I am looking for some help.
Need to create a branding page, that upon logging in would display an image based on user's email that's stored in the database.
Creating a cookie and session id works just fine. Just can't find a way to select image based on user's email.
Pasting just part of the code that actually handles user id, as anything else in my index.php file is pure html.
So far:
<?php
include 'function.php';
include 'sqlconnect.php';
//User Check
$adminid = "1";
$company1= "#gmail.com";
$company2= "#yahoo.com";
$gmail= mysqli_query($connection, "SELECT Email FROM Users WHERE Email='$company1'");
$yahoo= mysqli_query($connection, "SELECT Email FROM Users WHERE Email='$company2'");
if(loggedin()){
$checkid = $_SESSION['user_id'];
if ($adminid == $checkid){ //if user id is 1 then display img of administrator
echo '<img src="images/admin.png" title="Administrator" width:"75px" height="75px">';
echo "<li><a href='logout.php'>Logout</a></li>";
} elseif(filter_var($company1, FILTER_VALIDATE_EMAIL) && preg_match('/#.+\.gmail/', $company1)) {
echo "<li><a href='logout.php'>Logout</a></li>";
echo '<img src="images/google.png">';
} elseif (filter_var($company2, FILTER_VALIDATE_EMAIL) && preg_match('/#.+\.yahoo/',$company2)) {
echo "<li><a href='logout.php'>Logout</a></li>";
echo '<img src="images/yahoo.png>';
}
}
?>
Thank you in advance!
This should get your user based on the session's user_id then display the image as expected. Here are a few notes:
I wasn't sure what your id field was, so if it is different, replace UserId with the name of your column in the $results = line.
I did not run the query in the case that it is an admin, so if you need data for something else in that case, you'll have to move the $result = .. line to above the if ($userid == 1){ line.
I didn't check the regex for your preg_match conditions, so if the results are coming in, but the image isn't being displayed, you can see what the Email field is by adding echo <p>'.$result['Email'].'</p> right after the if(mysql_num_rows($result) == 1) { line.
<?php
include 'function.php';
include 'sqlconnect.php';
if(loggedin()){
$userid = $_SESSION['user_id'];
if ($userid == 1){ //if user id is 1 then display img of administrator
echo '<img src="images/admin.png" title="Administrator" width:"75px" height="75px">';
echo "<li><a href='logout.php'>Logout</a></li>";
} else {
$results = mysqli_query($connection, "SELECT Email FROM Users WHERE UserId='$userid'");
if(mysqli_num_rows($results) == 1) {
foreach(mysqli_fetch_assoc($results) as $result) {
echo "<li><a href='logout.php'>Logout</a></li>";
if (strpos($result,'yahoo')) {
echo '<img src="images/yahoo.png>';
} elseif (strpos($result,'gmail')) {
echo '<img src="images/google.png">';
} else {
// you could echo a default image here
}
}
}
}
}
?>
Related
This is my php file in which I am trying to check if the email already exists or not.
<?php
include_once("connection.php");
$name=$_REQUEST['name'];
$email=$_REQUEST['email'];
$pass=$_REQUEST['pass'];
$mobno=$_REQUEST['mobno'];
$checkemail="SELECT * FROM dhruv_users WHERE email= '$_REQUEST[email]'";
$checkmob="SELECT * FROM dhruv_users WHERE mobno= '$_REQUEST[mobno]'";
$rsemail = mysqli_query($conn,$checkemail);
$rsmob = mysqli_query($conn,$checkno);
$dataemail = mysqli_num_rows($rsemail);
$datamob = mysqli_num_rows($rsmob);
if($dataemail >= 1) {
echo "exists";
}
else if($datamob >= 1)
{
echo "exists";
}
else{
$select=mysqli_query($conn,"select max(id) as id from dhruv_users");
if($data=mysqli_fetch_array($select))
{
$id=$data['id'];
$id++;
}
else
{
$id=1;
}
$query=mysqli_query($conn,"insert into dhruv_users VALUES ('$id','$name','$email','$mobno','$pass')");
if($query)
{
echo "success";
}
else{
echo "unsuces";
}
}
?>
There is no error but data gets entered successfuly without checking mob no if it exists or not.
Entering same mob no again and again shows success message instead of exist message.
Why dont you use mysqli_num_rows instead of mysqli_fetch_array with MYSQLI_NUM .
Try the following
$rs = mysqli_query($conn,$check);
$dataa = mysqli_num_rows($rs);
if($dataa > 1) {
echo "User Already in Exists<br/>";
}
You need to count the result which you getting from DB.
There is a logical error in code. Please have a look on code below:-
Your code
if($dataa[0] > 1) {
echo "User Already in Exists<br/>";
}
Replace above with:
if(count($dataa) > 1) {
echo "User Already in Exists<br/>";
}
You need to write your query with proper quotes. It's unable to recognize the email index of $_REQUEST. Also, use mysqli_num_rows function.
