How to give the user unlimited views - php

I'm trying to give the user an unlimited option in my database but I'm not sure how to do this. I have set the default as 10 because they have 10 views and for each page they are viewing, it will count down. Once it reaches 0, the user will have to register again unless they have made payment but not sure how to make the views unlimited
I'm confused as to what to do here because I can't find any option to set the views as unlimited.
<?php
include_once 'navbar.php';
if(!$_SESSION['u_uid']) {
header("Location: index.php?medical_subscriptionplan_process=notlogin");
exit();
} else {
include_once 'includes/dbh.php';
if(isset($_POST['submit'])) {
$views = strip_tags($_POST['subscriptionplan']);
if ($views == '') {
header("Location: index.php?medical_subscriptionplan_process=emptied");
exit();
} else {
if ($views == '10_views') {
$views = 10;
$sql = "UPDATE users
SET views = ?
WHERE user_uid = ?;
";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error";
} else {
mysqli_stmt_bind_param($stmt, "is", $views, $_SESSION['u_uid']);
mysqli_stmt_execute($stmt);
}
} else {
if ($views == '100_views') {
$views = 100;
$sql = "UPDATE users
SET views = ?
WHERE user_uid = ?;";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error";
} else {
mysqli_stmt_bind_param($stmt, "is", $views, $_SESSION['u_uid']);
mysqli_stmt_execute($stmt);
}
} else {
if ($views == 'unlimited') {
$views = NULL;
$sql = "UPDATE users
SET views = ?
WHERE user_uid = ?;";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error";
} else {
mysqli_stmt_bind_param($stmt, "is", $views, $_SESSION['u_uid']);
mysqli_stmt_execute($stmt);
}
}
}
}
header("Location: index.php?medical_subscriptionplan_process=sucess");
}
}
}

To indicate unlimited views in your database, you just need to add -1 in your database view column otherwise set it with some other positive integer, then check for the condition,
if (views == -1){
// user has paid for unlimited view
}

you can add flag (just like "is_unlimited") in database to check customers access limit
if($isunlmited==1){
//always allow access
}else{
//check for 10_views limit
}

Related

My php & mysqli script is returning with zero rows in database even though there is a row

I am semi-new to PHP and MySQL so I was using this tutorial video to set up the forgotten password system for their previous tutorial on a login system (https://www.youtube.com/watch?v=wUkKCMEYj9M, timestamp to the part I am working on is 1:05:46).
Everything was working fine until I got to the part where we had to create the new password and anytime I submit the new password, it receives an error essentially saying that there are no rows in the database, or at least I believe that is what the error is. (Error Message: You need to re-submit your request (1)) Below I have given my code (The file for the database connector is accurately named dbc.inc.php, I messed it up when originally naming it so I just apply the different name to my scripts) and if you see what it is, I will be very grateful. Thanks!
<?php
if(isset($_POST["reset-password-submit"])) {
$selector = $_POST["selector"];
$validator = $_POST["validator"];
$password = $_POST["pwd"];
$passwordRepeat = $_POST["pwd-repeat"];
if(empty($password) || empty($passwordRepeat)) {
header("Location: ../create-new-password.php?newpwd=empty&selector=". $selector . "&validator=" . $validator);
exit();
}
else if ($password != $passwordRepeat){
header("Location: ../create-new-password.php?newpwd=pwdnotsame&selector=". $selector . "&validator=" . $validator);
exit();
}
$currentDate = date("U");
require 'dbc.inc.php';
$sql = "SELECT * FROM pwdReset WHERE pwdResetSelector=? AND pwdResetExpires >= ?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
echo "There was an error. (1)";
exit();
}
else {
mysqli_stmt_bind_param($stmt, "ss", $selector, $currentDate);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if(!$row = mysqli_fetch_assoc($result)) {
echo "You need to re-submit your reset request. (1)";
exit();
}
else
{
$tokenBin = hex2bin($validator);
$tokenCheck = password_verify($tokenBin, $row["pwdResetToken"]);
if($tokenCheck == false)
{
echo "You need to re-submit your reset request. (2)";
exit();
}
else if ($tokenCheck == true)
{
$tokenEmail = $row['pwdResetEmail'];
$sql = "SELECT * FROM users WHERE emailUsers=?;";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
echo "There was an error. (2)";
exit();
}
else {
mysqli_stmt_bind_param($stmt, "s", $tokenEmail);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if(!$row = mysqli_fetch_assoc($result)) {
echo "There was an error. (3)";
exit();
}
else
{
$sql = "UPDATE users SET pwdUsers=? WHERE emailUsers=?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
echo "There was an error. (4)";
exit();
}
else {
$newPwdHash = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "ss", $newPwdHash, $tokenEmail);
mysqli_stmt_execute($stmt);
$sql = "DELETE FROM pwdReset WHERE pwdResetEmails=?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
echo "There was an error. (5)";
exit();
}
else {
mysqli_stmt_bind_param($stmt, "s", $tokenEmail);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?newpwd=passwordupdated");
}
}
}
}
}
}
}
}
else {
header("Location: ../index.php");
}
I figured out what was wrong. In the page the user would input their new password on also stores the selector and token, both of which I had misspelled value on. The script above works fine with a minor tweak to the bottom part.
The new hash part should be:
$newPwdHash = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "ss", $newPwdHash, $tokenEmail);
mysqli_stmt_execute($stmt);
$sql = "DELETE FROM pwdReset WHERE pwdResetEmail=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "There was an error 5";
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $tokenEmail);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?newpwd=passwordupdated");
}
Not what it was originally above.

