I'm working on attendance base on login and logout, Is there a way I can make this code work, I'm having a problem on after successfully update the data it will go to another notepad and in there it has a select query that will display the image and basic info of user. But when I tried to logout it displays different user info and images.
Here is my code for php:
<?php
include_once ('connection.php');
if(isset($_POST['submit']))
{
$username2 = $_POST['username2'];
$password1= $_POST['password1'];
$time=date("H:i:s");
$sql = mysqli_query($conn,"SELECT tbl_visitor.Birthday,tbl_visitor.School_Company,tbl_visitor.Contact_number,tbl_visitor.Visitor_Address,tbl_visitor.image,tbl_visitor.Visitor_username,tbl_visitor.Visitor_id,tbl_visitor.Visitor_password,concat(Visitor_first_name,'',Visitor_last_name) as name,
tbl_visitor_form.Time_in,tbl_visitor_form.Time_out , tbl_visitor_form.Number FROM tbl_visitor LEFT JOIN tbl_visitor_form on tbl_visitor.Visitor_id = tbl_visitor_form.Visitor_id WHERE tbl_visitor.Visitor_username = '$username2' and tbl_visitor.Visitor_password = '$password1'
order by Number DESC limit 1");
$count = mysqli_num_rows($sql);
if ($count == 0) {
$_SESSION['error_message'] = "Incorrect username or password";
header("Location:logout.php?");
} else{
while ($row = mysqli_fetch_array($sql)) {
$username2 = $row['Visitor_username'];
$password1 = $row['Visitor_password'];
$name=$row['name'];
$id=$row['Visitor_id'];
$image=$row['image'];
if(empty($row['Time_in'])) {
header("location:visitorvalidate1.php");
} else if(empty($row['Time_out'])){
$InsertSql = "Update tbl_visitor_form set Time_out = '$time' where Visitor_username='$username2' and Visitor_password = '$password1' order by Number DESC limit 1 ";
$res = mysqli_query($conn, $InsertSql);
header("location:outsuccess.php?");
}else{
header("location:visitorvalidate1.php");
}
}
}
}
?>
here is my outsuccess.php:
<?php
include_once('connection.php');
$sql = "select Visitor_username, image, Visitor_name from tbl_visitor_form
order by Number DESC limit 1 ";
$result = mysqli_query($conn,$sql);
while( $row = mysqli_fetch_array($result)) {
$uname=$row['Visitor_username'];
$name=$row['Visitor_name'];
$image=$row['image'];
}
?>
the first query above is working but the second query in select has the problem, it selects different value after the update. for example, there is two user has already login user1 and user2 when I try to logout user1 it successfully updated but it displays the info of user2 instead of user1 on outsuccess.php. Hope you can help me fix this. Advance Thanks
Related
The problem I encountered has to do with the query using session variables.
during the user login i assigned a session variable as such
$myemail = $_POST['email'];
$mypassword = $_POST['password'];
$sql = "SELECT * FROM users WHERE email = '$myemail'";
$result = pg_query($db,$sql);
$row = pg_fetch_assoc($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if(count($result) == 1) {
$_SESSION['user_id'] = $row['id'];
}
The highlight is $_SESSION['user_id'] = $row['id']
Next once the user logs in i want to find the info of the user in my database, so I searched for the user as such
$userid = $_SESSION['user_id'];
$result = pg_query($db, "SELECT * FROM users WHERE id = '$userid'") or die("error on query");
$user_info = pg_fetch_assoc($result);
But I keep on getting error on query showing that the query is failing. I have no idea why this is happening.
if user id is int in your db you don't need the single ticks(''). This will cause query failure as well. You could try something like this ".$userid."
$result = pg_query($db, "SELECT * FROM users WHERE id = ".$userid."") or die("error on query");
but count($result) won't give you row count. Try using
if(pg_num_rows($result) == 1){
$session['user_id']= $row['id'];
}else{
echo pg_num_rows($result);
}
Underneath $_SESSION['user_id'] = $row['id']; in the same if statement, echo the id to see what response you get
echo $_SESSION['user_id'];
I have a table called flagged_posts in my database, and it has the following columns:
id
thought_id
flagged_by_id
What I am trying to do is that if the logged in user has already flagged the post, then don't allow them to flag the post again, and I am trying to achieve this by removing the anchor link and replacing it by a message.
Here is a snippet of my code:
<?php
$query = mysqli_query($connect, "SELECT * FROM user_thoughts WHERE added_by='$user' AND shared ='yes' "."ORDER BY id DESC LIMIT {$start}, {$limit}");
while ($row = mysqli_fetch_array($query)) {
$thought_id = $row['id'];
$message_content = $row['message'];
$date_of_msg = $row['post_details'];
$thoughts_by = $row['added_by'];
$attachent = $row['attachment'];
$shared = $row['shared'];
// getting the id of the user who is logged in.
