<?php
echo "Test String2";
$con = mysqli_connect('localhost', 'root', 'root', 'computer science coursework');
// check for successful connection.
if (mysqli_connect_errno())
{
echo "1: Connection failed"; // Error code #1 - connection failed.
exit();
}
$username = mysqli_escape_string($con, $_POST["username"]);
$usernameClean = filter_var($username, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
$password = $_POST["password"];
if($username != $usernameClean)
{
echo "7: Illegal Username, Potential SQL Injection Query. Access Denied.";
exit();
}
// check for if the name already exists.
$namecheckquery = "SELECT username, salt, hash, score FROM players WHERE username='" . $usernameClean . "';";
$namecheck = mysqli_query($con, $namecheckquery) or die("2: Name check query failed"); // Error code # 2 - name check query failed.
if (mysqli_num_rows($namecheck) != 1)
{
echo "5: No User With Your Log In Details Were Found Or More Than One User With Your Log In Details Were Found"; // Error code #5 - other than 1 user found with login details
exit();
}
// get login info from query
$existinginfo = mysqli_fetch_assoc($namecheck);
$salt = $existinginfo["salt"];
$hash = $existinginfo["hash"];
$loginhash = crypt($password, $salt);
if ($hash != $loginhash)
{
echo "6: Incorrect Password"; // error code #6 - password does not hash to match table
exit;
}
echo "Test String2";
echo"0\t" . $existinginfo["score"];
?>
Doing something wrong, but don't see it. How should one retrieve a POST parameter? My $request->toArray()['html'] works, but I am sure it is not the "right way".
<?php
namespace App\DataPersister;
use ApiPlatform\Core\DataPersister\DataPersisterInterface;
use Symfony\Component\HttpFoundation\RequestStack;
class ArchivePersister implements DataPersisterInterface
{
public function __construct(RequestStack $requestStack)
{
$request = $requestStack->getCurrentRequest();
syslog(LOG_ERR, '$request->getMethod(): '.$request->getMethod());
syslog(LOG_ERR, '$request->getContent(): '.$request->getContent());
syslog(LOG_ERR, '$request->request->get(html): '.$request->request->get('html'));
syslog(LOG_ERR, '$request->query->get(html): '.$request->query->get('html'));
syslog(LOG_ERR, '$request->get(html): '.$request->get('html'));
syslog(LOG_ERR, '$request->toArray(): '.json_encode($request->toArray()));
syslog(LOG_ERR, '$request->toArray()[html]: '.$request->toArray()['html']);
}
}
output
$request->getMethod(): POST
$request->getContent(): {"project":"/projects/1","description":"","html":"<p>{{ project_name }}</p>"}
$request->request->get(html):
$request->query->get(html):
$request->get(html):
$request->toArray(): {"project":"\/projects\/1","description":"","html":"<p>{{ project_name }}<\/p>"}
$request->toArray()[html]: <p>{{ project_name }}</p>
Hello
I am trying to work out how many regular users I have to my site and how long those users tend to be users..
So, I have a table that logs every time a user visits my site and logs in, it stores the date / time as a unix timestamp and it logs their user id.
I started by getting the id's of any user who logs in more than 5 times in a specified period, but now I want to extend that...
SELECT userID as user, count(userID) as logins FROM login_history where timestamp > UNIX_TIMESTAMP('2014-06-01 00:00:00') and timestamp < UNIX_TIMESTAMP('2014-07-01 00:00:00') group by user having logins > 5;
I just discovered that I have a major security flaw with my website. Anyone who logs in to the website can easily access other users information as well as delete and edit other users information just by changing the ID variable in the address bar. I have user ID Session started on these pages but still people can do anything they like with other users information just by editing the address bar. For example if your logged in in the address bar of www.mywebsite.com/delete_mystuff.php?id=5 and change the "5" say to a "9" then you will have access to user#9 information. Every important page that I have has this code: Code: [Select] session_start(); if (!isset($_SESSION['user_id'])) { // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/index.php'; ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { //Else If Logged In Run The Script if((isset($_GET['id'])) && (is_numeric($_GET['id']))) { $id = (int) $_GET['id']; } elseif ((isset($_POST['id'])) && (is_numeric($_POST['id']))) { $id = (int) $_POST['id']; } else { echo ' No valid ID found, passed in url or form element'; exit(); } What am I doing wrong? Please help if you know how to correct this. Many thanks in advance. I have a mysql table which will store users email addresses (each is unique and is the primary field) and a timestamp. I have added another column called `'unique_code' (varchar(64), utf8_unicode_ci)`. What