Trying to read from two databases to check if an account exists

I am trying to create a login system that will load a different homepage based upon what database their information is stored in - Whether they're a customer or a business.
I have created my registration and it is okay when I am trying to check just one database and it will log them in successfully.
I am unsure where to put this bit of code for the second database though - I keep receiving errors whenever i place it somewhere, I have used a similar sort of code for the first database.
mysqli_stmt_bind_param($stmt2, "s", $ema);
mysqli_stmt_execute($stmt2);
$result2 = mysqli_stmt_get_result($stmt2);
This is the code in full.
} elseif (!empty($ema) AND !empty($pas)) {
$sql1 = "SELECT * FROM users1 WHERE email1=?;";
$sql2 = "SELECT * FROM users2 WHERE email2=?;";
$stmt1 = mysqli_stmt_init ($conn);
$stmt2 = mysqli_stmt_init ($conn1);
//Check if there was an error reading data from database
if (!mysqli_stmt_prepare($stmt1, $sql1) AND !mysqli_stmt_prepare($stmt2, $sql2)) {
header("Location: ../splash.php?error=sqlerror");
} else {
mysqli_stmt_bind_param($stmt1, "s", $ema);
mysqli_stmt_execute($stmt1);
$result1 = mysqli_stmt_get_result($stmt1);
if($row1 = mysqli_fetch_assoc($result1)) {
$pwdcheck1 = password_verify($pas, $row1['pwd1']);
if($pwdcheck1 == false) {
header("Location:../splash.php?error=wrongdetails");
exit();
//If a username and password in the business account correlate, then load the business index.
} elseif ($pwdcheck1 == true){
session_start();
$_SESSION['userlog1'] = $row1['idUsers1'];
header("Location: ../../b/index1.php?login=success");
exit();
}
} elseif ($row2 = mysqli_fetch_assoc($result2)) {
$pwdcheck2 = password_verify($pas, $row2['pwd2']);
if($pwdcheck2 == false) {
header("Location: ../splash.php?error=wrongdetails");
exit();
} elseif ($pwdcheck2 == true) {
session_start();
$_SESSION['userlog2'] = $row2['idUsers2'];
header("Location: ../../t/index2.php?login=success");
exit();
}
}
}
} else {
header("Location: ../splash.php?error=usernotfound");
}
Thanks!
The fact you should have a single users table aside, the problem is coming from the numerous conditions, every one of them being useless.
Basically if you need to get the results from two queries, then you should execute them right away, one by one. Without any intermediate conditions
$sql = "SELECT * FROM users1 WHERE email1=?;";
mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, "s", $ema);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result)
if (!$row) {
$sql = "SELECT * FROM users2 WHERE email2=?;";
mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, "s", $ema);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
}
Now you can check the password
if(($row && password_verify($pas, $row['pwd'])) {
// OK
} else {
// not OK
}

How to randomly select two strings?

