|
PHP - Mysql Error With User Profile System
Hi All,
I am currently struggling with the my user info function which is supposed to display an image on my profile page along with the following parts of information taken from my database. The error is a mysql error stating that the $info = mysql_fetch_assoc($result); is not a valid arguement. Code: [Select] function fetch_user_info($uid) { $uid=(int)$uid; $sql = "SELECT `user_id AS `id` `user_username` AS `username`, `user_firstname` AS `firstname`, `user_lastname` AS `lastname`, `user_email` AS `email`, `user_location` AS `location`, `user_about` AS `about`, `user_gender` AS `gender` FROM `users` WHERE `user_id` = {$uid}"; $result = mysql_query($sql); $info = mysql_fetch_assoc($result); $info['avatar'] = "core/user_avatars/{$info['id']}.jpg"; return $info; } I have looked through the code a few times, but I can tell what is wrong. I have included below the profile page code in case it may be an issue there. Code: [Select] <?php include('core/init.inc.php'); $userinfo = fetch_user_info($_GET['uid']); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title><?php echo $userinfo ['username']; ?>'s Profile</title> </head> <body> <div> <?php if($userinfo == false) { echo 'Sorry, the user does not exist.'; } else { ?> <h1><?php echo $userinfo ['firstname']; ?> <?php echo $userinfo ['lastname']; ?></h1> <img src="<?php echo $userinfo['avatar'];?>" alt="avatar"/> <p>Username: <?php echo $userinfo ['username']; ?></p> <p>First Name: <?php echo $userinfo ['firstname']; ?></p> <p>Last Name: <?php echo $userinfo ['lastname']; ?></p> <p>Gender: <?php echo ($userinfo ['gender'] == 1) ? 'Male' : 'Female'; ?></p> <p>Email: <?php echo $userinfo ['email']; ?></p> <p>Location: <?php echo $userinfo ['location']; ?></p> <p>About: <?php echo $userinfo ['about']; ?></p> </div> <?php } ?> </body> </html> Thanks Jamie Similar TutorialsI am trying to upload files to a user profile system. here is the profile page Code: [Select] <?php include('core/init.inc.php'); if (isset($_POST['email'], $_POST['location'], $_POST['about'])) { $errors = array(); if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) { $errors[] = "The email address you entered is not valid"; } if(preg_match('#^[a-z0-9 ]+$#i',$_POST['location'])===0) { $errors[] = 'Your location must only contain A-Z 0-9 and spaces.'; } if (empty($_FILES['avatar']['tmp_name']) === false) { $file_ext = end(explode('.', $_FILES['avatar']['name'])); if(in_array(strtolower($file_ext), array('jpg', 'jpeg', 'gif', 'png')) === false) { $errors[] = 'Your avatar must be an image.'; } } if(empty($errors)) { print_r($_FILES); set_profile_info($_POST['email'],$_POST['location'],$_POST['about'], (empty($_FILES['avatar']['tmp_name'])) ? false : $_FILES['avatar']['tmp_name']); } $userinfo = array( 'email' => htmlentities($_POST['email']), 'location' => htmlentities($_POST['location']), 'about' => htmlentities($_POST['about']) ); } else { $userinfo = fetch_user_info($_SESSION['uid']); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Edit your Profile</title> </head> <body> <div> <?php if(isset($errors) == false) { echo 'Click update to edit your profile.'; } else if(empty($errors)) { echo 'Your profile has been updated.'; } else { echo '<ul><li>', implode('</li><li>', $errors), '</li></ul>'; } ?> </div> <form action="" method="post" enctype="multipart/form-data"> <div> <label for="email">Email: </label> <input type="text" name="email" id="email" value="<?php echo $userinfo['email']; ?>" /> </div> <div> <label for="location">Location: </label> <input type="text" name="location" id="location" value="<?php echo $userinfo['location']; ?>" /> </div> <div> <label for="about">About Me: </label> <textarea name="about" id="about" rows="14" cols="50"><?php echo strip_tags($userinfo['about']); ?></textarea> </div> <div> <label for="avatar">Avatar: </label> <input type="file" name="avatar" id="avatar"/> </div> <div> <input type="submit" value="Update" /> </div> </form> </body> </html> here is the function taken from an external file Code: [Select] function set_profile_info($email, $location,$about,$avatar) { $email = mysql_escape_string(htmlentities($email)); $about = mysql_escape_string(nl2br(htmlentities($about))); $location = mysql_escape_string($location); if (file_exists($avatar)) { $src_size = getimagesize($avatar); if ($src_size['mime'] === 'image/jpeg') { $src_img = imagecreatefromjpeg($avatar); } else if ($src_size['mime'] === 'image/png') { $src_img = imagecreatefrompng($avatar); } else if ($src_size['mime'] === 'image/gif') { $src_img = imagecreatefromgif($avatar); } else { $src_img = false; } if ($src_img !== false) { $thumb_width= 200; if($src_size[0] <= $thumb_width) { $thumb = $src_img; } else { $new_size[0] = $thumb_width; $new_size[1] = ($src_size[1] / $src_size[0]) * $thumb_width; $thumb = imagecreatetruecolor($new_size[0], $new_size[1]); imagecopyresampled($thumb, $src_img, 0, 0, 0, 0, $new_size[0], $new_size[1], $src_size[0], $src_size[1]); } imagejpeg($thumb, "{$GLOBALS['path']}/user_avatars/{$_SESSION['uid']}.jpg"); } } $sql = "UPDATE `users` SET `user_email` = '{$email}', `user_about` = '{$about}', `user_location` = '{$location}' WHERE `user_id` = {$_SESSION['uid']}"; mysql_query($sql); } Below I have returned the array of files to check if its been uploaded correctly. Array ( [avatar] => Array ( [name] => Sonic.jpg [type] => image/jpeg [tmp_name] => /var/tmp/php.waq8n [error] => 0 [size] => 48477 ) ) But I get this error message. Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: '/var/tmp/php.waq8n' is not a valid JPEG file in /web/stud/u0963643/userprofilesection/finaluserprofile/core/inc/user.inc.php on line 71 If someone could point out where in this code I have made an error I would be very grateful Thanks Jamie Hello users: I am exploring the delightful world of PHP for web applications. I am in the stage where I need to use SESSIONS and COOKIES and MYSQL for a user/membership/profile structure. I understand most of the grammar behind PHP and am excited to apply this in application. I am searching for recommendations and comments about using: 1. COOKIES 2. SESSIONS 3. MYSQL/SQL Almost every website has an authentication mechanism, profile, and use information. My website required this similar structure, but I have been having some problems completing all of the technical steps for production. If anyone has code samples or places where I can review code on this topic, that would be wonderful. I am specifically searching for more advanced topics in these area for general robustness. Please kindly send me a message or respond to this post. Regards, Diamond Edited by Diamond, 30 December 2014 - 04:27 PM. Hi, I have a fully pledged membership system and want to integrate my own user referral system but want some tips, advice really on the logic of it. Basically already registered users on my site will have the option to refer people, only registered users. I will try to explain my logic and what i have done so far. My current registered users table is something like Quote users (table) - id (user id) - email (user email) - password (hash of users password) - reg_date (date user registered) I have some other fields but not relevant to what I want to do and to keep things as simple as possible I left them out. I am thinking of creating a new table called referrals and for example when a registered user on my site from the users table goes to a member only page called referral.php it will display a form so they can enter an email address of someone they want to refer and it also displays the people they referred. My referral table is like this so far and not sure if it's best way to go about the database logics and php logic. my table so far looks like this: Quote referrals (table) - id (auto incremented every time a new referral (row) is added to referrals table) - referrer_uid (id of referrer, this would be the unique id of a registered user from the users table) - referred_email (email address of person who has been referred) - status (when someone is first referred default will be `referred`, if they signup to site via referral link this will update to `completed`) - created_on (date the referral was made, unix timestamp) - updated_on (date the referred person actually clicks the referral link and completes signup) Currently i added the database table above to my site on local. added some sample data for testing and created a referral.php page where there's a form so a registered member can enter a persons email and refer them to my site to signup. On referral.php there is also the total people they referred and a table showing all the people they referred as follows: Referred Email | Referred Date | Status | Completed On Now so far