I'm currently building a survey. I've made quite a bit of progress so far. If a participant completes and submits the survey it successfully enters my database and returns the participant to the main page of my site but if one question is skipped by the participant, when they try to submit the survey it returns a blank display and no data is fed into my database.
I want to create a survey that gives participants the ability to skip questions, and returns them to the homepage after submitting the survey.
I understand it may be easy for some but I'm fairly new to PHP so I'm still learning, please see the code below.
<?php
$radioVal1 = $_POST["q1"];
$radioVal2 = $_POST["q2"];
$radioVal3 = $_POST["q3"];
$radioVal4 = $_POST["q4"];
$radioVal5 = $_POST["q5"];
$checkboxVal6 = $_POST["q6"];
$textAreaVal = $_POST["comment"];
session_start();
require_once('DBConnection.php');
if(isset($_POST["submit_questionnaire"])){
if(isset($_POST["q1"]) && isset($_POST["q2"]) && isset($_POST["q3"]) && isset($_POST["q4"]) && isset($_POST["q5"]) && isset($_POST["q6"]) && $textAreaVal!=null){
echo "blyat";
$username = $_SESSION['username'];
$db = new DBConnection();
$conn= $db::getInstance()->dbConnect();
$query_code = "SELECT id_code FROM users WHERE name = '$username'";
$id_codeRow = $db::getInstance()->selectDB($query_code)->fetch_row();
$id_code = (string)array_values($id_codeRow)[0];
$query = "INSERT INTO questionnaire VALUES (default, '$id_code', '$radioVal1', '$radioVal2', '$radioVal3','$radioVal4', '$radioVal5', '$checkboxVal6', '$textAreaVal')";
$insert_value = $db::getInstance()->selectDB($query);
session_destroy();
header("Location: index.php");
exit();
}
}
// You can remplace "&&" by "OR" so any questions can be skipped by the user but the user have to complete atleast 1 question.
<?php
$radioVal1 = $_POST["q1"];
$radioVal2 = $_POST["q2"];
$radioVal3 = $_POST["q3"];
$radioVal4 = $_POST["q4"];
$radioVal5 = $_POST["q5"];
$checkboxVal6 = $_POST["q6"];
$textAreaVal = $_POST["comment"];
session_start();
require_once('DBConnection.php');
if(isset($_POST["submit_questionnaire"])){
if(isset($_POST["q1"]) OR isset($_POST["q2"]) OR isset($_POST["q3"]) OR isset($_POST["q4"]) OR isset($_POST["q5"]) OR isset($_POST["q6"])){
echo "blyat";
$username = $_SESSION['username'];
$db = new DBConnection();
$conn= $db::getInstance()->dbConnect();
$query_code = "SELECT id_code FROM users WHERE name = '$username'";
$id_codeRow = $db::getInstance()->selectDB($query_code)->fetch_row();
$id_code = (string)array_values($id_codeRow)[0];
$query = "INSERT INTO questionnaire VALUES (default, '$id_code', '$radioVal1', '$radioVal2', '$radioVal3','$radioVal4', '$radioVal5', '$checkboxVal6', '$textAreaVal')";
$insert_value = $db::getInstance()->selectDB($query);
session_destroy();
header("Location: index.php");
exit();
}
}
Related
I have code, which should use access levels, but from the database my code is not requesting the access level and I do not get into my "admin.php"
Can you help?
Login page is here:
Login-Page
Credentials: test / test
I want to let users login into my page, which is access for recruiters of me. So I can create users, they see my CV and others. Therefor it is neccessary to set user levels like "1" for admin.php "2" for admin2.php and so on.
Here's the check.php which is a form from the index.php
<?php
session_start();
require_once("inc/config.inc.php");
require_once("inc/functions.inc.php");
$error_msg = "";
if(isset($_POST['uname']) && isset($_POST['pwd'])) {
$email = $_POST['uname'];
$passwort = $_POST['pwd'];
$statement = $pdo->prepare("SELECT * FROM users WHERE email = :uname");
$result = $statement->execute(array('uname' => $email));
$user = $statement->fetch();
//Überprüfung des Passworts
if ($user !== false && password_verify($passwort, $user['pwd'])) {
$_SESSION['userid'] = $user['id'];
$access_level = $user['access_level'];
$_SESSION['access_level'] = $access_level;
//Möchte der Nutzer angemeldet beleiben?