$see_if_flagged_q = mysqli_query($connect, "SELECT id FROM users WHERE username = '$username'");
$getting_deets = mysqli_fetch_assoc ($see_if_flagged_q);
$logged_in_user_id = $getting_deets ['id'];
echo "
<div class='more_options' style='float: right;'>";
$see_if_flagged_q2 = mysqli_query($connect, "SELECT * FROM flagged_posts WHERE flagged_by_id ='$logged_in_user_id' ");
while ($getting_deets2 = mysqli_fetch_assoc ($see_if_flagged_q2)){
$flagged_post_by_id = $getting_deets2 ['flagged_by_id'];
// If the user logged in has not flagged the post, i.e. there is no data in the database ..
// .. which says their user id has flagged this thought_id.. then display the link...
if ($logged_in_user_id == $flagged_post_by_id){
echo "<a href='/inc/flagged_post.php?id=$thought_id'> Flag </a>";
}
// if there is data stating this user has flagged this thought_id, then echo a message
if ($logged_in_user_id != $flagged_post_by_id) {
echo "Flagged";
}
}
echo " </div>";
}
?>
So assume I am logged in as Conor. Conor has an id of 8 (id obtained from users table). Conor flags a post with an id of 209 (thought_id obtained from user_thoughts table). So in my flagged posts table, I will see the following row:
id: 1
thought_id: 209
flagged_by_id: 8
At the moment, neither link nor the message is appearing. If I change my query, i.e. $see_if_flagged_q2 = mysqli_query($connect, "SELECT * FROM flagged_posts "); (removed the WHERE clause) then I get the message Flagged echo'd four times (because there are four rows in the flagged_posts table and they are echo's on every post, even those which have not been flagged by the logged in user.
Update:
Here is the updated code first of all:
$see_if_flagged_q2 = mysqli_query($connect, "SELECT * FROM flagged_posts WHERE flagged_by_id = '$logged_in_user_id'");
$test_num = mysqli_num_rows ($see_if_flagged_q2);
$getting_deets2 = mysqli_fetch_assoc ($see_if_flagged_q2);
$flagged_post_by_id = $getting_deets2['flagged_by_id'];
if ($flagged_post_by_id == $logged_in_user_id){
echo "<a href='/inc/flagged_post.php?id=$thought_id'> Flag </a>";
echo $test_num;
}
if ($flagged_post_by_id != $logged_in_user_id) {
echo "Flagged";
}
With the above, the link appears for all posts now, even if they are flagged. I have echo'd both $flagged_post_by_id and '$logged_in_user_id', which both echo the value of 12 (the id of Conor from users table). The values are correct and the number of rows returned by $test_num is also correct.
Ok, here's a reworking of your original code. I moved the data gathering part up front, so we have a setup section before we run the while loop on the thoughts. I changed a variable name here and there. Basically, we build a list of flagged entries, and then in the while loop the job is simpler. If the current row id is in the flagged_posts array, it's flagged, else present the link.
// get the id of the current user
$user_id_q = mysqli_query($connect, "SELECT id FROM users WHERE username = '$username'");
$getting_deets = mysqli_fetch_assoc($user_id_q);
$logged_in_user_id = $getting_deets['id'];
// build array of posts flagged by current user
$flagged_posts_q = mysqli_query($connect, "SELECT thought_id FROM flagged_posts WHERE flagged_by_id = '$logged_in_user_id'");
$flagged_posts = array();
while ($row = mysqli_fetch_array($flagged_posts_q)) {
$flagged_posts[] = $row['thought_id'];
}
$query = mysqli_query($connect, "SELECT * FROM user_thoughts WHERE added_by='$user' AND shared ='yes' "."ORDER BY id DESC LIMIT {$start}, {$limit}");
while ($row = mysqli_fetch_array($query)) {
//You could just use $row['foo'] down below, and skip all this
/*
$thought_id = $row['id'];
$message_content = $row['message'];
$date_of_msg = $row['post_details'];
$thoughts_by = $row['added_by'];
$attachent = $row['attachment'];
$shared = $row['shared'];
*/
echo "<div class='more_options' style='float: right;'>";
if (in_array($row['id'], $flagged_posts)){
echo "Flagged";
} else {
echo "<a href='/inc/flagged_post.php?id=".$row['id']."'> Flag </a>";
}
echo "</div>";
}
I'm trying to create a duplicate check with PHP and MySQL and have now tried many different varieties. Nevertheless, my code does not show if the user name already exist. As far as I know this should be the right (of many) formula for a functional duplicate check?
$username = "heihei";
$checkquery = mysqli_query($con,"SELECT * FROM users
WHERE username='$username'") or die(mysqli_error());
if (mysqli_num_rows($checkquery)) {
echo ">0" ;
}else {
echo "0" ;
}
User table looks like this:
ID USERNAME
1 heihei
2 neinei
When defining $username as heihei, result is 0.
Result is the same if I define $username as something.
It will show that the user don't exists already.
What is the problem here?
