I want to select data from database and assign it into session. later i want to call it and used it..
$sql = "SELECT * FROM users WHERE email = '$email' AND password =
'$password'";
$query = mysqli_query($mysqli, $sql) or die ("Error: " .
mysqli_error($mysqli));
$row = mysqli_num_rows($query);
if($row == 0)
{
echo "Invalid Username/Password. Click here to <a href =
'login.html'>Login</a>";
}
else
{
$sql = "SELECT accname FROM account WHERE email = '$email'";
$result=mysqli_query($mysqli,$sql);
$row=mysqli_fetch_all($result,MYSQLI_BOTH);
$_SESSION['accname']= array_column($rows, 'accname');
$r = mysqli_fetch_assoc($query);
$_SESSION['fname'] = $r['fname'];
$_SESSION['lname'] = $r['lname'];
$_SESSION['email'] = $r['email'];
header("Location: dashboard.php");
}
If a user can have multiple accname values associated with their email address, then you can use array_column to extract all those values from your result data:
$sql = "SELECT accname FROM account WHERE email = '$email'";
$result=mysqli_query($mysqli,$sql);
$rows=mysqli_fetch_all($result,MYSQLI_BOTH);
$_SESSION['accname']= array_column($rows, 'accname');
If there can be only one accname, you can simply change the call to mysqli_fetch_all to mysqli_fetch_assoc:
$sql = "SELECT accname FROM account WHERE email = '$email'";
$result=mysqli_query($mysqli,$sql);
$row=mysqli_fetch_assoc($result);
$_SESSION['accname']= $row['accname'];
Related
I got a problem for my profile page in my login system. When I want to update the user's username and email, I can only update one of the two. Look where I putted the points. If I use username it only updates the username and the same goes for the email.
Here is my code:
function updateProfile($db, $errors)
{
$id = $_SESSION['user']['id'];
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$field_check_query = "SELECT * FROM users WHERE username='$username' email='$email'";
$result = mysqli_query($db, $field_check_query);
$field = mysqli_fetch_assoc($result);
// Checks if username is already taken
if ($field) {
if ($field['username'] === $username) {
array_push($errors, "Gebruikersnaam is al reeds ingenomen");
}
// Checks if email is already taken
if ($field['email'] === $email) {
array_push($errors, "E-mailadres is al reeds ingenomen");
}
}
if (count($errors) == 0) {
if (isset($_POST['.......'])) {
$query = "UPDATE users SET username='$username' email='$email' WHERE id=$id";
mysqli_query($db, $query);
header('location: profile.php?profileeditedsuccesfully');
die($query);
}
}
}
Add AND to WHERE in Select:
$field_check_query = "SELECT * FROM users WHERE username='$username' AND email='$email'";
Add comma to separate the pairs in Update.