everything is seems fine. I have my sample (pretend referrals i made) data showing in my test account. The part i am now not sure about is this: Obviously to stop abuse i do my usual validation checks like: check to ensure the email being entered on referrals page does not exist in users table (registered member), check to ensure the email has not already been referred previously (for spam reasons) only allowed to refer an email address once and not allowed to refer someone who has previously been referred by someone else to (again for spam reasons) Now onto the tracking the referral and link building. I was first thinking this: on sign up form have a hidden field. The sign up form would do a simple check to see if isset $_GET['ref'] like signup.php?ref=something_here if it is prefill the hidden field, when user then signs up if the ref=something_here matches what's in the database then update referral to complete so the referrer knows that their friend for example signed up via their referral, unix timestamp of when referred person completed signup. Now i was going to use the email address of referred person or username of person who made the referral signup.php?ref=username or signup.php?ref=referred_email . Now what i am thinking is what would be better and i guess stop random abuse is create another column and call it referred_id; this would be a random md5 hash that is unique to that referral and it will be appended to the url like signup.php?ref=md5_hash_here. So my questions a 1) Is there anything you think i should change, improve on, alter etc ? 2) Do you think i am going about it the rite way or making a mess of it ? 3) Have i left anything out that i may have not thought of that could cause the system to be abused ? Any suggestions, feedback, help on the whole logic would be great. I coded allot of it last night and won't take me long to do the rest but need some help in terms of ensuring i am doing it the best way possible etc, the logic behind it all. Thanks for any suggestions, help, advice, tips! PHPFAN I am currently creating a multi-user login system, and I have created the database in MySQL, but the problem is that my PHP script is not working as expected. I would like it so that if the user enters in a correct username + password combination, then they are redirected to a webpage called "congrats.php" for example. However, with my current PHP code, if I include a redirection instruction based on the correct input, then when I run the script, then the user is instantly taken to the congrats.php page without filling in any login details. I'm quite sure that the database has been connected to, as due to the layout of my script at the moment, the text that reads "You did it!" appears 4 times, the same number of rows in my MySQL database. My PHP coding for this is: Code: [Select] <html><head><title>Multi-User Log In Form</title></head> <body> <?php $self = $_SERVER['PHP_SELF']; $username = $_POST['username']; $password = $_POST['password']; ?> <form action = "<?php echo $self; ?>" method = "post"> Username <input type = "text" name = "username" size = "8"> Password <input type = "password" name = "password" size = "8"> <input type = "submit" value="Submit"> </form> <?php $conn = @mysql_connect("localhost", "root", "") or die ("Err: Conn"); $rs = @mysql_select_db("test3", $conn) or die ("Err: Db"); $sql = "select * from users"; $rs = mysql_query($sql, $conn); while ($row = mysql_fetch_array($rs)) { $name = $row["uname"]; $pass = $row["pword"]; if ($username = $name && $password = $pass) { //CODE FOR REDIRECTION SHOULD GO HERE //header("location:congrats.php"); echo "You did it!"; } else { echo "Invalid username and password combination"; } } ?></body> </html> Any help in trying to get it so that my PHP script will redirect only if a correct username + password combination is entered would be greatly appreciated Hi guys, I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else. I have got the system to work up as far as: 1/ The user logs in 2/ Once logged in they are re-directed to their own page using 'theirusername.php' Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page. This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working! Please find below the code I am using: LOGIN <?php session_start(); function dbconnect() { $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error()); } ?> <?php if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; $_SESSION['name'] header("Location:" . strtolower($username) . ".php"); } ?> HEADER ON EACH PHP PAGE <?php session_start(); if(!isset($_SESSION['loggedin'])) { die(Access to this page is restricted without a valid username and password); ?> --------------------------------------------------- Am I right in thinking it is something to do with the "loggedin" part? The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php" Any help would be greatly appreciated! Ta Hello all, i require some assistance in a bit of PHP/MySql code. I have a website setup with register/login scripts already wrote, i also have a basic members page for now, that has there user ID assigned to it for example members.php?id=$id, which is there ID from the database. I have a members list which shows all members with links to there profiles, now i when i mouse over the link, it will says members.php?id=1 and so on, which is correct but when clicking on any of the members to go to there profile it is my own details that is shown on there profile instead of theres. members.php <?php session_start(); mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("hireacoder") or die(mysql_error()); $user = $SESSION['username']; $sql = mysql_query("SELECT * FROM users WHERE username='$user'"); $row = mysql_fetch_assoc($sql); echo $row['username']; echo'<br>'; echo $row['fname']; echo'<br>'; echo $row['lname']; echo'<a href="users.php">Users</a>'; ?> users.php <?php session_start(); mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("hireacoder") or die(mysql_error()); echo "<table border='0'> <tr> <th>UserName</th> </tr>"; $sql = mysql_query("SELECT * FROM users ORDER BY ID"); while($row = mysql_fetch_assoc($sql)) { $id = $row['id']; $username = $row['username']; echo" <tr> <td> <a href='members.php?id=$id'>".$username."</a> </td> </tr>"; } echo "</table>"; ?> Now i know what the problem is, the query is getting the details from the DB with the username = the session user which is me and that is why my details show up on all profiles, but i dont know any other way to do it, any help with be very apprciated thanks you. Hi, I have to ask about profile page for each user like facebook and netlog. As u can see in netlog it is like this http://en.netlog.com/ElegantLeo and i have a site http://cyprussaver.com/merchant.php?id=64 and here each merchant profile can be viewed like this but i need to show them like this http://cyprussaver.com/rocksman please guide me what i have to do in order to achieve this result. Thanks, Hanan ALi Hi, I recently implemented a code to display user profile information. Well, it displays the username and password fine, but the edit function doesn't seem to be working. I edit the information, click submit, get a success message but the username and password didn't change. myprofile.php Code: [Select] <?php session_start(); include('config.php'); $sql = mysql_query( "SELECT * FROM users WHERE id='".$_SESSION['id']."'" ); echo "<h2>Profile</h2> <form method='post' action='editprofile.php'> <table>"; $row = mysql_fetch_array($sql); echo "<tr><th>Name: </th><td>".$row['username']."</td></tr> <tr><th>Password: </th><td><input type='password' value='".$row['password']."' disabled='true' /></td></tr>"; echo "</table><br /> <input type='submit' value='edit profile' /> </form>"; ?> editprofile.php Code: [Select] <?php include('config.php'); if(isset($_POST['btnedit'])){ $username = $_POST['username']; $password = $_POST['password']; $sql = mysql_query( "UPDATE users SET username='".$username."', password='".$password."' WHERE id='".$_SESSION['id']."'" ); if($sql){ echo "<script>alert('profile updated');window.location='myprofile.php'</script>"; }else{ echo "<script>alert('updating profile failed!');</script>"; } } $sql = mysql_query( "SELECT * FROM users WHERE id='".$_SESSION['id']."'" ); $row = mysql_fetch_array($sql); echo "<h2>Edit profile</h2> <form method='post'> <table> <tr><th>registered:</th><td><input type='text' name='username' value='".$row['username']."'/></td></tr> <tr><th>password:</th><td><input type='password' name='password' value='".$row['password']."'/></td></tr> </table><br /> <input type='submit' name='btnedit' value='update' /> </form>"; ?> Good Day PHP world,
I am encountering a problem in php code meant to allow the user to update their profile picture.
