I want to insert in the security the same id from users:
<?php
if (isset($_POST['reg_user'])) {
require 'db.php';
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password_1'];
$passwordRepeat = $_POST['password_2'];
$firstName = $_POST['firstname'];
$lastName = $_POST['lastname'];
$country = $_POST['country'];
$city = $_POST['city'];
$address = $_POST['address'];
$zipCode = $_POST['zipCode'];
if (empty($username) || empty($email) || empty($password) || empty($passwordRepeat) || empty($firstName) || empty($lastName) || empty($country) || empty($city) || empty($address) || empty($zipCode)) {
header("Location: ../sign_up.php?error=emptyfields&uid=" . $username . "&mail=" . $email);
exit();
} elseif (strlen($username) < 3) {
header("Location: ../sign_up.php?error=short_username=" . $username . "");
exit();
} elseif (strlen($username) > 17) {
header("Location: ../sign_up.php?error=long_username=" . $username . "");
exit();
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../sign_up.php?error=invalidmailuid");
exit();
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../sign_up.php?error=invalidmail&uid=" . $username);
exit();
} elseif (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../sign_up.php?error=invaliduid&mail=" . $email);
exit();
} elseif ($password !== $passwordRepeat) {
header("Location: ../sign_up.php?error=passwordcheck&uid=" . $username . "&mail=" . $email);
exit();
} else {
$sql = "SELECT username FROM users WHERE username=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../sign_up.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("Location: ../sign_up.php?error=usertaken&mail=" . $email);
exit();
} else {
$sql = "INSERT INTO users (username, email, password) VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../sign_up.php?error=sqlerror");
exit();
} else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);
mysqli_stmt_execute($stmt);
$sql = "INSERT INTO security (username, firstName, lastName, country, city, address, zipcode) VALUES (?, ?, ?, ?, ?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
mysqli_stmt_prepare($stmt, $sql);
mysqli_stmt_bind_param($stmt, "sssssss", $username, $firstName, $lastName, $country, $city, $address, $zipCode);
mysqli_stmt_execute($stmt);
header("Location: ../sign_up.php?signup=succes");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
} else {
header("Location: ../sign_up.php");
exit();
}
Replace username from security with id from "users" table, but I don't know the id from this user because it executes at the same time, any solutions?
P.S: ID, auto increment primary key
I want to know that security data is from that user (id).
You can get the last inserted id in mysqli using
$conn->insert_id;
Right after executing the insertion of the item. ($conn being the instance of the msqli class)
Related
<?php
session_start();
if (isset($_POST['signup-submit'])) {
require 'dbh.inc.php';
$username = $_POST['uid'];
$email = $_POST['mail'];
$password = $_POST['pwd'];
$passwordRepeat = $_POST['pwd-repeat'];
if (empty($username) || empty($email) || empty($userpasswordname) || empty($passwordRepeat) ) {
header("Location: signup.php?error=emptyfields&uid=".$username."&mail".$email);
exit();
} else if (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: signup.php?error=invalidmailuid");
exit();
}
else if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: signup.php?error=invalidmail&uid=".$username);
exit();
}
else if (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: signup.php?error=invaliduid&mail=".$email);
exit();
}
else if ($password !== $passwordRepeat) {
header("Location: signup.php?error=passwordcheck&uid=".$username."&mail".$email);
exit();
}
else {
$sql = "SELECT uidUsers FROM users WHERE uidUsers=? AND pwdUsers=?";
$statement = mysqli_statement_init($con);
if (!mysqli_stmt_prepare($statement, $sql)) {
header("Location: signup.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($statement, "s", $username);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
$resultCheck = mysqli_stmt_num_rows($statement);
if ($resultCheck > 0) {
header("Location: signup.php?error=usertaken&mail=".$email);
exit();
}
else {
$sql = "INSERT INTO users (uidUsers, mailUsers, pwdUsers) VALUES (?, ?, ?)";
$statement = mysqli_statement_init($con);
if (!mysqli_stmt_prepare($statement, $sql)) {
header("Location: signup.php?error=sqlerror");
exit();
}
else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($statement, "sss", $username, $email, $hashedPwd);
mysqli_stmt_execute($statement);
header("Location: signup.php?signup=success");
exit();
}
}
}
}
mysqli_stmt_close($statement);
mysqli_close($con);
}
else {
header("Location: signup.php");
exit();
}
?>
As you see the "session_start();" I've added before it had an error so it has nothing to do with the error. Maybe I need to add something? Or I forgot to put something in, or I probably added something unnecessary to be in there?
Every time I refresh the page I get the error "ERR_TOO_MANY_REDIRECTS", what I want it to do is basically run smoothly and not engage any errors or redirects.
