when i press the 'continue' button i'm redirected to form's php functions file ( localhost/install/hamburgher.php ),but that must check if the code is correct or it will display an error.
hamburgher.php (functions on clicking of the button):
<?php
session_start();
// connect to database
$db = mysqli_connect('localhost', 'root', '');
mysqli_select_db($db,"licensecode");
// escape string
function e($val){
global $db;
return mysqli_real_escape_string($db, trim($val));
}
$errors = array();
function display_error() {
global $errors;
if (count($errors) > 0){
echo '<div class="alert alert-danger">';
foreach ($errors as $error){
echo $error .'<br>';
}
echo '</div>';
}
}
if (isset($_POST['btn_lic']) && $_POST['btn_lic'] == 1))
{
checkkey();
}
else
{
array_push($errors, "License key is invalid.");
}
// USER
function checkkey(){
global $db, $username, $errors;
// grap form values
$key = e($_POST['key-get']);
// make sure form is filled properly
if (empty($key)) {
array_push($errors, "A license key is required.");
}
// attempt login if no errors on form
if (count($errors) == 0)
{
$password = md5($password);
$query = "SELECT * FROM licenses WHERE code='$key' LIMIT 1";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1)
{ // found
// check
$keycode = mysqli_fetch_assoc($results);
if($keycode['expired'] == 1)
{
array_push($errors, "This license has expired.");
}
else
{
header('location: step_4.php');
}
}
else
{
array_push($errors, "License key is invalid.");
}
}
else {
array_push($errors, "Some errors there.");
}
}
Form file - step_3.php:
<?php
include('hamburgher.php');
require_once("settings.inc");
if (file_exists($config_file_path)) {
header("location: ".$application_start_file);
exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title><?php echo $application_name;?> Instalation Wizard - 3</title>
<link rel="icon" href="images/brand/favicon.png" type="image/x-icon" />
<link rel="stylesheet" type="text/css" href="styles/basic.css">
<link href="https://fonts.googleapis.com/css?family=Muli&display=swap" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="styles/bootstrap.min.css">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
</head>
<body>
<center>
<div class="card">
<img src="../images/brand/logo_wide.png" alt="Thos Host Complete Solutions">
<form method="post" action="hamburgher.php">
<input type="hidden" name="submit" value="step2" />
<div class="container">
<b><div style="font-family: 'Muli', sans-serif;">Step 3: Insert your license key</div></b><br>
<div class="form-group">
<label for="key-get" style="margin-right: 80%">Code:</label>
<input type="text" class="form-control" name="key-get" placeholder='38904ADSUFH8ADS7FH8ASHFASHF8ASHUFHA8SUFHU8ASHF8UHA' size="30">
</div>
</div>
<?php echo display_error(); ?>
<span class="step_active" >1</span>
<span class="step_active">2</span>
<span class="step_active">3</span>
<span class="step_inactive">4</span>
<span class="step_inactive">5</span>
<button type="submit" class="button button_black" name="btn_lic" value="1" style="margin-left : 60%; color: white; text-decoration: none; font-family: 'Muli', sans-serif;"><b>Continue</b></button>
</form><br>
</div>
</center>
<?php include_once("footer.php"); ?>
</body>
</html>
The code must display an error if:
- the input code is null;
- the input code is expired;
- the input code is not existing;
on displaying of error,the page must be same,but with <?php echo display_error(); ?> on the page,there will be the error message.
You must be redirected on page step_4.php if the code is found in database and is not expired
I know,i know,i will modify the code to avoid SQL injections,this is a beta code.
Thanks.
The quickest way to solve the issue would be to move the code from hamburgher.php to step_3.php and then remove the action for the form so it goes back to the same page.
Related
This question already has answers here:
Row count with PDO
(21 answers)
Closed 2 years ago.
The login page to an admin dashboard - index.php, with every aspect of the site is working perfectly locally, but when i uploaded it on a web server, my login page keeps throwing the Seems you have not registered. error. I have imported the database accordingly and edited the database connection file to reflect that of the web server. I have gone through the code severally. All the suggestions i saw online didn't help.
