PHP - From Account.php To Members.php?s=account

Hi!  Trying to have it send a link to a user's email upon registration, and set it so they can't login until they click the link from their email.  Here's the register script:
<?php
   
include('config.php');
include('dateindex.php');

if($loggedin == '1')
die("You can't register another account while you're logged in.");

if(isset($_POST['submit']))
{

$callname = mysql_real_escape_string($_POST['callname']);
$uname = mysql_real_escape_string($_POST['username']);  
$password = mysql_real_escape_string($_POST['password']);  
$email = mysql_real_escape_string($_POST['email']);  

if((!isset($_POST['username'])) || (!isset($_POST['callname'])) || (!isset($_POST['email'])) || (!isset($_POST['pass'])) || ($uname == '') || ($_POST['pass'] == ''))
die("Please fill out the form completely. <br><br>
<a href=register.php>Continue</a>");

$check = @mysql_query("SELECT id FROM users WHERE username = '$uname'");
$check = @mysql_num_rows($check);

if($check > 0)
die("Sorry, that username has already been taken. Please try again.
<br><br>
<a href=register.php>Continue</a>");

function validateEmailAddress($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/@.+\./', $email);
}
if(validateEmailAddress($email) !=1) {
echo "That email address does not exist.<br /><br /><a href=register.php>Continue</a>";
exit();
}

$pass = md5($_POST['pass']);

$date = date("m/d/y");

$a =md5(uniqid(rand(), true));

$newPlayer = @mysql_query("INSERT INTO users (username, password, callname, email, registered, active) VALUES ('$uname', '$pass', '$callname', '$email', '$date', '$a')") or die("Error: ".mysql_error());

if (mysql_affected_rows() == 1) {
$body = "Thank you for registering.  To activate account click this link";

$body .= "http://localhost/testing/mbactivate.php?x=" . mysql_insert_id() . "$y=$a";

mail($_POST['email'], 'Registration Confirmed', $body, 'From:mirrorcat@airpost.net');


echo '<br />You have been registered! A confirmation email has been sent.';

exit();
}
}
else
{

echo '<form action=register.php method=post>
Callname: <input type=text name=callname><br>
Username: <input type=text name=username><br>
Email: <input type=text name=email><br>
Password: <input type=password name=pass><br>
<input type=submit name=submit value=Submit>
</form>';

}

?>



login/index:
<?php

include('config.php');

echo '<center><a href=index.php>Main</a> | <a href=myprofile.php>Profile</a> | <a href=inbox.php>Inbox</a> | <a href=page1.php>To-Do List</a> | <a href=logout.php>Logout</a></center>';

print date('g:i a - l, F jS');

echo '<br /><br />';

?>

<?php

if($loggedin == '0')
{
if(isset($_POST['submit']))
{

// Make sure all forms were filled out.

if((!isset($_POST['username'])) || 
(!isset($_POST['pass'])) 
|| ($_POST['username'] == '') || ($_POST['pass'] == ''))
die("Please fill out the form completely. <br><br>
<a href=index.php>Continue</a>");

// Get user's record from database
$player = @mysql_query("SELECT id, username, password, callname, email, registered, lastlogin FROM users WHERE username = '".$_POST['username']."'");
$player = @mysql_fetch_assoc($player);
mysql_real_escape_string($username);
mysql_real_escape_string($password);

if($player['id'] == false)
die("Sorry, that user is not in our database.<br><br>
<a href=index.php>Back</a>");
else if($player['password'] != md5($_POST['pass']))
die("Wrong password!<br><br>
<a href=index.php>Back</a>");

$_SESSION['id'] = $player['id'];
$_SESSION['username'] = $player['username'];
$_SESSION['password'] = $player['password'];
$_SESSION['callname'] = $player['callname'];
$_SESSION['email'] = $player['email'];

$date = date("m/d/y");

$update = @mysql_query("UPDATE users SET lastlogin = '$date' WHERE id = '".$_SESSION['id']."'");

echo 'You are now logged in!';

}
else
{
echo 'You are not logged in. <br><br>
<form action=index.php method=post>
Username: <input type=text name=username><br>
Password: <input type=password name=pass><br>
<input type=submit name=submit value=Submit>
</form>
Would you like to <a href=register.php>register?</a>';
}
}

else
{
echo 'You are logged in! 
Welcome, '.$_SESSION['callname'].'!';

}

?>

<br /><br />

<b>Activate Account</b><br />

<?php

 

// Validate $_GET['x'] and $_GET['y'].