I was following the most popular php tutorial on YouTube on how to create a sign up and log in process using PHP:
https://www.youtube.com/watch?v=LC9GaXkdxF8&t=2216s
I got some issues at first but they were just syntax errors and was able to fix them. When I put in the username, email, password, and retyped password, and clicked sign up, it gave the message that it was successful. The problem was however, when I wen't back to the phpmyadmin database, the new row for the user didn't show up on the table. Now I am thinking this has something to do with phpmyadmin or sql and not the code itself. So the specifics are:
Hosting program: XAMPP
Services turned on: ProFTPD, Apache, MySQL
OS: MacOS
Here are is all the code that I have created by using this tutorial:
signup.inc.php:
<?php
if (isset($_POST['signup-submit'])) {
require 'dbh.inc.php';
$username = $_POST['uid'];
$email = $_POST['mail'];
$password = $_POST['pwd'];
$passwordRepeat = $_POST['pwd-repeat'];
if (empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) {
header("Location: ../signup.php?error=emptyfields&uid=" . $username . "&mail=" . $email);
exit();
}
else if (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../signup.php?error=invalidmailuid");
exit();
}
else if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?error=invalidmail&uid=" . $username);
exit();
}
else if (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../signup.php?error=invaliduid&uid=" . $email);
exit();
}
else if ($password !== $passwordRepeat) {
header("Location: ../signup.php?error=passwordcheck&uid=" . $username . "&mail=" . $email);
exit();
}
else {
$sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror1");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows();
if ($resultCheck > 0) {
header("Location: ../signup.php?error=usertaken&mail=" . $email);
exit();
}
else {
$sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror2");
exit();
}
else {
$hashedPwd = password_hash($password, PASSSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
else {
header("Location: ../signup.php");
exit();
}
?>
dbh.inc.php:
<?php
$servername = 'localhost';
$dBUsername = "root";
$dBPassword = "";
$dBName = "loginsystem";
$conn = mysqli_connect($servername, $dBUsername, $dBPassword, $dBName);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
?>
signup.php:
<?php
$title = 'Sign Up';
$content = '
<main>
<div id="log-in-box">
<h2>Sign Up and Create an Account</h2>
<form class="form-signup" action="includes/signup.inc.php" method="post">
<input type="text" name="uid" placeholder="Username">
<input type="text" name="mail" placeholder="E-Mail">
<input type="password" name="pwd" placeholder="Password">
<input type="password" name="pwd-repeat" placeholder="Repeat Password">
<button type="submit" name="signup-submit">Sign Up</button>
</form>
</div>
</main>
';
include("template.php");
?>
The MYSQL code he typed into phpmyadmin while setting the database up (and also instead of being called loginsystemtut for the database name I called it loginsystem):
CREATE TABLE users (
idUsers int(11) AUTO_INCREMENT PRIMARY KEY NOT NULL,
uidUsers TINYTEXT NOT NULL,
emailUsers TINYTEXT NOT NULL,
pwdUsers LONGTEXT NOT NULL
);
and the weird thing is is that I also get this snipet of code showing up while I am in the users table in the database:
SELECT * FROM `users`
The problem has actually been solved. I asked the same question on the r/php subreddit and someone gave me the answer that the guy's code in the video was terrible and told me what to do to fix it. I changed the :
else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows();
if ($resultCheck > 0) {
header("Location: ../signup.php?error=usertaken&mail=" . $email);
exit();
}
else {
$sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror2");
exit();
}
else {
$hashedPwd = password_hash($password, PASSSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?signup=success");
exit();
}
}
to just:
else {
$sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?, ?, ?)";
$stmt = $conn->prepare($sql);
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
$stmt->bind_param("sss", $username, $email, $hashedPwd);
$stmt->execute();
}
because you didn't need to do that with 15 lines of code, when you only needed 5.
I have table of users which have following columns: user_id,username,first_name,last_name, email,token,password,location, phone.
I have 2 forms on two different pages. 1. registration.php 2. user_info.php.
In registration.php I'm getting user's email, username, and password. In user_info.php I'm getting user's first, lastname, country, phone.