I would very much appreciate assistance with is; a) Generating a 5 digit alphanumeric code, ie: 5ABH6 b) Check all rows the 'unique_code' column to ensure it is unique, otherwise re-generate and check again c) Insert the uniquely generated 5 digit alphanumeric code into `'unique_code'` column, corresponding to the email address just entered. d) display the code on screen. What code must I put and where? **My current php is as follows:** Code: [Select] require "includes/connect.php"; $msg = ''; if($_POST['email']){ // Requested with AJAX: $ajax = ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'); try{ if(!filter_input(INPUT_POST,'email',FILTER_VALIDATE_EMAIL)){ throw new Exception('Invalid Email!'); } $mysqli->query("INSERT INTO coming_soon_emails SET email='".$mysqli->real_escape_string($_POST['email'])."'"); if($mysqli->affected_rows != 1){ throw new Exception('You are already on the notification list.'); } if($ajax){ die('{"status":1}'); } $msg = "Thank you!"; } catch (Exception $e){ if($ajax){ die(json_encode(array('error'=>$e->getMessage()))); } $msg = $e->getMessage(); } } Hi everyone, i have currently have a registration and login page working, i have now included a profile/edit profile page once the user is logged in. However im having a problem, once the user logs in the account page welcomes them by there username using the following code <h2>Welcome, <?php echo $_SESSION['username']; ?></h2> Which is fine, however when users edit there profile there details arent stored into there userid within the mysql database. for example this is my edit profile page and this is what it does within the mysql database: It doesn't save that info to the current user and im not sure how to get it to do it, heres my code: <?PHP //Database Information $dbhost = "localhost"; $dbname = "blank"; $dbuser = "blank"; $dbpass = "password"; //Connect to database mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error()); mysql_select_db($dbname) or die(mysql_error()); $real_name = $_POST['real_name']; $location = $_POST['location']; $mobile_number = $_POST['mobile_number']; $instant_messaging = $_POST['instant_messaging']; $query = "REPLACE INTO users (real_name, location, mobile_number, instant_messaging) VALUES('$real_name', '$location', '$mobile_number', '$instant_messaging')"; mysql_query($query) or die(mysql_error()); mysql_close(); ?> I can see why it doesn't work as it just inserts it into the users database but I'm not sure how to associate it with the current logged in user. Any help would be great, Lee I need help with this script...... i get the error... 'Undefined index: username in C:\wampnew\www\login and register\profile.php on line 28!' <?php require("include/connect.php"); if(!isset($_GET['id'])) { echo("Please enter a members profile to view."); die(); } elseif($_GET['id'] == "") { echo("Please enter a members profile to view."); die(); } $pid = mysql_real_escape_string(preg_replace("@[^a-z0-9]@i","",$_GET['id'])); $check = mysql_num_rows(mysql_query("SELECT id FROM tut_users WHERE id='{$pid}'")); if($check !="1") { echo("Member does not exist."); require("footer.php"); die(); } $sql = mysql_query("SELECT * FROM tut_users WHERE id='{$pid}'") or die(mysql_error()); $fetch = mysql_fetch_assoc($sql) or die(mysql_error()); $username = mysql_real_escape_string(preg_replace("@[^a-z0-9]@i","",$fetch['username'])); echo("Member Profile Of: {$username} <br /> " ); ?> Could someone please help me thanks... I'm using a templated PHP script and have successfully added a link (to an image) Hi guys, Im trying to get my members_profile.php to display the users profile.... I.e members_profile.php?boxerman will display my information. I've been at it for hours but no luck... This is what im trying to code: <?php include ("connect.php") $username = $_GET['username']; $user = mysql_query("SELECT * FROM user WHERE username = '$username'"); $user=mysql_fetch_assoc($user); echo "<h1>User Info</h1>"; echo "<b>Username:".$user['username']."<br>"; echo "<br>"; echo '<form name="backlistfrm" method="post" action="members.php">'; echo '<input type="submit" value="Back to The List">'; echo '</form>'; echo "<br>"; ?> It displays nothing when going to members_profile.php?boxerman Any advice as to why? Regards, B-Man i dont know why it doesnt update the db..someone help?? $connection=mysql_connect("$server", "$username", "$password") or die("Could not establish connection"); mysql_select_db($database_name, $connection) or die ("Could not select database"); $strEditProfile = "UPDATE tblemployee SET EmployeeName='".$_POST["edit_thename"]."', Address1 = '".$_POST[edit_address1]."', Address2 = '".$_POST[edit_address2]."', DesignationID = '".$_POST[edit_des]."', Postcode = '".