I have decided to store the winner into another database table and then to use that to output the winner on another page... I have the following code but for some reason, my second query is not working and I have checked it through... All the variables are correct and my database table should be set up correctly:
<?php
include_once __DIR__.'/header2.php';
if(!isset($_SESSION['u_uid'])) {
echo "<meta http-equiv='refresh' content='0;url=index.php?level1promo_competitions_winner=notlogin'>";
exit();
} else {
if($_SESSION['u_permission'] == 0) {
echo "<meta http-equiv='refresh' content='0;url=header2.php?level1promo_competitions_winner=nopermission'>";
exit();
} else {
include_once __DIR__.'/includes/dbh.php';
$level1promo_competitions_winner_form = strip_tags($_POST['level1promo_competitions_winner_form']);
if ($level1promo_competitions_winner_form == $level1promo_competitions_winner_form) {
$limit = 1;
$sql = "SELECT * FROM level1promo_participants WHERE entry_id = ? ORDER BY RAND() LIMIT ?;";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error";
} else {
mysqli_stmt_bind_param($stmt, "si", $level1promo_competitions_winner_form, $limit);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$resultCheck = mysqli_num_rows($result);
if($resultCheck < 1) {
echo '<div class="nolevel1promo_competitions_winner">There are no Level 1 Promo Competition\'s Winner yet for that entry id</div>';
exit();
} else {
$row = mysqli_fetch_assoc($result);
$useruid = $row['user_uid'];
$email = $row['user_email'];
echo $level1promo_competitions_winner_form;
echo $useruid;
echo $email;
$sql2 = "INSERT INTO level1promo_winner (entry_id, user_uid, user_email) VALUES (?,?,?);";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql2)) {
echo "SQL statement failed";
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "sss", $levelpromo_competitions_winner_form, $useruid, $email);
mysqli_stmt_execute($stmt);
echo "<meta http-equiv='refresh' content='0;url=header2.php?level1promo_competitions_winner=success'>";
}
}
}
}
}
}
?>
You can do it easily by using below query. you don't need to put that much logic for it.
select column_name from table_name order by RAND() limit 1