I want to insert both form data in 1 row. so Is there any way?
right now with my code. it inserts info from both forms into database but it's inserting in each form data in 2 different rows.
here is my registration.php
<?php
if (isset($_POST['signup-submit'])) {
$url = "https://www.google.com/recaptcha/api/siteverify";
$data = ['secret' => "[xxxx]", 'response' => $_POST['token'], 'remoteip' => $_SERVER['REMOTE_ADDR']];
$options = array('http' => array('header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query($data)));
$context = stream_context_create($options);
$response = file_get_contents($url, false, $context);
$res = json_decode($response, true);
if ($res['success'] == true) {
require("dbh.inc.php");
require("functions.php");
$username = escape($_POST['username']);
$email = escape($_POST['email']);
$token = bin2hex(random_bytes(50));
$password = escape($_POST['password']);
$passwordRepeat = escape($_POST['confirm_password']);
if (empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) {
header("Location: ../registration.php?error=emptyfields");
exit();
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL) || !preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../registration.php?error=invalidmailuid");
exit();
} elseif (strlen($username) <= '6') {
header("Location: ../registration.php?error=usernamecheck");
exit();
} elseif (strlen($password) <= '8') {
header("Location: ../registration.php?error=passwordcheck");
exit();
} elseif ($password !== $passwordRepeat) {
header("Location: ../registration.php?error=passwordverify");
exit();
} else {
$sql = "SELECT username, email FROM users WHERE username = ? AND email = ?";
$stmt = mysqli_stmt_init($connection);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../registration.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "ss", $username, $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("Location: ../registration.php?error=usermailtaken");
exit();
} else {
$sql = "INSERT INTO users(username, email, password, token, joined) VALUES(?, ?, ?, ?, now())";
$stmt = mysqli_stmt_init($connection);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../registration.php?error=sqlerror2");
exit();
} else {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "ssss", $username, $email, $hashed_password, $token);
mysqli_stmt_execute($stmt);
header("Location: ../user_info.php");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($connection);
} else {
header("Location: ../registration.php?error=captcha");
exit();
}
} else {
header("Location: ../registration.php?error=emptyfields");
exit();
}
here is my user_info.php
<?php
if (isset($_POST['profile-submit'])) {
require("dbh.inc.php");
require("functions.php");
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$location = $_POST['location'];
$phone = $_POST['phone_number'];
if (empty($first_name) || empty($last_name) || empty($location) || empty($phone)) {
header("Location: ../user_info.php?error=emptyfields");
exit();
} else {
$sql = "INSERT INTO users(first_name, last_name, location, phone) VALUES(?, ?, ?, ?)";
$stmt = mysqli_stmt_init($connection);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../user_info.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "sssi", $first_name, $last_name, $location, $phone);
mysqli_stmt_execute($stmt);
header("Location: ../index.php?signup=success");
exit();
}
}
mysqli_stmt_close($stmt);
mysqli_close($connection);
} else {
header("Location: ../user_info.php?error");
exit();
}
You need to use an UPDATE instead of an INSERT on user_info.php
INSERT adds new rows. https://dev.mysql.com/doc/refman/8.0/en/insert.html
INSERT inserts new rows into an existing table.
UPDATE modifies data in a row. https://dev.mysql.com/doc/refman/8.0/en/update.html
UPDATE is a DML statement that modifies rows in a table.
When you do an UPDATE you need to add a WHERE clause to update only the row you want. You usually do this with the primary key which I assume in this case is user_id.
You can use mysqli_insert_id($connection) to get the last id inserted after your INSERT query runs. I suggest then storing that in a $_SESSION variable and then accessing that on user_info.php rather than passing is via POST or GET. That way, another user can't just type in an ID in the GET or POST request and update another user's info. Here is some code to guide you.
registration.php
//start the session
session_start();
...
...
} else {
mysqli_stmt_bind_param($stmt, "sssi", $first_name, $last_name, $location, $phone);
mysqli_stmt_execute($stmt);
$_SESSION['user_id'] = mysqli_insert_id($connection);
header("Location: ../index.php?signup=success");
exit();
}
}
....
....
user_info.php
....
....
if (empty($first_name) || empty($last_name) || empty($location) || empty($phone) || !isset($_SESSION['user_id')) {
header("Location: ../user_info.php?error=emptyfields");
exit();
} else {
$sql = "UPDATE users SET first_name = ?, last_name = ?, location = ?, phone =? WHERE user_id = ?";
$stmt = mysqli_stmt_init($connection);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../user_info.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "sssi", $first_name, $last_name, $location, $phone, $_SESSION['user_id']);
mysqli_stmt_execute($stmt);
header("Location: ../index.php?signup=success");
exit();
}
....