$_POST[edit_postcode]."', State = '".$_POST[edit_state]."', Country = '".$_POST[edit_country]."', Tel1 = '".$_POST[edit_contact]."' WHERE EEmail='".$_POST["edit_email"]."'"; $resEditProfile = mysql_query($strEditProfile); if($resEditProfile) echo "<img src=\"images/valid.jpg\" /> Profile updated!"; else echo "><img src=\"images/warning.jpg\">Error!"; Hi all, Please I need an urgent help, I'm working on a project : www.playnetwork.com/record I want it such that when you click on the the artist link (menu) it will pull out the artists' records such as Name, Albums, Height etc. from a database Please help me out I'm kind off rookie to php Thanks Hi. I am working on a website that has restriction level. An admin, a staff, and ordinary user. In my admin page when I click the button "View Users" it shows all the listed users in a table, from admin to ordinary users. And on each entry is an option to either "Delete" or "Edit" the users account. Now I have a problem with editing user profile because it appears blank fields. Not like in the admin side wherein if I click "Edit" the fields are filled with the users info. How do I do this in the staff's page. Here is the view users code from the admin's page: Code: [Select] if (@$_GET['action'] == "View Users") { print "<font size=6 color=yellow><center>View User's Records</center><br></font>"; $result = mysql_query ("SELECT * FROM users order by user_lvl, lname asc"); $rows = mysql_num_rows($result); if ($rows!=0) { print "<table border=1 align=center cellspacing=10>"; print " <tr bgcolor=yellow align=center> <td>First Name</td> <td>Last Name</td> <td>Email</td> <td>Username</td> <td>Password</td> <td>Phone Number</td> <td>User Privilege</td> <td>Options</td> </tr>"; for ($i=0; $i< $rows; $i++) { $row = mysql_fetch_row ($result); print "<tr bgcolor= white align=center>"; print "<td>$row[0]</td>"; print "<td>$row[1]</td>"; print "<td>$row[2]</td>"; print "<td>$row[3]</td>"; print "<td>$row[4]</td>"; print "<td>$row[5]</td>"; print "<td>$row[6]</td>"; print "<td>[ <a href=admin_main.php?action=Delete&username=$row[3]>Delete</a> ]"; print "[ <a href=admin_main.php?action=Edit&username=$row[3]>Edit</a> ]"; print "</td>"; print "</tr>"; } print "</table>"; print "<font size=1 color=yellow>Number of entries found: $rows"; } else { print "No records found!"; } mysql_free_result ($result); } Now here is the code when I click "Edit" from the "View Users" table: Code: [Select] if (@$_GET['action'] == "Edit") { $result = mysql_query ("Select * from users where username='$_GET[username]'"); $row = mysql_fetch_row ($result); print "<font size=6 color=yellow><center>Edit Records </center></font>"; print "<form method = get> <table border = 1 align=center> <tr> <td><font color=yellow>First Name:</font></td> <td><input type=text name=fname value=$row[0] ></td></tr> <tr> <td><font color=yellow>Last Name:</font></td> <td><input type=text name=lname value=$row[1]></td></tr> <tr> <td><font color=yellow>Email Address: </font></td> <td><input type=text name=email value=$row[2] </td></tr> <tr> <td><font color=yellow>Username: </font></td> <td><input type = text name = username value=$row[3] ></td></tr> <tr> <td><font color=yellow>Password:</font></td> <td><input type=text name=password value=$row[4]></td></tr> <tr> <td><font color=yellow>Contact Number:</font></td> <td><input type = text name = phone_number value=$row[5]></td></tr> <tr> <td><font color=yellow>User Privilege:</font></td> <td><input type = txt name = user_lvl value=$row[6]></td></tr> <tr><td><input type=submit value='Update Users' Submit name=action></td></tr> </table> </form> "; } if (@$_GET['action']=="Update Users") { $result = mysql_query ("UPDATE users SET fname='$_GET[fname]', lname='$_GET[lname]', email='$_GET[email]', username='$_GET[username]', password='$_GET[password]', phone_number='$_GET[phone_number]', user_lvl='$_GET[user_lvl]' where username= '$_GET[username]'"); print "<font size=6 color=yellow><center><blink>Record of User successfully updated!</blink></center></font>"; } Hello, first of all i'm new here and i kinda like the community... so here i go with my question... When i register and then click on the link to get me to the log in file i have set the link for my member profile to be member.php?p=$_SESSION['id'] .. which works until now.. and lets say for instance my ID is 25... when i type on the browser member.php?p=553524 i will still be on the same page... so what i want to do is to check which id is typed and then throw them to the correct account profile or if the ID does not exist then throw them to a member-not-exist.php file.. I think i can do the how to check the id if it does exist but for the other one? Thanks in advance. |
|||||||