PHP - Using Php To Link User Accounts To Their Purchases?

I am having a problem with my User Log-In...


When a User creates an account on my website, an e-mail is sent that looks like this...
Quote

Congratulations!

Your account has been created, and a confirmation e-mail sent to: "john.doe@mail.com"

Please click on the link in that e-mail to activate your account.



Then when they click on the link, it takes them to my 'activate.php" page which updates the User's record by removing the Activation Code.

The "Activation" seems to work fine.  However, the problem that I just realized is that I am doing nothing to prevent someone from Registering, NOT Activating his/her account, but still being able to Log In?!

I guess what I need to do when a User logs in is check to be sure that the "activation_code" column is NULL, right?

Here is a snippet of my Log In script...

if (empty($errors)){
// Valid form data.

// ************************
// Find Member Record. *
// ************************

// Connect to the database.
require_once(WEB_ROOT . 'private/mysqli_connect.php');

// Build query.
$q = 'SELECT id, first_name
FROM member
WHERE email=? AND pass=?';

// Prepare statement.
$stmt = mysqli_prepare($dbc, $q);

// Bind variables to query.
mysqli_stmt_bind_param($stmt, 'ss', $email, $pass);

// Execute query.
mysqli_stmt_execute($stmt);

// Store results.
mysqli_stmt_store_result($stmt);

// Check # of Records Returned.
if (mysqli_stmt_num_rows($stmt)==1){
// Member was Found.

// Bind result-set to variables.
mysqli_stmt_bind_result($stmt, $memberID, $memberFirstName);

// Fetch record.
mysqli_stmt_fetch($stmt);

// Set Session variables.
$_SESSION['memberID'] = $memberID;
$_SESSION['memberFirstName'] = $memberFirstName;
$_SESSION['loggedIn'] = TRUE;


What would be the best way to fix this?

Thanks,


Debbie

hi all, i have a page which lists all of my registered users from the mysql database but i want the ability to edit an account,

here is my list users code (just shown the appropiate code and not the rest):

Code: [Select]
<?php

require ('../secure/connect.php');


$sql = "SELECT * FROM users ORDER BY user_level ASC";
$result=mysql_query($sql);

echo '<table width="80%" border="0" cellspacing="5" cellpadding="0">';

echo ' <tr>
    <th><p align="left">User ID:</th>
    <th><p align="left">User Level:</th>
<th><p align="left">Username:</th>
<th><p align="left">User Title:</th>
<th><p align="left">Email:</th>
<th><p align="left">Actions:</th>
  </tr>';

while($rows=mysql_fetch_array($result)){
?>



<tr>
<td><?php echo $rows['userid']; ?></td>
<td><?php echo $rows['user_level']; ?></td>
<td><?php echo $rows['username']; ?></td>
<td><?php echo $rows['user_title']; ?></td>
                <td><?php echo $rows['email']; ?></td>
<td><a href="edit_account.php?id=">Edit Account</a></td>
</tr>

<?php
}
?>

this lists my users nicely, as you can see i put it a edit account action at the end with a empty id= because that may be a way of doing it but im not sure what else to do or if there is a better way of doing it. any help would be great!

Not sure if this is related to the thread but I do think that it is    I have a server using Apache   I tried to set up an email doing something@domain.com   I tried to point the MX records to the server  It still doesn't work, if I try to send anything to that email, I get a response saying "Recepient not found" smtp.secureserver.net... blah    Since I changed the MX records to something other than smtp.secureserver.net, I don't know why I still get that message    I was trying to save on spending the $3.95 or whatever for email with office 365 haha    Any help would be greatly appreciated  Still, logically one question is obvious, don't I need to specify the storage location of the email... ? I mean there was an option in Cpanel where I created the email account but I don't understand what that means... did it configure a storage location? I don't know...   This probably is not an appropriate thread section for this question 
Edited by greenace92, 04 December 2014 - 05:18 AM.

Hello!

I want to build a script to basically keep track of the number of hosting accounts that are currently on each server. I have roughly 30 servers (root access,  WHM, cPanel) that I would like to be able to track all of from a single page. Could someone help/point me in the right direction/offer any input?


thanks! much appreciated!

I am looking to see if I could use one of the paypal features to pay two diffierent account from a single transaction and does paypal does that automatically?..

I was checking the immediate payment for a third party from the express checkout but I don't know that much about it.
Does anyone knows how to achieve this?

How can i detect someone who is using proxy and has 2 or more accounts on my website?Or anyway, the important thing for me it is that they dont cheat because i have a competition and its forbidden to have 2 or more accounts.

Hello all,
I am a total noob in php and some VIP asked me to make something simple for our clubhouse;
A page where users can submit/input 2 codes through a textbox and store it in a database.

