We Keep Coding

Take id from one table and insert in another same time

I want to insert in the security the same id from users:
<?php
if (isset($_POST['reg_user'])) {
require 'db.php';
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password_1'];
$passwordRepeat = $_POST['password_2'];
$firstName = $_POST['firstname'];
$lastName = $_POST['lastname'];
$country = $_POST['country'];
$city = $_POST['city'];
$address = $_POST['address'];
$zipCode = $_POST['zipCode'];
if (empty($username) || empty($email) || empty($password) || empty($passwordRepeat) || empty($firstName) || empty($lastName) || empty($country) || empty($city) || empty($address) || empty($zipCode)) {
header("Location: ../sign_up.php?error=emptyfields&uid=" . $username . "&mail=" . $email);
exit();
} elseif (strlen($username) < 3) {
header("Location: ../sign_up.php?error=short_username=" . $username . "");
exit();
} elseif (strlen($username) > 17) {
header("Location: ../sign_up.php?error=long_username=" . $username . "");
exit();
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../sign_up.php?error=invalidmailuid");
exit();
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../sign_up.php?error=invalidmail&uid=" . $username);
exit();
} elseif (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../sign_up.php?error=invaliduid&mail=" . $email);
exit();
} elseif ($password !== $passwordRepeat) {
header("Location: ../sign_up.php?error=passwordcheck&uid=" . $username . "&mail=" . $email);
exit();
} else {
$sql = "SELECT username FROM users WHERE username=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../sign_up.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("Location: ../sign_up.php?error=usertaken&mail=" . $email);
exit();
} else {
$sql = "INSERT INTO users (username, email, password) VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../sign_up.php?error=sqlerror");
exit();
} else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);
mysqli_stmt_execute($stmt);
$sql = "INSERT INTO security (username, firstName, lastName, country, city, address, zipcode) VALUES (?, ?, ?, ?, ?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
mysqli_stmt_prepare($stmt, $sql);
mysqli_stmt_bind_param($stmt, "sssssss", $username, $firstName, $lastName, $country, $city, $address, $zipCode);
mysqli_stmt_execute($stmt);
header("Location: ../sign_up.php?signup=succes");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
} else {
header("Location: ../sign_up.php");
exit();
}
Replace username from security with id from "users" table, but I don't know the id from this user because it executes at the same time, any solutions?
P.S: ID, auto increment primary key
I want to know that security data is from that user (id).

You can get the last inserted id in mysqli using
$conn->insert_id;
Right after executing the insertion of the item. ($conn being the instance of the msqli class)

I keep having an error "ERR_TOO_MANY_REDIRECTS" in my Sign Up page

<?php
session_start();
if (isset($_POST['signup-submit'])) {
require 'dbh.inc.php';
$username = $_POST['uid'];
$email = $_POST['mail'];
$password = $_POST['pwd'];
$passwordRepeat = $_POST['pwd-repeat'];
if (empty($username) || empty($email) || empty($userpasswordname) || empty($passwordRepeat) ) {
header("Location: signup.php?error=emptyfields&uid=".$username."&mail".$email);
exit();
} else if (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: signup.php?error=invalidmailuid");
exit();
}
else if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: signup.php?error=invalidmail&uid=".$username);
exit();
}
else if (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: signup.php?error=invaliduid&mail=".$email);
exit();
}
else if ($password !== $passwordRepeat) {
header("Location: signup.php?error=passwordcheck&uid=".$username."&mail".$email);
exit();
}
else {
$sql = "SELECT uidUsers FROM users WHERE uidUsers=? AND pwdUsers=?";
$statement = mysqli_statement_init($con);
if (!mysqli_stmt_prepare($statement, $sql)) {
header("Location: signup.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($statement, "s", $username);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
$resultCheck = mysqli_stmt_num_rows($statement);
if ($resultCheck > 0) {
header("Location: signup.php?error=usertaken&mail=".$email);
exit();
}
else {
$sql = "INSERT INTO users (uidUsers, mailUsers, pwdUsers) VALUES (?, ?, ?)";
$statement = mysqli_statement_init($con);
if (!mysqli_stmt_prepare($statement, $sql)) {
header("Location: signup.php?error=sqlerror");
exit();
}
else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($statement, "sss", $username, $email, $hashedPwd);
mysqli_stmt_execute($statement);
header("Location: signup.php?signup=success");
exit();
}
}
}
}
mysqli_stmt_close($statement);
mysqli_close($con);
}
else {
header("Location: signup.php");
exit();
}
?>
As you see the "session_start();" I've added before it had an error so it has nothing to do with the error. Maybe I need to add something? Or I forgot to put something in, or I probably added something unnecessary to be in there?
Every time I refresh the page I get the error "ERR_TOO_MANY_REDIRECTS", what I want it to do is basically run smoothly and not engage any errors or redirects.