I am using jquery.min and jquery.js. The code below runs with no errors reported. The file has been successfully uploaded to upload path using this form.
upload.php
<form id="imageform" method="post" enctype="multipart/form-data" action='ajaximage.php'> <input type="file" name="photoimg" id="photoimg" class="stylesmall"/> </form>ajaximage.php
$path = "uploads/";
$valid_formats = array("jpg", "png", "gif", "bmp","jpeg");
if(isset($_POST) and $_SERVER['REQUEST_METHOD'] == "POST")
{
$name = $_FILES['photoimg']['name'];
$size = $_FILES['photoimg']['size'];
if(strlen($name))
{
list($txt, $ext) = explode(".", $name);
if(in_array($ext,$valid_formats))
{
if($size<(1024*1024)) // Image size max 1 MB
{
$actual_image_name = $name.".".$ext;
$tmp = $_FILES['photoimg']['tmp_name'];
if(move_uploaded_file($tmp, $path.$actual_image_name))
{
$query = "UPDATE users SET profile_image='$actual_image_name' WHERE student_id='{$_SESSION['user_id']}'";
$result = mysqli_query($link_id, $query);
echo "<img src='uploads/".$actual_image_name."' class='preview'>";
}
The problem is the image being uploaded does not display on the
Student_home.php
<div id="about-img">
<img class="profile-photo" align="middle" src='uploads/".$actual_image_name."' />
</div>
But the image uploaded will display when i write directly its filename example
<div id="about-img">
<img class="profile-photo" align="middle" src="uploads/107.jpg" />
</div>
My problem is i wanted to display the uploaded picture of the specific student on Student_Home.php
Right ive got a user profile that i want a add friend button but i coded a little something what i fort wud work but no luck <?php session_start(); include "includes/db_connect.php"; include "includes/functions.php"; include"includes/smile.php"; logincheck(); $username=$_SESSION['username']; $viewuser=$_GET['viewuser']; $fetch=mysql_fetch_object(mysql_query("SELECT * FROM users WHERE username='$viewuser'")); if (!$fetch){ echo "No such user"; $totalf = mysql_num_rows(mysql_query("SELECT * FROM friends WHERE username = '$viewuser' AND active='1'")); $invite_text="<div>$username Has Sent You A Friend Request<br> <input name=Yes_Accept type=submit id=yes value=Accept Invite class=abutton> <input name=No_accept type=submit value=Decline Invite class=abutton></div><input type=hidden name=invite_id value=$bar2>"; if (($_GET['fri'])){ $exicst=mysql_query("SELECT * FROM users WHERE username='$viewuser'"); $nums=mysql_num_rows($exicst); $adding=mysql_fetch_object($exicst); $already=mysql_num_rows(mysql_query("SELECT * FROM friends WHERE type='Friend' AND person='$viewuser' AND username='$username'")); if ($already != "0"){ echo "<center><font color=orange><b><br>This user is already your friend.<br><br></font>"; }elseif ($already == "0"){ mysql_query("INSERT INTO `friends` ( `id` , `username` , `person` , `type` , `active`) VALUES ( '', '$username', '$viewuser', 'Friend' , '0' )"); mysql_query("INSERT INTO `friends` ( `id` , `username` , `person` , `type` , `active`) VALUES ( '', '$viewuser', '$username', 'Friend' , '0' )"); mysql_query("INSERT INTO `inbox` ( `id` , `to` , `from` , `message` , `subject` , `date` , `read`) VALUES ( '', '$viewuser', '$username', '$invite_text' , 'Friend Request' , '$date' , '0' )"); $bar2=mysql_insert_id(); echo "<center><font color=orange><br>Your Friend Invitation Was Sent To $viewuser<br><br></font>"; exit(); } }} ?> <a href=?fri=Yes>Add Friend +</a> It just adds a blank person and comes back with No Such User and Your Friend Invitation Was Sent To I think ive put some things in the wrong place to be honest but as im not a pro i easily miss things Hi, I am making a dating site where I have made the user profile edit page visible to the user when they log in, and I think I can get away with not showing the user their "public" profile view. But I definitely need to show other users on the site the "public" non editing profile page view. But I don't know how to do this. I have yet to create the search, search results, thumbnails with optional descriptions of the possible dating results. But I first want to just get 2 versions of the user profile page view. One that the user sees that I have already done. (The editable one). And the other I need to make which is the page the other users will see, (The public profile) Please if anyone has any idea how to do this I would greatly appreciate it, especially if you have any pseudocode ideas. thank you. Ok so everything is working the way it is supposed to work Except 2 small problems that have been driving me batty for the last 2 weeks.. for some strange reason the MSN and Email won't display correctly.. When they display it ends up like this (( JerseyJoe(at)hotmail(dot)com instead of JerseyJoe@hotmail.com )) I really need some help with this folks.. so Please answer asap..thanks <?php // $Id$ $cs_lang = cs_translate('users'); $users_id = $_GET['id']; settype($users_id,'integer'); $cs_user = cs_sql_select(__FILE__,'users','*',"users_id = '" . $users_id . "'"); if(empty($cs_user['users_active'])) { $data['head']['action'] = $cs_lang['profile']; $data['head']['body_text'] = $cs_lang['not_active_text']; echo cs_subtemplate(__FILE__,$data,'users','head'); $data['lang']['not_active'] = $cs_lang['not_active']; echo cs_subtemplate(__FILE__,$data,'users','not_active'); } elseif(!empty($cs_user['users_delete'])) { $data['head']['action'] = $cs_lang['profile']; $data['head']['body_text'] = $cs_lang['delete_text']; echo cs_subtemplate(__FILE__,$data,'users','head'); $data['lang']['delete'] = $cs_lang['delete']; echo cs_subtemplate(__FILE__,$data,'users','delete'); } else { $data['head']['action'] = $cs_lang['profile']; $data['head']['body_text'] = cs_addons('users','view',$users_id,'users'); echo cs_subtemplate(__FILE__,$data,'users','head'); $old_nick = cs_sql_select(__FILE__,'usernicks','users_nick','users_id = ' . $users_id,'users_changetime DESC',0,1); $data['if']['old_nick'] = false; if(!empty($old_nick)) { $data['if']['old_nick'] = true; $data['users']['old_nick'] = $old_nick['users_nick']; } $data['users']['id'] = $cs_user['users_id']; $data['if']['buddies_active'] = (empty($account['access_buddys']) OR $account['access_buddys'] < 2) ? false : true; $hidden = explode(',',$cs_user['users_hidden']); #$allow = $users_id == $account['users_id'] OR $account['access_users'] > 4 ? 