I saw somewhere that steep difference in php versions might be the cause. My WAMP is running a php version of 7.0.10 while the web server is running a 7.2.31. Does that count?
I hosted the site on 000webhost - if that would be on any help.
I have attached my index.php and my database connection file (with the new web server details)
index.php
<?php
//index.php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
include("./database/dbnew.php");
if (isset($_SESSION["usertype"])) {
header("location:dashboard.php");
}
$message = '';
if(isset($_POST["login"])) {
$query = "SELECT * FROM user WHERE email = :email";
$statement = $connect->prepare($query);
$statement->execute( array('email' => $_POST["user_email"]) );
$count = $statement->rowCount();
if($count > 0) {
$result = $statement->fetchAll();
foreach($result as $row) {
if(password_verify($_POST["user_password"], $row["password"])) {
if($row['user_status'] == 'Active') {
$_SESSION['usertype'] = $row['usertype'];
$_SESSION['userid'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['last_login'] = $row['last_login'];
$_SESSION['user_status'] = $row['user_status'];
header("location:dashboard.php");
} else {
$message = "<label>Your account is disabled, Please contact the administrator</label>";
}
} else {
$message = '<div class="alert alert-danger">Wrong Email Address/Password Combination</div>';
}
}
} else {
$message = '<div class="alert alert-warning">Seems you have not registered yet</div>';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title>Inventory Management System</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.3/umd/popper.min.js" integrity="sha384-vFJXuSJphROIrBnz7yo7oB41mKfc8JzQZiCq4NCceLEaO4IHwicKwpJf9c9IpFgh" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta.2/js/bootstrap.min.js" integrity="sha384-alpBpkh1PFOepccYVYDB4do5UnbKysX5WZXm3XxPqe5iKTfUKjNkCk9SaVuEZflJ" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta.2/css/bootstrap.min.css" integrity="sha384-PsH8R72JQ3SOdhVi3uxftmaW6Vc51MKb0q5P2rRUpPvrszuE4W1povHYgTpBfshb" crossorigin="anonymous">
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">
<link rel="stylesheet" type="text/css" href="./includes/style.css">
<script type="text/javascript" rel="stylesheet" src="./js/main.js"></script>
</head>
<body>
<div class="overlay"><div class="loader"></div></div>
<!-- Navbar -->
<br/><br/>
<div class="container">
<h3 align="center">Blessed Pharmacy Inventory </h3>
<div class="card mx-auto" style="width: 20rem;">
<img class="card-img-top mx-auto" style="width:60%;" src="./images/login.png" alt="Login Icon">
<div class="card-body">
<form method="post">
<?php echo $message; ?>
<div class="form-group">
<label for="exampleInputEmail1">Email address</label>
<input type="email" class="form-control" name="user_email" id="user_email" placeholder="Enter email" required>
<small id="e_error" class="form-text text-muted">We'll never share your email with anyone else.</small>
</div>
<div class="form-group">
<label for="exampleInputPassword1">Password</label>
<input type="password" class="form-control" name="user_password" id="user_password" placeholder="Password" required>
<small id="p_error" class="form-text text-muted"></small>
</div>
<div class="form-group">
<button type="submit" name="login" value="Login" class="btn btn-primary"><i class="fa fa-lock"> </i>Login</button>
</div>
<!-- <span>Register</span> -->
</form>
<!-- </div>
<div class="card-footer">Forget Password ?</div>
</div> -->
</div>
</body>
</html>
dbnew.php
<?php
//database_connection
$connect = new PDO('mysql:host=localhost;xxxxxxxxxxx_inv_db', 'xxxxxxxxxxx_root', 'xxxxxxxxxxx_password');
session_start();
?>
PDO's rowCount() method is notoriously flakey when used with SELECT statements. It's intended for INSERTs, UPDATEs, and DELETEs.
