|
PHP - User Profiles And Following Users
Hi, for my coursework i need to make a microblogging website, similar to that of Twitter
I have created a MySQL Database, and also the login and registration forms I am able to log in as a user and also change user submitted information i.e. Name, About Me etc The problem i am having is that when i access the logged in users profile page e.g. John Doe, i can access it fine However, when i wish to access say James Smith or any other user, i am redirected back to John Doe's profile login.php Code: [Select] $query = mysql_query("SELECT * FROM users WHERE username = '$user'") or die(mysql_error()); $login = mysql_fetch_array($query); if(md5($pass) == $login['password']) { $_SESSION['user'] = $login['id']; header("Location: home.php"); } home.php Code: [Select] <?php include ('includes/connect.php'); session_start(); $query = mysql_query("SELECT * FROM users WHERE id = " . $_SESSION['user'] . ""); $user = mysql_fetch_assoc($query) ?> <a href="profile.php?id=<?php echo $user['id']; ?>"> Profile | </a> users.php Code: [Select] <?php include ('includes/connect.php'); session_start(); $query = mysql_query("SELECT * FROM users WHERE id = " . $_SESSION['user'] . ""); $user = mysql_fetch_assoc($query) ?> <?php $members = mysql_query("SELECT * FROM users"); while($allusers = mysql_fetch_assoc($members)) { echo "<table> <tr> <td> <a href=\"profile.php?id=" . $allusers['id'] . "\">" . $allusers['fullname'] . "</a> </td> </tr> </table>"; } ?> In all honesty i do know that the fault lies with the $_SESSION bit of the code since everything i do will only access the profile of the user who is logged in However i dont know how i am able to allow the logged in user to access their own profile as well as view other people's profile. Another problem is how do i follow users? I have a table called 'follow' I have two columns, user_id and follower_id, both being foreign keys However i honestly dont understand how to use PHP code to make users follow each other If anyone could assist me with any part of this i would be very grateful Thank You Similar TutorialsHey guys, Im trying to get a page to update profiles working and have been unsuccessful. Its a basic form with a server.php to process the updates. Server.php
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
$location = mysqli_real_escape_string($db, $_POST['location']);
$class = mysqli_real_escape_string($db, $_POST['class']);
$id = mysqli_real_escape_string($db, $_POST['id']);
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
if (count($errors) == 0) {
$password = password_hash($password_1, PASSWORD_DEFAULT);
$query = "(UPDATE accounts SET password='".$password."', username='".$username."', email='".$email."', role='".$role."', class='".$class."' )";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "Update Successful for user: " . $username;
header('location: index.php');
}
}
update.php
<?php
session_start();
if (!isset($_SESSION['loggedin'])) {
header('Location: ../login.php');
exit();
}
if($_SESSION['class'] == 'user') {
// Jump to user page
header('Location:../user/home.php');
}
?>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>New User Registration</title>
<link rel="stylesheet" type="text/css" href="../css/style.css">
<link href="../css/navbar.css" rel="stylesheet" type="text/css">
</head>
<body>
<?php include "../assets/navbar.php" ?>
<div class="header">
<h2>Update User Info</h2>
</div>
<form method="post" action="server.php" class="form2">
<?php include('errors.php'); ?>
<?php
if (isset($_SESSION['success']) && ! empty($_SESSION['success'])) {
echo "<div class='success'>" . htmlentities($_SESSION['success']) . "</div>";
unset($_SESSION['success']);
}
$id = $_REQUEST['id'];
$username = $_REQUEST['username'];
$location = $_REQUEST['role'];
$email = $_REQUEST['email'];
$password = $_REQUEST['password'];
$class = $_REQUEST['class'];
?>
<div class="input-group">
<input type="hidden" name="id" placeholder="<?php echo $id; ?>" value="<?php echo $id; ?>">
</div>
<div class="input-group">
<input type="text" name="username" placeholder="<?php echo $username; ?>" value="<?php echo $username; ?>">
</div>
<div class="input-group">
<input type="email" name="email" placeholder="Email Address?" value="<?php echo $email; ?>">
</div>
<div class="input-group">
<input list="location" name="location" class="form-control" placeholder="<?php echo $location; ?>" required>
