i have code like this
<?php
require('../config.php');
require_once($CFG->dirroot . '/user/editlib.php');
$errorMessage = '';
$successMessage = '';
if(isset($_SESSION['successMessage']))
{
$successMessage = $_SESSION['successMessage'];
unset($_SESSION['successMessage']);
}
if (isset($_POST['register'])) {
if(!preg_match("/^(?=.*[0-9])(?=.*[a-z])(\S+)$/i", $_POST['password']))
{
$errorMessage="don't allow spaces";
}
$errors = array();
$data = array();
$chk_sql = "SELECT * FROM {user} u where username = ?";
if (!empty($chk_sql) ) {
$errorMessage='Username already taken';
}
if(!$chk_username = $DB->get_record_sql($chk_sql, array($_POST['username'])) )
{
$secret = $_POST['secret'];
$access_code_sql = "SELECT * FROM {accesscode} WHERE random_no= ? and status=1";
if($chk_secret = $DB->get_record_sql($access_code_sql, array($secret)) )
{
if ( $chk_secret->used >= $chk_secret->number ) {
$errorMessage = "your access code limit completed..";
}
else
{
$cadminid = $chk_secret->cadmin_id;
$clientid = $chk_secret->clientid;
$DB->execute("UPDATE {accesscode} SET used = used+1 WHERE random_no = '$secret'");
$insert_record = new stdClass();
$insert_record->firstname = $_POST['firstname'];
$insert_record->lastname = $_POST['lastname'];
$insert_record->username = $_POST['username'];
$insert_record->secret = $secret;
$insert_record->password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$insert_record->timecreated = time();
$insert_record->maildigest = $cadminid;
$insert_record->maildisplay = $clientid;
$insert_record->idnumber = 1;
$insert_record->mnethostid = 1;
$insert_record->confirmed = 1;
$insert_record->email = $_POST['email'];
if($result = $DB->insert_record('user', $insert_record))
{
$_SESSION['successMessage'] = "record created successfully";
header('Location: register.php');
}
else
$errorMessage = "error! can you please try again";
}
}
else
$errorMessage = "your access code is wrong..";
}
}
?>
so i want to write condition like another if condition
if ( $chk_secret->status='0' ) {
$errorMessage = "your access code deactivated..";
}
if not they can register
i tried..but i didn't get idea where i have to add that if..
before i have condition like if number>used it will show some error message like your accesscode limit completed
can anyone help me..
thanks in advance..
= is for value assignment
== is compare two operands
so you need to change
if ( $chk_secret->status='0' ) {
to
if ( $chk_secret->status=='0' ) {
UPDATE:
your query SELECT * FROM {accesscode} WHERE random_no= ? and status=1
which means it going to return only status == 1
you can check with number of rows returned is ZERO then through status zero error message.
Or else
Get rows only based on random_no exists and then check status key
Related
I am building a student result portal and I want each pin to one student for 5 times.