Checking if an email exists in another table [duplicate]

This question already has answers here:
How to check if a row exists in MySQL? (i.e. check if username or email exists in MySQL)
(4 answers)
Closed 2 years ago.
I'm doing an registration form and I'm trying to check if the email that the person inserts in the input is already in another table that has all emails that I allow to be registered. If it is it should register the person. I don't understand where I'm failing. I'm starting now with php. Please help.
<?php
if(isset($_POST['signup-submit'])){
require 'dbh.inc.php';
$username = mysqli_real_escape_string($conn, $_POST['uid']);
$email = mysqli_real_escape_string($conn,$_POST['mail']);
$password = mysqli_real_escape_string($conn,$_POST['pwd']);
$passwordRepeat = mysqli_real_escape_string($conn, $_POST['pwd-repeat']);
$check1 = $_POST['check1'];
$check2 = $_POST['check2'];
if(empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) {
header ("Location: ../header.php?error=emptyfields&uid=".$username."&mail=".$email);
exit();
}
else if (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-z0-9]*$/", $username)){
header("Location: ../header.php?error=invalidadmail&uid=");
exit();
}
else if (!filter_var($email, FILTER_VALIDATE_EMAIL)){
header("Location: ../header.php?error=invalidadmail&uid=".$username);
exit();
}
else if (!preg_match("/^[a-zA-z0-9]*$/", $username)){
header("Location: ../header.php?error=invalidaduid&mail=".$email);
exit();
}
elseif($password !== $passwordRepeat){
header("Location: ../header.php?error=passwordcheck&uid=".$username."&mail=".$email);
exit();
}
elseif((!isset($check1)) || (!isset($check2))){
echo"<script>alert('É necessário confirmar as duas opções :(');
window.location.href='../header.php'</script>";
exit();
}
This is the part of the code that is not working
$sql2 = "SELECT * FROM emails WHERE (email_socio = '$email')";
$res = mysqli_query($conn, $sql2);
if (mysqli_num_rows($res) < 0) {
echo "FAIL";
}
These are other validations and where it will insert the data into final table
else{
$sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)){
header("Location: ../header.php?error=sqlerror");
exit();
}
else{
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if($resultCheck > 0){
header("Location: ../header.php?error=usertaken&mail=".$email);
exit();
}
else {
$sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)){
header("Location: ../header.php?error=sqlerror");
exit();
} else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);
mysqli_stmt_execute($stmt);
$sql ="SELECT * FROM users WHERE uidUsers='$username' AND emailUsers='$email'";
$result = mysqli_query($conn, $sql);
if(mysqli_num_rows($result)>0){
while($row = mysqli_fetch_assoc($result)){
$userid = $row['idUsers'];
$sql = "INSERT INTO profileimg (userid, status) VALUES ('$userid', 1)";
mysqli_query($conn, $sql);
}
}
header("Location: ../header.php?signup=success");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
else {
header("Location: ../header.php");
exit();
}

Your condition is wrong:
if (mysqli_num_rows($res) < 0) {
echo "FAIL";
}
You're checking for less than zero, when in fact it should be less than one.
So, change it to either of the two:
if (mysqli_num_rows($res) === 0) // it logically cannot contain negative values
if (mysqli_num_rows($res) < 1)

Is there a way to INSERT data from 2 DIFFERENT forms and INSERT into 1 row in column?