<datalist id="location">
<option value="Manny">
<option value="Nate">
<option value="Jay">
<option value="Imran">
<option value="Sanat">
<option value="Minahan">
</datalist>
</div>
<div class="input-group">
<input list="class" name="class" class="form-control" placeholder="<?php echo $class; ?>" required>
<datalist id="class">
<option value="user">
<option value="admin">
<option value="disabled">
</datalist>
</div>
<div class="input-group">
<input type="password" placeholder="Password" name="password_1">
</div>
<div class="input-group">
<input type="password" placeholder="Confirm Location" name="password_2">
</div>
<div class="input-group">
<button type="submit" class="btn" name="reg_user">Update</button>
</div>
</form>
</body>
</html>
When I process the update it gives me a success message but the data in the table is not updated at all. Any suggestions on what im doing wrong here? ok, so I have this code: Code: [Select] <?php if (isset($_POST['submitted'])) { include('connect1.php'); $category = $_POST['category']; $criteria = $_POST['criteria'] ; $query = ("SELECT name, badges, rank, userid FROM members WHERE $category LIKE '%".$criteria."%'"); $result = mysqli_query($dbcon, $query) or die('error getting data'); $num_rows = mysqli_num_rows($result); echo "$num_rows results found"; echo "<table width=\"896\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">"; echo "<tr bgcolor=\"#F7E496\"><td bgcolor=\"#F7E496\"><strong>name</strong></td><td bgcolor=\"#F7E496\" ><strong>Merit Badges</strong></td><td bgcolor=\"#F7E496\"><strong>Rank</strong></td><td bgclor=\"#F7E496\"></td></tr>"; while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {$color = ($color == 'white')?'#fffccc':'white'; echo "<tr bgcolor='$color'><td> <input type=\"text\" name=\"userid\" id=\"userid\" value='".$row['userid']."'>"; echo $row['name']; echo " </td><td> <form action=\"scout.php\" method=\"post\"> <textarea name=\"badges\" id=\"badges\" cols=\"40\" rows=\"3\" type=\"textarea\">".$row['badges']."</textarea></td><td> <span class=\"adfa\"> </span> <select name=\"rank\" id=\"rank\"> <option value=\"Scout\">Scout</option> <option value=\"Tenderfoot\">Tenderfoot</option> <option value=\"Second Class Scout\">Second Class Scout</option> <option value=\"First Class Scout\">First Class Scout</option> <option value=\"Star Scout\">Star Scout</option> <option value=\"Life Scout\">Life Scout</option> <option value=\"Eagle Scout\">Eagle Scout</option> <option value=\"\" selected=\"selected\">".$row['rank']."</option> </td><td>"; echo "<input type=\"submit\" name=\"submit\" id=\"submit\" value=\"Save\" /> "; echo "</form>"; } echo "</table>"; echo "</td></tr>"; } ?> and this is the code that does the posting: Code: [Select] <?php session_start(); // Must start session first thing /* Created By Adam Khoury @ [URL=http://'http://www.flashbuilding.com/']www.flashbuilding.com[/URL] -----------------------June 20, 2008----------------------- */ // Here we run a login check if (!isset($_SESSION['id'])) { echo 'Please <a href="login.php">log in</a> to access your account'; exit(); } //Connect to the database through our include include_once "connect_to_mysql.php"; // Place Session variable 'id' into local variable $userid = $_SESSION['id']; // Query member data from the database and ready it for display // Process the form if it is submitted if ($_POST['submit']) { $badges = $_POST['badges']; $userid = $_POST['userid']; $rank = $_POST['rank']; $sql = mysql_query("UPDATE members SET badges='$badges', rank='$rank' WHERE userid='".$_GET['userid']."'"); printf("Records updated: %d\n", mysql_affected_rows()) ; exit(); } // close if post ?> So what I need to know is how I can make it so that each result has it's user id associated with it......and I can update multiple rows at once according to each userid that is associated..........right now I can only get it to do one if I add on ?userid=".$row['userid']." in the first piece of code.......how can I make it update lets say 78 as soon as I click submit...... PS I know there will be a submit button with each row right now.......I will move it out of the loop later..... Hello everybody,
I am honestly quite a newb when it comes to mod_rewrite.
We run a small social media page with different areas and I would like to change the URLs to something more clean and professional.
