I made a page for user info containing a button for updating their info. When I change the fields and push the button, the info changed in the database and the web page shows everything is ok and changed, but when I refresh the page (after pushing the button), there the fields aren't changed and contain still the same info (but changed in data base). So how can I solve this?
Here is html codes:
<div class="custom-container">
<div class="row">
<div class="col-10">
<div class="user_content custom-container">
<div class="row">
<div class="col-11 fields">
<form method="post" action="user_updates.php">
<fieldset id="right">
<label>نام کاربری</label>
<br>
<input type="text" name="username" value="<?php echo $_SESSION["member_username"] ?>" disabled style="direction: ltr;">
<br><br>
<label>رمز عبور</label>
<br>
<input type="text" name="password" value="<?php echo $_SESSION["member_password"] ?>" style="direction: ltr;">
<br><br>
<label>نام</label>
<br>
<input type="text" name="first-name" value="<?php echo $_SESSION["member_name"] ?>">
<br><br>
<label>نام خانوادگی</label>
<br>
<input type="text" name="last-name" value="<?php echo $_SESSION["member_last_name"] ?>">
</fieldset>
<fieldset id="left">
<label>نام پدر</label>
<br>
<input type="text" name="father-name" value="<?php echo $_SESSION["member_father_name"] ?>">
<br><br>
<label>کد ملی</label>
<br>
<input type="text" name="melli-code" value="<?php echo $_SESSION["member_melli_code"] ?>" style="direction: ltr; font-family: Iran_Sans_M;">
<br><br>
<label>شماره موبایل</label>
<br>
<input type="text" name="mobile-number" value="<?php echo $_SESSION["member_mobile_number"] ?>" style="direction: ltr; font-family: Iran_Sans_M;">
<br><br>
<label>ایمیل</label>
<br>
<input type="email" name="email" value="<?php echo $_SESSION["member_email"] ?>" style="direction: ltr;">
</fieldset>
<input type="hidden" name="user-id" value="<?php echo $_SESSION["member_id"] ?>">
<input type="submit" name="change" value="ثبت تغییرات">
</form>
<?php
if (isset($_GET["empty"]))
{
echo '<div class="php_texts"> <p>لطفاً تمامی قسمت ها رو پر نمایید.</p> </div>';
}
if (isset($_GET["changes"]))
{
echo '<div class="php_texts"> <p>اطلاعات با موفقیت ویرایش شد.</p> </div>';
}
if (isset($_GET["error"]))
{
echo '<div class="php_texts"> <p>عدم ارتباط با سرور.</p> </div>';
}
?>
</div>
</div>
</div> <!-- User Content-->
</div> <!-- User Content-->
and here is php codes:
<!-- General Codes-->
include("connect_to_sql.php");
session_start();
if(isset($_POST["change"]))
{
$password = $_POST["password"];
$first_name = $_POST["first-name"];
$last_name = $_POST["last-name"];
$father_name = $_POST["father-name"];
$melli_code = $_POST["melli-code"];
$mobile_number = $_POST["mobile-number"];
$email = $_POST["email"];
$id = $_POST["user-id"];
if (empty($username) && empty($password) && empty($first_name) && empty($last_name) && empty($father_name) && empty($melli_code) && empty($mobile_number) && empty($email))
{
header("location:user_changes.php?empty=fill+all+fields");
exit;
}
if (isset($_SESSION["member_username"]))
{
$member_update= "UPDATE `member_info` SET `password` = '".$password."', `first_name` = '".$first_name."', `last_name` = '".$last_name."', `father_name` = '".$father_name."', `melli_code` = '".$melli_code."', `mobile_number` = '".$mobile_number."', `email` = '".$email."' WHERE `member_info`.`id` = '".$id."';";
$member_query = mysqli_query($connect_to_mysql,$member_update);
#$member_fetch = mysqli_fetch_assoc($member_query);
if($member_query)
{
header("location:user_changes.php?changes=ok");
exit;
}
else
{
header("location:user_changes.php?error=data+base");
exit;
}
}
}
The main problem is that you read the information for the user from the session, but never write the updated data into the session.
So either rewrite the values to the session in the if($member_query) block or fetch and map the actual values from the database on each page load to the session.
Another huge issue of your code is that it's vulnerable for SQL Injection attacks.
Related
I have 4 forms in my PHP Project. Index.php will store the user's name and id number then they may click next and it will take them to Form2.php. Form2.php will store some random answers of theirs, Form3.php will do the same as Form2 and Form4.php will store a few details then the user can click submit and the record should save in my DB. The issue I am having is that my ID number field is a unique field, and I want an error to show on Index.php when the user clicks Next if the ID input is the same as one in the DB. Currently, it is showing after the submit button is clicked in the last Form. Is there any way to do this?
