I am trying to test if $accesslevel is "admin" or "member", however I seem to have an error in my code. The input of the form is text.
Here is my control page:
public function addPerson()
{
// GET AND SET POSTED DATA
$username = $this->input->post('username');
$password = $this->input->post('password');
$accesslevel = $this->input->post('accesslevel');
$myerror = "";
// add the person to database with
if (($accesslevel != "admin") || ($accesslevel != "member"))
{
$myerror = "<br> Access level must be either member or admin.";
}
if(strlen($myerror)==0)
{
$this->db->query("INSERT INTO usersas6 "."(compid,username,password,accesslevel) VALUES "."(null,'$username', '$password', '$accesslevel')");
$this->getAllPerson();
$this->template->show('Admin', $this->TPL);
}
if(strlen($myerror) != 0){
$this->TPL["myError"] = $myerror;
$this->getAllPerson();
$this->template->show('Admin', $this->TPL);
}
}
I am also getting a warning (Undefined Variable) on my view page when I display the contents of $myError. How do I properly put $this->TPL["myError"] = $myerror; into an array so that I do not get this warning?
You can edit your code like this, make the $this->TPL["myError"] = $myerror; out side or put it in both statements
if (($accesslevel != "admin") || ($accesslevel != "member"))
{
$myerror = "<br> Access level must be either member or admin.";
}
$this->TPL["myError"] = $myerror;
if(strlen($myerror)==0)
{
$this->db->query("INSERT INTO usersas6 "."(compid,username,password,accesslevel) VALUES "."(null,'$username', '$password', '$accesslevel')");
$this->getAllPerson();
$this->template->show('Admin', $this->TPL);
}
else if(strlen($myerror) != 0){
$this->getAllPerson();
$this->template->show('Admin', $this->TPL);
}
Related
So I'm trying to get the teacher_id that is corresponding to the teacher's first and last name that the user has entered, but when I try to get the teacher_id it outputs Trying to get property of non-object. Does anyone have any ideas?
PHP
<?php
// PROCESSES STUDENT INFO
// get connect page
require '../../connect.php';
// get input info
$student_id = $_POST['student_id'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$teacher_first_name = $_POST['teacher_first_name'];
$teacher_last_name = $_POST['teacher_last_name'];
// check if input is not empy
if(!empty($student_id) && !empty($first_name) && !empty($last_name) && !empty($teacher_first_name) && !empty($teacher_last_name)) {
// check if numeric inputs have a number
if(is_numeric($student_id)) {
$teacher_check = mysqli_query($link, "SELECT teacher_id FROM teachers WHERE first_name='$teacher_first_name' AND last_name='$teacher_last_name'");
// check if teacher exists
if($teacher_check) {
$row = $teacher_check->fetch_object();
$result = mysqli_query($link, "INSERT INTO students (student_id, first_name, last_name, teacher_id) VALUES ($student_id, '$first_name','$last_name', $row->teacher_id)");
if($result) {
header("Location: ../../../admin.php?message=Success!");
} else {
echo mysqli_error($link);
// header("Location: ../../../admin.php?message=Sorry we ran into an error");
}
} else {
header("Location: ../../../admin.php?message=Teacher Does Not Exist");
}
} else {
header("Location: ../../../admin.php?message=Please add a number for Student ID");
}
} else if (empty($student_id) || empty($first_name) || empty($last_name)) {
header("Location: ../../../admin.php?message=Please add you're input values");
}
?>
change this line, you are checking whether the query is ok but you have not checked whether it has any results.
if($teacher_check) {
$row = $teacher_check->fetch_object();
to (this line checks whether you have any result data if you have result data you have it $row otherwise null)
if($row = $teacher_check->fetch_object()){
The Script Always Returns Failure(Regardless Of Correct/Incorrect User Information. Nothing Is Wrong with any other files. The Config File works and is just a starter of the sql connection and selects the database.
#include('../settings/config.php');
if (!#include('../settings/config.php')) {
die("<center>Login Failed</center>");
}
//======================================================================
// POST Check(Isset submit comes from html form)
//======================================================================
if(isset($_POST['submit'])) {
// Sanitize All POST Fields
$_POST = array_map('trim', $_POST);
$_POST = array_map('strip_tags',$_POST);
$login_form_user = $_POST['login_user'];
$login_form_pass = $_POST['login_pass'];
// Testing Only
echo("
<center>
Your Username is: $login_form_user!
<br>
Your Password is: $login_form_pass!
</center>
");
//======================================================================
// Input/Database Check
//======================================================================
$user_fetch = <<<LOGIN
SELECT `id` FROM `users`
WHERE `username`='$login_form_user'
AND `password`='$login_form_pass'
LIMIT 1
LOGIN;
$user_result = $sql_connection->query($user_fetch);
if(!$user_result) {
die("<center>Cannot Execute SQL Login Query</center>");
}
if ($sql_connection->num_rows == 1) {
echo("<center>User $login_form_user Exists</center>");
}
if($row = $user_result->fetch_assoc()) {
if(($row['username'] === $login_form_user) && ($row['password'] === $login_form_pass)) {
// Login Is Successful
echo("<center>Login Successful</center>");
} else {
echo("<center>Login Failed</center>");
}
}
} else {
// No Direct File Access Allowed
unset($_POST);
die('No Direct File Access Allowed!');
}
?>
Change:
if(($row['username'] === $login_form_pass)...