User profiles look like this:
http://www.sky-mp3.com/index.php?action=cm&siteid=59&wahl=artists&tat=details&keyid=477siteid 59 is the artists list and the keyid at the end is the ID of the artist but should be like: http://www.sky-mp3.com/mischuraor in worse case like: http://www.sky-mp3.com/user/mischuraCMS pages look like this: http://www.sky-mp3.com/index.php?siteid=106but should be like: http://www.sky-mp3.com/charts(page name instead of siteid) What I know so far: - I have to add something to the .htaccess file - I need to change something in the code (but I don`t know where) Im good he? What would be the first step on the path to clean URLs for me? I found alot of infos here and there but found nothing yet for this specific case. Kind regards from and thx in advance from Cologne Hello I am trying to have an index page saying "Your browser is XYZ and you are using version 123" However I seem to be only able to do it if I stick in a lot of if else statements. e.g <?php require_once('Browser.php'); $browser = new Browser(); if( $browser->getBrowser() == Browser::BROWSER_FIREFOX && $browser->getVersion() >= 2 ) { echo 'You have FireFox version 2 or greater'; } ?> I want it so I only need to do something like <?php require_once('Browser.php'); $browser = new Browser(); echo 'You are using' . $browser_name . 'version' . $broswer_version; ?> I have been trying for a while to get it to work, but I can't seem to be able to do it. Is there any esay way of doing it or will I need to do it like in my example? Quote Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/largemus/public_html/assets/inc/upcoming.php on line 15 i have hidden connection details for this example Code: [Select] <?php $host=""; // Host name $username=""; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name=""; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect server "); mysql_select_db("$db_name")or die("cannot select DB"); $sql="SELECT * FROM $tbl_name WHERE user = $session->clientid ORDER BY date ASC LIMIT 3;"; $result=mysql_query($sql); while($rows=mysql_fetch_array($result)){ ?> <div style="width:385px;"> <table style="width: 385px; text-align:center;"> <tr> <td style="width: 121px"><h3>Client</h3></td> <td style="width: 100px"><h3>Occasion</h3></td> <td style="width: 80px"><h3>Location</h3></td> <td><h3>Date</h3></td> </tr> </table> <table style="width: 385px"> <tr> <td style="width: 121px"> <p><? echo $rows['clientid']; ?></p> </td> <td style="width: 100px"> <p><? echo $rows['occasion']; ?></p> </td> <td style="width: 80px"> <p><? echo $rows['location']; ?></p> </td> <td> <p><? echo $rows['date']; ?></p> </td> </tr> </table> </div> <? } mysql_close(); //close database ?> Hi folks, I had a working, editable profile but it wasn't visible to other users. So I'm trying to make that conversion now. Here's the current 'myprofile' code: <?php session_start(); include('config.php'); include('date.php'); $id = $_GET['id']; $sql = mysql_query("SELECT * FROM members WHERE id = '$id' LIMIT 1"); $check = mysql_num_rows($sql); $check = mysql_query($sql_user_verify) or die('Cannot Execute:'. mysql_error()); if ($check > 1) { echo "No one matches that id number!"; exit(); } if($check == 1) { while($row = mysql_fetch_array($sql)) { $user = $id; echo "<h2>Profile</h2> <table>"; $row = mysql_fetch_array($sql); echo "<tr><th>ID#:</th><td>".$user."</td></tr> <tr><th>Name: </th><td>".$row['callname']."</td></tr> <tr><th>Email: </th><td>".$row['email']."</td></tr> <tr><th>Password: </th><td><input type='password' value='".$row['password']."' disabled='true' /></td></tr> <tr><th>Registered: </th><td>".$row['registered']."</td></tr> <tr><th>Last Login: </th><td>".$row['lastlogin']."</td></tr>"; echo "</table><br />"; } if($id = $_SESSION['id']) { echo "<h2>Profile</h2> <form method='post' action='editprofile.php'> <table>"; $row = mysql_fetch_array($sql); echo "<tr><th>ID#:</th><td>".$user."</td></tr> <tr><th>Name: </th><td>".$row['callname']."</td></tr> <tr><th>Email: </th><td>".$row['email']."</td></tr> <tr><th>Password: </th><td><input type='password' value='".$row['password']."' disabled='true' /></td></tr> <tr><th>Registered: </th><td>".$row['registered']."</td></tr> <tr><th>Last Login: </th><td>".$row['lastlogin']."</td></tr>"; echo "</table><br /> <input type='submit' value='edit profile' /> </form>"; } } else { die (); } ?> <?php include('footer.php'); ?> Here's the link to the user's own profile: <a href=myprofile.php?id='.$id.'