CSS and nav bar issue when logged into live server

My site looks like this after login, without any navigation bar or css.
It should have included my header2.php file, which contains my nav bar and my css should be working.
Below is my code for login.php:
<?php
ob_start();
if (!isset($_POST['submit'])) {
header("Location: /../index.php?login=error");
exit();
} else {
include_once __DIR__.'/dbh.php';
include_once __DIR__.'/../header2.php';
$uid = strip_tags($_POST['uid']);
$pwd = strip_tags($_POST['password']);
$date = date("Y-m-d H:i:s");
$sql = "UPDATE users
SET user_session = ?
WHERE user_uid = ?;
";
$stmt = mysqli_stmt_init($conn);
//Prepare the prepared statement
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo 'SQL statement failed';
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "ss", $date, $_SESSION['u_uid']);
//Run parameters inside database
mysqli_stmt_execute($stmt);
// include error handlers:
// Check to see if the inputs are empty
//Check to see if user has activated his or her account before logging in
$user_activate = 0;
if(empty($uid) || empty($pwd)) {
echo "<meta http-equiv='refresh' content='0;url=../signup.php?signup=empty'>";
exit();
} else {
// Check to see if user has activated his or her account
$sql = "SELECT * FROM users WHERE user_activate = ? AND user_uid= ?;";
$stmt = mysqli_stmt_init($conn);
//Prepare the prepared statement
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo 'SQL statement failed';
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "is", $user_activate, $uid);
//Run parameters inside database
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$resultCheck = mysqli_num_rows($result);
if($resultCheck > 0) {
echo "<meta http-equiv='refresh' content='0;url=/../index.php?signup=notactivated'>";
exit();
} else {
// Check to see if the username exists in the database
$sql = "SELECT * FROM users WHERE user_uid = ? OR user_email = ?";
$stmt = mysqli_stmt_init($conn);
//Prepare the prepared statement
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo 'SQL statement failed';
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "ss", $uid, $uid);
//Run parameters inside database
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
echo "<meta http-equiv='refresh' content='0;url=/../index.php?login=notsignup'>";
exit();
} else {
// Does the password match the password in the database?
// while($row = mysqli_fetch_assoc($result));
if ($row = mysqli_fetch_assoc($result)) { // insert database results into an array
// De-hasing the password
$hashedPwdCheck = password_verify($pwd, $row['user_password']);
if ($hashedPwdCheck == false) {
$login_attempts = $row['login_attempts'];
$login_attempts += 1;
$sql2 = "UPDATE users
SET login_attempts = ?
WHERE user_uid = ?;
";
if (!mysqli_stmt_prepare($stmt, $sql2)) {
echo 'SQL statement failed';
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "is", $login_attempts, $uid);
//Run parameters inside database
mysqli_stmt_execute($stmt);
if ($row['login_attempts'] == 5) {
$login_attempts = 0;
$user_activate = 0;
$token = 'qqewreqreqwsdfdfdafcbvcQERFGHFGHGFHRETERTDF!##$%^^()';
$token = str_shuffle($token);
$token = substr($token, 0, 10);
$sql3 = "UPDATE users
SET user_activate = ?, user_token = ?, login_attempts = ?
WHERE user_uid = ?;
";
if (!mysqli_stmt_prepare($stmt, $sql3)) {
echo 'SQL statement failed';
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "isis", $user_activate, $token, $login_attempts, $uid);
//Run parameters inside database
mysqli_stmt_execute($stmt);
$company = "pianocourse101#hotmail.com";
$subject = "Account temporary deactivated due to fail login attempts";
$mailTo = $row['user_email'];
$headers = "From: ".$company;
$txt = "Dear".$row['user_first']."".$row['user_last'].", \n\nYour account has been temporary deactivated because either you or someone claiming to be you has failed to log into your account on more than 5 occasions! \n\n You can use the following information to reactivate your account: \n\n Your new token: ".$token."\n\nYou can either copy and paste the token into the relevant section or click on the following link: http://localhost/loginsystem/includes/activate.php?email=".htmlspecialchars($row['user_email'])."&activatetoken=".htmlspecialchars($token);
mail($mailTo, $subject, $txt, $headers);
}
}
echo "<meta http-equiv='refresh' content='0;url=/../index.php?login=passwordfailed'>";
exit();
}
} elseif ($hashedPwdCheck == true) {
// Log in the user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
$_SESSION['u_permission'] = $row['admin'];
$_SESSION['u_moderator'] = $row['moderator'];
$_SESSION['u_session'] = $row['user_session'];
$_SESSION['freelesson'] = $row['freelesson'];
$_SESSION['datejoined'] = $row['datejoined'];
$_SESSION['premium'] = $row['premium'];
// Insert into reward points when login
// Select names from rewards
$sql2 = "SELECT * FROM rewards WHERE user_uid = ?;";
$stmt = mysqli_stmt_init($conn);
//Prepare the prepared statement
if (!mysqli_stmt_prepare($stmt, $sql2)) {
echo 'SQL statement failed';
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "s", $uid);
//Run parameters inside database
mysqli_stmt_execute($stmt);
$result2 = mysqli_stmt_get_result($stmt);
$resultCheck2 = mysqli_num_rows($result2);
while ($row2 = mysqli_fetch_assoc($result2)) {
$_SESSION['u_reward_points'] = $row2['reward_points'];
$points = 100;
$_SESSION['u_reward_points'] += $points;
$sql = "UPDATE rewards
SET reward_points = ?
WHERE user_uid = ?;
";
$stmt = mysqli_stmt_init($conn);
//Prepare the prepared statement
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo 'SQL statement failed';
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "is", $_SESSION['u_reward_points'], $_SESSION['u_uid']);
//Run parameters inside database
mysqli_stmt_execute($stmt);
echo "<meta http-equiv='refresh' content='0;URL=/../header2.php?login=success' />" ;
exit();
}
}
}
}
}
}
}
}
}
}
}
}
ob_end_flush();
enter image description here
Make sure the CSS files are loaded properly if loaded from external files.
Always debug your scripts with enabled PHP Error Reporting!
The final output in the browser you can see the Source code - usually Ctrl+U, or you can debug with Developers tools - usually right click the page and do Inspect element Ctrl+Shift+I - Network tab might show you some errors, same in Console tab etc.
Both should help you to identify the problematic part of your coding.
it's seems like your css files aren't loaded.
you can check through your network tab if they do loaded.