Refer to the code below for best possible practice:
$check = "SELECT * FROM dhruv_user WHERE email= '" . $_REQUEST['email'] . "'";
$rs = mysqli_query($conn,$check);
if ($rs) {
$rowcount = mysqli_num_rows($rs);
if ($rowcount) {
echo "User already exists<br/>";
}
}
I'm trying to create permissions for 3 diferent types of users
Normal
Admin
SuperAdmin
And I don't know how or where to start doing it because I'm still very weak with php, can someone give me an example of what to do please?
How to use Session Variable for example, I've tried a code that I found here:
<?php
$result = "SELECT * FROM customers" or die("Error: " . mysqli_error($db));
$res = $db->query($result);
while($row = mysqli_fetch_array($res)) {
$UserRoleID = $row['userRoleID'];
$_SESSION['user_role'] = $UserRoleID;
}
?>
And on another page:
<?php
if( (isset($_SESSION['user_role']) ) && (false != $_SESSION['user_role']) )
{
if( '2' == $_SESSION['user_role'] )
{
echo "<li><a href='index.php'>User</a></li>";
}
elseif ('3' == $_SESSION['user_role'] )
{
echo "<li><a href='index.php'>Admin</a></li>";
}
else
{ // error condition
// display details of invalid $_SESSION['user_role']
}
}
else
{ // error condition
// display details of missing or empty $_SESSION['user_role']
}
?>
It don't show me any error but it also don't show-me the outputs so I can't do anything
Your code does not use session_start(), so regardless of any session ID the user sees, session information will not appear to persist between requests.
Start both of your scripts with this:
<?php
session_start();
I searched but I can't find solution for me.
I have login.php file which redirect user to another page in my case theme.php?id=".$row['log_name'].".
<?php
include ('conn.php');
//Uzivatelsky vstup
$log_meno = mysqli_real_escape_string ($Conn, $_POST['login_name']);
$cmp_heslo = sha1($_POST['login_password']);
$sql = "SELECT id, cmp_heslo, log_meno FROM firmy WHERE log_meno='$log_meno'";
$result = mysqli_query($Conn, $sql);
if (mysqli_num_rows($result) > 0) {
while($row=mysqli_fetch_assoc($result)) {
if ($cmp_heslo == $row[cmp_heslo])
{
session_start();
$_SESSION['logged'] = 'yes';
echo "<script language='javascript'>window.location='comp_page/theme.php?id=".$row['log_name']."';</script>";
}
else
{
echo "<script language='javascript'>window.location='bad_login.php';</script>";
}
}
} else {
echo "0 results";
}
mysqli_close($Conn);
?>
theme.php
<?php
session_start();
if($_SESSION['logged'] != 'yes' )
die("You have to sign in first!");
?>
In MySQL I have two users
kuki with pass kuki
cuki with pass cuki
My question is when I am signed in as kuki I have in address bar:
http://localhost/comp_page/theme.php?id=kuki
But I need when I rewrite in address bar kuki to cuki to change to access denied becuase now only address bar changed but page is same. I am new to PHP.
Aside from having this in your session
$_SESSION['logged'] = 'yes';
I suggest you need to add also something like this,
$_SESSION['id'] = $row['log_name'];
and in your theme.php
session_start();
if($_SESSION['logged'] != 'yes' ) {
die("You have to sign in first!");
} else {
if ($_SESSION['id'] == $_GET['id']) {
// do somthing
} else {
echo "Access Denied!";
}
}
having this URL
http://localhost/comp_page/theme.php?id=kuki
meaning you are sending data, the id to the server with the get method. This $_GET['id'] catch that data and will have a value either kuki or cuki from the URI theme.php?id=kuki or theme.php?id=cuki.
This condition if ($_SESSION['id'] == $_GET['id']) will determine if the value of id is the same with the user store in the session.
The following is the email verification code for my site.
The verification url sent to the user's email is as follows:
http://www.mywebsite.com/valid.php?confr=2774405&userid=2
Extra notes :
1) key is a column in my database which gets a random value on registration.
2) if $verify == 1 and password_in_db=== user_entered_password, then login takes place in the login page.
<?php
include 'connect.php';
$query = mysql_query("SELECT verify,key FROM users WHERE id = '$_GET['userid']'");
$details = mysql_fetch_assoc($query);
$verify = $details['verify'];
$confirm2 = $details['key'];
if($verify == "1") {
echo "Link Expired . Go to our login page :";
} else {
if (isset($_GET["confr"]) && isset($_GET["userid"])) {
$confirm1 =$_GET["confr"];
if($confirm1 == $confirm2) {
mysql_query("INSERT INTO users (`verify`) VALUES ('1') WHERE id = '$_GET["userid"]' ;");
echo "Thank You For Registering with us . Go to your LOGIN PAGE Here ";
} else {
echo "Invalid link ";
echo "Go to your LOGIN PAGE Here ";
}
} // of if isset
} // of else part
?>
Code for connect.php
<?php
mysql_connect("host", "username", "pass"); //connects to the server
mysql_select_db("database_name"); //selects the database
?>
The problem is that it is giving me a blank screen .