1 : 0; $allow = 0; if($users_id == $account['users_id'] OR $account['access_users'] > 4) { $allow = 1; } $data['if']['own_profile'] = $users_id == $account['users_id'] ? true : false; $data['url']['picture'] = cs_url('users','picture'); $data['url']['profile'] = cs_url('users','profile'); $data['users']['nick'] = cs_secure($cs_user['users_nick']); $data['url']['message_create'] = cs_url('messages','create','to_id=' . $cs_user['users_id']); if(empty($cs_user['users_picture'])) { $data['users']['picture'] = $cs_lang['nopic']; } else { $place = 'uploads/users/' . $cs_user['users_picture']; $size = getimagesize($cs_main['def_path'] . '/' . $place); $data['users']['picture'] = cs_html_img($place,$size[1],$size[0]); } $content = cs_secure($cs_user['users_name']); if(in_array('users_name',$hidden)) { $content = empty($allow) ? '--' : cs_html_italic(1) . $content . cs_html_italic(0); } $data['users']['name'] = empty($cs_user['users_name']) ? '--' : $content; $content = cs_secure($cs_user['users_surname']); if(in_array('users_surname',$hidden)) { $content = empty($allow) ? '--' : cs_html_italic(1) . $content . cs_html_italic(0); } $data['users']['surname'] = empty($cs_user['users_surname']) ? '--' : $content; $data['lang']['sex'] = $cs_lang['sex']; if(empty($cs_user['users_sex'])) { $data['users']['sex'] = '--'; } if($cs_user['users_sex'] == 'male') { $data['users']['sex'] = $cs_lang['male']; } if($cs_user['users_sex'] == 'female') { $data['users']['sex'] = $cs_lang['female']; } $data['lang']['birth_age'] = $cs_lang['birth_age']; if (!empty($cs_user['users_age'])) { $content = cs_date('date',$cs_user['users_age']); $birth = explode ('-', $cs_user['users_age']); $age = cs_datereal('Y') - $birth[0]; if(cs_datereal('m')<=$birth[1]) { $age--; } if(cs_datereal('d')>=$birth[2] AND cs_datereal('m')==$birth[1]) { $age++; } $content .= ' (' . $age . ')'; } if(in_array('users_age',$hidden)) { $content = empty($allow) ? '--' : cs_html_italic(1) . $content . cs_html_italic(0); } $data['users']['age'] = empty($cs_user['users_age']) ? '--' : $content; $content = empty($cs_user['users_height']) ? '--' : $cs_user['users_height'] . ''; if(in_array('users_height',$hidden)) { $content = empty($allow) ? '--' : cs_html_italic(1) . $content . cs_html_italic(0); } $data['users']['height'] = empty($cs_user['users_height']) ? '--' : $content; $content = cs_secure($cs_user['users_adress']); if(in_array('users_adress',$hidden)) { $content = empty($allow) ? '--' : cs_html_italic(1) . $content . cs_html_italic(0); } $data['users']['adress'] = empty($cs_user['users_adress']) ? '--' : $content; $data['lang']['postal_place'] = $cs_lang['postal_place']; if(empty($cs_user['users_postalcode']) AND empty($cs_user['users_place'])) { $data['users']['postal_place'] = '--'; } else { $content = cs_secure($cs_user['users_postalcode']) . ' - ' . cs_secure($cs_user['users_place']); if(in_array('users_place',$hidden)) { $content = empty($allow) ? '--' : cs_html_italic(1) . $content . cs_html_italic(0); } $data['users']['postal_place'] = $content; } if(empty($cs_user['users_country'])) { $data['users']['country'] = '-'; } else { $url = 'symbols/countries/' . $cs_user['users_country'] . '.png'; $data['users']['country'] = cs_html_img($url,11,16); include_once('lang/' . $account['users_lang'] . '/countries.php'); $country = $cs_user['users_country']; $data['users']['country'] .= ' ' . $cs_country[$country]; } $data['users']['registered'] = cs_date('unix',$cs_user['users_register'],1); $data['users']['laston'] = !empty($cs_users['users_invisible']) ? '--' : cs_date('unix',$cs_user['users_laston'],1); $content = cs_html_mail($cs_user['users_email']); if(in_array('users_email',$hidden)) { $content = empty($allow) ? '--' : cs_html_italic(1) . $content . cs_html_italic(0); } $data['users']['email'] = empty($cs_user['users_email']) ? '--' : $content; $cs_user['users_url'] = cs_secure($cs_user['users_url']); $content = cs_html_link('http://' . $cs_user['users_url'],$cs_user['users_url']); if(in_array('users_url',$hidden)) { $content = empty($allow) ? '--' : cs_html_italic(1) . $content . cs_html_italic(0); } $data['users']['url'] = empty($cs_user['users_url']) ? '--' : $content; $cs_icqstart = 'http://web.icq.com/whitepages/online?icq='; $content = cs_html_link('http://www.icq.com/' . $cs_user['users_icq'],$cs_user['users_icq']); $content .= ' ' . cs_html_img($cs_icqstart . $cs_user['users_icq'] . '&img=22','16','15'); if(in_array('users_icq',$hidden)) { $content = empty($allow) ? '--' : cs_html_italic(1) . $content . cs_html_italic(0); } $data['users']['icq'] = empty($cs_user['users_icq']) ? '--' : $content; $cs_user['users_msn'] = cs_secure($cs_user['users_msn']); # $content = cs_html_link('http://members.msn.com/' . $cs_user['users_msn'],$cs_user['users_msn']); $content = cs_html_msnmail($cs_user['users_msn']); if(in_array('users_msn',$hidden)) { $content = empty($allow) ? '--' : cs_html_italic(1) . $content . cs_html_italic(0); } $data['users']['msn'] = empty($cs_user['users_msn']) ? '--' : $content; $cs_user['users_skype'] = cs_secure($cs_user['users_skype']); $content = cs_html_link('skype:' . $cs_user['users_skype'] . '?userinfo', $cs_user['users_skype']); $skype_url = 'http://mystatus.skype.com/smallicon/' . $cs_user['users_skype']; $content .= ' ' . cs_html_img($skype_url,'16','16'); if(in_array('users_skype',$hidden)) { $content = empty($allow) ? '--' : cs_html_italic(1) . $content . cs_html_italic(0); } $data['users']['skype'] = empty($cs_user['users_skype']) ? '--' : $content; $content = cs_secure($cs_user['users_phone']); if(in_array('users_phone',$hidden)) { $content = empty($allow) ? '--' : cs_html_italic(1) . $content . cs_html_italic(0); } $data['users']['phone'] = empty($cs_user['users_phone']) ? '--' : $content; $content = cs_secure($cs_user['users_mobile']); if(in_array('users_mobile',$hidden)) { $content = empty($allow) ? '--' : cs_html_italic(1) . $content . cs_html_italic(0); } $data['users']['mobile'] = empty($cs_user['users_mobile']) ? '--' : $content; $data['users']['info'] = empty($cs_user['users_info']) ? ' ' : cs_secure($cs_user['users_info'],1,1); /* Users View Update */ /* $users_view['users_view'] = $cs_user['users_view'] + 1; $users_cells = array_keys($users_view); $users_save = array_values($users_view); cs_sql_update(__FILE__,'users',$users_cells,$users_save,$cs_user['users_id']); $data['users']['view'] = $users_view['users_view'];*/ echo cs_subtemplate(__FILE__,$data,'users','view'); } Hi all, I am currently facing a problem, if you look at 'viewprofile.jpg' attachment, you can see that there is an uploaded profile picture. However when I click to edit the profile, the picture is missing (editprofile.jpg), I am just wondering what went wrong? Can someone guide me in troubleshooting this problem? Code: [Select] <?php if (isset($_POST['submit'])) { // Validate and move the uploaded picture file, if necessary if (!empty($new_picture)) { if ((($new_picture_type == 'image/gif') || ($new_picture_type == 'image/jpeg') || ($new_picture_type == 'image/pjpeg') || ($new_picture_type == 'image/png')) && ($new_picture_size > 0) && ($new_picture_size <= CT_MAXFILESIZE)) { //0 indicates a success, other values indicate failure if ($_FILES['file']['error'] == 0) { // Move the file to the target upload folder $target = CT_UPLOADPATH . basename($new_picture); if (move_uploaded_file($_FILES['new_picture']['tmp_name'], $target)) { // The new picture file move was successful, now make sure any old picture is deleted if (!empty($old_picture) && ($old_picture != $new_picture)) { @unlink(CT_UPLOADPATH . $old_picture); } } else { // The new picture file move failed, so delete the temporary file and set the error flag @unlink($_FILES['new_picture']['tmp_name']); $error = true; echo '<p class="error">Sorry, there was a problem uploading your picture.