To:
if(($row['username'] === $login_form_user)...
You have typo error in this line please change it
if(($row['username'] === $login_form_pass) && ($row['password'] === $login_form_pass))
$row['username'] === $login_form_user// you are comparing it with $login_form_pass
Am trying to validate a form and the values of the form can only be inserted into the database if the security answer is correct.Yet the values gets inserted when a wrong answer is given.
if(empty($answer) && (!$answer == $sec_ans)) {
echo "<div class='db_rp'>Error: You did not answer your security question</div>";
} else {
$insert = "INSERT INTO laits SET
p_no = '{$new_pp}',
r_number= '{$r_number}',
memo = '{$memo}',
user= '{$userid}',
acc = '{$acc}'";
if(!mysqli_query($conn, $insert)) {
die('<div class="reply"> There was an error submtting your request ' . mysqli_error($conn)) . '</div>';
}
else {
header("location: tran_su.php");
}
}
Your code is requiring both conditions and should be only one as a minimum.
if(empty($answer) || ($answer != $sec_ans)) {
....
if (empty($answer) || ($answer != $sec_ans)) {
Hello i have a weird scope problem
require 'connect.php';
$name = $_GET['R'];
echo $name;
if(isset($_POST['prev_password']) && isset($_POST['new_password']) && isset($_POST['rep_password'])) {
echo $name;
if(!empty($_POST['prev_password']) && !empty($_POST['new_password']) && !empty($_POST['rep_password'])) {
$user_password = $_POST['prev_password'];
$user_new_password = $_POST['new_password'];
$user_rep_password = $_POST['rep_password'];
if($user_new_password == $user_rep_password) {
$mysql_query = sprintf("SELECT username, password FROM users WHERE username='$name'", $name);
$query_run = mysql_query($mysql_query, $mysql_link) or die('COULD NOT PERFORM QUERY');
while($row = mysql_fetch_array($query_run)) {
$qUser_name = $row['username'];
$qUser_pass = $row['password'];
}
if($qUser_name == $name) {
echo 'Match';
if($qUser_pass == $user_password) {
$mysql_query = sprintf("UPDATE users SET password='$user_new_password' WHERE username='$name'", $name);
$query_run = mysql_query($mysql_query, $mysql_link) or die('COULD NOT PERFORM QUERY');
echo header('Location: main.php?C=1');
}else {
header('Location: main.php?C=4');
}
}
}else {
header('Location: main.php?C=3');
}
}else {
header('Location: main.php?C=2');
}
}
anyway, the problem is with the first variable $name, when i 'echo' $name its ok, displays the content correctly, but inside the (if sss) ITS EMPTY, idk why, i've tried using global, the GLOBALS array, and its still empty, ... so .. the query its executed with an empty parameter.
please help, if someone can see what could be possible wrong.
PD: this is a Changepassword.php the $_GET['R'] is getting from the user Main.php site, AND I KNOW, im not Hashing password,, that is not really the problem here
i have a problem in my code. I have an ajax validation that calls a php file (where the data is validated).
The php returns echos like "invalidData" and in the javascript i check if (data=="invalidData") {//something}
The problem are the includes. Incredible thing.
<?php
include("includes/f_banco.php");
conecta ();
function get_post_var($var) {
$val = $_POST[$var];
if (get_magic_quotes_gpc())
$val = stripslashes($val);
return $val;
}
$name = get_post_var('name');
function validateName($name){
if(strlen($name) < 4 || (empty($name))) {
echo "invalidData";
return false;
}
else {
$name = mysql_real_escape_string($name);
$check = mysql_query("SELECT username FROM users WHERE username ='".$name."'")
or die(mysql_error());
$check2 = mysql_num_rows($check);
if ($check2 == 0 && $name != "") {
echo "validData";
return true;
} else {
echo "invalidData";
return false;
}
}
}
error_reporting(E_ALL);
validateName($name);
?>
in the code above i only can check if the name is empty if i don't put the includes in the file. If i put the result is again and again different than invalidData.
The connection to the database is not made too or if is made the return is not the correct. Important: the include file is correct, i test in another example and the database is correct too.
thanks
Edit: **LAST VERSION**
<?php
error_reporting(-1);
require 'includes/f_banco1.php';
$name = $_POST["carlos"];
function validateName($name){
if(strlen($name) < 4 || (empty($name))) {
echo "nomeInvalido";
return false;
}
else {
$name = mysql_real_escape_string($name);
$check = mysql_query("SELECT username FROM users WHERE username ='".$name."'")
or die(mysql_error());
$check2 = mysql_num_rows($check);
if ($check2 == 0 && $name != "") {
echo "nomeValido";
return true;
} else {
echo "nomeInvalido";
return false;
}
}
}
validateName($name);
echo "this must appear";
?>
output:
Notice: Undefined index: carlos in C:\Users\fel\VertrigoServ\www\login\validation.php on line 8
nomeInvalidothis must appear
Probably PHP debug 101... just do a
<?php
error_reporting(-1);
...
?>
And inspect the error...
Try updating your query to be the following:
SELECT `username` FROM users WHERE `username` ='".$name."'
And, another question... If you already know what the username is, then why are you running a query to find the username? I assume you're just checking to see if the username exists.