 

if (isset($_GET['x'])) {

 

$x = (int) $_GET['x'];

 

} else {

 

$x = 0;

 

}

 

if (isset($_GET['y'])) {

 

$y = $_GET['y'];

 

} else {

 

$y = 0;

 

}

 

// If $x and $y aren't correct, redirect the user.

 

if ( ($x > 0) && (strlen($y) == 32)) {

 

$query = "UPDATE users SET active=NULL WHERE (id=$x AND active='" . $y . "') LIMIT 1";

 

$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());

 

 

 

// Print a customized message.

 

if (mysql_affected_rows() == 1) {

 

echo "<br><br><h3>Your account is now active. You may now log in.</h3>";

 

} else {

 

echo '<br><br><p><font color="red" size="+1">Your account could not be activated. Please re-check the link or contact the system administrator.</font></p>';

 

}

 

// mysql_close();

 

} else { // Redirect.

 

// Start defining the URL.

 

$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

 

// Check for a trailing slash.

 

if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {

 

$url = substr ($url, 0, -1); // Chop off the slash.

}

 

// Add the page.

$url .= '/index.php';

 

ob_end_clean(); // Delete the buffer.

 

exit(); 
 

} // End of main IF-ELSE.

?>

My problem is it isn't sending the code to the email specified, even though the random letters that should be sent to the email are stored in the database.  And when I test the url anyway, (x=1&y=activationcode) it returns it as false, that the code doesn't exist even though I can clearly see it in my database!  Can anyone spot any errors?

The below script WILL list one account successfully, but how come this script doesn't list more than one  account when <b>listAccounts()</b> is called?

EXAMPLE OF accounts.txt FILE:
Code: [Select]
username:blah
user526:pass
justinlh:justin


                 function listAccounts()
                {
                    //load all the accounts
                    $accounts = loadAccounts();
                    
                    //display each account in the drop-down box
                    foreach($accounts as $account)
                    {
                       $account_split = explode(':', $account);
                        
                       echo '<option value="'. $account .'">'.$account_split[0].'</option>';
                    }
                }
                
                function loadAccounts()
                {
                    /*  EXAMPLE OF ACCOUNTS.TXT
                     *  http://pastebin.com/zAPH0a4J
                     */
                    
                    $handle = fopen('accounts.txt', 'r');
                    $accounts = fread($handle, filesize('accounts.txt'));
                    fclose($handle);
                    
                    return explode('\n', $accounts);
                }

I really swear that the host I use is like screwing with me hard. Like literally will have something working one night, wake up the next day to my error log full and nothing working anymore. Or, like in this case, have the code working fine, perfectly in fact, to all of the sudden bring up all these errors and shit without changing anything I just can't figure it out.

Point being, I am working on this portal, and on the account page, you can update your info. Which for one field...

$result = queryMysql("SELECT * FROM accounts WHERE user='$user'");
   $row = $result->fetch_assoc();
$set_comp  = $row['company'];

// Check if 'Company' value is set
   if (isset($_POST['company']))
   {
      $company = sanitizeString($_POST['company']);

      if ($_POST['company'] != $set_comp)
      {
         queryMysql("UPDATE accounts SET company='$company' WHERE user='$user'");
      }
         elseif ($set_company == "")
	     {
	        queryMysql("INSERT INTO accounts (company) VALUES('$company') WHERE user='$user'");
		 }
		 elseif (empty($_POST['company']))
		 {
			$company = "";
		 }
            else 
		    {
			   $company = stripslashes($row['company']);
		    }

   }   

And the form...

