Get file from database with Php sessions - php

How can i upload images as part of registration data to database with sql and get it with php sessions everytime the user logs in
I already have this for saving username,email and password..but i want to add image to serve as profile picture during the registration and should be able to call it everytime a user logs in
<?php
session_start();
$username = "";
$email = "";
$errors = array();
$db = mysqli_connect('localhost', 'root', '', 'registration');
if (isset($_POST['reg_user'])) {
$fname = mysqli_real_escape_string($db, $POST['fname']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
if (empty($fname)) { array_push($errors, "Please Enter your full name");}
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) {
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
if (count($errors) == 0) {
$password = md5($password_1);
$query = "INSERT INTO users (fname, username, email, password)
VALUES( '$fname', '$username', '$email', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: /me/home.php');
}
}
________________________LOGIN____________________________
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: /me/home.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>

i will assume you have already finished the login authentication.
you will have to include an input of type file in your registration page.
here is the php code you will need to insert the photo:
extract($_POST);
if(isset($upload)) // Upload variable here is the button user clicks when he registers
{
$query = "insert into users (picture)values (?)";
$result = $db->prepare($query);
$target_path = "profilePictures/" . $un . "_";
$target_path = $target_path.basename($_FILES['profilePic']['name']);
if (move_uploaded_file($_FILES['profilePic']['tmp_name'], $target_path))
{
$newPic = "profilePictures/" . $un . "_" . basename($_FILES['profilePic']['name']);
$result->bindParam(1, $newPic);
}
$result->execute();
$db=NULL;
if ($result)
{
$success = true;
success("Information inserted Successfully "); //success here is a function i created you can just echo this message instead.
}
else
{
error("Failed");
}
}
}
now when a user logs in from the login page you will have to do some coding where you need it to be:
session_start();
$username=$_SESSION['activeUser']; //
query="select * from users where username='$username'";
$result = $db->prepare($query);
$result->execute();
$row=$result->fetch();
$userpic=$row['picture'];
$_SESSION['picture'] = $userpic; // here the image will be saved in a session and you
can save it in a variable elsewhere and use it.

Related

Values entered in php signup page did not inserted into mysql database [duplicate]

This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 3 years ago.
When I entered details like username email password and
password confirmation in the signup page it didn't insert into the database.
Here is my code:
server.php
<?php
session_start();
// initializing variables
$username = "";
$email = "";
$errors = array();
// connect to the database
$db = mysqli_connect('127.0.0.1', 'root', '', 'techdrive');
// REGISTER USER
if (isset($_POST['signup'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled by adding (array_push()) corresponding error unto $errors array
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);
//encrypt the password before saving in the database
$query = "INSERT INTO users (username, email, password)
VALUES('$username', '$email', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ..\index.html');
}
}
// LOGIN USER
if (isset($_POST['login'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ..\index.html');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
$dbName = "your database name";
$db = mysqli_connect('127.0.0.1', 'root', '', 'techdrive', $dbName);
and then use echo $query; die;
In order to check your query.

How do I login user according to their status and role [duplicate]