</p>'; } } } else { // The new picture file is not valid, so delete the temporary file and set the error flag @unlink($_FILES['new_picture']['tmp_name']); $error = true; echo '<p class="error">Your picture must be a GIF, JPEG, or PNG image file no greater than ' . (CT_MAXFILESIZE / 1024). '</p>'; } } // Grab the profile data from the POST $name = mysqli_real_escape_string($dbc, trim($_POST['name'])); $nric = mysqli_real_escape_string($dbc, trim($_POST['nric'])); $gender = mysqli_real_escape_string($dbc, trim($_POST['gender'])); $old_picture = mysqli_real_escape_string($dbc, trim($_POST['old_picture'])); $new_picture = mysqli_real_escape_string($dbc, trim($_FILES['new_picture']['name'])); $new_picture_type = $_FILES['new_picture']['type']; $new_picture_size = $_FILES['new_picture']['size']; list($new_picture_width, $new_picture_height) = getimagesize($_FILES['new_picture']['tmp_name']); $error = false; // Update the profile data in the database if (!$error) { if (!empty($name) && !empty($nric) && !empty($gender)) { $query = "UPDATE tutor_profile SET name = '$name', nric = '$nric', gender = '$gender' WHERE tutor_id = '" . $_GET['tutor_id'] . "'"; mysqli_query($dbc, $query) or die(mysqli_error($dbc)); // Confirm success with the user echo '<p>Your profile has been successfully updated. Would you like to <a href="viewprofile.php?tutor_id=' . $_GET['tutor_id'] . '">view your profile</a>?</p>'; mysqli_close($dbc); exit(); } else { echo '<p class="error">You must enter all of the profile data (the picture is optional).</p>'; } } } // End of check for form submission else { // Grab the profile data from the database $query = "SELECT name, nric, gender FROM tutor_profile WHERE tutor_id = '" . $_GET['tutor_id'] . "'"; $data = mysqli_query($dbc, $query) or die(mysqli_error($dbc)); // The user row was found so display the user data if (mysqli_num_rows($data) == 1) { $row = mysqli_fetch_array($data); if ($row != NULL) { $name = $row['name']; $nric = $row['nric']; $gender = $row['gender']; } else { echo '<p class="error">There was a problem accessing your profile.</p>'; } } } mysqli_close($dbc); ?> <form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo CT_MAXFILESIZE; ?>" /> <ul id="tabSet_ep"> <li><a href="#panel1">Personal Profile</a></li> <li><a href="#panel2">Qualifications</a></li> <li><a href="#panel3">Tutor\'s Comments/Commitment</a></li> <li><a href="#panel4">Tutoring Levels/Subjects</a></li> </ul> <!--Personal Profile--> <div id="panel1"> <label for="new_picture">Pictu </label> <input type="file" id="new_picture" name="new_picture" /> <?php if (!empty($old_picture)) { echo '<img class="profile" src="' . CT_UPLOADPATH . $old_picture . '" alt="Profile Picture" />'; } ?><br /> <label for="firstname">First name:</label> <input type="text" id="firstname" name="firstname" value="<?php if (!empty($name)) echo $name; ?>" /><br /> <label for="lastname">Last name:</label> <input type="text" id="lastname" name="lastname" value="<?php if (!empty($nric)) echo $nric; ?>" /><br /> <label for="gender">Gender:</label> <select id="gender" name="gender"> <option value="M" <?php if (!empty($gender) && $gender == 'M') echo 'selected = "selected"'; ?>>Male</option> <option value="F" <?php if (!empty($gender) && $gender == 'F') echo 'selected = "selected"'; ?>>Female</option> </select><br /> </div> <input type="submit" value="Save Profile" name="submit" /> </form> Okay, well for a site i want to make a user managment system. but i have no idea how to. ive already got the part where you type the user that you want to manage. Code: [Select] <?php /* Copyright (C) 2009 Murad <Murawd> Josh L. <Josho192837> This program is free softwa you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ // Must rewrite ?> <fieldset> <legend> Manage User </legend> <table border='0' style="height:100%;width:570px;border:solid 1px #BBB"> <tr class="navtitle" style="height:25px"> <th style="width:auto">Manage A User</th> </tr> <tr> <td align="center" class="tdbox"> Search for the profile name you wish to manage. </td> </tr> <tr> <td align="center"> <form method="post" action=''> <input type="text" name="name" /> <input type="submit" name="search" value="Search" /> </form> </td> </tr> <tr style="height:25px"> <td class="tdbox"> <span style="float:left"> <a href="?cype=admin">Back To Administration Control Panel</a> </span> </td> </tr> </table> </fieldset> But thats just to find the user you want to edit, i want to make it so i can edit there name, how much money and such they have. instead of going into the db. so if you could help or if you need more info just ask. i dont really no much to put up here. I'm trying to teach myself how to use functions and includes in my scripts. As an exercise I am trying to create a registration system that I can re-use on other future projects. I have my main register.php page as follows: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type" /> <title>Register</title> </head> <body> <?php ini_set('display_errors', 1); ini_set('log_errors', 1); ini_set('error_log', dirname(__FILE__) . '/error_log.txt'); error_reporting(E_ALL); // Check to see if query string is set, if not pass empty array to function. if((!isset($_GET['success'])) && (!isset($_GET['active'])) && (!isset($_GET['valid']))) { include ('registerform.php'); $invalidcode = array(); regform($invalidcode); } //If success is set, use value to determine response if(isset($_GET['success'])) { if($_GET['success'] == "false") { echo "There has been an error with your registration. You will be redirected to the registration page in 5 SECONDS."; echo "<meta http-equiv=refresh content =\"5; URL=index.php\">"; } if($_GET['success'] == "true") { echo "Thanks for registering. An activation email has been sent to your registered email address.