Refactor it out ... something like this.
$count = 0
$result = $statement->fetchAll();
foreach($result as $row) {
$count++
if(password_verify($_POST["user_password"], $row["password"])) {
if($row['user_status'] == 'Active') {
$_SESSION['usertype'] = $row['usertype'];
$_SESSION['userid'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['last_login'] = $row['last_login'];
$_SESSION['user_status'] = $row['user_status'];
header("location:dashboard.php");
} else {
$message = "<label>Your account is disabled, Please contact the administrator</label>";
}
} else {
$message = '<div class="alert alert-danger">Wrong Email Address/Password Combination</div>';
}
} /* end foreach($result as $row) */
if ($count == 0) {
$message = '<div class="alert alert-warning">Seems you have not registered yet</div>';
}
elseif ($count > 1) {
$message = '<div class="alert alert-danger">More than one email match!!! Should not happen!!!</div>';
}
I'm learning PHP and Bootstrap and I'm running into an issue when trying to validate my input fields.
Before I added Bootstrap I was able to validate the form but now it doesn't work.. does PHP and Bootstrap not work together for some reason in this fashion?
Particularly my page doesn't seem to be validating on the POST.
Does Bootstrap have the capability to validate user input directly???
I'm a bit confused and if I'm mixing technology's that shouldn't .. any help would be appreciated.
Thanks,
<?php require_once('../Connections/login.php'); ?>
<?php
session_start();
//initialize the session and verify user is logged in and allowed to view site
if (!isset($_SESSION['USER_ID'])) {
header("Location: login.php");
exit();
}else{
$qryUSER_ID=$_SESSION['USER_ID'];
}
//print_r($_POST);
//print_r($_SESSION);
//print_r($_GET);
?>
<?php
// define variables and set to empty values
$usernameErr = $passwordErr = $password_confirmErr = $password_matchErr = "";
$username = $password = $password_confirm = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["username"])) {
$usernameErr = "User name is required";
} else {
$username = test_input($_POST["username"]);
// check if username only contains letters and whitespace
if (!preg_match("/^[a-z0-9_.A-Z-' ]*$/",$username)) {
$usernameErr = "Only letters, numbers and white space allowed";
}
}
if (empty($_POST["password"])) {
$passwordErr = "Password is required";
} else {
$password = test_input($_POST["password"]);
}
if (empty($_POST["password_confirm"])) {
$password_confirmErr = "Password confirm is required";
} else {
$password_confirm = test_input($_POST["password_confirm"]);
}
if ($_POST['password'] !== $_POST['password_confirm']) {
$password_matchErr = "Passwords must match";
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<!doctype html>
<html lang="en">
<head>
<!-- Required meta tags -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<!-- Bootstrap CSS -->
<link rel="stylesheet" src="/css/bootstrap.min.css" >
<link href="/css/bootstrap.css" rel="stylesheet" type="text/css">
<link rel="shortcut icon" href="/images/favicon.ico" type="image/x-icon" />
<title>Skins Game-Add User</title>
</head>
<body>
<form method="post" action="dtlprocess.php">
<div class="form-group">
<label class="control-label colspan="3" class="font-weight-bold"><h2>Add New User</h2></label>
</div>
<div class="form-group">
<label class="control-label col-sm-2">User Name:</label><span class="error"><?php echo $usernameErr;?></span>
<div class="col-sm-10">
<input type="text" class="form-control" name="username" value="<?php echo htmlspecialchars($username);?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2">Password:</label><span class="error"><?php echo $passwordErr;?></span>
<div class="col-sm-10">
<input type="password" class="form-control" name="password" value="<?php echo htmlspecialchars($password);?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2">Password Confirm:</label><span class="error"><?php echo $password_matchErr;?></span>
<div class="col-sm-10">
<input type="password" class="form-control" name="password_confirm" value="<?php echo htmlspecialchars($password_confirm);?>">
</div>
</div>
<div class="form-group">
<input type="submit" name="addUser" value="Submit" class="btn btn-secondary"> <button type="submit" name="frmback" class="btn btn-secondary">Cancel</button></td>
</div>
</form>
</body>
</html>
In case anyone runs across a similar problem in the future... here is the modified code using a paramater mysqli.