There are 2 things i want: max 2 submits/inputs per IP(to prevent abuse)(ip stored in database).
$ip = $_SERVER['REMOTE_ADDR'];
$check = mysql_query("select * from table where ipcolumn='$ip'");
if (mysql_num_rows($check) > 0)
$insertip = "insert into table (ipcolumn) values ('$ip')";

And i wanna catch the error when an user put in a code lower than 5 characters.
not something like:
if ($textarea == ""){

This is where i am so far.

new.php
<?php
include 'includes/config.php';

mysql_select_db($mysql_database, $con);
$sql="INSERT INTO users (code, code2)
VALUES

('$_POST[code]','$_POST[code2]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
}else{

    header ("Location: /thanks.php");
}


?>

includes/config.php
<?php

$mysql_host = "myhost.com";
$mysql_database = "mydb";
$mysql_user = "myuser";
$mysql_password = "mypass";

$con = mysql_connect($mysql_host,$mysql_user,$mysql_password);
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
?>

sql.sql
--
-- Table structure for table `users`
--

CREATE TABLE `users` (
  `code` varchar(30) collate latin1_general_ci NOT NULL,
  `code2` varchar(32) collate latin1_general_ci default NULL,
  `timestamp` int(11) unsigned NOT NULL,
  PRIMARY KEY  (`code`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;


index.html
<form action="new.php" method="post"
 onsubmit="return onSubmitButton();"> 
        <input value="" id="something" class="LoginForm-Input" name="code1" size="34" style="float: left;">[/code]

Hi guys,

This is very important. The supervisor of my system wants to close accounts which contain zero balances for long time periods.

There is a separate page contains ID and Account Number.This is included in a form and a "close account" button is there.

When he clicks on that button the relevant record should be deleted from all tables which include that ID.

The table structure looks like this. There are 4 account types which contain same fields.

 savings_investment(ID,account_type,full_name_balance,interest,customer_id)

I want full coding of this scenario.

Thanks,
Heshan

I'm making a checklist. One table holds the list with IDs. There are about 224 rows, each with its own ideas.

Now I have another table to hold user accounts. When you create an account, it shows you a fresh new checklist that you need to start checking off.

Could anyone please share techniques so I can have multiple accounts have their own list they need to check off? (ie, when a new person creatures a new account they should have their own list with NOTHING checked)

The only way I can think of doing this is making 224 fields for the user account with the IDs of the checklist table to check if I checked it or not. Surely there's an easier way? Thanks

Hello,   I designed (not coded) a finance application for windows phone 8.1 and one of the features that would be ideal is to copy your login steps in order to access your bank account automatically. Yes this does not sound safe or sane. How do I convince app users to use it?    Anyway, I want this access. My rationale is that, the login information would be stored locally and if my phone was hacked then what's the loss in my login steps being hacked... they would probably be encrypted anyway but...    The goal is to be able to open up a clone browser (eg. within the app) and then every step that you take, enter url, login credentials, security questions, pages accessed... the clone browser remembers and then later on as part of the app's function, it would automatically update your balances. I mean I suppose you could come up with the formulas, cash advance fees, interest rates, etc... but at the same time this doesn't seem to be a fixed thing... eg. hard to keep track and get the exact cent amount... or maybe I'm just bad at math   Some things in mind bitmapping, key strokes, string search, number search...    Anyway scripting came to mind, not sure if php or python but    Any thoughts? 

Retrieve Pages, Ads, Leads from multiple facebook accounts with Graph API - Help needed

I need Delete Duplicate Email Records That Are Attached To One Account But Can Be Found In Multiple Accounts

I have a table, consumer_mgmt.  It collects consumer information from various forms.  These forms are available through different pages that are part of a business package.

A business can offer these signups to gather names and emails from consumers for various types of specials they may offer.  So a consumer my be in the consumer_mgmt table 5, 10, 15 times for that particular business.

But, that consumer may be in the consumer_mgmt table multiple times for a different business.  So multiple times for multiple businesses.

I need to remove duplicates for each business account so the consumer is only the consumer_mgmt only once for each business.

There are approximately 15,000 rows currently in the consumer_mgmt table.   I'm not sure where to begin on the logic.  Since there are multiple business accounts that the emails are attached to, would one have to build a case for each loop?

I am having problems understanding the reason for why the user has to click logout twice, here's the bulk of the code:

<?php
ini_set('display_errors',0);

require_once 'header.html';

require_once 'db.functions.php';

require_once 'config.php';

$database = dbConnect($host, $username, $password, $database); // should output 1 or nothing at all!

if($database == true)
{

// now connected?