Index.php
<body>
<center>
<div class="div2">
<h1>Welcome</h1>
<form action="form2.php" method="post">
<p>
<label for="firstName">Named:</label>
<input size="30" class="rounded-input" type="text" name="name" id="name" autocomplete="off" required>
</p>
<p>
<label for="lastName">S ID:</label>
<input size="30" class="rounded-input" type="text" name="Sid" id="Sid" autocomplete="off" required>
</p>
<input class="btn" type="submit" value="Next" style="float: right;">
</form>
</div>
</center>
</body>
Form2.php:
<?php
session_start();
$_SESSION['name'] = $_POST['name'];
$_SESSION['Sid'] = $_POST['Sid'];
?>
<div class="div2">
<h1>How disappointed would you be if this product ceased to exist?</h1>
<form action="form3.php" method="post">
<input type="radio" style="height:20px; width:20px;" required
name="product_exist_satisfaction"
<?php if (isset($product_exist_satisfaction) && $product_exist_satisfaction == "Very disappointed") echo "checked"; ?>
value="Very disappointed">
<label style="font-size: 20px;"> Very disappointed</label><br />
<input type="radio" style="height:20px; width:20px;" required
name="product_exist_satisfaction"
<?php if (isset($product_exist_satisfaction) && $product_exist_satisfaction == "Mildly disappointed") echo "checked"; ?>
value="Mildly disappointed">
<label style="font-size: 20px;"> Mildly disappointed</label><br />
<input type="radio" style="height:20px; width:20px;" required
name="product_exist_satisfaction"
<?php if (isset($product_exist_satisfaction) && $product_exist_satisfaction == "Not at all") echo "checked"; ?>
value="Not at all">
<label style="font-size: 20px;"> Not at all</label><br />
<input type="button" onclick="history.back()"
value="Previous" style="float: left;">
<input type="submit" value="Next" style="float: right;">
</form>
</div>
Insert.php
<?php
session_start();
?>
<body>
<div class="div2">
<?php
$conn = mysqli_connect("localhost", "root", "", "survey");
if ($conn === false) {
die("ERROR: Could not connect. "
. mysqli_connect_error());
}
$stmt = $conn->prepare('insert into `cus_survey`
( `fullname`, `Sid`, `product_exist_satisfaction`,
`system_battery_runout`, `rank_appliances` )
values (?, ?, ?, ?, ?)');
$stmt->bind_param('sssss', $_SESSION['fullname'], $_SESSION['Sid'],
$_SESSION['product_exist_satisfaction'],
$_SESSION['system_battery_runout'],
$_POST['rank_sequence']);
$stmt->execute();
$msg = ($stmt->affected_rows == 1)
? 'Your survey was captured successfully. Thank You!'!'
: 'Sorry, your S ID is used already, Please use another and resubmit.' . "<h3><a href='/index.php'>Click here to edit your S ID</a></h3>" . mysqli_connect_error();
$stmt->close();
$conn->close();
printf('<h3>%s</h3>', $msg);
?>
</div>
</body>
I have not checked the code, but the basic steps are:
-In your index.php, you could post the index to self, by changing to action="<?php echo $_SERVER['PHP_SELF']; ?>"
-You would then run a select query for the Sid
-If Sid is not already in sql table, then you would redirect to form2.php
-else you have Sid already, then set the error message and then display of the index form with the error message.
<?php
// Start/resume sessions
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
//set your error message to empty string
$error_message = "";
// ensure that you actually have values to check
if ((isset($_POST['name'])) &&(isset($_POST['Sid']))) {
// use select statement to verify that the Sid is not already in table
$sql_check = 'SELECT Sid FROM cus_survey...
//...
//... put your check on the result of select statement
if (Sid not already there) {
// redirect to form 2
header("Location: form2.php");
}else{
// If Sid already used found, populate the error message, which will get displayed in your body
$error_message = "Sorry, your S ID is used already, Please use another and submit.";
}
}
?>
<body>
<center>
<div class="div2">
<?php if ($error_message != ""){
?>
<h1>Oops: <?php echo "{$error_message}"; ?></h1>
<?php
}else{
?>
<h1>Welcome</h1>
<?php
};
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>
<label for="firstName">Named:</label>
<input size="30" class="rounded-input" type="text" name="name" id="name" autocomplete="off" required>
</p>
<p>
<label for="lastName">S ID:</label>
<input size="30" class="rounded-input" type="text" name="Sid" id="Sid" autocomplete="off" required>
</p>
<input class="btn" type="submit" value="Next" style="float: right;">
</form>
</div>
</center>
</body>
im having a problem when trying to implement a edit page in php.