This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 3 years ago.
I am creating a login page where user and admin will log in
user will have role = user, and status = pending until admin will make it active.
I have different files to display for user and admin and within the user, 2 files are there. 1 for an active user and another for the pending user.
I created if statements and tried switch statement as well. but I am getting an error on XAMPP "Parse error: syntax error, unexpected end of file in C:\xampp\htdocs\MakerLab\server.php on line 109"
here is my server.php
...
<?php
session_start();
// variable declaration
$email = "";
$status = "";
$errors = array();
$_SESSION['success'] = "";
// connect to database
$db = mysqli_connect('localhost', 'root', '', 'makerlab');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$fname = mysqli_real_escape_string($db, $_POST['fname']);
$lname = mysqli_real_escape_string($db, $_POST['lname']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$lewisID = mysqli_real_escape_string($db, $_POST['lewisID']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled
//if (empty($email)) { array_push($errors, "Lewis Email is required"); }
//if (empty($password_1)) { array_push($errors, "Password is required"); }
//if ($password_1 != $password_2) {
// array_push($errors, "The two passwords do not match");
//}
$user_check_query = "SELECT * FROM users WHERE lewisID='$lewisID' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['lewisID'] === $lewisID) {
array_push($errors, "lewisID already exists");
}
if ($user['email'] === $email) {
array_push($errors, "lewisID already exists");
}
}
// register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (lewisID,
fname,
lname,
email,
password)
VALUES('$lewisID',
'$fname',
'$lname',
'$email',
'$password')";
mysqli_query($db, $query);
$_SESSION['fname'] = $fname;
$_SESSION['email'] = $email;
header('location: pend.php');
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$email = mysqli_real_escape_string($db, $_POST['email']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($email)) {
array_push($errors, "Lewis Email is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE email='$email'
AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['email'] = $email;
$row['status'] = $status;
$row['role'] = $role;
if ($status == "Pending" )
{
header('location: pend.php');
}
else if ($status == "Active" || $role == "user" )
{
header('location: AccountMain.php');
}
else if ($status == "Active" || $role == "admin" )
{
header('location: admain.php');
}
} else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
...
You are missing 2 brackets at the end of the file (before ?> tag) Next time you can use an IDE like PHPStorm that helps with the indentation and format.
<?php
// variable declaration
$email = "";
$status = "";
$errors = array();
$_SESSION['success'] = "";
// connect to database
$db = mysqli_connect('localhost', 'root', '', 'makerlab');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$fname = mysqli_real_escape_string($db, $_POST['fname']);
$lname = mysqli_real_escape_string($db, $_POST['lname']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$lewisID = mysqli_real_escape_string($db, $_POST['lewisID']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled
//if (empty($email)) { array_push($errors, "Lewis Email is required"); }
//if (empty($password_1)) { array_push($errors, "Password is required"); }
//if ($password_1 != $password_2) {
// array_push($errors, "The two passwords do not match");
//}
$user_check_query = "SELECT * FROM users WHERE lewisID='$lewisID' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['lewisID'] === $lewisID) {
array_push($errors, "lewisID already exists");
}
if ($user['email'] === $email) {
array_push($errors, "lewisID already exists");
}
}
// register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (lewisID,
fname,
lname,
email,
password)
VALUES('$lewisID',
'$fname',
'$lname',
'$email',
'$password')";
mysqli_query($db, $query);
$_SESSION['fname'] = $fname;
$_SESSION['email'] = $email;
header('location: pend.php');
}
}
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$email = mysqli_real_escape_string($db, $_POST['email']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($email)) {
array_push($errors, "Lewis Email is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE email='$email'
AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['email'] = $email;
$row = mysqli_fetch_assoc($results);
$status = $row['status'];
$role = $row['role'];
if ($status == "Pending") {
header('location: pend.php');
} else if ($status == "Active" || $role == "user") {
header('location: AccountMain.php');
} else if ($status == "Active" || $role == "admin") {
header('location: admain.php');
}
} else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>

php- redirection works on only one page

so I tried using the code from Andy Holmes from this link How to redirect into different page by user type in php and mysql.
Server.php
<?php
session_start();
// initializing variables
$username = "";
$email = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', '', 'registration');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
$occupation = mysqli_real_escape_string($db, $_POST['occupation']);
$grdlvl = mysqli_real_escape_string($db, $_POST['grdlvl']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
if (empty($occupation)) { array_push($errors, "Occupation is required"); }
if (empty($grdlvl)) { array_push($errors, "Grade level Applied is required"); }
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (username, email, password, occupation, grdlvl)
VALUES('$username', '$email', '$password', '$occupation', '$grdlvl')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now registered";
header('location: login.php');
}
}
// ...
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username'AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
}
$occupation = $row['$occupation'];
if($occupation == "student"){ //check usertype
header("Location:/site2/student.php"); //if normal user redirect to app.php
}else{
header("Location:/site2/admin.php"); //if admin user redirect to admin.php
}
}
else {
array_push($errors, "Wrong username/password combination");
}
}
?>
But the problem is it works for only one page and It keeps redirecting to the admin page even if the occupation is not admin.
Unless occupation equals student, it redirects to admin and $occupation = $row['$occupation']. However, I don't see you set the value of $row anywhere. So, the redirect will always be to admin.