<br />"; echo "Please check you email and follow the activation link contained within it."; } } //if active is set, determine response (note: code to be added here in future) if(isset($_GET['active'])) { if($_GET['active'] == "true") { echo "Thank you for activating this account.<br />"; echo "You may now return to the home page and login!"; } } //if valid is set there was a problem with the form validation. //get valid from query string, convert back to an array and pass array to the form display script if(isset($_GET['valid'])) { $invalidcode = $_GET['valid']; $invalidcode = unserialize(urldecode($invalidcode)); include ('registerform.php'); regform($invalidcode); } ?> </body> </html> When the page loads it first checks for any variables passed in the url to determine action. Heres the code for the function regform(): <?php function regform($errors) { //set variables to initial value to prevent undefined variable error $errors0 = 0; $errors1 = 0; $errors2 = 0; $errors3 = 0; $errors4 = 0; $errors5 = 0; $errors6 = 0; $errors7 = 0; //check to make sure the array that was passed was not empty //from my validation script the errors are in matching order to the display on this page. //I have only prepared 2 errors for this inital testing, there will be one for each field on the form. $i = count($errors); if($i > 0){ $errors0 = $errors[0]; $errors1 = $errors[1]; //$errors2 = $errors[2]; //$errors3 = $errors[3]; //$errors4 = $errors[4]; //$errors5 = $errors[5]; //$errors6 = $errors[6]; //$errors7 = $errors[7]; } echo "<form id='register' name='register' method='post' action='doreg.php' >"; echo "<table>"; //if the variable = 1 there was an error validating the field in the validate script if($errors0 == 1){ echo "<tr><td><font color='red'>First Name</font></td><td><input type='text' name='firstname' /></td><tr>"; } else { echo "<tr><td>First Name</td><td><input type='text' name='firstname' /></td><tr>"; } if($errors1 == 1){ echo "<tr><td><font color='red'>Last Name</font></td><td><input type='text' name='lastname' /></td><tr>"; } else { echo "<tr><td>Last Name</td><td><input type='text' name='lastname' /></td><tr>"; } //additional errors to be added, as per abov,e for the code below echo "<tr><td>Email Address</td><td><input type='text' name='email' /></td><tr>"; echo "<tr><td>Password</td><td><input type='password' name='password1' /></td><tr>"; echo "<tr><td>Confirm Password</td><td><input type='password' name='password2' /></td><tr>"; echo "<tr><td></td><td></td><tr>"; echo "<tr><td>Accept Terms?</td><td><input type='checkbox' name='accept' /></td><tr>"; echo "<tr><td>Security String</td><td><input type='text' name='secstring' /></td><tr>"; echo "<tr><td></td><td><input type='submit' name='submit' value='submit' /></td><tr>"; echo "<tr><td></td><td><input type='hidden' name='form_submit' value='1' /></td><tr>"; echo "</table>"; echo "</form>"; } ?> So the form takes the array ?valid passed to the register page and determines which fields had a validation error and highlights them red. (I'll modify this highlighting to be what ever I need later...just testing my logic ) The form then calls doreg.php on submit. This will firstly run the validate script, then perform DB actions if all ok, else it will return to register with the error array passed in a query string: <?php if($_POST['form_submit'] == 1) { include ('validate.php'); //the validate script returns $errorarray. Need to figure out better way to test values to determine if any error flags are set if(($errorarray[0]!=0) or ($errorarray[1]!=0) or ($errorarray[2]!=0)) { $errorarray = urlencode(serialize($errorarray)); echo "<meta http-equiv=refresh content=\"0; URL=register.php?valid=$errorarray\">" ; } echo "<meta http-equiv=refresh content=\"0; URL=register.php?success=true\">"; } ?> php] And finally there is the actual validation script. I was hoping to be able to use this for all form validations across the site. I'll just add if(isset) for the various form fields and make sure I standardize my field names across my sites forms. [php] <?php $errorarray = array(); if($_POST['firstname'] == "") { $errorarray[0] = 1; } else {$errorarray[0] = 0; } if($_POST['lastname'] == "") { $errorarray[1] = 1; } else {$errorarray[1] = 0; } if($_POST['email'] == "") { $errorarray[2] = 1; } else {$errorarray[2] = 0; } return $errorarray; ?> For this example I have just done simple empty string checks. I'd really appreciate any advice on the code I've written to date. Im quite sure there are more elegant ways to achieve what these scripts do and I would greatfully accept any feedback. (Be gentle...I'm new ) Thanks Hi I was curious as to if you guys could possibly point me in the right direction so I can learn what is needed in order to implement a system on my website that allows users to login and then I could make only certain users have access to certain pages and etc, I don't have any mysql knowledge at all and I'm pretty sure I'm going to need to know that so if anyone could point me in the right direction and put me on on the right track to learning this or a guide I could go off of and see how everything works, I appreciate it. Thanks! CLUEL3SS I'm trying to make a simple but secure login/user registration for this site I'm building. I'm new to php, so I followed some tutorials from www.newthinktank.com. http://www.newthinktank.com/2011/01/php-security-pt-2/ http://www.newthinktank.com/2011/01/php-security-pt-4-set-up-captcha// http://www.newthinktank.com/2011/01/web-design-and-programming-pt-21-secure-login-script/ But I'm having a couple of problems. On the registration.php file, whenever I type in wrong information, the validation error messages don't display and also whenever I click the submit button, the form doesn't do anything. It doesn't insert information into my database. It just shows the empty form. On my login.php file, again the validation errors don't display and I can't tell if I'm logged in or not. The form redirects to my index page, but the user box that shows the different menus depending on whether or not someone is logged in stays in guest mode. I don't get any php error messages on either file. Here's my code: register.php file: Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled</title> <link href="_css/page_layout.css" rel="stylesheet" type="text/css" /> <link href="_css/page_text.css" rel="stylesheet" type="text/css" /> <link href="_css/sidebarLeft.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrapper"> <?php include('_includes/template/header.php'); ?> <?php include('_includes/template/nav.php'); ?> <?php include('_includes/template/sidebar_left.php'); ?