if(isset($_POST['angemeldet_bleiben'])) {
$identifier = random_string();
$securitytoken = random_string();
$insert = $pdo->prepare("INSERT INTO securitytokens (user_id, access_level, identifier, securitytoken) VALUES (:user_id, :access_level, :identifier, :securitytoken)");
$insert->execute(array('user_id' => $user['id'], 'access_level' => $access_level, 'identifier' => $identifier, 'securitytoken' => sha1($securitytoken)));
setcookie("identifier",$identifier,time()+(3600*24*365)); //Valid for 1 year
setcookie("securitytoken",$securitytoken,time()+(3600*24*365)); //Valid for 1 year
}
if ($access_level==0){
header("Location:user.php");
}
else if($access_level==1){
header("Location:admin.php");
}
}
else{
header("Location:index.php?err=1");
}
} else {
$error_msg = "E-Mail oder Passwort war ungültig<br><br>";
}
$email_value = "";
if(isset($_POST['email']))
$email_value = htmlentities($_POST['email']);
?>
The problem was here in line
<?php
$statement = $pdo->prepare("SELECT * FROM users WHERE email = :uname");
there's no table named "email" - so it's not possible to get a true request.
I changed it to:
<?php
$statement = $pdo->prepare("SELECT * FROM users WHERE uname = :uname");
After that, my page gives me the output:
Hello This is admin page.
Thanks at all of you for your help! :)
May be your mistake is here.
$access_level = ['access_level'];.
it should be like
$access_level = $user['access_level'];.
and I don't get your situation.
other mistake is may be here.
if(isset($_POST['angemeldet_bleiben'])) {
$identifier = random_string();
$securitytoken = random_string(); //remaining code....
}
else if ($access_level==0){
header("Location:user.php");
}
else if($access_level==1){
header("Location:admin.php");
}
don't you think it should be like.
if ($access_level==0){ //removed else.
header("Location:user.php");
}
else if($access_level==1){
header("Location:admin.php");
}
because if first if condition worked then it skips all other else if statements.
Did you check print_r($user)? What is returned? What datatype has your column "access_level" in your database?
Maybe you have to check $access_level=='0', if it is type string.
enter image description hereenter image description hereI have contructed this 2 files. The REGISTER works properly but the LOGIN seems doesn't find the user 'cause always I receive"echo 2". Any suggestion. Thanks
LOGIN:
<?php
require("config.inc.php");
if (!empty($_POST)) {
$user = $_POST['User'];
$mail = $_POST['Mail'];
$token = $_POST['Token'];
$pass = $_POST['Pass'];
$query_user = "SELECT * FROM Proteos WHERE User = '$user'";
$query_pass = "SELECT * FROM Proteos WHERE Pass = '$pass'";
$query_execuser = mysql_query($query_user) or die(mysql_error());
$query_execupass = mysql_query($query_pass) or die(mysql_error());
$rowsuser = mysql_num_rows($query_execuser);
$rowspass = mysql_num_rows($query_execpass);
if ($rowuser==0){
echo 2;
}else if ($rowuser==$rowpass){
echo 3;
}else if ($rowuser!=$rowpass) {
echo 4;
}
mysqli_close($con)
?>
<?php
}
?>
first,correct your query select query, that is use one instead of two
e.g $query_user = "SELECT * FROM Proteos WHERE user = '$user' and pass='$pass'"
second, make a practice of using lowercase while querying db e.g pass instead of Pass, user instead of User, some servers may not work property on this,
third, call your new form, I cant see it here, as in I only see echo for values, instead something like header("location : you_file.php");
I have problem in little project,
how can I save table data in session?
<?php
session_start();
include 'connect.php';
if (isset($_POST["email"]))
{
$email = $_POST["email"];
$password = $_POST["password"];
$r=mysql_query("SELECT * FROM user_login WHERE `uemail` ='".$email."' AND `upass` = '".$password."'");
$s = $_POST["userid"];
$n=mysql_query("SELECT * FROM user_data WHERE `userid` ='".$s."'");
$q=mysql_fetch_assoc($n);
$_SESSION["name"]=$q["nfname"];
$k=mysql_num_rows($r);
if ($k>0)
{
header("location:user/index.php");
}
else
header("location:login.php");
}
?>
this code not working !! :(
please help !
You probably just missed the
session_start();
But here is the dildo (deal tho) xD
Your Login script is not secure, try this at the top of your index.php or whatever rootfile you have.
<?php
session_start();
function _login($email, $password) {
$sql = "SELECT * FROM user_login
WHERE MD5(uemail) ='".md5(mysql_real_escape_string($email))."'
AND MD5(upass) = '".md5(mysql_real_escape_string($password))."'";
$qry = mysql_query($sql);
if(mysql_num_rows($qry) > 0) {
// user with that login found!