i believe the error lies in the sql
when ever i use a "WHERE" statement i always define as a variable, try this
<?php
include 'connect.php';
$user_id = $_GET["userid"];
$query = mysql_query("SELECT verify,key FROM users WHERE id = '$user_id'");
$details = mysql_fetch_assoc($query);
$verify = $details['verify'];
$confirm2 = $details['key'];
if($verify == "1"){
echo "Link Expired . Go to our login page :";
}
else{
if (isset($_GET["confr"]) && isset($_GET["userid"]))
{
$confirm1 =$_GET["confr"];
if($confirm1 == $confirm2){
mysql_query("INSERT INTO users (`verify`) VALUES ('1') WHERE id = '$user_id'");
echo "Thank You For Registering with us . Go to your LOGIN PAGE Here ";
}
else {
echo "Invalid link ";
echo "Go to your LOGIN PAGE Here ";
}
} // of if isset
} // of else part
?>
also, you have a semi colon in the insert sql
Try this.......
<?php
include 'connect.php';
$user_id = $_GET["userid"];
$query = mysql_query("SELECT verify,key FROM users WHERE id = '$user_id'");
while ($details = mysql_fetch_assoc($query)){
$verify = $details['verify'];
$confirm2 = $details['key'];
}
if($verify == "1"){
echo "Link Expired . Go to our login page :";
}
else{
if (isset($_GET["confr"]) && isset($_GET["userid"]))
{
$confirm1 =$_GET["confr"];
if($confirm1 == $confirm2){
mysql_query("INSERT INTO users (`verify`) VALUES ('1') WHERE id = '$user_id'");
echo "Thank You For Registering with us . Go to your LOGIN PAGE Here ";
}
else {
echo "Invalid link ";
echo "Go to your LOGIN PAGE Here ";
}
} // of if isset
} // of else part
?>
Note: insert statement has no where - as long as you dont use "insert into select..."
http://dev.mysql.com/doc/refman/5.1/de/insert.html
I'm really struggling with this now for a while and can't seem to get it working. In members.php (where I show all the registered users) I have a list printed out with a link "ADD TO FRIENDS" next to each user.
I managed, for testing purposes to display each members id well (so it gets the ID) but when I click the link it directs to the friends.php where it seems the fault is in. I don't know how to get that friend's id I clicked on IN THE friends.php file. Please have a look!
members.php
<?php
include 'connect.php';
include 'header.php';
if(isset($_SESSION['signed_in']) == false || isset($_SESSION['user_level']) != 1 )
{
//the user is not an admin
echo '<br/>';
echo 'Sorry! You have to be <b>logged in</b> to view all the <b>registered</b> members.';
echo '<br/><br/>';
}
else
{
echo '<h2>Registered users:</h2>';
$sql = "SELECT * FROM users ORDER BY user_name ASC";
$result = mysql_query($sql);
$num=mysql_numrows($result);
$i=0;
while ($i < $num)
{
//$name = mysql_result($result,$i,"user_name");
//$id = mysql_result($result,$i,"user_id");
//$picture = mysql_result($result,$i,"pic_location");
//?friend_id="'. $id .'
while($user = mysql_fetch_array($result)){
echo $user['user_name'].'<br/><br/>ADD TO FRIENDS<br/>';
echo $user['user_id'];
echo '<br/><br/>';
}
$i++;
}
///////////////////////////////
/// adding users as friends ///
///////////////////////////////
//while($user = mysql_fetch_array($result))
//echo $user['user_name'].'
//ADD TO FRIENDS<br/>';
//NOW I WANT TO MAKE A SPECIFIC "ADD AS FRIEND" LINK NEXT TO EACH USER
}
include 'footer.php';
?>
As I said I'm not sure how to get this so please have a look! Thanks!
J
friends.php
<?php
include "connect.php";
include "header.php";
if(isset($_SESSION['signed_in']) == false || isset($_SESSION['user_level']) != 1 )
{
//the user is not an admin
echo '<br/>';
echo 'Sorry! You have to be <b>logged in</b> if you want to add the person as a friend!';
echo '<br/><br/>';
}
else
{
$sql = "SELECT * FROM users";
$result = mysql_query($sql);
//friend_id is the ID of the friend that is clicked on...
//HOW DO I GET THAT ID THAT IS CLICKED ON IN THE WHILE "loop" in members.php?
$friends = ("INSERT INTO friends SET user_id='" . $_SESSION['user_id'] . "', friend_id='".$id."', status='0'");
$result_friends = mysql_query($friends);
if(!$friends)
{
//When you can't add this person as a friend this error will show!
echo 'You cannot add this user at this time. Please try again later!';
}
else
{
//When the friend is now added to the system!
echo 'Great! Now the user needs to approve before you can be friends!';
}
}
?>
On your friends.php use
$_GET['user_id']
Instead of $id, $id is undefined, to get the value of id from the query string you call it using an $_GET variable like,
$_GET['name_of_query_string_value']