> <div id="mainContent"> <div class="content"> <?php require_once('_includes/connectvars.php'); if (isset($_POST['submitted'])) { if (preg_match ('%^[A-Za-z\.\' \-]{2,20}$%', stripslashes(trim($_POST['first_name'])))) { $firstname = escape_data($_POST['first_name']); } else { $firstname = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid first name!</font></p>'; } if (preg_match ('%^[A-Za-z\.\' \-]{2,40}$%', stripslashes(trim($_POST['last_name'])))) { $lastname = escape_data($_POST['last_name']); } else { $lastname = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid last name!</font></p>'; } if (preg_match ('%^(0?[1-9]|[12][0-9]|3[01])[-/. ](0?[1-9]|1[0-2])[-/.](19|20)\d{2}$%', stripslashes(trim($_POST['birth_date'])))) { $birthdate = escape_data($_POST['birth_date']); } else { $birthdate = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid date of birth!</font></p>'; } $gender = escape_data($_POST['gender']); if (preg_match ('%^[0-9]{5}$%', stripslashes(trim($_POST['zip_code'])))) { $zipcode = escape_data($_POST['zip_code']); } else { $zipcode = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid 5 digit zip code!</font></p>'; } if (preg_match ('%^[A-Za-z0-9._\%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$%', stripslashes(trim($_POST['email'])))) { $email = escape_data($_POST['email']); } else { $email = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid email address!</font></p>'; } if (preg_match ('%^[a-z\d_]{2,20}$%', stripslashes(trim($_POST['username'])))) { $username = escape_data($_POST['username']); } else { $username = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid username!</font></p>'; } if (preg_match ('%\A(?=[-_a-zA-Z0-9]*?[A-Z])(?=[-_a-zA-Z0-9]*?[a-z])(?=[-_a-zA-Z0-9]*?[0-9])\S{6,}\z%', stripslashes(trim($_POST['password1'])))) { if (($_POST['password1'] == $_POST['password2']) && ($_POST['password1'] != $_POST['username'])) { $password = escape_data($_POST['password1']); } elseif ($_POST['password1'] == $_POST['username']) { $password = FALSE; echo '<p><font color="red" size="+1″>Your password cannot be the same as the username!</font></p>'; } else { $password = FALSE; echo '<p><font color="red" size="+1″>Your password did not match the confirmed password!</font></p>'; } } else { $password = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid password!</font></p>'; } $captchchk = 1; require_once('_includes/recaptchalib.php'); $privatekey = "My private key goes here...i know"; $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { echo '<p><font color="red" size="+1″>The CAPTCHA Code wasn\'t entered correctly! </font></p>'; $captchchk = 0; } if ($firstname && $lastname && $birthdate && $gender && $zipcode && $email && $username && $password) { $query = "SELECT user_id FROM users WHERE username='$username'"; $result = mysql_query($query) or trigger_error("Sorry, that username is taken"); if(mysql_num_rows($result) == 0) { $a = md5(uniqid(rand(), true)); $query = "INSERT INTO users(zip_code, username, first_name, password, activation_code, join_date, last_name, gender, birth_date, email) VALUES ('$zipcode', '$username', '$firstname', SHA('$password'), '$a', NOW(), '$lastname', '$gender', '$birthdate', '$email')"; $result = mysql_query($query) or trigger_error("Sorry an error happened"); if(mysql_affected_rows() == 1) { $body = "Thanks for registering. Activate account by clicking this link: <br />"; $body .= "http://localhost/activate.php?x=" . mysql_insert_id() . "&y=$activationcode"; mail($email, 'Registration Confirmation', '$body', 'From: admin@mysite.com'); echo '<br /><br /><h1>Thank you for registering! A confirmation email has been sent to your address. Please click on the link in that email in order to activate your account.</h1>'; } exit(); } else { echo '<p><font color="red" size="+1″>You could not be registered due to a system error. We apologize for any inconvenience.</font></p>'; } } else { echo '<p><font color="red" size="+1″>That email address has already been registered. If you have forgotten your password, use the link to have your password sent to you.</font></p>'; } mysql_close(); } ?> <h1>Register</h1> <br /> <p>Please fill out the form below. All fields required.</p> <br /> <center><form action="register.php" method="POST" id="regform"> <table width="550" border="0"> <tr> <td width="200"><p>First Name:</p></td> <td width="200"><label for="first_name"></label> <input name="first_name" type="text" id="first_name" maxlength="20" value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name']; ?>"/></td> <td width="200"> </td> </tr> <tr> <td><p>Last Name:</p></td> <td><label for="last_name"></label> <input name="last_name" type="text" id="last_name" maxlength="45" value="<?php if (isset($_POST['last_name'])) echo $_POST['last_name']; ?>"/></td> <td> </td> </tr> <tr> <td><p>Birthdate:</p></td> <td><label for="birth_date"></label> <input name="birth_date" type="text" id="birth_date" maxlength="10" value="<?php if (isset($_POST['birth_date'])) echo $_POST['birth_date']; ?>"/></td> <td><p>(Format: MM/DD/YYYY)</p></td> </tr> <tr> <td><p>Gender</p></td> <td><p> <label> <input type="radio" name="gender" value="F" id="gender_0" /> F </label> <label> <input type="radio" name="gender" value="M" id="gender_1" /> M </label> <input name="gender" type="hidden" value="" /> <br /> </p></td> <td> </td> </tr> <tr> <td><p>Zip Code</p></td> <td><label for="zip_code"></label> <input name="zip_code" type="text" id="zip_code" maxlength="5" value="<?php if (isset($_POST['zip_code'])) echo $_POST['zip_code']; ?>"/></td> <td> </td> </tr> <tr> <td><p>Email:</p></td> <td><label for="email"></label> <input name="email" type="text" id="email" maxlength="255" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"/></td> <td> </td> </tr> <tr> <td><p>Username:</p></td> <td><label for="username"></label> <input name="username" type="text" id="username" maxlength="60" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>"/></td> <td> </td> </tr> <tr> <td><p>Choose New Password:</p></td> <td><label for="password1"></label> <input name="password1" type="password" id="password1" maxlength="40" /></td> <td> </td> </tr> <tr> <td><p>Confirm New Password:</p></td> <td><label for="password2"></label> <input name="password2" type="password" id="password2" maxlength="40" /></td> <td> </td> </tr> </table> </br> <?php require_once('_includes/recaptchalib.php'); $publickey = "my public key goes here...i know"; // you got this from the signup page echo recaptcha_get_html($publickey); ?> <br /> <input type="submit" name="submit_signup" id="submit_signup" value="Sign Up" /> <input type="hidden" name="submitted" value="TRUE" /> </form></center> <br /> <br /> </div> </div> <?php include('_includes/template/sidebar_right.php'); ?