....
in registration.php you need to get the last inserted Id before going to user_info.php
mysqli_stmt_bind_param($stmt, "ssss", $username, $email, $hashed_password, $token);
mysqli_stmt_execute($stmt);
//get last inserted id
$last_id = mysqli_insert_id($connection);
header("Location: ../user_info.php?id='.$last_id.'");
exit();
in user_info.php use update in your query with where id = $_GET['id']
if (isset($_POST['profile-submit'])) {
require("dbh.inc.php");
require("functions.php");
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$location = $_POST['location'];
$phone = $_POST['phone_number'];
if (empty($first_name) || empty($last_name) || empty($location) || empty($phone)) {
header("Location: ../user_info.php?error=emptyfields");
exit();
} else {
$sql = "UPDATE users SET first_name = ?, last_name = ?, location = ?, phone =? WHERE id = ?";
$stmt = mysqli_stmt_init($connection);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../user_info.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "sssii", $first_name, $last_name, $location, $phone, $_GET['id']);
mysqli_stmt_execute($stmt);
header("Location: ../index.php?signup=success");
exit();
}
}
mysqli_stmt_close($stmt);
mysqli_close($connection);
}else {
header("Location: ../user_info.php?error");
exit();}
My database is empty. I don't know what's wrong any more. Is it a syntax error? I've already tried to find a syntax error, but I can't find one. Can anyone help me or tell me what's the problem?
<?php
if (isset($_POST['signup-submit'])) {
require 'dbh.inc.php';
$username = $_POST['uid'];
$email = $_POST['mail'];
$password = $_POST['pwd'];
$passwordRepeat = $_POST['pwd-repeat'];
if (empty($username) || empty($email) || empty($password) ||
empty($passwordRepeat)) {
header("Location: ../signup.php?
error=emptyfields&uid=".$username."&mail=".$email);
exit();
}
elseif (!filter_var($email, FILTER_VALIDATE_EMAIL) &&
!preg_match("/^[a-zA-Z0-9]*%/", $username)) {
header("Location: ../signup.php?error=invalidmail&uid=");
exit();
}
elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?
error=invalidmail&uid=".$username);
exit();
}
elseif (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../signup.php?error=invalidmail&uid=".$email);
exit();
}
elseif ($password !== $passwordRepeat) {
header("Location: ../signup.php?
error=passworcheck&uid=".$username."&mail=".$email);
}
else {
$sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("Location: ../signup.php?
error=usertaken&mail=".$email);
exit();
}
else {
$sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers)
VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror");
exit();
}
else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "ssss", $username, $email,
$password);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?signup=succes");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
else {
header("Location: ../signup.php");
exit();
}
My guess: This line is wrong:
$sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
^^^^^^^^^
....
mysqli_stmt_bind_param($stmt, "s", $username);
I think, you want to ask fo a user name to get the user id.
There maybe more errors.
I am pretty new to php coding and I have setup a working signup/signin system for a website, but now I want to create an admin user which can edit/upload pictures to the website. I just have no idea how to do it, so far I have just added a column to phpmyadmin which is usertype and its an enum with two variables which are admin and users, and I have set the default to user so when someone signs up they are defaulted as a user. so any help would be greatly appreciated.
This is my login php
if (isset($_POST['login-submit'])) {
#
require 'dbh.inc.php';
$mailuid = $_POST['mailuid'];
$password = $_POST['pwd'];
if (empty($mailuid) || empty($password)) {
header("Location: ../index.php?error=emptyfields");
exit();
}else {
$sql = "SELECT * FROM users WHERE uidUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../index.php?error=sqlerror");
exit();
}else{
mysqli_stmt_bind_param($stmt, "s", $mailuid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../index.php?error=wrongpassword");
exit();
}elseif ($pwdCheck == true) {
session_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
header("Location: ../index.php?login=success");
exit();
}
}
else {
header("Location: ../index.php?error=nouser");
exit();
}
}
}
}else {
header("Location: ../index.php");
exit();
}
This is my signup php
<?php
if (isset($_POST['signup-sumbit'])) {
require 'dbh.inc.php';
$username = $_POST['uid'];
$email = $_POST['mail'];
$password = $_POST['pwd'];
$passwordRepeat = $_POST['pwd-repeat'];
if (empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) {
header("Location: ../signup.php?error=emptyfields&uid=".$username."&mail=".$email);
exit();
}elseif (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../signup.php?error=invaildmailuid");
exit();
}elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?error=invaildmail&uid=".$username);
exit();
}elseif (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../signup.php?error=invailduid&mail=".$email);
exit();
}elseif ($password !== $passwordRepeat) {
header("Location: ../signup.php?error=passwordcheck&uid=".$username."&mail=".$email);
exit();
}else{
$sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror1");
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("Location: ../signup.php?error=usertaken&mail=".$email);
exit();
} else {
$sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror");
exit();
} else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}else {
header("Location: ../signup.php");
exit();
}
This is a picture of the new column I added
Picture of phpmyadmin
This is the code where you are checking if user has admin privileges and store in session
if($row['user_type'] == 'Admin'){
$_SESSION['isAdmin'] = true;
}else{
$_SESSION['isAdmin'] = false;
}
later you can use $_SESSION['isAdmin'] to give privileges as you wish
if($_SESSION['isAdmin']){
//code for uploading pictuers ..
}