It seems like Bootstrap should have some built in functionality for validating Usernames and validating passwords, therefore eliminating some of the php code.
Thanks,
<?php require_once('../Connections/login.php'); ?>
<?php
session_start();
//initialize the session and verify user is logged in and allowed to view site
if (!isset($_SESSION['USER_ID'])) {
header("Location: login.php");
exit();
}else{
$qryUSER_ID=$_SESSION['USER_ID'];
}
//print_r($_POST);
//print_r($_SESSION);
//print_r($_GET);
?>
<?php
// define variables and set to empty values
$usernameErr = $passwordErr = $password_confirmErr = $password_matchErr = "";
$username = $password = $password_confirm = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["username"])) {
$usernameErr = "User name is required";
} else {
$username = test_input($_POST["username"]);
// check if username only contains letters and whitespace
if (!preg_match("/^[a-z0-9_.A-Z-' ]*$/",$username)) {
$usernameErr = "Only letters, numbers and white space allowed";
}
}
if (empty($_POST["password"])) {
$passwordErr = "Password is required";
} else {
$password = test_input($_POST["password"]);
}
if (empty($_POST["password_confirm"])) {
$password_confirmErr = "Password confirm is required";
} else {
$password_confirm = test_input($_POST["password_confirm"]);
}
if ($_POST['password'] !== $_POST['password_confirm']) {
$password_matchErr = "Passwords must match";
} else {
//Past the validation checks, add new user
//this also tests if the user exists before trying to add user since it will throw an error
if (isset($_POST['addUser'])){
//query if user exists already
$checkuser = $mysqli->prepare("SELECT * FROM users WHERE user_name = ?");
$checkuser->bind_param("s", $_POST['username']);
$checkuser->execute();
//row count will be > 0 if user exists
$checkrows= $checkuser->get_result();
$checkuser->close();
if($checkrows->num_rows > 0) {
echo "User already exists";
exit();
}else{
//Add new user since they do not exist
$activeuser = 'A';
$addnewuser = $mysqli->prepare("INSERT INTO users (user_name, password, active) VALUES (?,?,?)");
$addnewuser->bind_param("sss", $_POST['username'], $_POST['password'], $activeuser);
$addnewuser->execute();
$addnewuser->close();
header("Location: summary.php");
exit();
}
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<!doctype html>
<html lang="en">
<head>
<!-- Required meta tags -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<!-- Bootstrap CSS -->
<link rel="stylesheet" src="/css/bootstrap.min.css" >
<link href="/css/bootstrap.css" rel="stylesheet" type="text/css">
<link rel="shortcut icon" href="/images/favicon.ico" type="image/x-icon" />
<style>
.error {color: #FF0000;}
.font10{font-size: 10px;}
</style>
<title>Skins Game-Add User</title>
</head>
<body>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
<div class="form-group">
<label class="control-label colspan="3" class="font-weight-bold"><h2>Add New User</h2></label>
</div>
<div class="form-group">
<label class="control-label col-sm-2">User Name:</label><label class="error font10"><?php echo $usernameErr;?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="username" value="<?php echo $username;?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2">Password:</label><span class="error font10"><?php echo $passwordErr;?></span>
<div class="col-sm-10">
<input type="password" class="form-control" name="password" value="<?php echo $password;?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2">Password Confirm:</label><span class="error font10"><?php echo $password_matchErr;?></span>
<div class="col-sm-10">
<input type="password" class="form-control" name="password_confirm" value="<?php echo $password_confirm;?>">
</div>
</div>
<div class="form-group">
<input type="submit" name="addUser" value="Submit" class="btn btn-secondary"> <button type="submit" name="frmback" class="btn btn-secondary">Cancel</button></td>
</div>
</form>
</body>
</html>```
Use an array of errors instead of blank variables.