I have table of users which have following columns: user_id,username,first_name,last_name, email,token,password,location, phone.
I have 2 forms on two different pages. 1. registration.php 2. user_info.php.
In registration.php I'm getting user's email, username, and password. In user_info.php I'm getting user's first, lastname, country, phone.
I want to insert both form data in 1 row. so Is there any way?
right now with my code. it inserts info from both forms into database but it's inserting in each form data in 2 different rows.
here is my registration.php
<?php
if (isset($_POST['signup-submit'])) {
$url = "https://www.google.com/recaptcha/api/siteverify";
$data = ['secret' => "[xxxx]", 'response' => $_POST['token'], 'remoteip' => $_SERVER['REMOTE_ADDR']];
$options = array('http' => array('header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query($data)));
$context = stream_context_create($options);
$response = file_get_contents($url, false, $context);
$res = json_decode($response, true);
if ($res['success'] == true) {
require("dbh.inc.php");
require("functions.php");
$username = escape($_POST['username']);
$email = escape($_POST['email']);
$token = bin2hex(random_bytes(50));
$password = escape($_POST['password']);
$passwordRepeat = escape($_POST['confirm_password']);
if (empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) {
header("Location: ../registration.php?error=emptyfields");
exit();
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL) || !preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../registration.php?error=invalidmailuid");
exit();
} elseif (strlen($username) <= '6') {
header("Location: ../registration.php?error=usernamecheck");
exit();
} elseif (strlen($password) <= '8') {
header("Location: ../registration.php?error=passwordcheck");
exit();
} elseif ($password !== $passwordRepeat) {
header("Location: ../registration.php?error=passwordverify");
exit();
} else {
$sql = "SELECT username, email FROM users WHERE username = ? AND email = ?";
$stmt = mysqli_stmt_init($connection);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../registration.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "ss", $username, $email);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("Location: ../registration.php?error=usermailtaken");
exit();
} else {
$sql = "INSERT INTO users(username, email, password, token, joined) VALUES(?, ?, ?, ?, now())";
$stmt = mysqli_stmt_init($connection);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../registration.php?error=sqlerror2");
exit();
} else {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "ssss", $username, $email, $hashed_password, $token);
mysqli_stmt_execute($stmt);
header("Location: ../user_info.php");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($connection);
} else {
header("Location: ../registration.php?error=captcha");
exit();
}
} else {
header("Location: ../registration.php?error=emptyfields");
exit();
}
here is my user_info.php
<?php
if (isset($_POST['profile-submit'])) {
require("dbh.inc.php");
require("functions.php");
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$location = $_POST['location'];
$phone = $_POST['phone_number'];
if (empty($first_name) || empty($last_name) || empty($location) || empty($phone)) {
header("Location: ../user_info.php?error=emptyfields");
exit();
} else {
$sql = "INSERT INTO users(first_name, last_name, location, phone) VALUES(?, ?, ?, ?)";
$stmt = mysqli_stmt_init($connection);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../user_info.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "sssi", $first_name, $last_name, $location, $phone);
mysqli_stmt_execute($stmt);
header("Location: ../index.php?signup=success");
exit();
}
}
mysqli_stmt_close($stmt);
mysqli_close($connection);
} else {
header("Location: ../user_info.php?error");
exit();
}

You need to use an UPDATE instead of an INSERT on user_info.php
INSERT adds new rows. https://dev.mysql.com/doc/refman/8.0/en/insert.html
INSERT inserts new rows into an existing table.
UPDATE modifies data in a row. https://dev.mysql.com/doc/refman/8.0/en/update.html
UPDATE is a DML statement that modifies rows in a table.
When you do an UPDATE you need to add a WHERE clause to update only the row you want. You usually do this with the primary key which I assume in this case is user_id.
You can use mysqli_insert_id($connection) to get the last id inserted after your INSERT query runs. I suggest then storing that in a $_SESSION variable and then accessing that on user_info.php rather than passing is via POST or GET. That way, another user can't just type in an ID in the GET or POST request and update another user's info. Here is some code to guide you.
registration.php
//start the session
session_start();
...
...
} else {
mysqli_stmt_bind_param($stmt, "sssi", $first_name, $last_name, $location, $phone);
mysqli_stmt_execute($stmt);
$_SESSION['user_id'] = mysqli_insert_id($connection);
header("Location: ../index.php?signup=success");
exit();
}
}
....
....
user_info.php
....
....
if (empty($first_name) || empty($last_name) || empty($location) || empty($phone) || !isset($_SESSION['user_id')) {
header("Location: ../user_info.php?error=emptyfields");
exit();
} else {
$sql = "UPDATE users SET first_name = ?, last_name = ?, location = ?, phone =? WHERE user_id = ?";
$stmt = mysqli_stmt_init($connection);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../user_info.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "sssi", $first_name, $last_name, $location, $phone, $_SESSION['user_id']);
mysqli_stmt_execute($stmt);
header("Location: ../index.php?signup=success");
exit();
}
....
....

