Checking if value is stored in the database with isset() - php

I want to display a page, if user doesn't pay for content (via Stripe) and therefore have to check in DB if he paid or not. If he paid, I store string "ok" into status and if he doesn't it's just blank.
Now I'm not sure why the following code doesn't work:
<?php
if(!isset($_SESSION["username"])) {
?>
Login to watch Satellite data.
<?php
$query = 'SELECT status
FROM users
WHERE username="'.$_SESSION["username"].'"';
$stmt = $conn->prepare($query);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
$status = $row["status"];
if ($status !== "ok") {
$status_notpaid = true;
}
}
} elseif(isset($_SESSION["username"]) && isset($status_notpaid)) {
include("notpaid.php");
} else {
?>
<?php
$query = 'SELECT id
FROM users
WHERE username="'.$_SESSION["username"].'"';
$stmt = $conn->prepare($query);
$stmt->execute();
$result = $stmt->get_result();
?>
Hello <strong><?php echo $_SESSION["username"];?></strong> |
<?php
while ($row = $result->fetch_assoc()) {
echo $row["id"]; }
?>
I'm not sure why elseif(isset($_SESSION["username"]) && isset($status_notpaid)) { include("notpaid.php"); } doesn't work.


I am assuming the login script sets $_SESSION["username"] if login is successful.
It would make more sense to put the id of the users table, as I assume that is the primary key. You can keep username in session as well if you like and that would save you running some of this code at all.
<?php
if(!isset($_SESSION["userid"])) {
# user not logged in direct to login, and nothing else
echo 'Login to watch Satellite data.';
}
if (isset($_SESSION["userid"])) {
# then we are logged in
# So now we check if they paid
$query = 'SELECT status
FROM users
WHERE id=?';
$stmt = $conn->prepare($query);
$stmt->bind_param('i', $_SESSION["userid"])
$stmt->execute();
$result = $stmt->get_result();
# we had better only be getting one row as a resut of that query
# so a loop is totally unnecessary
$row = $result->fetch_assoc();
$status = $row["status"];
if ($status !== "ok") {
include("notpaid.php");
}
}
?>
Hello <strong><?php echo $_SESSION["username"];?></strong> | $_SESSION['userid']

Related

How to get a message id based on the ticket id

I'm making a ticket system and trying to add an edit feature.
and I was wondering how do I get the selected message-id that I have chosen to select.
The far as I have got is hard coding the id into the code.
<?php
session_start();
if($_SESSION['loggedin'] == true)
{
require '../../config.php';
$ticketMsg = $conn->query("SELECT * FROM ticket_msgs WHERE ticket_id='".mysqli_real_escape_string($conn, $_GET['id'])."'");
$edit = $conn->query("UPDATE `ticket_msgs` SET `ticket_msg` = 'Testing' WHERE `ticket_msgs`.`id` = ");
if($edit)
{
header("location: ./index.php");
}
else
{
}
}
?>

With mysql PDO:
$sql = 'UPDATE ticket_msgs SET ticket_msg=:msg WHERE id=:id';
// prepare statement
$statement = $conn->prepare($sql);
// bind params
$statement->bindParam(':msg', $ticketMsg);
$statement->bindParam(':id', $_GET['id'], PDO::PARAM_INT);
// execute the UPDATE statement
if ($statement->execute()) {
// updated, go to your index page
header("location: ./index.php");
}

Why is 400030 not giving out the logic that its greater than 400000?