>Profile</a> And here's the edit profile link, which works fine: <?php include('config.php'); include('date.php'); if(isset($_POST['btnedit'])){ $callname = $_POST['callname']; $email = $_POST['email']; $password = $_POST['password']; $sql = mysql_query( "UPDATE users SET callname='".$callname."', email='".$email."', password='".$password."' WHERE id='".$_SESSION['id']."'" ); if($sql){ echo "<script>alert('profile updated');window.location='myprofile.php'</script>"; }else{ echo "<script>alert('updating profile failed!');</script>"; } } $sql = mysql_query( "SELECT * FROM users WHERE id='".$_SESSION['id']."'" ); $row = mysql_fetch_array($sql); $userfinal = $_SESSION['id']; $user = $userfinal; echo "<h2>Edit profile</h2> <form method='post'> <table><tr><th>ID#:</th><td>".$user."</td></tr> <tr><th>Name:</th><td><input type='text' name='callname' value='".$row['callname']."'/></td></tr> <tr><th>Email:</th><td><input type='text' name='email' value='".$row['email']."'/></td></tr> <tr><th>Password:</th><td><input type='password' name='password' value='".$row['password']."'/></td></tr> <tr><th>Registered:</th><td>".$row['registered']."</td></tr> <tr><th>Last Login:</th><td>".$row['lastlogin']."</td></tr> </table><br /> <input type='submit' name='btnedit' value='update' /> </form>"; ?> <?php include('footer.php'); ?> It fails, it says the query was empty, even though there are user accounts created and information is being stored (as it worked fine before I tried editing the code to make it public. What am I doing wrong? Ok, so I need to know how I can get these codes to interact and work to update multiple rows/columns in a database. this code is what pulls the query and displays info(it displays fine): Code: [Select] <?php if (isset($_POST['submitted'])) { include('connect1.php'); $category = $_POST['category']; $criteria = $_POST['criteria'] ; $query = ("SELECT name, badges, rank, userid FROM members WHERE $category LIKE '%".$criteria."%'"); $result = mysqli_query($dbcon, $query) or die('error getting data'); $num_rows = mysqli_num_rows($result); echo "$num_rows results found"; echo "<table width=\"896\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">"; echo "<tr bgcolor=\"#F7E496\"><td bgcolor=\"#F7E496\"><strong>name</strong></td><td bgcolor=\"#F7E496\" ><strong>Merit Badges</strong></td><td bgcolor=\"#F7E496\"><strong>Rank</strong></td><td bgclor=\"#F7E496\"></td></tr>"; while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {$color = ($color == 'white')?'#fffccc':'white'; echo "<tr bgcolor='$color'><td> "; echo $row['name']; echo " </td><td> <form action=\"scout.php\" method=\"post\"> <input type=\"text\" name=\"userid\" id=\"userid\" value='".$row['userid']."'> <textarea name=\"badges[]\" id=\"badges\" cols=\"40\" rows=\"3\" type=\"textarea\">".$row['badges']."</textarea></td><td> <span class=\"adfa\"> </span> <select name=\"rank[]\" id=\"rank\"> <option value=\"Scout\">Scout</option> <option value=\"Tenderfoot\">Tenderfoot</option> <option value=\"Second Class Scout\">Second Class Scout</option> <option value=\"First Class Scout\">First Class Scout</option> <option value=\"Star Scout\">Star Scout</option> <option value=\"Life Scout\">Life Scout</option> <option value=\"Eagle Scout\">Eagle Scout</option> <option value=\"\" selected=\"selected\">".$row['rank']."</option> </td><td>"; } echo "</td></tr>"; echo "</table>"; echo "<input type=\"submit\" name='submit[]' id=\"submit\" value=\"Save\" /> </form>"; } ?> and this code is what is supposed to update the database: Code: [Select] if ($_POST[submit]){ foreach ($_POST[rank] as $key => $value) { $badges = $_POST['email1'][$key]; $userid1 = $_POST['userid'][$key]; $q = "UPDATE members SET badges='$badges', rank='$rank' where userid='$userid1'"; $sql = mysql_query($q) or die("Problem with the query: $q<br>" . mysql_error()); printf("Records updated: %d\n", mysql_affected_rows());} exit(); } // close if post again, I am really new to arrays and don't know If i am using them right here......... Not sure where to start, and it may not be entirely PHP. I am helping a friend with a small social network (5,000 users). They want to add a feature where each user gets given their own email account in the format username@domain.com with domain.com being the domain of the social network. Is this too much? I've never thought of anything like this before. How would we create the email accounts? Can PHP do it? Would it be an API through the web host / email space provider? Hello
I am trying to work out how many regular users I have to my site and how long those users tend to be users..