how to use meta tag to redirect user

I am trying to get my view count to work in my forum and am thinking that I might need a unique column, so decided to give a tinyint and set a default to 1. If the user submits a new topic, it should say 1 and a reply should set it to 0 but for some reason, when I replied to my topic, it will set both back to 0 as shown below in my database:
This is the code for both my topic and reply section.... from my understanding, if I set the tinyint default to 1, I don't have to include it in my insert statement correct?
<? php
include_once 'header2.php';
if (!$_SESSION['u_uid']) {
header("Location: index.php?create_music_topic_process=notlogin");
exit();
} else {
include_once 'includes/dbh.php';
$topic_id = $_POST['topic_id'];
$cat = $_POST['cat'];
$admin = $_POST['admin'];
$topic_title = $_POST['topic_title'];
$topic_description = $_POST['topic_description'];
$date = date("Y-m-d H:i:s");
if (strlen($topic_title) < 1 || strlen($topic_title) > 64) {
echo "<meta http-equiv='refresh' content='0;url=display_music_forum_topics.php?cat=".$cat.
"&topic_id=".$topic_id.
"&create_music_topic_process=wronglength'>";
exit();
} else {
$sql = "INSERT INTO music_forum_topics (cat_id, topic_id, user_uid, topic_title, topic_description, date_created) VALUES (?,?,?,?,?,?);";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error";
} else {
mysqli_stmt_bind_param($stmt, "iissss", $cat, $topic_id, $_SESSION['u_uid'], $topic_title, $topic_description, $date);
mysqli_stmt_execute($stmt);
}
$sql2 = "SELECT * FROM music_forum_topics WHERE cat_id = ? AND topic_id = ?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql2)) {
echo "SQL error";
} else {
mysqli_stmt_bind_param($stmt, "ii", $cat, $topic_id);
mysqli_stmt_execute($stmt);
$result2 = mysqli_stmt_get_result($stmt);
$resultCheck2 = mysqli_num_rows($result2);
$row2 = mysqli_fetch_assoc($result2);
$id = $row2['id'];
}
echo "<meta http-equiv='refresh' content='0;url=display_music_forum.php?create_music_topic=success'>";
}
}
This is my reply code:
<? php
include_once 'header2.php';
if (!$_SESSION['u_uid']) {
header("Location: index.php?create_music_topics_process=notlogin");
exit();
} else {
if (!isset($_POST['submit'])) {
header("Location: create_music_topics_reply.php?create_music_topics_process=error");
exit();
} else {
$reply = $_POST['reply'];
$cat = $_POST['cat'];
$topic_id = $_POST['topic_id'];
$topic_title = $_POST['topic_title'];
$date = date("Y-m-d H:i:s");
$creator = $_POST['creator'];
$admin = $_POST['admin'];
$topic_reply = $row2['topic_reply'];
$topic_reply += 1;
$unique_id = $_POST['unique_id'];
$original_thread = 0;
$sql = "INSERT INTO music_forum_topics (cat_id, topic_id, original_thread, user_uid, topic_title, topic_description, date_reply) VALUES (?,?,?,?,?,?,?);";
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error";
} else {
mysqli_stmt_bind_param($stmt, "iiissss", $cat, $topic_id, $original_thread, $creator, $topic_title, $reply, $date);
mysqli_stmt_execute($stmt);
}
$sql2 = "SELECT * FROM music_forum_topics WHERE topic_id = ? AND cat_id = ?;";
$original_thread = 0;
if (!mysqli_stmt_prepare($stmt, $sql2)) {
echo "SQL error";
} else {
mysqli_stmt_bind_param($stmt, "ii", $topic_id, $cat);
mysqli_stmt_execute($stmt);
$result2 = mysqli_stmt_get_result($stmt);
$resultCheck2 = mysqli_num_rows($result2);
$sql3 = "UPDATE music_forum_topics
SET topic_reply = ?
WHERE original_thread = ?
";
if (!mysqli_stmt_prepare($stmt, $sql3)) {
echo "SQL error";
} else {
mysqli_stmt_bind_param($stmt, "ii", $resultCheck2, $original_thread);
mysqli_stmt_execute($stmt);
echo "<meta http-equiv='refresh' content='0;url=display_music_forum.php?create_music_topics_reply_process=success'>";
}
}
}
}
First you can try to manually insert the value into db from either tool which you are using to access your db.
If that work then it means that your code has an error else the error exists in your db only.

Categories