Getting items from the database doesent pose any problem, yet trying to update it tells me that i have missed a field and trying to skip the check just leaves me with a unedited table.
To explain more, there is a page that directs to this one while passing on a id (propertyID) veriable and from that we use it to grab the desired variables.
Can anyone look at the code and tell me what i have done wrong, i have prevously got a similar page working and am getting quite flustered trying to figure out why this one isent.
<?php
// Start sessions
include('includes/security.inc.php');
authorise();
if (!isset($_GET['propertyID']) || !is_numeric($_GET['propertyID']))
{
header('Location:./houselist.php');
}
else
{
// Include connection file
include('includes/connection.inc.php');
// Get details
connect();
$propertyID = $_GET['propertyID'];
$sql = "SELECT * FROM Properties WHERE propertyID='$propertyID' LIMIT 1";
$result = #mysql_query($sql) or die('Unable to run query');
$record = mysql_fetch_object($result);
mysql_close();
// Check to see if the form has been submitted
if (isset($_POST['submit']))
{
// Check to see all fields have been completed
$address = $_POST['address'];
$categoryID = $_POST['categoryID'];
$price = $_POST['price'];
$landlordName = $_POST['landlordName'];
$img = $_POST['img'];
$description= $_POST['description'];
if (!empty($address) && !empty($categoryID) && !empty($price) && !empty($landlordName) && !empty($img) && !empty($description))
{
// Create an SQL query to add the comment
$sql = "UPDATE property SET propertyID = '$propertyID', img = '$img', address = '$address', price = '$price', landlordName = '$landlordName', description = '$description' WHERE propertyID = $propertyID";
// Connect to the database
connect();
// Run the query and store the result in a variable
$result = mysql_query($sql) or die("Could not run query1");
// Close connection to the database
mysql_close();
// Check if query was successful
if ($result)
{
$message = '<div class="success"><p>You have successfully edited Article details.</p><p>Please Click Here to view the Animal list.</p></div>';
}
else
{
$message = '<div class="error"><p>There was an error editing details, please try again</p></div>';
}
}
else
{
$message = '<div class="error"><p>Please make sure you fill all fields in before submitting the form.</p></div>';
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="css/960.css"/>
<link rel="stylesheet" type="text/css" href="css/demo.css"/>
<link rel="stylesheet" type="text/css" href="css/960_24_col.css"/>
<link rel="stylesheet" type="text/css" href="css/reset.css"/>
<link rel="stylesheet" type="text/css" href="css/text.css"/>
<link rel="stylesheet" type="text/css" href="css/style.css"/>
<title>Complete Property Solutions</title>
<title>Homescreen - Complete Property Solutions</title>
</head>
<body>
<div class="container_24" id="container">
<div class="grid_24" id="banner">
<img src="img/banner.png" width="960" height="92" />
</div>
<div class="grid_18" id="nav" align="right">
<ul id="topnav">
<li>Home</li>
<li>Properties</li>
<li>Landlords</li>
<li>Tenants</li>
<li>Logout</li>
</ul>
</div>
<div class="grid_6" id="search" align="right">
<form action="search.php" method="GET">
<input type="text" name="term" size="15">
<input type="submit" value="Search">
</form>
</div>
</div>
<div class="container_24" id="container" align="center">
<div id="container">
<form id="PropertyEdit" name="PropertyEdit" method="post" action="<? echo $_SERVER['PHP_SELF'] . "?propertyID=" . $propertyID; ?>">
<input type="hidden" name="propertyID" id="propertyID" value="<?php echo $propertyID; ?>" />
<?php
if (isset($message))
{
echo $message;
}
else
{
?>
<div class="label"><label for="propertyID"></label></div>
<div class="input"><input type="hidden" name="propertyID" id="propertyID" tabindex="1" value="<? echo $record->propertyID; ?>" /></div>
<br />
<div class="label"><label for="categoryID">Category</label></div>
<div class="input"><input type="text" name="categoryID" id="categoryID" tabindex="1" value="<? echo $record->categoryID; ?>" /></div>
<br />
<div class="label">
<label for="address">Address:</label></div>
<div class="input"><input type="text" name="address" id="address" tabindex="1" value="<? echo $record->address; ?>" /></div>
<br />
<div class="label"><label for="price">Price:</label></div>
<div class="input"><input type="text" name="Price" id="price" tabindex="3" value="<? echo $record->price; ?>" /></div>