SQL Database not storing user inputs

I've created a registration form which takes a user's name, username, email and password. I've also created a sql database using XAMPP control panel, named the database 'registration' and created a table called 'users' to store all the inputs.
When the user enters this data, they should be presented with the login page and in the background the data should be store int he database..but when I opened up phpmyadmin to check the table, there is no data saved.
Below is the code I used to sent the inputs from the user to the database which is my 'server.php' file:
<?php
session_start();
// initializing variables
$name = "";
$email = "";
$username = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', 'root', 'registration');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$name = mysqli_real_escape_string($db, $_POST['name']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($name)) { array_push($errors, "Name is required");
}
if (empty($email)) { array_push($errors, "Email is required");
}
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: login.php');
}
}
// ...
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: https://georginahughes48.wixsite.com/makeupyourmind');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
Please let me know if any further code is needed to assist me with this issue..Thanks in advance!
After connection code add this line
if($db->connect_errno)
{
echo "Error: ( " .$db->errorno. " )". $db->error;
die;
}
Just replace this code
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
if( mysqli_query($db, $query))
{
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: login.php');
}
else
{
echo mysqli_error($db);
}
}
}
Check if it gives any errors.
Try your code in try catch block. Replace your register part with this:
// Finally, register user if there are no errors in the form
try {
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: login.php');
}
} catch (Exception $e) {
echo 'Caught exception: ', $e->getMessage(), "\n";
}
This will give you error if anything breaks in between, else your code is seems okay.
Step 1 : change the code like following:
<?php
session_start();
// initializing variables
$name = "";
$email = "";
$username = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', '', 'registration');
if (!$db) {
die("Connection failed: " . mysqli_connect_error());
}
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$name = mysqli_real_escape_string($db, $_POST['name']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($name)) { array_push($errors, "Name is required");
}
if (empty($email)) { array_push($errors, "Email is required");
}
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
if( mysqli_query($db, $query))
{
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: login.php');
}
else
{
echo mysqli_error($db);
}
}
}
// ...
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: https://georginahughes48.wixsite.com/makeupyourmind');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
Assuming there is no password for mysql.
Step 2:
Recheck mysql connection and table names case and spelling
Step 3:
Check the nullable fields, field types and length in table. If you have primary key check if auto increment is there or not. hope this will help.

Can't seem to get $_SESSION['user_level'] to work the way I need

Below is the code I'm running. I'm trying to get it so my CMS index.php will deny access if the users user_level is under 1. I'm logging in with a test account setup with the user_level at 1 but I'm not having any luck.
Code on top of my index.html:
<?php
if($_SESSION['user_level'] == "1"){
header("Location: index.php");
exit;
}else{ header("Location: login.php");
exit;
}
So if user_level is 1 or higher, proceed to index.html (which is my CPanel index, not my actual sites index.
If the user_level is below 1, redirect back to login.
Here's my server.php code where all the magic happens after you click login.
<?php
session_start();
// variable declaration
$fullname = "";
$useremail = "";
$age = "";
$igname = "";
$profileurl = "";
$errors = array();
// connect to database
$db = mysqli_connect('****', '****', '****',
'****');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$fullname = mysqli_real_escape_string($db, $_POST['fullname']);
$useremail = mysqli_real_escape_string($db, $_POST['useremail']);
$age = mysqli_real_escape_string($db, $_POST['age']);
$igname = mysqli_real_escape_string($db, $_POST['igname']);
$profileurl = mysqli_real_escape_string($db, $_POST['profileurl']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled
if (empty($fullname)) { array_push($errors, "Full name is required"); }
if (empty($useremail)) { array_push($errors, "Email is required"); }
if (empty($age)) { array_push($errors, "Age is required"); }
if (empty($igname)) { array_push($errors, "In game name is required"); }
if (empty($profileurl)) { array_push($errors, "Truckers-MP Profile URL is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (fullname, email, age, igname, profileurl, password)
VALUES('$fullname', '$useremail', '$age', '$igname', '$profileurl', '$password')";
mysqli_query($db, $query);
$_SESSION['useremail'] = $useremail;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
echo '<script language="javascript">';
echo 'alert("Once an admin reviews your account, they will send you an email alerting you that you can login. Please be patient.")';
echo '</script>';
}
}
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$useremail = mysqli_real_escape_string($db, $_POST['useremail']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($useremail)) {
array_push($errors, "Email is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE email='$useremail' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['user_level'] = $row['user_level'];
$_SESSION['useremail'] = $useremail;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
I'm sure I'm not doing it right but at least I can say I damn well tried. Any help would be greatly apprechiated.
There is undefined variable $row. Define it first (fetch_assoc()), then you can assign it into session.
if (mysqli_num_rows($results) == 1) {
$row = mysqli_fetch_assoc($results);
$_SESSION['user_level'] = $row['user_level'];
$_SESSION['useremail'] = $useremail;
...
}
mysqli_num_rows returns the number of rows in a result set. Not the indexes! You can keep this code and assign this way -> $_SESSION['user_level'] = $row[some index]; (if your table is like id,user,pass,mail' some index will be 1.
If you want to have a text index, just look for the mysqli_fetch_array

Categories