I wrote a code to echo "limit reached" if A is greater than B. But if A is 400030 and B is 400000 it shows no output. If A is further greater than that, let say 400060 or any number higher than that, it shows the output.. Please how do I explain that? The code snippet to demonstrate what I mean is....
<?php
include_once('db.php');
error_reporting(E_ALL | E_WARNING | E_NOTICE);
ini_set('display_errors', TRUE);
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
if(!isset($_SESSION['login'])) {
echo ("<script>location.href='../clogin/'</script>");
die();
}
if(isset($_POST['transfer'])) {
$username = $_SESSION['login'];
$transAmount = $_POST['transAmount'];
$totalTrans = $transAmount + 30;
$sql = "SELECT * FROM customer WHERE username = ?";
$stmt = $connection->prepare($sql);
$stmt->bind_param('s', $username);
$stmt->execute();
$result = $stmt->get_result();
if(!$result) {
die('ERROR:' . mysqli_error($connection));
}
$count = $result->num_rows;
if($count == 1) {
while ($row = $result->fetch_assoc()){
$accTrans = $totalTrans + $row['dailyTrans'];
$sql2 = "UPDATE customer set dailyTrans=? WHERE username=?";
$stmt = $connection->prepare($sql2);
$stmt->bind_param('is', $accTrans,$username);
$stmt->execute();
if(!$stmt) {
die('network problem');
}
if($row['dailyTrans'] >= $row['dailyLimit']) {
echo '<script>swal.fire("FAILED!!", "<strong>You have reached the total amount you can send per day.</strong><hr><br/><i>Visit your bank to increase transfer limit.</i>", "error");
window.setTimeout(function(){
window.location.href = "transfer1.php";}
, 1700);
</script>';
//exit();
} else {
echo"";
}
}//while loop
}//count
}//submit
?>
My question Summary Again
The value for $row['dailyTrans'] is 400030 and the value of $row['dailyLimit'] is 400000
This is suppose to echo out the error but fails... if $row['dailyTrans'] is greater than 400030, it echoes out. What is the logic behind that?.
Please be nice with your comments as usual. Thanks . Both Value are integers!!

Looks to me that you are adding $_POST['transAmount'] after querying the database for the user.
To get the current dailyTrans you will need to either
Select from customer again
(fetching the updated dailyTrans)
OR
compare dailyLimit to $accTrans ::
(if ($accTrans >= $row['dailyLimit'])

between two users messages conversation in php mysqli

I am creating simple private message conversation script. my script showing incoming users conversation. but messages which i sent to another user not showing.
any one can help me i have lot of tried.
my database
id from_id from_name to_id to_name msg
1 2 master 3 john hi how are you?
2 3 john 2 master fine
3 2 master 3 john hi
Here is my code conversation
<?php
if (isset($_GET['to_id'])) {
$from_id = $_GET['to_id'];
}
if (isset($_GET['to_name'])) {
$from_name = $_GET['to_name'];
}
if (isset($_SESSION['userid'])) {
$to_id = $_SESSION['userid'];
}
require_once"config.php";
if ($stmt = $con->prepare("SELECT * from inbox where from_id=? and from_name=? and to_id=? ")){
$stmt->bind_param('sss', $from_id,$from_name,$to_id);
$stmt->execute();
}
$result = $stmt->get_result();
if($result->num_rows > 0){
while($row = $result->fetch_assoc()){
?>
<div class="msg">
<?php echo $row['from_name'];?>
<?php echo $row['msg'];?>
<?php
}
}
?>
</div>
output image here

check this code
<?php
if (isset($_GET['to_id'])) {
$from_id1 = $_GET['to_id'];
}
if (isset($_GET['to_name'])) {
$from_name1 = $_GET['to_name'];
}
if (isset($_SESSION['userid'])) {
$to_id1 = $_SESSION['userid'];
}
require_once"config.php";
if ($stmt = $con->prepare("SELECT * from inbox where (from_id='2' and to_id='3' and from_name ='jhon') || (from_id='3' and to_id='2')")){
$stmt->bind_param('sss', $from_id,$from_name,$to_id);
$stmt->execute();
}
$result = $stmt->get_result();
if($result->num_rows > 0){
while($row = $result->fetch_assoc()){
?>
<div class="msg">
<?php echo $row['from_name'];?>
<?php echo $row['msg'];?>
<?php
}
}
?>
</div>