<div class="label"><label for="landlordName">Landlord</label></div>
<div class="input"><input type="text" name="landlordName" id="landlordName" tabindex="1" value="<? echo $record->landlordName; ?>" /></div>
<br />
<div class="label"><label for="img">Image</label></div>
<div class="input"><input type="text" name="img" id="img" tabindex="1" value="<? echo $record->img; ?>" /></div>
<br />
<div class="label"><label for="description">Description:</label></div>
<div class="input"><textarea name="description" id="description" cols="50" rows="10" tabindex="5"><? echo $record->description; ?></textarea></div>
<br />
<div class="label"> </div>
<div class="input">
<input type="reset" name="reset" id="reset" value="Reset" tabindex="6" />
<input type="submit" name="submit" id="submit" value="Submit" tabindex="7" />
</div>
<p class="normal">Click Here to Return to the Home page</p>
<?php
}
?>
</form> </div>
</div>
</body>
</html>
<?php
}
?>
my best guess for the problem would revolve around
// Check to see if the form has been submitted
if (isset($_POST['submit']))
{
// Check to see all fields have been completed
$address = $_POST['address'];
$categoryID = $_POST['categoryID'];
$price = $_POST['price'];
$landlordName = $_POST['landlordName'];
$img = $_POST['img'];
$description= $_POST['description'];
if (!empty($address) && !empty($categoryID) && !empty($price) && !empty($landlordName) && !empty($img) && !empty($description))
{
// Create an SQL query to add the comment
$sql = "UPDATE property SET propertyID = '$propertyID', img = '$img', address = '$address', price = '$price', landlordName = '$landlordName', description = '$description' WHERE propertyID = $propertyID";
// Connect to the database
connect();
// Run the query and store the result in a variable
$result = mysql_query($sql) or die("Could not run query1");
// Close connection to the database
mysql_close();
// Check if query was successful
if ($result)
{
$message = '<div class="success"><p>You have successfully edited Article details.</p><p>Please Click Here to view the Animal list.</p></div>';
}
else
{
$message = '<div class="error"><p>There was an error editing details, please try again</p></div>';
}
}
else
{
$message = '<div class="error"><p>Please make sure you fill all fields in before submitting the form.</p></div>';
}
}
And the below section, my problem is that im not sure where exactly
<div class="container_24" id="container" align="center">
<div id="container">
<form id="PropertyEdit" name="PropertyEdit" method="post" action="<? echo $_SERVER['PHP_SELF'] . "?propertyID=" . $propertyID; ?>">
<input type="hidden" name="propertyID" id="propertyID" value="<?php echo $propertyID; ?>" />
<?php
if (isset($message))
{
echo $message;
}
else
{
?>
<div class="label"><label for="propertyID"></label></div>
<div class="input"><input type="hidden" name="propertyID" id="propertyID" tabindex="1" value="<? echo $record->propertyID; ?>" /></div>
<br />
<div class="label"><label for="categoryID">Category</label></div>
<div class="input"><input type="text" name="categoryID" id="categoryID" tabindex="1" value="<? echo $record->categoryID; ?>" /></div>
<br />
<div class="label">
<label for="address">Address:</label></div>
<div class="input"><input type="text" name="address" id="address" tabindex="1" value="<? echo $record->address; ?>" /></div>
<br />
<div class="label"><label for="price">Price:</label></div>
<div class="input"><input type="text" name="Price" id="price" tabindex="3" value="<? echo $record->price; ?>" /></div>
<div class="label"><label for="landlordName">Landlord</label></div>
<div class="input"><input type="text" name="landlordName" id="landlordName" tabindex="1" value="<? echo $record->landlordName; ?>" /></div>
<br />
<div class="label"><label for="img">Image</label></div>
<div class="input"><input type="text" name="img" id="img" tabindex="1" value="<? echo $record->img; ?>" /></div>
<br />
<div class="label"><label for="description">Description:</label></div>
<div class="input"><textarea name="description" id="description" cols="50" rows="10" tabindex="5"><? echo $record->description; ?></textarea></div>
<br />
<div class="label"> </div>
<div class="input">
<input type="reset" name="reset" id="reset" value="Reset" tabindex="6" />
<input type="submit" name="submit" id="submit" value="Submit" tabindex="7" />
This code is just refreshing my page. I cant see any errors. Maybe someone else can see the error here in code? I have the same code in two other pages and they do UPDATE.