You can use validation like this just create a file for this:
validation.php:
$name = test_input($_POST['name']);
$login = test_input($_POST['login']);
$email = test_input($_POST['email']);
$password = test_input($_POST['password']);
$password_confirm = test_input($_POST['password_confirm']);
$succ = [];//old value of inputes will be stored here
if(empty($name)){
$errors['name'] = 'Name required';
}else{
$succ['name'] = $name;
}
if(empty($login)){
$errors['login'] = 'Login required';
}else{
$succ['login'] = $login;
}
if(empty($email)){
$errors['email'] = 'Email required';
}else{
$succ['email'] = $email;
}
if(empty($password)){
$errors['password'] = 'password required';
}
if($password_confirm != $password){
$errors['password_confirm'] = 'Passwords are not equal';
}
if(isset($errors)){
$_SESSION['errors'] = $errors;
$_SESSION['succ'] = $succ;
header("Location: index.php");
die;
}else{
header("Location: index.php")
}
and add into form attribute action="validation.php" and add to the top of your file:
index.php
if(isset($_SESSION['errors'])){
$errors = $_SESSION['errors'];//execute errors from the session
$succ = $_SESSION['succ'];
unset($_SESSION['succ']);
unset($_SESSION['errors']);//delete all errrors from the session
}
And then you can use $errors on your page as array of errors.
After that you can add an error container for each input like that:
.
.
...<input type="text" name="name" ....
<span class="error">
<?php
if(isset($errors['name'])){
echo $errors['name'];
}
?>
</span>
I have the following php code named recover.php:
<?php
include "php/init.php";
inaccessible_if_loggedIn();
if (isset($_GET['success']) === true && empty($_GET['success']) === true) {
?>
<p>succes!</p>
<?php
} else {
$allowed_modes = array('username', 'password');
if (isset($_GET['mode']) === true && in_array($_GET['mode'], $allowed_modes) === true) {
if (isset($_POST['email']) && empty($_POST['email']) === false) {
if (user_in_DB($_POST['email'])) {
// TO DO: schrijf recover functie
//recover($_GET['mode'], $_POST['email']);
header("Location: recover.php?success");
exit();
} else {
$errors[] = "email: " . $_POST['email'] . " does not exist";
}
}
include "includes/recover_form.php";
} else {
header("Location: includes/errorPages/page_not_exist.php");
exit();
}
}
?>
the html include contains a form with action recover.php
html code:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="stylesheet" type="text/css" href="css/signInStylesheet.css">
<title>bestBay</title>
</head>
<body>
<div class="wrapper">
<div class="header_container">
<a id="logoLink" href="index.php"><img src="images/logo.png" class="logo"></a>
</div>
<div class="register_form">
<div class="formBody">
<form action="recover.php" method="post">
<br/>
<span class="formText">E-Mail<span style="color: red">*</span></span> <input name="email" class="fillInput" type="email" maxlength="90" required>
<br/>
<br/>
<?php echo print_errors($errors); ?>
<input class="signInButton" type="submit" value="Recover">
</form>
</div>
</div>
</div>
</body>
</html>
page layout:
The problem is after the user enters a valid email my php code still redirects to "includes/errorPages/page_not_exist.php" as if the ?succes after the link is not there.
I cannot see what I am doing wrong in my code.
If I leave
else {
header("Location: includes/errorPages/page_not_exist.php");
exit();
}
empty my code seems to work.
What exactly am I missing here?
Why do you have so many php tags in your code? please remove those tags and echo success also try using elseif for the second part of your code...
?>
succes!
include "php/init.php";
inaccessible_if_loggedIn();
if (isset($_GET['success']) === true && empty($_GET['success']) === true) {
echo succes!;
} elseif {
//please also log your errors on the starting line using ini_set("display_startup_errors", 1);
ini_set("display_errors", 1);
The solution was rather simple. My code never got as far as even redirecting to the success page. This was because my form action never passed a GET variable resulting in $_GET['mode returning false'].