So, I have a table that logs every time a user visits my site and logs in, it stores the date / time as a unix timestamp and it logs their user id.
I started by getting the id's of any user who logs in more than 5 times in a specified period, but now I want to extend that...
SELECT userID as user, count(userID) as logins FROM login_history where timestamp > UNIX_TIMESTAMP('2014-06-01 00:00:00') and timestamp < UNIX_TIMESTAMP('2014-07-01 00:00:00') group by user having logins > 5;
I just discovered that I have a major security flaw with my website. Anyone who logs in to the website can easily access other users information as well as delete and edit other users information just by changing the ID variable in the address bar. I have user ID Session started on these pages but still people can do anything they like with other users information just by editing the address bar. For example if your logged in in the address bar of www.mywebsite.com/delete_mystuff.php?id=5 and change the "5" say to a "9" then you will have access to user#9 information. Every important page that I have has this code: Code: [Select] session_start(); if (!isset($_SESSION['user_id'])) { // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/index.php'; ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { //Else If Logged In Run The Script if((isset($_GET['id'])) && (is_numeric($_GET['id']))) { $id = (int) $_GET['id']; } elseif ((isset($_POST['id'])) && (is_numeric($_POST['id']))) { $id = (int) $_POST['id']; } else { echo ' No valid ID found, passed in url or form element'; exit(); } What am I doing wrong? Please help if you know how to correct this. Many thanks in advance. hi, i have made a website where people resgister their details of them and products. they have to enter the following details in form Name of company name of the product company address email id password mobile number contact and brief details about their company
user can then login with email id and pwd. now after login ..user will get a page where he can upload the photos of products images and their price, so now my question is that when he finishes uploading (|by clicking on upload button) the product images and price text box ..then on final uploaded webspage it should show all other things which he registerd before (company name , mobile number etc) along with images and price...hence the main question that user does not need to enter mobile and address while uploading images and filling proce ..but on the final page it should show mobile and address along with price and images..as user is not going to enter mobile and address again and again as he will have multiple products to upload.
I would appreciate your assistance, there are tons of login scripts and they work just fine. However I need my operators to login and then list their activities for the other operators who are logged in to see and if desired send their clients on the desired activity. I have the login working like a charm and the activities are listed just beautifully. How do I combine the two tables in the MySQL with PHP so the operator Logged in can only make changes to his listing but see the others. FIRST THE ONE script the member logges in here to the one table in MSQL: <?php session_start(); require_once('config.php'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $login = clean($_POST['login']); $password = clean($_POST['password']); if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); if($result) { if(mysql_num_rows($result) == 1) { session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: member-index.php"); exit(); }else { header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> ................................................. ................................ Now I need the person who logged in to the table above to be able to make multiple entries to the table below <? $ID=$_POST['ID']; $title=$_POST['title']; $cost=$_POST['cost']; $activity=$_POST['activity']; $ayear=$_POST['aday']; $aday=$_POST['ayear']; $seats=$_POST['special']; $special=$_POST['seats']; mysql_connect("xxxxxx", "xxx350234427", "========") or die(mysql_error()); mysql_select_db("xxxx") or die(mysql_error()); mysql_query("INSERT INTO `activity` VALUES ('ID','$title', '$cost','$activity', '$aday', '$ayear', '$special', '$seats')"); Print "Your information has been successfully added to the database!" ?