The code below is in one page:
<body>
<?php
$query=mysqli_connect("localhost","user","","mydb") or die ("Ne moga da se svyrja s bazata danni.");
if(isset($_GET['id']))
{
$id=$_GET['id'];
if(isset($_POST['submit']))
{
$datetime=$_POST['datetime'];
$vlekach_teltur=$_POST['vlekach_teltur'];
$driver1=$_POST['driver1'];
$telnomer=$_POST['telnomer'];
$belejka=$_POST['belejka'];
$user=$_POST['user'];
mysqli_set_charset($query,"utf8");
$sql="update teltur set datetime = '$datetime', vlekach_teltur = '$vlekach_teltur', driver1 = '$driver1', telnomer = '$telnomer', belejka = '$belejka', user = '$user' where id='$id'";
$query3 = mysqli_query($query, $sql) or trigger_error("Query Failed! SQL: $sql - Error: ".mysqli_error(), E_USER_ERROR);
if(mysqli_query($query3, $sql)){
echo "
<!DOCTYPE html>
<script>
function redir()
{
alert('Успешен запис!');
window.location.assign('index.php');
}
</script>
<body onload='redir();'></body>";
}
else{
echo "Не успешен запис, свържете се с администратора $query3. " . mysqli_error($query);
}
}
mysqli_set_charset($query,"utf8");
$sql2="select * from teltur where id='$id'";
$query1=mysqli_query($query, $sql2);
$query2=mysqli_fetch_array($query1);
?>
<h3 style="text-align:center;">Редакция на телефони Турция</h3>
<form id="docContainer" class="fb-toplabel fb-100-item-column selected- object" enctype="multipart/form-data" method="post" action="">
<div id="section1" class="section">
<div id="column1" class="column ui-sortable">
<div class="fb-grouplabel">
<p>Дата<input type="text" id="datetime" name="datetime" value="<?php echo $query2['datetime']; ?>"/>
<label id="datecheckalert" style="color: red; font-style: italic;"> </label></p>
</div>
<p>Влекач:
<input type="text" name="typeahead" class="typeahead tt-query" autocomplete="on" spellcheck="false" value="<?php echo $query2['vlekach_teltur']; ?>">
</p>
<div id="scrollable-dropdown-menu">
<p>Шофьор:
<input type="text" name="driver1" class="driver1 tt-query" autocomplete="on" spellcheck="false" value="<?php echo $query2['driver1']; ?>">
</p>
</div>
<div id="scrollable-dropdown-menu">
<p>Телефонен номер:
<input type="text" name="telnomer" class="telnomer tt-query" autocomplete="on" spellcheck="false" value="<?php echo $query2['telnomer']; ?>"/>
</p>
</div>
<p>Забележка:
<input type="text" name="belejka" value="<?php echo $query2['belejka']; ?>"/>
</p>
<p>Потребител:
<select id="user" name="user">
<option value="<?php echo $query2['user']; ?>"><?php echo $query2['user']; ?></option>
</select></p>
<p align="center">
<input type="submit" value="ЗАПИС" />
</p>
</div>
</div>
<?php
}
?>
</form>
</body>
I have error reporting as you see but no errors found.
Yeah im so stupid, i missed to name the Submit button.
<input type="submit" value="ЗАПИС" />
Changed to this code: <input type="submit" name="submit" value="ЗАПИС" />
I spend tree hours and after make a post here i found it by my self.
Can some one just delete this thread?
This is my admin_edit.php code. I already checked others php file and found no problem. This code has no errors but it can't update data in database.