Quote

<form method='post' action='account.php' enctype='multipart/form-data'>
Company:</th><td><input type='company' size='50' maxlength='40' name='company' value='$company'>
<input type='submit' value='Save Info'>
</form>

 

Now before it inexplicably stopped working, what it was doing and meant to do was display a form, that either had the information that was set, or displayed nothing because nothing was entered, and you could either put something there or change what was already there. Now it keeps telling me:

[22-Oct-2018 06:29:37 UTC] PHP Notice:  Undefined variable: company in /home/iqy0804tq6fq/public_html/portal/account.php on line 262

Also, sanitizeString and queryMysql are my own created functions, they work fine. I tried removing the elseif (empty($_POST['company'])), and just left the last else in, didn't work. It just displays empty columns now. Now also, when I try to update, it feeds me all these errors now my SQL syntax is wrong its LIKE HOW DID THIS CHANGE IN 10 SECONDS!!? I didn't DO anything for my syntax to be any different than when it worked perfectly! It's insanity.

Does anyone know of a json or php method of authenticating a youtube user without using zend?

Code: [Select]
<?php
$id = NULL;
$username = 'myYouTubeAccount'; 
$url = 'http://gdata.youtube.com/feeds/api/users/%s/uploads?orderby=updated&max-results=8';
$xml = simplexml_load_file(sprintf($url, $username));

foreach ($xml->entry as $entry) :

    $kids = $entry->children('http://search.yahoo.com/mrss/');
    $attributes = $kids->group->content[0]->attributes();
    $flv = $attributes['url'];
    $attributes = $kids->group->player->attributes();
    $link = $attributes['url']; 

    $querystring = parse_url($link,PHP_URL_QUERY);
    parse_str($querystring, $id_temp);
    $id = $id_temp['v'];
?>

<a href="<?=$link?>"> <img src="http://i4.ytimg.com/vi/<?=$id?>/default.jpg"  /> </a>

<?php endforeach; ?>

Hi friends,
  I am creating a  site where  users can add credit  to their account via Liberty Reserve, and after  that their account  will  automatically  be updated with  the amount they added so that they can use it to purchase products.. And  after any purchase,  the amount will be subtracted from their account.. I cant  really  find a  php code  to do that... i have done  a  search on here but still cant  find anything close to it.. Can someone kindly help? Thank you

Hi guys,   It's been a while that I have actively contributed to phpfreaks. I had some time consuming matters unfortunately. If it would be possible I would like to have my old account restored or reactivated. The name probably sounds familiar The restore password form doesn't seem to work (as in I receive no mails). My emailaddress hasn't changed. Thanks in advanced!   Cssfreakie   <--- the old one
Edited by cssfreakie2, 13 January 2015 - 01:35 PM.

I am using a standard form to mail script and have a few fields that I need to be required to be filled in.
This is working fine until someone enters a space character in a required field, which is being let thorugh.

How can I stop this? here the code for required fields -  I thought the trim function in the below would have taken care of this???

// This is because I originally had it require but too many people
// were used to Matt's Formmail.pl which used required instead.
if ($required)
   $require = $required;
// handle the required fields
if ($require) {
   // seperate at the commas
   $require = ereg_replace( " +", "", $require);
   $required = split(",",$require);
   for ($i=0;$i<count($required);$i++) {
      $string = trim($required[$i]);
      // check if they exsist
      if((!(${$string})) || (!(${$string}))) {
         // if the missing_fields_redirect option is on: redirect them
         if ($missing_fields_redirect) {
            header ("Location: $missing_fields_redirect");
            exit;
         }
         $require;
         $missing_field_list .= "<b><font color=\"#990000\">Missing: $required[$i]</font></b><br>\n";
      }
   }
   // send error to our mighty error function
   if ($missing_field_list)
      print_error($missing_field_list,"missing");
}

Hi guys,

I want something to be clarified.

The supervisor of my system is responsible for approving accounts. When he logged into the system he should be able to view the customer records based on customer ID. That is when he types the relevant customer ID and clicks on search button the relevant record is displayed in a form. That part is OK.

Thereafter he should approve the account by clicking on "Approve Account" button. I want to know how can he make sure relevant customer_id is approved or not.

customer table includes fields of,
  customer_id, nic, full_name, name_with_initials, address, contact_number, gender.

I want to whether i have add an extra field to my customer table saying "approves status" or whatever.
Can anyone give me a suggestion??