$sql = "UPDATE user_login SET uip = '".$_SERVER['REMOTE_ADDR']."', usession = '".session_id()."'";
mysql_query($sql);
return true;
} else {
return false;
}
}
function _loginCheck() {
$sql = "SELECT * FROM user_login WHERE uip = '".$_SERVER['REMOTE_ADDR']."' AND MD5(usession) = '".md5(session_id())."'";
$qry = mysql_query($sql);
if(mysql_num_rows($qry) > 0) {
// user is logged in
$GLOBALS['user'] = mysql_fetch_object($qry);
$GLOBALS['user']->login = true;
} else {
// user is not logged in
$GLOBALS['user'] = (object) array('login' => false);
}
}
if(isset($_POST['login'])) {
if(_login($_POST["email"], $_POST["password"])) {
// login was successfull
} else {
// login failed
}
}
_loginCheck(); // checkes every Page, if the user is logged in or if not
if($GLOBALS['user']->login === true) {
// this user is logged in :D
}
?>
Ok, I'll bite. First 13ruce1337, and Marc B are right. There is a lot more wrong with this than not being able to get your data into your session.
Using PDO ( as 13ruce1337 links you too ) is a must. If you want to keep using the same style of mysql functions start reading up on how. Marc B points out that session_start(); before any html output is required for sessions to work.
As for your code, you got along ways to go before it is ready for use but here is an example to get you started
if (isset($_POST["email"])) {
//mysql_ functions are being deprecated you can instead use
//mysqli_ functions read up at http://se1.php.net/mysqli
/* Manage your post data. Clean it up, etc dont just use $_POST data */
foreach($_POST as $key =>$val) {
$$key = mysqli_real_escape_string($link,$val);
/* ... filter your data ... */
}
if ($_POST["select"] == "user"){
$r = mysqli_query($link,"SELECT * FROM user_login WHERE `uemail` ='$email' AND `upass` = '$password'");
/* you probably meant to do something with this query? so do it*/
$n = mysqli_query($link,"SELECT * FROM user_data WHERE userid ='$userid'");
//$r=mysql_fetch_assoc($n); <- this overrides your user_login query
$t = mysqli_fetch_array($n);
$_SESSION["name"] = $t['nfname'];
/* ... whatever else you have going on */
I have a simple question,
I have a login and workspace area.
After the user logs in It shows the username of the logged in user at workplace as what I wanted. Now my problem is when user finish filling form available in his workspace the form is then stored in database also i need the username that is coming from session also get stored to the database.
here is code that is storing username and maintaining session after user reach at workspace after login:
<?php
require_once($_SERVER['DOCUMENT_ROOT'].'/MainProject/connect/auth.php');
session_start();
?>
The final version of the updated insert file :
//This code is included to check session and store username
<?php
require_once('..\connect\auth.php');
// session_start();
$usern = $_SESSION['SESS_FIRST_NAME'];
?>
<?php
mysql_connect('localhost','root','');
mysql_select_db('main_project') or die (mysql_error());
if(isset($_POST['WID'])){
for ($ix=0; $ix<count($_POST['WID']); $ix++)
{
$WID = mysql_real_escape_string(#$_POST['WID'][$ix]);
$website = mysql_real_escape_string(#$_POST['website'][$ix]);
//var_dump("<pre>", $_POST['cat']); die(); // Debugger for checking cat counter.
// $cat = implode(",", mysql_real_escape_string($_POST['cat'][$ix]));
if(is_array(#$_POST['cat'][$ix]))
$cat = mysql_real_escape_string(implode(',', #$_POST['cat'][$ix]));
else
$cat = mysql_real_escape_string(#$_POST['cat'][$ix]);
$email = mysql_real_escape_string(#$_POST['email'][$ix]);
$cform = mysql_real_escape_string(#$_POST['cform'][$ix]);
$contactp = mysql_real_escape_string(#$_POST['contactp'][$ix]);
$contacts = mysql_real_escape_string(#$_POST['contacts'][$ix]);
$fax = mysql_real_escape_string(#$_POST['fax'][$ix]);
$Ctype = mysql_real_escape_string(#$_POST['Ctype'][$ix]);
$usern = mysql_real_escape_string(#$_POST['usern'][$ix]);
$sql_res = mysql_query("INSERT INTO website_01data (WID,website,cat,email,cform,contactp,contacts,fax,Ctype,TimeStamp,usern)
VALUES ('".$WID."', '".$website."', '".$cat."', '".$email."','".$cform."', '".$contactp."', '".$contacts."', '".$fax."', '".$Ctype."', Now(), '".$usern."' )");
$sql_res = mysql_error();
}//end for..
echo "<p><span style=\"color: red;\">Thank You; your records are sent to database. DO NOT REFRESH THE PAGE or data will be sent again.</span></p>";
}
?>
In the logging in process, you must store your username in a session
$_SESSION['username'] = $username;
in the process of saving the form, you can call session_start(); and get the session using
$tobeinserted = $_SESSION['username'];
I believe
Remove comment in session start.