<?php require_once('header.php'); ?>
<?php
if($_GET && !$_POST)
{
if(isset($_GET['id']) && is_numeric($_GET['id']))
{
$id = $_GET['id'];
}
else
{
$id = NULL;
}
if($id)
{
$sql = "SELECT * FROM tb_admin WHERE id_admin=$id";
$query = mysql_query($sql) or die(mysql_error());
$hasil = mysql_fetch_array($query) or die(mysql_error());
}
}
elseif($_POST)
{
$id = $_POST['id_admin'];
$nama = $_POST['nama'];
$username = $_POST['username'];
$password = md5($_POST['password']);
if($nama=='' || $username=='' || $password=='')
{
$error = 'Nama, Username dan Password diisi tidak boleh kosong';
}
else
{
$sql = "UPDATE tb_admin SET nama='$nama', username='$username', password='$password' WHERE id_admin='$id'";
mysql_query($sql) or die(mysql_error());
$_SESSION['PESAN'] = 'Berhasil merubah user !';
refresh('admin.php');
}
}
?>
<form method="post" action="" enctype="multipart/form-data">
<fieldset>
<legend> Ubah Admin </legend>
<?php if(isset($error)) echo '<div class="control-group"><div class="alert alert-error">'.$error.'</div></div>';
?>
<div>
<label for="nama">Nama</label>
<input id="nama" name="nama" class="span4" type="text" required="required" value="<?php echo $hasil['username']; ?>"/>
</div>
<div>
<label for="username">Username</label>
<input id="username" name="username" type="text" required="required" value="<?php echo $hasil['username']; ?>"/>
</div>
<div>
<label for="password">Password</label>
<input id="password" name="password" class="wide" type="password" required="required" value=""/>
</div>
<div class="form-actions">
<button type="submit" name="submit" class="btn btn-primary" value="Edit">Simpan</button>
<button type="button" class="btn" onclick="javascript: if(confirm('Anda yakin untuk batal ?')) window.location.href='admin.php'; else return false; ">Batal</button>
<input name="id" type="hidden" value="<?php if(isset($_POST['id'])) echo $_POST['id']; else echo $hasil['id_admin'];?>">
</div>
</fieldset>
</form>
<?php require_once('footer.php'); ?>
I researched this problem for almost half a day and found no solution. Sorry for my bad english.
You are using name="id" instead of name="id_admin" as well as $_POST['id']
instead of $_POST['id_admin']
Change
<input name="id" type="hidden" value="<?php if(isset($_POST['id'])) echo $_POST['id']; else echo $hasil['id_admin'];?>">
to
<input name="id_admin" type="hidden" value="<?php if(isset($_POST['id_admin'])) echo $_POST['id_admin']; else echo $hasil['id_admin'];?>">
Your WHERE clause depends on it.
WHERE id_admin='$id'
Your present code is open to SQL injection.
Use mysqli with prepared statements, or PDO with prepared statements.
I have a working registration and login system. I am trying to create a form where a user can add product registration info (via mysql update). I can't seem to get the db to actually update the fields. What am I missing here?!?
<?php
define('INCLUDE_CHECK',true);
require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined
session_name('tzLogin');
// Starting the session
session_set_cookie_params(2*7*24*60*60);
// Making the cookie live for 2 weeks
session_start();
if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])
{
// If you are logged in, but you don't have the tzRemember cookie (browser restart)
// and you have not checked the rememberMe checkbox:
$_SESSION = array();
session_destroy();
// Destroy the session
}
if(isset($_GET['logoff']))
{
$_SESSION = array();
session_destroy();
header("Location: index_login3.php");
exit;
}
if($_POST['submit']=='Login')
{
// Checking whether the Login form has been submitted
$err = array();
// Will hold our errors
if(!$_POST['username'] || !$_POST['password'])
$err[] = 'All the fields must be filled in!';
if(!count($err))
{
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$_POST['rememberMe'] = (int)$_POST['rememberMe'];
// Escaping all input data
$row = mysql_fetch_assoc(mysql_query("SELECT * FROM electrix_users WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));
if($row['usr'])
{
// If everything is OK login
$_SESSION['usr']=$row['usr'];
$_SESSION['id'] = $row['id'];
$_SESSION['email'] = $row['email'];
$_SESSION['first'] = $row['first'];
$_SESSION['last'] = $row['last'];
$_SESSION['address1'] = $row['address1'];
$_SESSION['address2'] = $row['address2'];
$_SESSION['city'] = $row['city'];
$_SESSION['state'] = $row['state'];
$_SESSION['zip'] = $row['zip'];
$_SESSION['country'] = $row['country'];
$_SESSION['product1'] = $row['product1'];
$_SESSION['serial1'] = $row['serial1'];
$_SESSION['product2'] = $row['product2'];
$_SESSION['serial2'] = $row['serial2'];
$_SESSION['product3'] = $row['product3'];