Thanks,
Heshan

 

Hi all

I need some help with displaying user account details i am currently able to show only the email address and i would like to show the name school name and yeargroup

heres my code for myaccount.php
<?php require_once('Connections/isn_1.php'); ?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "1,2,3,4";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && false) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "login.php?login=false";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>My Account - <?php echo($_SESSION['MM_Username']); ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css">
@import url("style.css");
</style>
</head>
<body class="about">
<!-- Start NavBar -->
<div id="topnavbar">
<dl>
<dt id="home"><a href="index.php">Home</a></dt>
        <dt id="about"><a href="about.php">About</a></dt>
        <dt id="account"><a href="myaccount.php">Account</a></dt>
        <dt id="login"><a href="login.php">Login</a></dt>
        </dl>
    <dl id="rightnavbar">
     <dt id="ISN"><a href="index.php">ISN</a></dt>
    </dl>
</div>
<!-- End NavBar -->
<div id="page-container"> 

<div id="header"> 
</div> 
    
<div id="sidebar-a"></div> 

<div id="content"> 
<div class="padding">
  <center>
    <table width="631" border="0">
      <tr>
        <td colspan="2">Personal Details</td>
          </tr>
      <tr>
        <td width="229">&nbsp;</td>
        <td width="648"></td>
          </tr>
      <tr>
        <td>Name</td>
        <td></td>
          </tr>
      <tr>
        <td>Email</td>
        <td><?php echo($_SESSION['MM_Username']); ?></td>
          </tr>
      <tr>
        <td>School Name</td>
        <td></td>
          </tr>
      <tr>
        <td>Year Group</td>
        <td></td>
          </tr>
      <tr>
        <td>DOB</td>
        <td></td>
          </tr>
      <tr>
        <td>&nbsp;</td>
        <td><a href="updateprofile.php">Modify my details</a></td>
          </tr>
        </table>
    <a href="logout.php">Logout?</a>
      </center>
</div> 
</div> 

<div id="footer"> 
<div id="altnav"> 
<a href="index.php">Home</a> - 
<a href="login.php">Login</a> - 
<a href="register.php">Register</a> - 
<a href="about.php">About</a> -
        <a href="terms.php">Terms & Conditions</a>
</div> 
<div id="copyright">&copy; 2011 InterSchoolsNetwork, All Rights Reserved - A <a href="http://jordansmithsolutions.co.uk">Jordan Smith Solutions</a> &amp; <a href="http://www.joecocorp.webs.com/">JoeCo Corp Production</a><br /> 
</div> 
</div> 
</div> 
</body>
</html>
<?php
mysql_free_result($rsUpdateUser);
?>


If you need any other code to help answer it for me then let me no please

Hi I am currently making a site where users can upload second hand books for sale, I have everything working as i wish apart from i am having trouble creating a account page where users can review the books they have posted.

so far i use the following code to bring view a the data associated with an uploaded book based on its id

Code: [Select]
  public static function getById( $id ) {
    $conn = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
    $sql = "SELECT * FROM books WHERE id = :id";
    $st = $conn->prepare( $sql );
    $st->bindValue( ":id", $id, PDO::PARAM_INT );
    $st->execute();
    $row = $st->fetch();
    $conn = null;
    if ( $row ) return new Book( $row );
  }

I think i can use a similar function for my user account however, each book entered by a user has their member id attached to it, which is gained from there id in the members table which in turn is stored in $_SESSION['id']. My question is, is there a way to rework the code above to have something like select * where member_id = $_SESSION['id']. I have tried a few things and get stuck manly due to the fact i dont know what to replace the current :id with.

Thanks in advance, i hope i explained it well enough for you lot to understand.

Ian

How would I go about creating a new user email account that can be accessed via my cpanel mail scripts (RoundCube, SquirrelMail, etc.), in PHP.