Here is my code:
if (!$error) {
$res=mysql_query("SELECT * from pin WHERE userid='$reg'");
$row=mysql_fetch_array($res);
$count = mysql_num_rows($res); // if regno correct it returns must be 1 row
if( $count == 1 && $row['userid']==$reg ) {
$pinid = $row['id'] ;
$check_hw = $row['hw'] ;
if ($check_hw <=4 ) {
$res=mysql_query("UPDATE pin SET userid='$reg',status='1',hw=hw+1 WHERE pin='$pin'");
$_SESSION['user'] = $row['userid'];
header("Location: access.php");
} else {
$errMSG = "Card Limit Exceeded";
}
} else {
$errMSG = "Card Used By Another user Or Limit Exceeded";
}
}
this what i want to do please help
if(user enter pin){
select status from pins where pin = pin
if(status = "used" or pin is tied to a different ID other that the student ID entered){
echo " card used and buy new scratch card "
header('Location: buypin.php');
}
else{
header('Location: rightplace.php');
set the status of this pin to "used" and tie that very pin to the students ID
}
}
i did rewrite the code to
if (!$error) {
$res=mysql_query("SELECT id,userid,hw FROM pin WHERE userid=" . (int)$reg);
$row=mysql_fetch_array($res);
$count = mysql_num_rows($res); // if regno correct it returns must be 1 row
if ($row = mysql_fetch_array($res)) {
$pinid = $row['id'] ;
$check_hw = $row['hw'] ;
if ($check_hw <=4 ) {
$res=mysql_query("UPDATE pin SET userid='$reg',status='1',hw=hw+1 WHERE pin='$pin'");
$_SESSION['user'] = $row['userid'];
header("Location: access.php");
}
else {
$errMSG = "Card Limit Exceeded";
}
} else {
$errMSG = "Card Used By Another user ";
}
}
my working code
if( isset($_POST['btn-signup']) ){
$reg = trim($_POST['reg']);
$reg = strip_tags($reg);
$reg = htmlspecialchars($reg);
$pin = trim($_POST['pin']);
$pin = strip_tags($pin);
$pin = htmlspecialchars($pin);
$res=mysqli_query($con,"SELECT * FROM pin WHERE pin ='$pin'");
$row=mysqli_fetch_array($res);
$check_id = $row['userid'];
// checking if the colum userid is empty
if ('' !== $row['userid']){
// if userid colum is not empty,reg no is correct and limit more than 4
if ($row['userid']==$reg && $row['hw']<=4) {
$errMSG = "log";
}else {
$errMSG = " Card Used Or Limit Exceeded";
}
}else{
$errMSG = "log";
}
}
?>
Thanks alot
In my Yii web application I want to write a web service for mobile application. I create a url for access student details with GET method. That I want to change GET method to POST method or PUT method. My url is,
url/index.php/user/login/studentdetails/?username=demo
I am getting this username from client side and giving the response from server side to client side in json format.
My code is,
public function actionStudentdetails() {
if (isset($_GET['username'])) {
$user = Users::model()->findByAttributes(array('username' => $_GET['username']));
$usertypeid = $user->usertypeid;
if ($usertypeid === '1') {
$studentid = $user->userid;
} else if ($usertypeid === '3') {
$guardianid = $user->userid;
$studentid = $_GET['studentid'];
} else {
$employeemasterid = $user->userid;
}
$student = Student::model()->findByPk($studentid);
header('Content-type: application/json');
$response["student_admissionno"] = $student->student_admissionno;
$response["student_firstname"] = $student->student_firstname;
$response["student_middlename"] = $student->student_middlename;
$response["student_lastname"] = $student->student_lastname;
$response["student_admissiondate"] = $student->student_admissiondate;
$response["student_dob"] = $student->student_dob;
$response["student_gender"] = $student->student_gender;
$response["student_religion"] = $student->student_religion;
$response["student_caste"] = $student->student_caste;
$response["student_address1"] = $student->student_address1;
$response["student_address2"] = $student->student_address2;
$response["student_city"] = $student->student_city;
$response["student_state"] = $student->student_state;
$response["success"] = 1;
$response["message"] = "success";
echo json_encode($response);
}
}
}
Please help me.
you can try this code for webserivce. you can used any method GET or POST Method of data posting in server side.
StudentController.php
public function actionStudentdetails() {
$json_data = array();
$params = isset($_REQUEST) ? $_REQUEST: "";
if (!empty($params)) {
$username = $params['username'];
if($username == "") {
$json_data['success'] = false;
$json_data['message'] = 'Username are required.';
} else {
$user = Users::model()->findByAttributes(array('username' => $params['username']));
$usertypeid = $user->usertypeid;
if ($usertypeid === '1') {
$studentid = $user->userid;
} else if ($usertypeid === '3') {
$guardianid = $user->userid;
$studentid = $_GET['studentid'];
} else {
$employeemasterid = $user->userid;
}
$student = Student::model()->findByPk($studentid);
header('Content-type: application/json');
$json_data["student_admissionno"] = $student->student_admissionno;
$json_data["student_firstname"] = $student->student_firstname;
$json_data["student_middlename"] = $student->student_middlename;
$json_data["student_lastname"] = $student->student_lastname;
$json_data["student_admissiondate"] = $student->student_admissiondate;
$json_data["student_dob"] = $student->student_dob;
$json_data["student_gender"] = $student->student_gender;
$json_data["student_religion"] = $student->student_religion;
$json_data["student_caste"] = $student->student_caste;
$json_data["student_address1"] = $student->student_address1;
$json_data["student_address2"] = $student->student_address2;
$json_data["student_city"] = $student->student_city;
$json_data["student_state"] = $student->student_state;
$json_data['success'] = true;
$json_data['message'] = "Data found Successful.";
}
} else {
$json_data['success'] = false;
$json_data['message'] = "Please try again.";
}
echo json_encode($response);
}
I have this php code that accesses the tables users and portfolio
However I keep running into Parse error: parse error in /Users/...../Sites/..../sell.php on line 28
If someone could help me out, it'd be of great help.