=$query = "UPDATE users SET username='$username', email='$email' WHERE id=$id";
Hello guys I was confused using the if else statement I know it is the basic in conditioning also other languages. Don't know what to do here, I would like that it has an if condition(check) then also inside I want that it has an else if but my problem is I have to else statement which is wrong cause I know that else statement will be use at the end of a condition
Here's my code:
if (isset($_POST['login']))
{
$idno = mysql_real_escape_string($_POST['idno']);
$password = mysql_real_escape_string($_POST['password']);
$position = $_POST['user_type'];
$YearNow=Date('Y');
$_SESSION['SESS_MEMBER_ID'] = $idno;
$sql1 = "SELECT * FROM student WHERE idno = '$idno' AND password = '$password' " ;
$result = mysql_query($sql1) or die();
$row = mysql_fetch_array($result);
$num_row = mysql_num_rows($result);
//,student WHERE studentvotes.idno = student.idno
$sql2 = "SELECT * FROM vote_logs,school_year where vote_logs.idno='$idno' AND vote_logs.syearid = school_year.syearid AND school_year.from_year like $YearNow ";
$result1 = mysql_query($sql2) or die();
$row1 = mysql_fetch_array($result1);
if (mysql_num_rows($result1)<=1)
{
$_SESSION['idno']=$row['idno'];
$sql_c = "SELECT * FROM student WHERE idno = '$idno' AND password = '$password'";
$result2 = mysql_query($sql_c) or die(mysql_error());
$faunc = mysql_fetch_assoc($result2);
$_SESSION['SESS_COURSE'] = $faunc['progid'];
$_SESSION['SESS_MEMBER_ID'] = $idno;
header('location: plsvote.php');
}
else if ($row['status'] == 'lock')
{
header('location: last.php');
}
else
{
header('location: notification.php');
exit();
}
else
{
echo "<script type='text/javascript'>\n";
echo "alert('Username or Password incorrect!, Please try again.');\n";
echo "window.location = 'index.php';";
echo "</script>";
exit();
}
}
Please help me
You have imbricated your blocks, try this:
if (isset($_POST['login']))
{
$idno = mysql_real_escape_string($_POST['idno']);
$password = mysql_real_escape_string($_POST['password']);
$position = $_POST['user_type'];
$YearNow=Date('Y');
$_SESSION['SESS_MEMBER_ID'] = $idno;
$sql1 = "SELECT * FROM student WHERE idno = '$idno' AND password = '$password' " ;
$result = mysql_query($sql1) or die();
$row = mysql_fetch_array($result);
$num_row = mysql_num_rows($result);
//,student WHERE studentvotes.idno = student.idno
$sql2 = "SELECT * FROM vote_logs,school_year where vote_logs.idno='$idno' AND vote_logs.syearid = school_year.syearid AND school_year.from_year like $YearNow ";
$result1 = mysql_query($sql2) or die();
$row1 = mysql_fetch_array($result1);
if (mysql_num_rows($result1)<=1)
{
$_SESSION['idno']=$row['idno'];
$sql_c = "SELECT * FROM student WHERE idno = '$idno' AND password = '$password'";
$result2 = mysql_query($sql_c) or die(mysql_error());
$faunc = mysql_fetch_assoc($result2);
$_SESSION['SESS_COURSE'] = $faunc['progid'];
$_SESSION['SESS_MEMBER_ID'] = $idno;
header('location: plsvote.php');
}
else if ($row['status'] == 'lock')
{
header('location: last.php');
}
else
{
header('location: notification.php');
exit();
}
}
else
{
echo "<script type='text/javascript'>\n";
echo "alert('Username or Password incorrect!, Please try again.');\n";
echo "window.location = 'index.php';";
echo "</script>";
exit();
}
With an indentation, this kind of problem is easily visible.
This can be ok:
if ( //validate the email
filter_var($email, FILTER_VALIDATE_EMAIL) &&
preg_match('/#.+\./', $email)
) {
$result = mysql_query (
"INSERT INTO users(unique_id, name, email, encrypted_password, salt, created_at) VALUES('$uuid', '$name', '$email', '$encrypted_password', '$salt', NOW())"
);
if ($result) { // check for successful store
// get user details
$uid = mysql_insert_id(); // last inserted id
$result = mysql_query("SELECT * FROM users WHERE uid = $uid");
// return user details
return mysql_fetch_array($result);
} else {
return false; //unsuccessful store
}
} else {
//not a valid email
return false;
}
}
Try this one :
if (filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/#.+\./', $email)) {