Use this.
//This code is included to check session and store username
<?php
require_once('..\connect\auth.php');
session_start();
$usern = $_SESSION['SESS_FIRST_NAME'];
?>
<?php
mysql_connect('localhost','root','');
mysql_select_db('main_project') or die (mysql_error());
if(isset($_POST['WID'])){
for ($ix=0; $ix<count($_POST['WID']); $ix++)
{
$WID = mysql_real_escape_string(#$_POST['WID'][$ix]);
$website = mysql_real_escape_string(#$_POST['website'][$ix]);
//var_dump("<pre>", $_POST['cat']); die(); // Debugger for checking cat counter.
// $cat = implode(",", mysql_real_escape_string($_POST['cat'][$ix]));
if(is_array(#$_POST['cat'][$ix]))
$cat = mysql_real_escape_string(implode(',', #$_POST['cat'][$ix]));
else
$cat = mysql_real_escape_string(#$_POST['cat'][$ix]);
$email = mysql_real_escape_string(#$_POST['email'][$ix]);
$cform = mysql_real_escape_string(#$_POST['cform'][$ix]);
$contactp = mysql_real_escape_string(#$_POST['contactp'][$ix]);
$contacts = mysql_real_escape_string(#$_POST['contacts'][$ix]);
$fax = mysql_real_escape_string(#$_POST['fax'][$ix]);
$Ctype = mysql_real_escape_string(#$_POST['Ctype'][$ix]);
//$usern = mysql_real_escape_string(#$_POST['usern'][$ix]);
$sql_res = mysql_query("INSERT INTO website_01data (WID,website,cat,email,cform,contactp,contacts,fax,Ctype,TimeStamp,usern)
VALUES ('".$WID."', '".$website."', '".$cat."', '".$email."','".$cform."', '".$contactp."', '".$contacts."', '".$fax."', '".$Ctype."', Now(), '".$usern."' )");
$sql_res = mysql_error();
}//end for..
echo "<p><span style=\"color: red;\">Thank You; your records are sent to database. DO NOT REFRESH THE PAGE or data will be sent again.</span></p>";
}
?>
<?php
session_start();
$host = 'localhost';
$user = 'root';
$password = '8******8';
$database = 'tg*****ba';
$conn = mysql_connect($host,$user,$password) or
die('Server Information is not Correct');
//Establish Connection with Server
mysql_select_db($database,$conn) or die('Database Information is not correct');
$InGameName = mysql_real_escape_string($_POST['InGameName']);
$LastVoteTime;
//===When I will Set the Button to 1 or Press Button to register
if(isset($_POST['btnVote']))
{
if(md5($_POST['code']) != $_SESSION['key'])
die("You've entered a wrong code!");
$query = mysql_query("SELECT * FROM entities WHERE Name = '". $InGameName ."'");
if (mysql_num_rows($query) < 0)
{
die("This In game name doesn't exist , please enter your account name not username!");
}
else
{
$date = date('YmdHis');
$row=mysql_fetch_object($query);
$lastvote=$row->LastVoteTime;
$votingpoints = $row->VotsPoints;
$url = "http://www.xtremetop100.com/in.php?site=***********";
if(($lastvote + 120000) < $date)
{
$lastvote = $date;
$votingpoints += 1;
$query = mysql_query("update entities set VotsPoints ='$votingpoints' set LastVoteTime ='$lastvote' WHERE Name = '". $InGameName ."'");
}
else
die("You've Already voted in the last 12 hrs!");
}
}
?>
It does not update the database with the votingpoints and lastvotetime
however it pass the first check (which means it found the account record in the database) but it doesn't set them in the end of that code
thanks in advance
Try:
$query = mysql_query("update entities set VotsPoints = '$votingpoints', LastVoteTime = '$lastvote' WHERE Name = '". $InGameName ."'");
You're using "set" multiple times, not sure if that's ok.
Your SQL syntax is incorrect on the UPDATE statement.
http://dev.mysql.com/doc/refman/5.0/en/update.html