$_SESSION['serial3'] = $row['serial3'];
$_SESSION['rememberMe'] = $_POST['rememberMe'];
// Store some data in the session
setcookie('tzRemember',$_POST['rememberMe']);
}
else $err[]='Wrong username and/or password!';
}
if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
// Save the error messages in the session
header("Location: index_login3.php");
exit;
}
else if($_POST['submit']=='Register')
{
// If the Register form has been submitted
$err = array();
if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32)
{
$err[]='Your username must be between 3 and 32 characters!';
}
if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username']))
{
$err[]='Your username contains invalid characters!';
}
if(!checkEmail($_POST['email']))
{
$err[]='Your email is not valid!';
}
if(!count($err))
{
// If there are no errors
$pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);
// Generate a random password
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['first'] = mysql_real_escape_string($_POST['first']);
$_POST['last'] = mysql_real_escape_string($_POST['last']);
$_POST['address1'] = mysql_real_escape_string($_POST['address1']);
$_POST['address2'] = mysql_real_escape_string($_POST['address2']);
$_POST['city'] = mysql_real_escape_string($_POST['city']);
$_POST['state'] = mysql_real_escape_string($_POST['state']);
$_POST['zip'] = mysql_real_escape_string($_POST['zip']);
$_POST['country'] = mysql_real_escape_string($_POST['country']);
// Escape the input data
mysql_query(" INSERT INTO electrix_users(usr,pass,email,first,last,address1,address2,city,state,zip,country,regIP,dt)
VALUES(
'".$_POST['username']."',
'".md5($pass)."',
'".$_POST['email']."',
'".$_POST['first']."',
'".$_POST['last']."',
'".$_POST['address1']."',
'".$_POST['address2']."',
'".$_POST['city']."',
'".$_POST['state']."',
'".$_POST['zip']."',
'".$_POST['country']."',
'".$_SERVER['REMOTE_ADDR']."',
NOW()
)");
if(mysql_affected_rows($link)==1)
{
send_mail( 'noreply#electrixpro.com',
$_POST['email'],
'Your New Electrix User Password',
'Thank you for registering at www.electrixpro.com. Your password is: '.$pass);
$_SESSION['msg']['reg-success']='We sent you an email with your new password!';
}
else $err[]='This username is already taken!';
}
if(count($err))
{
$_SESSION['msg']['reg-err'] = implode('<br />',$err);
}
header("Location: index_login3.php");
exit;
}
if($_POST['submit']=='Update')
{
{
mysql_query(" UPDATE electrix_users(product1,serial1,product2,serial2,product3,serial3) WHERE usr='{$_POST['username']}'
VALUES(
'".$_POST['product1']."',
'".$_POST['serial1']."',
'".$_POST['product2']."',
'".$_POST['serial2']."',
'".$_POST['product3']."',
'".$_POST['serial3']."',
)");
if(mysql_affected_rows($link)==1)
{
$_SESSION['msg']['upd-success']='Thank you for registering your Electrix product';
}
else $err[]='So Sad!';
}
if(count($err))
{
$_SESSION['msg']['upd-err'] = implode('<br />',$err);
}
header("Location: index_login3.php");
exit;
}
if($_SESSION['msg'])
{
// The script below shows the sliding panel on page load
$script = '
<script type="text/javascript">
$(function(){
$("div#panel").show();
$("#toggle a").toggle();
});
</script>';
}
?>
Here are the forms:
<!-- Panel -->
<div id="toppanel">
<div id="panel">
<div class="content clearfix">
<div class="left">
<h1>My Electrix Account </h1>
<p class="grey">View and edit your contact information and product registrations</p>
</div>
<?php
if(!$_SESSION['id']):
?>
<div class="left">
<!-- Login Form -->
<form class="clearfix" action="" method="post">
<h1>Member Login</h1>
<?php
if($_SESSION['msg']['login-err'])
{
echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>';
unset($_SESSION['msg']['login-err']);
}
?>
<label class="grey" for="username">Username:</label>
<input class="field" type="text" name="username" id="username" value="" size="23" />
<label class="grey" for="password">Password:</label>
<input class="field" type="password" name="password" id="password" size="23" />
<label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> Remember me</label>
<div class="clear"></div>
<input type="submit" name="submit" value="Login" class="bt_login" />
</form>
</div>
<div class="left right">
<!-- Register Form -->
<form action="" method="post">
<h1>Not a member yet? Sign Up!</h1>
<?php
if($_SESSION['msg']['reg-err'])
{
echo '<div class="err">'.$_SESSION['msg']['reg-err'].'</div>';
unset($_SESSION['msg']['reg-err']);
}
if($_SESSION['msg']['reg-success'])
{
echo '<div class="success">'.$_SESSION['msg']['reg-success'].'</div>';
unset($_SESSION['msg']['reg-success']);
}
?>
<label class="grey" for="username">Username*:</label>