Do this:
Replace
if (mysqli_num_rows($checkquery)) {
with:
if (mysqli_num_rows($checkquery) > 0) {
and replace echo ">0" ; with echo "Exists"; - that's what I use with success.
Try this also:
$results = "SELECT username FROM users WHERE username = '$username'";
$checkquery = mysqli_query($con,$results) or die(mysqli_error());
if (mysqli_num_rows($checkquery) > 0) {
The way I do it in my script, is this:
$mysqli = new mysqli("xxx","xxx", "xxx", "xxx");
$username = mysqli_real_escape_string($mysqli,$_POST['username']);
$username = $_POST['username'];
$sql = "SELECT username FROM users WHERE username = '$username'";
$results = mysqli_query($mysqli,$sql) or die(mysqli_error());
if (mysqli_num_rows($results) > 0)
{
die("Sorry, that username is already taken.");
}
Also you can use another query:
SELECT COUNT(*) FROM users WHERE `username` = '$username'
And see the results
if(mysqli_num_rows(mysqli_query($checkquery))== 0){
echo "no duplicates";
}
I am working on my website and I have a basic table to display members of people who have registered. I however don't want to display the Admin account on the table. Is there any way to exclude a username/id from the table in this case, the admin? Thanks in advanced, Josh
Here is my code for the member list table:
<?php
include("include/session.php");
/**
* displayUsers - Displays the users database table in
* a nicely formatted html table.
*/
function displayUsers(){
$levels = array('1'=>'Member','2'=>'Supporter','3'=>'Donor','4'=>'VIP','5'=>'Veteran','7'=>'Co-Founder','8'=>'Founder','9'=>'Admin');
//do_query
//loop results
$ulevel = mysql_result($result,$i,"userlevel"); $ulevel = $levels[$ulevel];
//continue loop
global $database;
$q = "SELECT username,userlevel,email,timestamp "
."FROM ".TBL_USERS." ORDER BY userlevel DESC,username";
$result = $database->query($q);
/* Error occurred, return given name by default */
$num_rows = mysql_numrows($result);
if(!$result || ($num_rows < 0)){
echo "Error displaying info";
return;
}
if($num_rows == 0){
echo "Database table empty";
return;
}
/* Display table contents */
echo "<table align=\"left\" border=\"1\" cellspacing=\"0\" cellpadding=\"3\">\n";
echo "<tr><td><b>Username</b></td><td><b>Level</b></td><td><b>Last Active</b></td></tr>\n";
for($i=0; $i<$num_rows; $i++){
$uname = mysql_result($result,$i,"username");
$ulevel = $levels[mysql_result($result,$i,"userlevel")];
$time = mysql_result($result,$i,"timestamp");
echo "<tr><td>$uname</td><td>$ulevel</td><td>$time</td></tr>\n";
}
echo "</table><br>\n";
}
?>
Just update your query:
$q = "SELECT username,userlevel,email,timestamp "
."FROM ".TBL_USERS." where userlevel<>'Admin' ORDER BY userlevel DESC,username";
If you use PDO library:
...
$adminLevel = 'Admin';
$q = "SELECT username,userlevel,email,timestamp "
."FROM ".TBL_USERS." where userlevel <> ? ORDER BY userlevel DESC,username";
$statement = $database->prepare($q);
$result = $statement->execute(array($adminLevel));
... // Go on with the rest of your code
You can modify this accordingly..
SELECT * FROM table WHERE level <> 'admin'
Thanks for checking out my question. I am trying to only update a value in my database if that field is null (so existing users won't be overwritten if someone tries to signup for a spot that is all ready taken and an error message will be output). I have listed below 2 of the most recent scripts I have tried. The first script works for updating the database if the select statement is not there but will overwrite users if entered for the same day and time. Thanks everybody!
$sql = ("SELECT `player1` FROM `users` where id = '$id' and Times = '$time'");
$result = $conn->query($sql);
if ($result->fetch_assoc === NULL) {
$update_player = ("UPDATE users SET player1 = '$name' where id = '$id' AND Times = '$time'")
if($update_player){
echo "Date for $name inserted successfully!";
}
}
else {
echo 'That spot is all ready taken!';
}
//2nd script
$query=mysql_query("UPDATE users SET
player1 = isNULL (player1, $name)
where id = '$id' AND Times = '$time'" );
if($query){
echo "Data for $name inserted successfully!";
}
else {
echo 'That spot is all ready taken!';
}
The following code should do the trick:
$query=mysql_query("UPDATE users SET
player1='$name'
where id = '$id' AND Times = '$time' AND player1 IS NULL" );
if(mysql_affected_rows() == 1){
echo "Data for $name inserted successfully!";
}
else {
echo 'That spot is all ready taken!';
}
Note that you should use pdo or mysqli functions instead.
Try This.
while($row = $result->fetch_assoc) {
if($row['player1'] == NULL){
$update_player = ("UPDATE users SET player1 = '$name' where id = '$id' AND Times = '$time'")
}