<?
// require common code
require_once("includes/common.php");
//check for errors
$error = false;
if (isset($_POST["submit"]))
{
if(empty($_POST["symbol"]))
{
$error = true;
$message = "Enter a name";
}
else if(empty($_POST["shares"]))
{
$error = true;
$message = "Enter the shares";
}
// check if user has the stocks and the shares
$id = $_SESSION["id"];
$symbol = $_POST["symbol"];
$sharesQuery = "SELECT shares FROM portfolio WHERE id = $id AND symbol = '$symbol' ";
else if(($shares = mysql_query($sharesQuery)) == false)
{
$error = true;
$message = "Don't have the stock";
}
// else, if everything checks out, delete it and increment the cash
else
{
$deleteQuery = "DELETE from portfolio WHERE id = $id AND symbol = '$symbol'";
mysql_query($deleteQuery);
$incrementQuery = "UPDATE users SET cash = cash + ($shares * lookup($symbol)->price) WHERE id = $id ";
mysql_query($incrementQuery);
//set the variables into session and then redicrect to sell2
$_SESSION["symbol"] = $_POST["symbol"];
$_SESSION["shares"] = $_POST["shares"];
redirect("sell2.php");
}
}
?>
From where is this else coming in? Add a }:
} else if(($shares = mysql_query($sharesQuery)) == false)
Your final code will be:
<?
// require common code
require_once("includes/common.php");
//check for errors
$error = false;
if (isset($_POST["submit"])) {
if (empty($_POST["symbol"])) {
$error = true;
$message = "Enter a name";
}
else if (empty($_POST["shares"])) {
$error = true;
$message = "Enter the shares";
}
// check if user has the stocks and the shares
$id = $_SESSION["id"];
$symbol = $_POST["symbol"];
$sharesQuery = "SELECT shares FROM portfolio WHERE id = $id AND symbol = '$symbol' ";
} else if (($shares = mysql_query($sharesQuery)) == false) {
$error = true;
$message = "Don't have the stock";
}
// else, if everything checks out, delete it and increment the cash
else {
$deleteQuery = "DELETE from portfolio WHERE id = $id AND symbol = '$symbol'";
mysql_query($deleteQuery);
$incrementQuery = "UPDATE users SET cash = cash + ($shares * lookup($symbol)->price) WHERE id = $id ";
mysql_query($incrementQuery);
//set the variables into session and then redicrect to sell2
$_SESSION["symbol"] = $_POST["symbol"];
$_SESSION["shares"] = $_POST["shares"];
redirect("sell2.php");
}
?>
On line 28:
else if(($shares = mysql_query($sharesQuery)) == false)
You need a bracket to close the current if statement before doing an else if:
<?