The simple solution was to just leave the action empty.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<link rel="stylesheet" type="text/css" href="css/signInStylesheet.css">
<title>bestBay</title>
</head>
<body>
<div class="wrapper">
<div class="header_container">
<a id="logoLink" href="index.php"><img src="images/logo.png" class="logo"></a>
</div>
<div class="register_form">
<div class="formBody">
<form action="" method="post">
<br/>
<span class="formText">E-Mail<span style="color: red">*</span></span> <input name="email" class="fillInput" type="email" maxlength="90" required>
<br/>
<br/>
<?php echo print_errors($errors); ?>
<input class="signInButton" type="submit" value="Recover">
</form>
</div>
</div>
</div>
</body>
</html>
I am wanting to put a delete button, so people can delete their post if they want on my simple blog website. I am just a little unsure how to do it. I guess I need to put a value=delete input field on my posting_wall but not sure where to go from there. Thank you in advnace if you can help me.
Form
<!DOCTYPE HTML>
<html>
<head>
<link type="text/css" rel="stylesheet" href="../css/index.css" />
<link type="text/css" rel="stylesheet" href="../css/footer.css" />
<link type="text/css" rel="stylesheet" href="../css/header.css" />
<meta name="viewport" content="width=device-width" />
<title>Daily Dorm News</title>
<link rel="stylesheet" href="http://code.jquery.com/ui/1.10.3/themes/smoothness/jquery-ui.css" />
<script src="http://code.jquery.com/jquery-1.9.1.js"></script>
<script src="http://code.jquery.com/ui/1.10.3/jquery-ui.js"></script>
<link rel="stylesheet" href="/resources/demos/style.css" />
<script>
$(function() {
$( "#datepicker" ).datepicker();
$('form').submit(function (e) {
var value;
// "message" pattern : from 3 to 150 alphanumerical chars
value = $('[name="message"]').val();
if (!/^[-\.a-zA-Z\s0-9]{3,150}$/.test(value)) {
alert('Sorry, only alphanumerical characters are allowed and 3-150 character limit".');
e.preventDefault();
return;
}
// "name" pattern : at least 1 digit
value = $('[name="name"]').val();
if (!/\d+/.test(value)) {
alert('Wrong value for "name".');
e.preventDefault();
return;
}
});
});
</script>
</head>
<body>
<?php include 'header.php' ?>
<form action="posting_wall.php" method="get">
<div id="container">
Name:<input type="text" name="name" pattern="[A-Za-z0-9]{3,15}" title="Letters and numbers only, length 3 to 15" required autofocus><br>
E-mail: <input type="email" name="email" maxlength="20" required><br>
Post:<br>
<textarea rows="15" cols="50" name='message'></textarea>
</div>
Date this event took place: <input type="text" name='date' id="datepicker" > <br>
<input type="reset" value="Reset">
<input type="submit">
</form>
<p>Posting Wall</p>
<div id="time">
<?php
$nextWeek = time() + (7 * 24 * 60 * 60);
// 7 days; 24 hours; 60 mins; 60secs
echo 'The time at which you are posting is:'. date('h:i Y-m-d') ."\n";
?>
</div>
<?php include 'footer.php' ?>
</body>
</html>
Posting Wall Page (where I want the delete button under each post)
<!DOCTYPE HTML>
<html>
<head>
<link type="text/css" rel="stylesheet" href="../css/post.css" />
<link type="text/css" rel="stylesheet" href="../css/footer.css" />
<meta name="viewport" content="width=device-width" />
<title>Daily Dorm News</title>
</head>
<body>
<h1>Daily Dorm News <br></h1>
<h2> Your Daily Dorm News Posts </h2>
<div id="container"> <?php if ( isset($_GET['name']) and preg_match("/^[A-Za-z0-9]+$/", $_GET['name']) ) {
echo $_GET['name'];
} else {
echo "You entered an invalid name!\n";
}
?><br>
Your email address is: <?php if ( isset($_GET['email']) and preg_match("/.+#.+\..+/i", $_GET['email']) ) {
echo $_GET['email'];
} else {
echo "You didn't enter a proper email address!\n";
}
?><br>
You Posted : <?php if ( isset($_GET['message']) and preg_match("/^[-\.a-zA-Z\s0-9]+$/", $_GET['message']) ) {
echo $_GET['message'];
} else {
echo "The message is not valid! The message box was blank or you entered invalid symbols!\n";
}
?>
<br>
This event happened :<?php echo $_GET["date"]; ?><br>
</div>
<?php
/* [INFO/CS 1300 Project 3] index.php
* Main page for our app.