// carry on with logic of outputting the blog contents:

$result = entries("SELECT * FROM entries");

printf("<table>");

while($row = mysql_fetch_array($result))

{

printf("

<tr>

<td>%s</td>

<td>%s</td>

</tr>

<tr>

<td colspan=\"2\">%s</td>

</tr>

", $row[2], $row[4], $row[3]);

}

printf("</table>");

printf("\n\n");

session_name("jeremysmith_blog");

session_start();

if(array_key_exists('login',$_SESSION))

{

if($_SESSION['login'] == 1) // change this to correspond with session on the login.php script

{

printf("<p>Welcome %s</p>

<p>To logout, click <a href=\"index.php?action=logout\">here</a></p>

",$_SESSION['username']);

}

} else {

printf("<p>You are not logged in, please click <a href=\"login.php\">here</a> to login.</p>");

}

} else {

printf("\n<p id=\"error\">Could not connect to database, please try again later.</p>");

}

// init the logout script?
if(array_key_exists('action',$_GET))
{

if($_GET['action'] == 'logout')

{

// log user out of the system:

unset($_SESSION['login']);

unset($_SESSION['username']);

session_destroy();

}
}


printf("\n"); // just for output format!
require_once 'footer.html';

Why does the user have to click logout twice, have I missed anything?

Any helps appreciated thanks.

I would appreciate your assistance, there are tons of login scripts and they work just fine. However I need my operators to login and then list their activities for the other operators who are logged in to see and if desired send their clients on the desired activity. I have the login working like a charm and the activities are listed just beautifully. How do I combine the two tables in the MySQL with PHP so the operator Logged in can only make changes to his listing but see the others.

FIRST THE ONE script the member logges in here to the one table in MSQL:
<?php
   session_start();
   
   require_once('config.php');
   
   $errmsg_arr = array();
   
   $errflag = false;
   
   $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
   if(!$link) {
      die('Failed to connect to server: ' . mysql_error());
   }
   
   $db = mysql_select_db(DB_DATABASE);
   if(!$db) {
      die("Unable to select database");
   }
   
   function clean($str) {
      $str = @trim($str);
      if(get_magic_quotes_gpc()) {
         $str = stripslashes($str);
      }
      return mysql_real_escape_string($str);
   }
   
   $login = clean($_POST['login']);
   $password = clean($_POST['password']);
   
   if($login == '') {
      $errmsg_arr[] = 'Login ID missing';
      $errflag = true;
   }
   if($password == '') {
      $errmsg_arr[] = 'Password missing';
      $errflag = true;
   }
   
   if($errflag) {
      $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
      session_write_close();
      header("location: login-form.php");
      exit();
   }
   
   $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
   $result=mysql_query($qry);
   
   if($result) {
      if(mysql_num_rows($result) == 1) {
         session_regenerate_id();
         $member = mysql_fetch_assoc($result);
         $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
         $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
         $_SESSION['SESS_LAST_NAME'] = $member['lastname'];
         session_write_close();
         header("location: member-index.php");
         exit();
      }else {
         header("location: login-failed.php");
         exit();
      }
   }else {
      die("Query failed");
   }
?>

................................................. ................................
Now I need the person who logged in to the table above to be able to make multiple entries to the table below

<?
$ID=$_POST['ID'];
$title=$_POST['title'];
$cost=$_POST['cost'];
$activity=$_POST['activity'];
$ayear=$_POST['aday'];
$aday=$_POST['ayear'];
$seats=$_POST['special'];
$special=$_POST['seats'];
mysql_connect("xxxxxx", "xxx350234427", "========") or die(mysql_error());
mysql_select_db("xxxx") or die(mysql_error());
mysql_query("INSERT INTO `activity` VALUES ('ID','$title', '$cost','$activity', '$aday', '$ayear', '$special', '$seats')");
Print "Your information has been successfully added to the database!"
?>
Click <a href="member-profile.php">HERE</a> to return to the main menu
  <?php      
?>

hi,

i have made a website where people resgister their details of them and products.

they have to enter the following details in form

Name of company

name of the product

company address

email id 

password 

mobile number contact

and 

brief details about their company 

after filling all details user is registered on website.

user can then login with email id and pwd.

now after login ..user will get a page where he can upload the photos of products images and their price, so now my question is that when he finishes uploading (|by clicking on upload button) the product images and price text box ..then on final uploaded webspage it should show all other things which he registerd before (company name , mobile number etc) along with images and price...hence the main question that user does not need to enter mobile and address while uploading images and filling proce ..but on the final page it should show mobile and address along with price and images..as user is not going to enter mobile and address again and again as he will have multiple products to upload.

thanks in advance .