// require common code
require_once("includes/common.php");
//check for errors
$error = false;
// check if user has the stocks and the shares
$id = $_SESSION["id"];
$symbol = $_POST["symbol"];
$sharesQuery = "SELECT shares FROM portfolio WHERE id = $id AND symbol = '$symbol' ";
if (isset($_POST["submit"])){
if(empty($_POST["symbol"])){
$error = true;
$message = "Enter a name";
}else if(empty($_POST["shares"])){
$error = true;
$message = "Enter the shares";
}else if(($shares = mysql_query($sharesQuery)) == false){
$error = true;
$message = "Don't have the stock";
}else{
$deleteQuery = "DELETE from portfolio WHERE id = $id AND symbol = '$symbol'";
mysql_query($deleteQuery);
$incrementQuery = "UPDATE users SET cash = cash + ($shares * lookup($symbol)->price) WHERE id = $id ";
mysql_query($incrementQuery);
//set the variables into session and then redicrect to sell2
$_SESSION["symbol"] = $_POST["symbol"];
$_SESSION["shares"] = $_POST["shares"];
redirect("sell2.php");
}
}
?>
It was silly mistake on my part, the declarations for id and symbol should have been at the top of the condition, right after isset,
Thanks for the speedy answers
require_once('mysqli_connect.php');
$errors = array();
if(empty($_POST['senFirstName']) && empty($_POST['senLastName'])
&& empty($_POST['recFirstName']) && empty($_POST['recLastName'])
&& empty($_POST['proName']) && empty($_POST['proWeight'])
&& empty($_POST['traNo']) && empty($_POST['shipDate'])
&& empty($_POST['deliDate'])) {
$errors[] = 'Please make sure you type in all the information.';
}
else {
$sfn = mysqli_real_escape_string($dbc, trim($_POST['senFirstName']));
$sln = mysqli_real_escape_string($dbc, trim($_POST['senLastName']));
$rfn = mysqli_real_escape_string($dbc, trim($_POST['recFirstName']));
$rln = mysqli_real_escape_string($dbc, trim($_POST['recLastName']));
$pn = mysqli_real_escape_string($dbc, trim($_POST['proName']));
$pw = mysqli_real_escape_string($dbc, trim($_POST['proWeight']));
$traNo = mysqli_real_escape_string($dbc, trim($_POST['traNo']));
$shipDate = mysqli_real_escape_string($dbc, trim($_POST['shipDate']));
$deliDate = mysqli_real_escape_string($dbc, trim($_POST['deliDate']));
$status = mysqli_real_escape_string($dbc, trim($_POST['status']));
$shiptype = mysqli_real_escape_string($dbc, trim($_POST['shiptype']));
}
if(empty($errors)) { // If everything's OK.
$query = "SELECT traNo, CONCAT(recFirstName, ' ', recLastName) AS recieverName, proName, CONCAT(senFirstName, ' ', senLastName) AS senderName, status, shiptype FROM tracking, rel_tracking_reciever, reciever, product, sender
WHERE traNo='$traNo' AND tracking.traId = rel_tracking_reciever.traId AND reciever.recId = rel_tracking_reciever.recId AND tracking.proId = product.proId AND tracking.senId = sender.senId";
$result = #mysqli_query($dbc, $query);
$num = mysqli_num_rows($result);
if ($num) { // tracking number was found
while ($row = mysqli_fetch_array($result,MYSQL_ASSOC)) {
echo '<div id="error">';
echo "<p>This tracking number <b>{$row['traNo']}</b> has already been assigned to <b>{$row['senderName']}</b></p>\n";
echo '</div>';
}
mysqli_free_result ($result); // Free up the resources.
}
1) I want to validate input box with the multiple IF conditions using && Logical expression but instead, it submits empty forms into the database.
Note: I purposely left out the shipment and status input box because the options cannot be empty by default.
2) Is there a way i can generate the tracking number automatically without typing it manually. I have tried GUID but am not getting it.
Thanks..
You have to set ids that you want to validate - there is no complain.
You can do this with:
$ids = array('senFirstName', 'senLastName', 'recFirstName', 'recLastName' /* ... and more */);
$valid = true;
foreach ( $ids as $id ) {
if ( empty($_POST[$id]) ) {
$valid = false;
}
}
if ( $valid === true ) {
// everything's ok
} else {
$errors[] = 'Please make sure you type in all the information.';
}
You need ||, not && if you want to test, if one is empty.
Otherwise you would proove, if all of them are empty.