<input class="field" type="text" name="username" id="username" value="" size="23" />
<label class="grey" for="email">Email*:</label>
<input class="field" type="text" name="email" id="email" size="23" />
<label class="grey" for="first">First Name:</label>
<input class="field" type="text" name="first" id="first" size="23" />
<label class="grey" for="last">Last Name:</label>
<input class="field" type="text" name="last" id="last" size="23" />
<label class="grey" for="address1">Address line 1:</label>
<input class="field" type="text" name="address1" id="address1" size="23" />
<label class="grey" for="address2">Address line 2:</label>
<input class="field" type="text" name="address2" id="address2" size="23" />
<label class="grey" for="city">City:</label>
<input class="field" type="text" name="city" id="city" size="23" />
<label class="grey" for="state">State/Province:</label>
<input class="field" type="text" name="state" id="state" size="23" />
<label class="grey" for="zip">Zip/Postal Code:</label>
<input class="field" type="text" name="zip" id="zip" size="23" />
<label class="grey" for="country">Country:</label>
<input class="field" type="text" name="country" id="country" size="23" />
<p>
<label>A password will be e-mailed to you.</label>
<input type="submit" name="submit" value="Register" class="bt_register" />
</p>
</form>
</div>
<?php
else:
?>
<div class="left">
<h1>User Information</h1>
<p>
<?php echo $_SESSION['first']; ?>
<?php echo $_SESSION['last']; ?><br />
<?php echo $_SESSION['address1']; ?>
<?php echo $_SESSION['address2']; ?><br />
<?php echo $_SESSION['city']; ?>,
<?php echo $_SESSION['state']; ?>
<?php echo $_SESSION['zip']; ?><br />
<?php echo $_SESSION['country']; ?>
</p>
<p>Email: <?php echo $_SESSION['email']; ?></p>
<p>Downloads</p>
Log off
</div>
<div class="left right">
<!-- Product Registration Form -->
<form class="clearfix" action="" method="post">
<h1>Product Registration</h1>
<?php
if($_SESSION['msg']['upd-err'])
{
echo '<div class="err">'.$_SESSION['msg']['upd-err'].'</div>';
unset($_SESSION['msg']['upd-err']);
}
if($_SESSION['msg']['upd-success'])
{
echo '<div class="success">'.$_SESSION['msg']['upd-success'].'</div>';
unset($_SESSION['msg']['upd-success']);
}
?>
<label class="grey" for="product1">Product 1:</label>
<input class="field" type="text" name="product1" id="product1" value="<?php echo $_SESSION['product1']; ?>" size="23" />
<label class="grey" for="serial1">Serial 1:</label>
<input class="field" type="text" name="serial1" id="serial1" value="<?php echo $_SESSION['serial1']; ?>" size="23" />
<label class="grey" for="product2">Product 2:</label>
<input class="field" type="text" name="product2" id="product2" value="<?php echo $_SESSION['product2']; ?>" size="23" />
<label class="grey" for="serial2">Serial 2:</label>
<input class="field" type="text" name="serial2" id="serial2" value="<?php echo $_SESSION['serial2']; ?>" size="23" />
<label class="grey" for="product3">Product 3:</label>
<input class="field" type="text" name="product3" id="product3" value="<?php echo $_SESSION['product3']; ?>" size="23" />
<label class="grey" for="serial3">Serial 3:</label>
<input class="field" type="text" name="serial3" id="serial3" value="<?php echo $_SESSION['serial3']; ?>" size="23" />
<div class="clear"></div>
<input type="submit" name="submit" value="Update" class="bt_login" />
</form>
</div>
<?php
endif;
?>
</div>
</div> <!-- /login -->
<!-- The tab on top -->
<div class="tab">
<ul class="login">
<li class="left"> </li>
<li>Hello <?php echo $_SESSION['usr'] ? $_SESSION['usr'] : 'Guest';?>!</li>
<li class="sep">|</li>
<li id="toggle">
<a id="open" class="open" href="#"><?php echo $_SESSION['id']?'Open Panel':'Log In | Register';?></a>
<a id="close" style="display: none;" class="close" href="#">Close Panel</a>
</li>
<li class="right"> </li>
</ul>
</div> <!-- / top -->
</div> <!--panel -->
Your update query is way off. You need to do it in the form of
UPDATE `tablename`
SET col1=`value`,col2=`val2`
WHERE wherecol=`whereval`
change your query and see if that helps.
your query should be
UPDATE electrix_users
SET
product1= $_POST['product1'],
serial1 = $_POST['serial1'],
product2 = $_POST['product2'],
serial2 = $_POST['serial2'],
product3 = $_POST['product3'],
serial3 = $_POST['serial3']
WHERE usr=$_POST['username']
However you should always clean for sql injection on any user entered data. I did not do this in the example as this is something you should do in your own way. This example is given to you as an example and does not prevent any kind of sql injection as it stands now.
ALWAYS DO WHAT YOU CAN TO PREVENT SQL INJECTION!