This topic has been moved to Miscellaneous.

http://www.phpfreaks.com/forums/index.php?topic=350218.0

I've been doing a lot of studying of Linux lately. I enabled the root acount to do some work. When done, even if I logout, close the terminal, or reboot, I can still access the root account without supplying the root password. So what am I not understanding or what am I doing wrong? I don't really need to disable the root account, but this is just a learning experience, and I'm not understanding why I still have access. See below:     # I needed to enable root access for something skunkbad:~$ sudo passwd root   # I did what I needed to do skunkbad:~$ sudo -i root@ubuntu-Inspiron-3647:~#   # I logout from root root@ubuntu-Inspiron-3647:~# logout   # I disable the root access per instructions from many internet references skunkbad:~$ sudo passwd -dl root   # Root access is still available, even if I close and reopen the terminal skunkbad:~$ sudo -i   # I logout from root root@ubuntu-Inspiron-3647:~# logout   # Trying to access root via su prompts for password, and old password is wrong skunkbad:~$ su Password: su: Authentication failure

I'm not a PHP Einstein, but i'm certainly not a stranger and i've never seen this behaviour before.  If you have any suggestions please let me know.  Thanks in advance.

I have multiple $_SESSION variables set when a user logs into thier account that never change unless they log out. (id, first_name, last_name, etc.)  I have one additional variable set for logged-in users that keeps track of the last "Account" page they visited (info, settings, main, etc.), so that when they leave their "Account" pages to browse the site and then return to "Account", they will land on the last "Account" page they visited.  The issue is this - When a logged-in user sits idle for a while, the $_SESSION variables that were set when they first logged in are lost.  Only those variables.  Not the "Account" page variable or other misc variables that are created during thier browsing of pages.  I don't have any inactivity or idle functionality that would log them off.  I dont have any code that unsets these variables unless they click "log out".  And if they do click "log out", the "Account" page variable would be unset too.

Any ideas? 

Hi, I don't know why it outputs" You are now registered BUT the user name and password don't show up in the database! I want to encrypt the passwords so maybe that is problem, I don't know, please read scripts below.

here is register.php:
==============
Code: [Select]
<html>
<head></head>
<body>
<form method="post" action="" >
<p>Create a username
<input type="text" name="newUsername"/>
</p>
<p>Create a password
<input type="password" name= "newPassword" />
</p>
<p>
<input type="submit" value="Make account now" name="makeAccountSubmit" />
</p>
</form>

<?php

if(array_key_exists("makeAccountSubmit",$_POST) && !empty($_POST["newUsername"]) && !empty($_POST["newPassword"]) ) {

//IF username doesn't exist, then store new user login info to db dummydpevx
mysql_connect("localhost","root");
mysql_select_db("someDB");
$newUserName=$_POST["newUsername"];
$newPassword=crypt($_POST["newPassword"]);

$usernameQuery=mysql_query("SELECT userName FROM users WHERE userName='$newUserName'");
if(mysql_num_rows($usernameQuery)==0) {
$makeNewAccountQuery=mysql_query("INSERT INTO users userName,userPassword VALUES('$newUserName','$newPassword')");
print "You are now registered, <a href='login.php'>proceed to login</a>";
}
if(mysql_num_rows($usernameQuery)==1)
print "Username taken. Please make another one. <br />";
}

here is login.php:
============
Code: [Select]
<html>
<head></head>
<body>
<form method="post" action="">
<label>Username:</label>
<input type="text" name="username" />
<br />
<label>Password:</label>
<input type="password" name="password" />
<p>
<input type="submit" value="Login" name="Login" />
<input type="reset" value="Reset" name="Reset" />
</p>

</form>
<?php
if(array_key_exists("Login",$_POST) && !empty($_POST["username"]) && !empty($_POST["password"])) {
$attemptedUsername=$_POST["username"];
$attemptedPassword=$_POST["password"];

mysql_connect("localhost","root");
mysql_select_db("someDB");

$getLoginInfoQuery=mysql_query("SELECT userName,userPassword FROM users WHERE userName=$attemptedUsername AND userPassword=$attemptedPassword");
$getLoginInfo=mysql_fetch_assoc($getLoginInfoQuery);
$getUsername=$getLoginInfo["userName"];
$getPassword=crypt($getLoginInfo["userPassword"]);

if(crypt($attemptedPassword,$getPassword)==$getPassword) {
session_start();//NB: Start session BEFORE doing any session stuff!
$_SESSION["isAuthenticated"]="userAuthenticated";
header("Location: xmlShredderIndex.php");
exit;
}
else
print "Please register!";
}

Also, if any has time, please see my other post, it is straightforward instructions to see if you get same error as me, thanks.
http://www.phpfreaks.com/forums/index.php?topic=347639.msg1640652#msg1640652

Any help much appreciated!