> Click <a href="member-profile.php">HERE</a> to return to the main menu <?php ?> Hi, so far I have managed to set up a somewhat basic login website with a mysql database backend. Once they have logged on they go to a "main menu" page. What I need to define is that user A sees button A but only that button, etc. (Then of course that same rule would have to apply if they tried to directly go to the page, but I am guessing I can do that in the same way that I currently do to force a login). If anyone has any tutorials or sample code I would much appreciate it. Thanks, Actually, what i want to do is to use the email to fetch the $email,$password and $randomnumber from database after Hi, I am getting frustrated beyond belief at the moment with trying to get a very simple script to run, I am using PHP 5.3.3 and MySQL 5.1 on a Win2k8 server with IIS7.5. Basically my script is connecting to a local database, running a single select query, returning those rows and building up a string from them. The problem is that I am receiving complete BS responses from PHP that the access is denied for the user being specified. This is complete rubbish since the user can connect via mysql, sqlyog, ASP.NET MVC without issue but for some bizarre reason it is not working via PHP. The code for the script is here : Code: [Select] <?php $mysql = mysql_connect('127.0.0.1:3306', 'myuser', 'mypass', 'mydatabase'); if (!$mysql) { die(mysql_error()); $content = "<nobr></nobr>"; } else { $result = mysql_query('SELECT * FROM tblEventGroup'); $content = "<nobr>"; if ($result) { while($row = mysql_fetch_assoc($result)) { $content .= "<span>"; $content .= $row['GroupName']; $content .= "</span>"; $content .= "<a href=\"../Event/EventSearch?groupid="; $content .= $row['GroupId']; $content .= "\" target=\"_blank\">Book here</a> "; } } mysql_close($mysql); $content .= "</nobr>"; } ?> I cannot for the life of me understand what the problem is, the return error is Access denied for user 'myuser'@'localhost' (using password: YES) Hi guys, I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else. I have got the system to work up as far as: 1/ The user logs in 2/ Once logged in they are re-directed to their own page using 'theirusername.php' Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page. This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working! Please find below the code I am using: LOGIN <?php session_start(); function dbconnect() { $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error()); } ?> <?php if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; $_SESSION['name'] header("Location:" . strtolower($username) . ".php"); } ?> HEADER ON EACH PHP PAGE <?php session_start(); if(!isset($_SESSION['loggedin'])) { die(Access to this page is restricted without a valid username and password); ?> --------------------------------------------------- Am I right in thinking it is something to do with the "loggedin" part? The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php" Any help would be greatly appreciated! Ta Hallo everybody,
i have the following code.
but i get allways this error while the user exist in the database.
User not found!
what do i do wrong?
thank you very much for your help
Rafal
<html>
<head>
<?php
$connection = mysql_connect("db.xyz.com", "username", "password")
or die ("connection fehler");
mysql_select_db("db0123456789")
or die ("database fehler");
$email = $_POST["inp_email"];
$pwd = $_POST["inp_pwd"];
if($email && $pwd)
{
$chkuser = mysql_query("SELECT email FROM gbook WHERE email = '($email)' ");
$chkuserare = mysql_num_rows($chkuser);
echo $email;
echo $pwd;
if ($chkuserare !=0)
{
$chkpwd = mysql_query("SELECT pwd FROM gbook WHERE email = '($email)' ");
$pwddb = mysql_fetch_assoc($chkpwd);
if ($pwd != $pwddb["pwd"])
{
echo "password is wrong!";
}
else
{
echo "login successed";
}
}
else
{
echo "User not found!";
}
}
else
{
echo "Pleas enter your email and password!";
}
mysql_close($connection);
?>
</head>
<body>
<form action="login.php" method="post">
Email <input type="text" name="inp_email"><br>
Password <input type="text" name="inp_pwd"><br>
<input type="submit" name="submit" value="login">
</form>
</body>
</html>