> <?php include('_includes/template/footer.php'); ?> </div> </body> </html> login.php file: Code: [Select] <?php session_start(); require_once('_includes/connectvars.php'); ?> <?php if (isset($_POST['submitLogin'])) { if (preg_match ('%^[A-Za-z0-9]\S{6,20}$%', stripslashes(trim($_POST['username'])))) { $username = escape_data($_POST['username']); } else { $username = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid username!</font></p>'; } if (preg_match ('%^[A-Za-z0-9]\S{6,20}$%', stripslashes(trim($_POST['password'])))) { $password = escape_data($_POST['password']); } else { $password = FALSE; echo '<p><font color="red" size="+1″>Please enter a valid password!</font></p>'; } if ($username && $password) { $query = "SELECT user_id, level_access, username, password, join_date, first_name, last_name, birth_date, gender, zip_code, email, activation_code FROM users WHERE username='$username' AND password=SHA('$password')"; $result = mysql_query ($query) or trigger_error("Either the Username or Password are incorrect"); if (mysql_affected_rows() == 1) { $row = mysql_fetch_array ($result, MYSQL_NUM); mysql_free_result($result); $_SESSION['first_name'] = $row[5]; $_SESSION['username'] = $row[2]; $tokenId = rand(10000, 9999999); $query2 = "update users set tokenid = $tokenId where username = '$_SESSION[username]'"; $result2 = mysql_query ($query2); $_SESSION['token_id'] = $tokenId; session_regenerate_id(); header("Location: http://localhost/mysite/index.php"); mysql_close(); exit(); } } else { echo '<br><br><p><font color="red" size="+1″>Either the Username or Password are incorrect</font></p>'; mysql_close(); exit(); } echo '<br><br><p><font color="red" size="+1″>Either the Userid or Password are incorrect</font></p>'; mysql_close(); exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled</title> <link href="_css/page_layout.css" rel="stylesheet" type="text/css" /> <link href="_css/page_text.css" rel="stylesheet" type="text/css" /> <link href="_css/sidebarLeft.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="wrapper"> <?php include('_includes/template/header.php'); ?> <?php include('_includes/template/nav.php'); ?> <?php include('_includes/template/sidebar_left.php'); ?> <div id="mainContent"> <div class="content"> <h1>Login</h1> <form action="login.php" method="post" name="login" id="login"> <table width="200" border="0"> <tr> <td><p>Username:</p></td> <td><label for="username"></label> <input type="text" name="username" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>"/></td> </tr> <tr> <td><p>Password:</p></td> <td><label for="password"></label> <input type="password" name="password" id="password" /></td> </tr> </table> <br /> <p> <label> <input type="radio" name="remember_me" value="radio" id="remember_me_0" /> Keep me logged in </label> <br /> </p> <br /> <input type="submit" name="submitLogin" value="Login" /> <input type="hidden" name="submitted" value="TRUE" /> </form> <br /> <p>Not a member? <a href="register.php">Create an account!</a></p> <br /> <p>Forgot password?</p> </div> </div> <?php include('_includes/template/sidebar_right.php'); ?> <?php include('_includes/template/footer.php'); ?> </div> </body> </html> Here's the code that shows the different menus depending on if someone is logged in or not. Code: [Select] <div class="login"> <?php echo '<p>'; echo 'Welcome '; if (isset($_SESSION['first_name'])) { echo " {$_SESSION['first_name']}!</br></br>"; } else { echo 'Guest!'; } if (isset($_SESSION['username']) AND (substr($_SERVER['PHP_SELF'], -10) != 'logout.php')) { echo '<a href="add_event.php">Add an Event</a></br> <a href="my_profile.php">My Profile</a></br> <a href="logout.php"><p>Logout</a></br>'; } else { echo '</br> <a href="register.php">Register</a></br> <a href="login.php">Login</a></br>'; } echo'</p>'; ?> </div> Hi All, I have currently been working on a login/registration system for a university project and I am now struggling with the login section. The problem is with one particular function and an if statement. The function checks to see if the username and password entered matches the username and password in the database but each time I get it echoing username/password incorrect. the function is Code: [Select] function valid_credentials($user, $pass) { $user = mysql_real_escape_string($user); $pass = sha1($pass); $total = mysql_query("SELECT COUNT(`user_username`) FROM `users` WHERE `user_username` = '{$user}' AND `user_password` = '{$pass}'"); return (mysql_result($total, 0) == '1') ? true : false; } and the statement is Code: [Select] if (valid_credentials($_POST['username'], $_POST['password']) == false) { $errors = 'Username/Password incorrect.'; } Any help would be greatly appreciated as this has been bugging me for the past 5 days :/ Hi Guys, have you got an idea how I can create a user management system with login and pw, please? I tried the below, but when I click on the "ADD NEW USER" button nothing happens <div> <fieldset> <legend>USER DETAILS</legend> <table> <tr> <td align="right"><a title='NAME' href='user_edit.php?id=1'>NAME</a></td> <td> <input class="norm" type="text" name="name" id="name" /></div> </td> <td align="right"><a title='SURNAME' href='user_edit.php?id=2'>SURNAME</a></td> <td> <input class="norm" type="text" name="surname" id="surname" /></div> </td> </tr> <tr> <td align="right"><a title='E-MAIL ADDRESS' href='user_edit.php?id=3'>E-MAIL ADDRESS</a></td> <td colspan="4"> <input class="norm" type="text" size="57" name="e-mail" id="e-mail" /></div> </td> </tr> <tr> <td align="right"><a title='LOGIN' href='user_edit.php?id=4'>LOGIN</a></td> <td> <input type="text" name="login" id="login" /></div> </td> <td align="right"><a title='PASSWORD' href='user_edit.php?id=5'>PASSWORD</a></td> <td> <input class="norm" type="text" name="password" id="password" /></div> </td> </tr> </table> </fieldset> </div> <br /> <div> <fieldset> <input type='submit' name='delete' value='DELETE USER' onclick='confirm("ARE YOU SURE?");'/> <input type='submit' name='add' value='ADD NEW USER'/> </fieldset> </div> cheers, ozzo Hello Friends, Iam in a little bit confused matter. Iam developing a website & it requires a user's banning system too so my question begin here that if i use user's IP to ban but they can easy access the website by using different proxy sites & almost ip address are dynamic not static. Banning their email is waste thing because they can create a new email within 1min. Anyone have experiences in these things ? How we can ban a user permanently from accessing the website ? |
|||||||