in registration.php you need to get the last inserted Id before going to user_info.php
mysqli_stmt_bind_param($stmt, "ssss", $username, $email, $hashed_password, $token);
mysqli_stmt_execute($stmt);
//get last inserted id
$last_id = mysqli_insert_id($connection);
header("Location: ../user_info.php?id='.$last_id.'");
exit();
in user_info.php use update in your query with where id = $_GET['id']
if (isset($_POST['profile-submit'])) {
require("dbh.inc.php");
require("functions.php");
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$location = $_POST['location'];
$phone = $_POST['phone_number'];
if (empty($first_name) || empty($last_name) || empty($location) || empty($phone)) {
header("Location: ../user_info.php?error=emptyfields");
exit();
} else {
$sql = "UPDATE users SET first_name = ?, last_name = ?, location = ?, phone =? WHERE id = ?";
$stmt = mysqli_stmt_init($connection);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../user_info.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "sssii", $first_name, $last_name, $location, $phone, $_GET['id']);
mysqli_stmt_execute($stmt);
header("Location: ../index.php?signup=success");
exit();
}
}
mysqli_stmt_close($stmt);
mysqli_close($connection);
}else {
header("Location: ../user_info.php?error");
exit();}

Admin and User PHP Database login

I am pretty new to php coding and I have setup a working signup/signin system for a website, but now I want to create an admin user which can edit/upload pictures to the website. I just have no idea how to do it, so far I have just added a column to phpmyadmin which is usertype and its an enum with two variables which are admin and users, and I have set the default to user so when someone signs up they are defaulted as a user. so any help would be greatly appreciated.
This is my login php
if (isset($_POST['login-submit'])) {
#
require 'dbh.inc.php';
$mailuid = $_POST['mailuid'];
$password = $_POST['pwd'];
if (empty($mailuid) || empty($password)) {
header("Location: ../index.php?error=emptyfields");
exit();
}else {
$sql = "SELECT * FROM users WHERE uidUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../index.php?error=sqlerror");
exit();
}else{
mysqli_stmt_bind_param($stmt, "s", $mailuid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../index.php?error=wrongpassword");
exit();
}elseif ($pwdCheck == true) {
session_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
header("Location: ../index.php?login=success");
exit();
}
}
else {
header("Location: ../index.php?error=nouser");
exit();
}
}
}
}else {
header("Location: ../index.php");
exit();
}
This is my signup php
<?php
if (isset($_POST['signup-sumbit'])) {
require 'dbh.inc.php';
$username = $_POST['uid'];
$email = $_POST['mail'];
$password = $_POST['pwd'];
$passwordRepeat = $_POST['pwd-repeat'];
if (empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) {
header("Location: ../signup.php?error=emptyfields&uid=".$username."&mail=".$email);
exit();
}elseif (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../signup.php?error=invaildmailuid");
exit();
}elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?error=invaildmail&uid=".$username);
exit();
}elseif (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../signup.php?error=invailduid&mail=".$email);
exit();
}elseif ($password !== $passwordRepeat) {
header("Location: ../signup.php?error=passwordcheck&uid=".$username."&mail=".$email);
exit();
}else{
$sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror1");
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("Location: ../signup.php?error=usertaken&mail=".$email);
exit();
} else {
$sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror");
exit();
} else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}else {
header("Location: ../signup.php");
exit();
}
This is a picture of the new column I added
Picture of phpmyadmin

This is the code where you are checking if user has admin privileges and store in session
if($row['user_type'] == 'Admin'){
$_SESSION['isAdmin'] = true;
}else{
$_SESSION['isAdmin'] = false;
}
later you can use $_SESSION['isAdmin'] to give privileges as you wish
if($_SESSION['isAdmin']){
//code for uploading pictuers ..
}