* Shows all previous posts and highlights the current user's post, if any.
* Includes a link to form.php if user wishes to create and submit a post.
*/
require('wall_database.php');
// Fetching data from the request sent by form.php
$name = strip_tags($_REQUEST['name']);
$email = strip_tags($_REQUEST['email']);
$message = strip_tags($_REQUEST['message']);
$date = strip_tags($_REQUEST['date']);
$is_valid_post = true;
// Checking if a form was submitted
if (isset($_REQUEST['name'])){
// Fetching data from the request sent by form.php
$name = strip_tags($_REQUEST['name']);
$email = strip_tags($_REQUEST['email']);
$message = strip_tags($_REQUEST['message']);
$date = strip_tags($_REQUEST['date']);
// Saving the current post, if a form was submitted
$post_fields = array();
$post_fields['name'] = $name;
$post_fields['email'] = $email;
$post_fields['message'] = $message;
$post_fields['date'] = $date;
$success_flag = saveCurrentPost($post_fields);
}
//Fetching all posts from the database
$posts_array = getAllPosts();
?>
<?php
if(isset($name)) {
echo "<h3>Thanks ".$name." for submitting your post.</h3>";
}
?>
<p id="received">Here are all the posts we have received.</p>
<div id="logo">Dont Forget to tell you’re friends about Daily Dorm Post! <br>
The only Dorm News Website on campus!</div>
<ul id="posts_list">
<?php
// Looping through all the posts in posts_array
$counter = 1;
foreach(array_reverse($posts_array) as $post){
$alreadyPosted = false;
$name = $post['name'];
$email = $post['email'];
$message = $post['message'];
$date = $post['date'];
if ($counter % 2==1)
$li_class = "float-left";
else
$li_class = "float-right";
if ($name == $_GET['name']) {
$alreadyPosted = true;
}
echo '<div class=post';
if ($alreadyPosted) {
echo ' id="highlight"';
}
echo '>';
echo '<li class="'.$li_class.'"><h3><span>'.$name.'</span> wrote a post.</h3></li>';
echo '<li class="'.$li_class.'"><h3><span>'.$name.' email is: '.$email.'</span></h3></li>';
echo '<li class="'.$li_class.'"><h3><span>'.$name.' wrote '.$message.'</span> wrote a post.</h3></li>';
echo '<li class="'.$li_class.'"><h3><span>This event occured on '.$date.'</span></h3></li>';
echo '</div>';
}
?>
</ul>
</div>
<p id="submit">Would you like to submit another post?</p>
<?php include 'footer.php' ?>
</body>
</html>
create a delete button or make
<script>
function confirm(){
var responce = confirm("Are you sure want to delete?");
if (responce==true)
{
return true;
}
else
{
return false;
}
}
</script>
<a onclick="confirm()" href="delete_post.php?id=1>">Delete</a>
So I'm working on this password reset form. Where a user clicks on a link sent to their email and they are taken to a webpage to enter a new password. When they submit the form 3 variables (password, key, & email) are passed to my functions file to update the password for the user. The password itself is being posted, but the email and key are not. I did a vardump to see what is actually being sent and its just displaying the code in the values of email/key on the form. I'm not sure what I'm doing wrong.