How to exclude specific selection from query

I have this function for email checking in registration form which disables submit button if submitted email is currently in use. So I want to modify that function in profile edit section. I also have profile edit form in profile.php. So when user edits his info withouth touching email input it works fine. But once user clicks and to email field and blurs out the mouse without even editing something it shows "Email Already Taken" error. Which is fine cause function works for registeration form. So when user submits different email I want to check if it's already in db otherwise if he doesn't change anything I want to show nothing and proceed.
I've tried to solve this in back end with this query:
SELECT * FROM users WHERE email = ? AND id != ?
.
.
.
mysqli_stmt_bind_param($stmt, "ss", $email, $uid);
but it doesn't work
Then I tried SELECT * FROM users WHERE email = ?
and looped over selection to detect if there is selection with id = uid. If yes, make result variable 0. But it also doesn't work.
function profEmailCheck(){
$('#email').blur(function(){
var email = $(this).val();
var uid = $('#uid').val();
var update_email_check = '';
$.ajax({
url:'update_email_check.php',
method:"POST",
data:{
update_email_check: update_email_check,
email: email,
uid: uid
},
success:function(data)
{
if(data != 0)
{
$('.email-availability').html('<span class="text-danger">Email Already Taken</span>');
$('#update-prof-btn').attr("disabled", true);
}
else
{
if (email == '')
{
$('.email-availability').html('');
$('#update-prof-btn').attr("disabled", true);
}
else
{
$('.email-availability').html('<span class="text-success">Email Available</span>');
$('#update-prof-btn').attr("disabled", false);
}
}
}
})
});
}
<?php
include('db_connect.php');
if (isset($_POST["update_email_check"])) {
$email = mysqli_real_escape_string($conn, $_POST["email"]);
$uid = mysqli_real_escape_string($conn, $_POST["uid"]);
$sql = "SELECT * FROM users WHERE email = ? AND id != ?";
$stmt = mysqli_stmt_init($conn);
$query = mysqli_query($conn, $sql);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "Something went wrong :(";
exit();
} else {
mysqli_stmt_bind_param($stmt, "ss", $email, $uid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
}
$result = mysqli_sql($conn, $sql);
while ($rows = mysqli_fetch_array($query, MYSQLI_ASSOC)){
if($rows['id'] == $uid){
$result = '0';
}
}
echo mysqli_num_rows($result);
}

As far as I understood you want to check email control.
If (exists){
Do something
}
else {
Do something
}
If this is what you want then you should;
$ControlMailQuery = "SELECT * FROM users WHERE email = ?";
$ControlMailQueryResult = mysqli_query($db, $ControlMailQuery);
if(mysqli_num_rows($ControlMailQueryResult) == 1){
//There is a one user who has this email
}
else{
//this is unique e-mail address
}

How do you loop check a text in php

i am making a code where the system checks if you are an 'Admin' or a 'SuperAdmin'.
i cant seem to make it loop everything to check if 'SuperAdmin' is in the 'user_type'
$sql = "SELECT * from users";
$result = mysqli_query($con,$sql);
while ($row2 = mysqli_fetch_array($result)) {
if ($row2['user_type'] != "SuperAdmin") {
echo "<script>window.alert('You do not have administrative
priviledges for this page!');
location.href='../admin_page.php';</script>";
} else {
}
}

window.alert("You do not have administrative priviledges for this page!"); location.href="../admin_page.php";';
} else {
}
?>

I believe you want to check if the current use is an "Admin" or a "SuperAdmin". In that case, you need to get the row for the current user using the UserID that you get after authenticating the user. Change your query and php code to something like:
$UserId = 111; //This is the user id from database you get on authenticating the user: e.g. 111.
$sql = "SELECT * from users WHERE UserId = ". $UserId;
$result = mysqli_query($con,$sql); //This should retrieve a single row, with details for the specific user.
while ($row2 = mysqli_fetch_array($result)) {
if !(($row2['user_type'] == "SuperAdmin")||($row2['user_type'] == "Admin")){
echo "<script>window.alert('You do not have administrative
priviledges for this page!');
location.href='../admin_page.php';</script>";
} else {
//Code to be executed if the user is an admin or a super admin
}
}

Categories