(Sorry for bad english)
if(empty($_POST['senFirstName']) || empty($_POST['senLastName']) ...
Okay so I'm looping through the results that contains two question IDs and two answers and I'm trying to match the two answers with the two answers from the form submission.
I'm not sure what I'm doing wrong.
<?php
// Include the database page
require ('../inc/dbconfig.php');
require ('../inc/global_functions.php');
//Login submitted
if (isset($_POST['submit'])) {
// Errors defined as not being any
$errors = false;
if (trim($_POST['answer1']) == '') { $errors = true; }
if (trim($_POST['answer2']) == '') { $errors = true; }
// Error checking, make sure all form fields have input
if ($errors) {
// Not all fields were entered error
$message = "You must enter values to all of the form fields!";
$output = array('errorsExist' => $errors, 'message' => $message);
} else {
$userID = mysqli_real_escape_string($dbc,$_POST['userID']);
$answer1Post = mysqli_real_escape_string($dbc,$_POST['answer1']);
$answer2Post = mysqli_real_escape_string($dbc,$_POST['answer2']);
$question1 = mysqli_real_escape_string($dbc,$_POST['question1']);
$question2 = mysqli_real_escape_string($dbc,$_POST['question2']);
$query = "SELECT * FROM manager_users_secretAnswers WHERE userID = '".$userID."'";
$result = mysqli_query($dbc,$query);
// Count number of returned results from query
if (mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_array($result)) {
$answer = $row['answer'];
// Comparing the database password with the posted password
if (($answer == $answer1Post) && ($answer == $answer2Post)) {
} else {
$errors = true;
$message = "Your answers did not match the answers inside the database!";
$output = array('errorsExist' => $errors, 'message' => $message);
}
}
} else {
$errors = true;
$message = "We did not find any answers for your questions! Please consult the site administrator!";
$output = array('errorsExist' => $true, 'message' => $message);
}
}
}
//Output the result
$output = json_encode($output);
echo $output;
?>
Since your question is not clear in the first place, so I'm assuming that the question you are asking is "why you're not getting any matching results, when you've the correct answers in the database?". Please correct me, if this is wrong.
The logic can be like this:-
<?php
// Include the database page
require ('../inc/dbconfig.php');
require ('../inc/global_functions.php');
// Login submitted
if (isset($_POST['submit'])) {
// Errors defined as not being any
$errors = false;
if (trim($_POST['answer1']) == '') { $errors = true; }
if (trim($_POST['answer2']) == '') { $errors = true; }
// Error checking, make sure all form fields have input
if ($errors) {
// Not all fields were entered error
$message = "You must enter values to all of the form fields!";
$output = array('errorsExist' => $errors, 'message' => $message);
} else {
$userID = mysqli_real_escape_string($dbc, $_POST['userID']);
$answer1Post = mysqli_real_escape_string($dbc, $_POST['answer1']);
$answer2Post = mysqli_real_escape_string($dbc, $_POST['answer2']);
$question1 = mysqli_real_escape_string($dbc, $_POST['question1']);
$question2 = mysqli_real_escape_string($dbc, $_POST['question2']);
$query = "SELECT * FROM manager_users_secretAnswers WHERE userID = '".$userID."'";
$result = mysqli_query($dbc, $query);
// Count number of returned results from query
if (mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_array($result)) {
$answer = $row['answer'];
// Comparing the database password with the posted password
if ($answer == $answer1Post) {
// The first answer is correct
$errors = false;
$message = "Your first answer is correct!";
} else if ($answer == $answer2Post) {
// The second answer is correct
$errors = false;
$message = "Your second answer is correct!";
} else {
$errors = true;
$message = "Your answers did not match the answers inside the
}
$output = array('errorsExist' => $errors, 'message' => $message);
}
} else {
$errors = true;
$message = "We did not find any answers for your questions! Please consult the site administrator!";
$output = array('errorsExist' => $true, 'message' => $message);
}
}
}
// Output the result
$output = json_encode($output);
echo $output;
?>
It's better to have more segregation of logical conditions. In this case, it's your two answers to check for.
Hope it helps.