EDIT
So I figured out that the email/key were not being passed to the updateUserPassword() function. I posted the new correct form code below. SOLVED
<?php session_start();
include("include/DB_Connect.php");
include("include/DB_Functions.php"); // Connect to database server(localhost) with username and password.
mysql_select_db("android_api") or die(mysql_error()); // Select registration database.
$show = 'emailForm'; //which form step to show by default
if (isset($_POST['subStep']) && !isset($_GET['a']))
{
switch($_POST['subStep'])
{
case 1:
//we are submitting a new password (only for encrypted)
if ($_POST['email'] == '' || $_POST['key'] == '') header("location: forgotpw.php");
if (strcmp($_POST['password'],$_POST['pw1']) != 0 || trim($_POST['password']) == '')
{
$error = true;
$show = 'recoverForm';
} else {
$error = false;
$show = 'recoverSuccess';
updateUserPassword($_POST['email'],$_POST['password'],$_POST['key']);
var_dump($_POST['email'],$_POST['password'],$_POST['key']);
}
break;
}
} elseif (isset($_GET['a']) && $_GET['a'] == 'recover' && $_GET['email'] != "") {
$show = 'invalidKey';
$result = checkEmailKey(urldecode(base64_decode($_GET['email'])),$_GET['key']);
if ($result == false)
{
$error = true;
$show = 'invalidKey';
} elseif ($result['status'] == true) {
$error = false;
$show = 'recoverForm';
$securityUser = $result['email'];
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Password Recovery</title>
<link href="assets/css/styles.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="header"></div>
<div id="page">
<?php switch($show) {
case 'recoverForm': ?>
<h2>Password Recovery</h2>
<p>Welcome back, <?php echo getUserName($securityUser=='' ? $_GET['email'] : $securityUser); ?>.</p>
<p>In the fields below, enter your new password.</p>
<?php if ($error == true) { ?><span class="error">The new passwords must match and must not be empty.</span><?php } ?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<div class="fieldGroup"><label for="password">New Password</label><div class="field"><input type="password" class="input" name="password" id="password" value="" maxlength="20"></div></div>
<div class="fieldGroup"><label for="pw1">Confirm Password</label><div class="field"><input type="password" class="input" name="pw1" id="pw1" value="" maxlength="20"></div></div>
<input type="hidden" name="subStep" value="1" />
<input type="hidden" name="email" value="<?php echo $securityUser=='' ? $_POST['email'] : $securityUser; ?>" />
<input type="hidden" name="key" value="<?php echo $_GET['key']=='' ? $_POST['key'] : $_GET['key']; ?>" />
<div class="fieldGroup"><input type="submit" value="Submit" style="margin-left: 150px;" /></div>
<div class="clear"></div>
</form>
<?php break; case 'invalidKey': ?>
<h2>Invalid Key</h2>
<p>The key that you entered was invalid. Either you did not copy the entire key from the email, you are trying to use the key after it has expired (3 days after request), or you have already used the key in which case it is deactivated.<br /><br />Return to the login page. </p>
<?php break; case 'recoverSuccess': ?>
<h2>Password Reset</h2>
<p>Congratulations! your password has been reset successfully.</p><br /><br />Return to the login page. </p>
<?php break; }
ob_flush();
$mySQL->close();
?>
</div>
</body>
</html>
Here is my function code:
function updateUserPassword($email,$password,$key)
{
global $mySQL;
if (checkEmailKey($email,$key) === false) return false;
if ($SQL = $mySQL->prepare("UPDATE `users` SET `encrypted_password` = ? WHERE `email` = ?"))
{
$password = md5(trim($password) . PW_SALT);
$SQL->bind_param('ss',$email,$password);
$SQL->execute();
$SQL->close();
$SQL = $mySQL->prepare("DELETE FROM `recoveryemails_enc` WHERE `Key` = ?");
$SQL->bind_param('s',$key);
$SQL->execute();
}
}