$result = mysql_query ("INSERT INTO users(unique_id, name, email, encrypted_password, salt, created_at) VALUES('$uuid', '$name', '$email', '$encrypted_password', '$salt', NOW())");
if ($result) { // check for successful store
// get user details
$uid = mysql_insert_id(); // last inserted id
$result = mysql_query("SELECT * FROM users WHERE uid = $uid");
// return user details
return mysql_fetch_array($result);
} else {
return false; //unsuccessful store
}
} else {
//not a valid email
return false;
}
I think I have an error uon the usertype 3 cause it always go to the notification and if I change both notification and plsvote.php it will just refresh so please help me what to do
if (isset($_POST['login'])){
$idno = $_POST['idno'];
$password = $_POST['password'];
$position = $_POST['user_type'];
$sql1 = "SELECT * FROM users WHERE idno = '$idno' AND password = '$password'";
$result = mysql_query($sql1) or die();
$row = mysql_fetch_array($result);
$num_row = mysql_num_rows($result);
//if the user is admin
if ($row['user_type'] == "1"){
mysql_query("insert into user_log (idno,login_date) values('$username',NOW())")or die(mysql_error());
$YearNow=Date('Y');
header('location:admin/index.php');
}
//if the user is student
else if ($row['user_type'] == "3") {
$sql_c = "SELECT * FROM users,studentvotes,school_year = users.idno = studentvotes.idno AND studentvotes.syearid =school_year.syearid AND school_year.from_year like $YearNow ";
$result1 = mysql_query($sql_c) or die(mysql_error());
while($row2=mysql_fetch_array($result1)){
$_SESSION['SESS_COURSE'] = $row2['progid'];
$_SESSION['SESS_MEMBER_ID'] = $idno;
//$query = mysql_query ("INSERT INTO user_log VALUES('$idno',NOW(), 'Login') ") or die(mysql_error());
header('location:plsvote.php');
}
}
else{
header('location:notification.php');
exit();
}
}
i am currently having problem matching my md5 password in database with data entered by the user, i know that i should not use such type of password matching but i want to know why this does not work.
here is my login script
<?php
//Login Script
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
$user_login = $_POST["user_login"];
$password_login = $_POST["password_login"];
$md5password_login = md5($password_login);
$sql = mysqli_query($conn, "SELECT id FROM users2 WHERE username='$user' AND password='$md5password_login' LIMIT 1"); // query the person
//Check for their existance
$userCount = mysqli_num_rows($sql); //Count the number of rows returned
if ($userCount == 1) {
while($row = mysqli_fetch_array($sql,MYSQLI_ASSOC)) {
$rahul = $row["id"];
}
$_SESSION["id"] = $rahul;
$_SESSION["user_login"] = $user_login;
$_SESSION["password_login"] = $password_login;
exit("<meta http-equiv=\"refresh\" content=\"0\">");
} else {
echo 'That information is incorrect, try again';
exit();
}
}
?>
Whenever i enter the correct details, it throws your information is incorrect, earlier it used to work in mysql_query but now it's deprecated.
Incorrect pass in a user & pass in here :
$sql = mysqli_query($conn, "SELECT id FROM users2 WHERE username='$user' AND password='$pass' LIMIT 1");
you should change it :
$sql = mysqli_query($conn, "SELECT id FROM users2 WHERE username='$user_login' AND password='$md5password_login' LIMIT 1");
I have 2 tables :
newpw_ask
email
code
users
id
username
password
email
sid
newpw_code
I have this PHP code:
$code = $_POST['code2'];
$email = mysql_query("SELECT email FROM pw_ask WHERE code='$code'");
if ($pass == $pass2) {
if ($email) {
$pass3 = md5($pass);
mysql_query("UPDATE users SET password='$pass3' WHERE email='$email'");
mysql_query("UPDATE users SET newpw_code='' WHERE email='$email'");
mysql_query("DELETE FROM pw_ask WHERE code='$code'");
header("Location: index.php?ret=pw");
} else {
echo 'Wrong code';
}
}
Only this query got executed:
mysql_query("DELETE FROM pw_ask WHERE code='$code'");
Also when I enter the right code, it says “Wrong code”.
You need to select the email correctly :
$sql = mysql_query("SELECT email FROM pw_ask WHERE code='$code'");
$row = mysql_fetch_array($sql);
$email = $row['email'];
btw you can also update multiple fields in 1 query :
mysql_query("UPDATE users SET password='$pass3' , newpw_code='' where email='$email'");