Edited by rafal, 21 September 2014 - 04:33 PM. Hello, i've got some shop script which has 2 payment modules which i'd like to use for something else, the payment modules only work if the user is logged in though, i tried to make them standalone scripts but that didn't work out too well. So now i decided to go another way and just let everyone have the same session so everyone will be using the same username&password automatically. the index file looks like this: Code: [Select] <?php include('./inc/config.php'); include('./inc/functions.php'); include('./lang/'.$language.'.lng'); $id = addslashes($_REQUEST["id"]); $user = addslashes($_REQUEST["username"]); $pass = addslashes($_REQUEST["password"]); $language = strtolower($language); if(empty($id)) $id =1; $file = mysql_query('SELECT * FROM navi_'.$language.' WHERE id="'.$id.'"'); if(mysql_num_rows($file)>0) $file = mysql_fetch_array($file); else $file = mysql_fetch_array(mysql_query('SELECT * FROM navi_'.$language.' WHERE id="404"')); if(!empty($user) AND !empty($pass)) {$query = mysql_query('SELECT * FROM users WHERE username="'.$user.'" AND pass="'.md6($pass).'"'); if(mysql_num_rows($query) == 1) {$_SESSION[$session_prefix."user"] = ucfirst($user); echo'<meta http-equiv="refresh" content="0; url=index.php?id=8">';} else $error = 'Username oder Passwort ist falsch.';} include('./designe/'.$designe.'/head.tpl'); include('./designe/'.$designe.'/navi.php'); include('./designe/'.$designe.'/middle.tpl'); if(file_exists('./pages/'.$file["file"])) {echo'<h1>'.ucfirst($file["title"]).'</h1>'; include('./pages/'.$file["file"]);} if(!empty($error)) echo '<font color="red">'.$error.'</font>'; include('./designe/'.$designe.'/foot.tpl'); ?> Now i tried alot of things including adding: Code: [Select] session_start(); $_SESSION["username"] = "peter"; $_SESSION["user"] = "peter"; $_SESSION["id"] = "1"; $_SESSION["pass"] = "peter"; $_SESSION["password"] = "peter"; or Code: [Select] $id = "1"; $user = "peter"; $username = "peter"; $pass = "peter"; $password = "peter"; also a combination of both, nothing works, but i don't understand why ? Any help is appreciated. /Edit, i tried adding it to the paymentmodule .php aswell, but no luck. Hallo everybody,
the user is in the table, but i get error (user not found!).
thank you very much for your help
Rafal
<!DOCTYPE html>
<html>
<head>
<title>index</title>
<meta http-EQUIV="CONTENT-LANGUAGE" content="en">
<?php
SESSION_START();
include("abc.php");
$link2 = mysqli_connect("$hoster", "$nameuser", "$password", "$basedata")
or die ("connection error" . mysqli_error($link2));
$email = $_POST["inp_email"];
$pwd = $_POST["inp_pwd"];
if($email && $pwd)
{
$chkuser = mysqli_query("SELECT email FROM $table2 WHERE email = '$email' ");
$chkuserare = mysqli_num_rows($chkuser);
if ($chkuserare !=0)
{
$chkpwd = mysqli_query("SELECT pwd FROM $table2 WHERE email = '$email'");
$pwddb = mysqli_fetch_assoc($chkpwd);
if (md5($pwd) != $pwddb["pwd"])
{
echo "Password is wrong!";
}
else
{
$_SESSION['username'] = $email;
header ('Location:list.php');
}
}
else
{
echo "user not found!";
}
}
else
{
echo "enter your Email and Password!";
}
mysqli_close($link2);
?>
</head>
<body style="font-family: arial;margin: 10; padding: 0" bgcolor="silver">
<font color="black">
<br>
<form action="index.php" method="post">
<b>Login</b><br><br>
<table width="100%">
<tr><td>
Email:<br><input type="text" name="inp_email" style="width:98%; padding: 4px;"><br>
Password:<br><input type="password" name="inp_pwd" style="width:98%; padding: 4px;"><br>
<br>
<input type="submit" name="submit" value="Login" style="width:100%; padding: 4px;">
</td></tr>
</table>
</form>
</font>
</body>
</html>
im new , and ... i hate tutorials .. books .. anything that does not make u part of the deal - .. thats why i started by creating something and learning from my mistakes at the same time .. i like this way of learning .. soo , while im building and trying things out .. i started thinking how the server know the person with this link is really U ? .. when u start just linking pages to each other its just a matter of finding out what is the link to do what ever u want with the users personal pages ! .. i know my questions r stupid but i just hate to go and write lessons without any effort im confused with the concept of SESSIONS and COOKIES , r they the unswer to this security problem ? how u can work with them .. ? im not asking for codes .. just general ideas about users and how they control their profiles and stuff with full security ? ill be very thankful if i get any answer ^^ |
|||||||