So after a lot of testing, I've finally been able to get $_SERVER["REMOTE_ADDR"] to successfully post the IP into my MySQL Database
EXCEPT that it doesn't actually
post the right IP. It is only gathering the first 4 numbers and it's not putting periods after the sets of numbers. (I'm attempting to log IP's when users register accounts )
What could be the problem and how can I solve it?
Here is my Current Code:
<?php
session_start();
// variable declaration
$username = "";
$email = "";
$errors = array();
$_SESSION['success'] = "";
$ip = $_SERVER["REMOTE_ADDR"];
// connect to database
$db = mysqli_connect('host','user','pass','db')
or die('Error connecting to MySQL server.');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
$ip = mysqli_real_escape_string($db, $_POST = $_SERVER["REMOTE_ADDR"]);
// form validation: ensure that the form is correctly filled
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (username, email, password, ip)
VALUES('$username', '$email', '$password', '$ip')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
mysql_error();
}
}
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
The code relating to $_SERVER["REMOTE_ADDR"];
$ip = $_SERVER["REMOTE_ADDR"];
$ip = mysqli_real_escape_string($db, $_POST = $_SERVER["REMOTE_ADDR"]);
$query = "INSERT INTO users (username, email, password, ip)
VALUES('$username', '$email', '$password', '$ip')";
You need to make sure that your database table column IP is (var)char of at least 15 characters, for example VARCHAR(15). (Or more than 15 for ipv6)
Also, why do you write $_POST = $_SERVER["REMOTE_ADDR"], and thus try to overwrite $_POST? Change that into just $_SERVER["REMOTE_ADDR"]!
Lastly, lookup parameterized queries.
Related
How can i upload images as part of registration data to database with sql and get it with php sessions everytime the user logs in
I already have this for saving username,email and password..but i want to add image to serve as profile picture during the registration and should be able to call it everytime a user logs in
<?php
session_start();
$username = "";
$email = "";
$errors = array();
$db = mysqli_connect('localhost', 'root', '', 'registration');
if (isset($_POST['reg_user'])) {
$fname = mysqli_real_escape_string($db, $POST['fname']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
if (empty($fname)) { array_push($errors, "Please Enter your full name");}
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) {
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
if (count($errors) == 0) {
$password = md5($password_1);
$query = "INSERT INTO users (fname, username, email, password)
VALUES( '$fname', '$username', '$email', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: /me/home.php');
}
}
________________________LOGIN____________________________
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: /me/home.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
i will assume you have already finished the login authentication.
you will have to include an input of type file in your registration page.
here is the php code you will need to insert the photo:
extract($_POST);
if(isset($upload)) // Upload variable here is the button user clicks when he registers
{
$query = "insert into users (picture)values (?)";
$result = $db->prepare($query);
$target_path = "profilePictures/" . $un . "_";
$target_path = $target_path.basename($_FILES['profilePic']['name']);
if (move_uploaded_file($_FILES['profilePic']['tmp_name'], $target_path))
{
$newPic = "profilePictures/" . $un . "_" . basename($_FILES['profilePic']['name']);
$result->bindParam(1, $newPic);
}
$result->execute();
$db=NULL;
if ($result)
{
$success = true;
success("Information inserted Successfully "); //success here is a function i created you can just echo this message instead.
}
else
{
error("Failed");
}
}
}
now when a user logs in from the login page you will have to do some coding where you need it to be:
session_start();
$username=$_SESSION['activeUser']; //
query="select * from users where username='$username'";
$result = $db->prepare($query);
$result->execute();
$row=$result->fetch();
$userpic=$row['picture'];
$_SESSION['picture'] = $userpic; // here the image will be saved in a session and you
can save it in a variable elsewhere and use it.
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 3 years ago.
When I entered details like username email password and
password confirmation in the signup page it didn't insert into the database.
Here is my code:
server.php
<?php
session_start();
// initializing variables
$username = "";
$email = "";
$errors = array();
// connect to the database
$db = mysqli_connect('127.0.0.1', 'root', '', 'techdrive');
// REGISTER USER
if (isset($_POST['signup'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled by adding (array_push()) corresponding error unto $errors array
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);
//encrypt the password before saving in the database
$query = "INSERT INTO users (username, email, password)
VALUES('$username', '$email', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ..\index.html');
}
}
// LOGIN USER
if (isset($_POST['login'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ..\index.html');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
$dbName = "your database name";
$db = mysqli_connect('127.0.0.1', 'root', '', 'techdrive', $dbName);
and then use echo $query; die;
In order to check your query.
so I tried using the code from Andy Holmes from this link How to redirect into different page by user type in php and mysql.
Server.php
<?php
session_start();
// initializing variables
$username = "";
$email = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', '', 'registration');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
$occupation = mysqli_real_escape_string($db, $_POST['occupation']);
$grdlvl = mysqli_real_escape_string($db, $_POST['grdlvl']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
if (empty($occupation)) { array_push($errors, "Occupation is required"); }
if (empty($grdlvl)) { array_push($errors, "Grade level Applied is required"); }
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (username, email, password, occupation, grdlvl)
VALUES('$username', '$email', '$password', '$occupation', '$grdlvl')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now registered";
header('location: login.php');
}
}
// ...
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username'AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
}
$occupation = $row['$occupation'];
if($occupation == "student"){ //check usertype
header("Location:/site2/student.php"); //if normal user redirect to app.php
}else{
header("Location:/site2/admin.php"); //if admin user redirect to admin.php
}
}
else {
array_push($errors, "Wrong username/password combination");
}
}
?>
But the problem is it works for only one page and It keeps redirecting to the admin page even if the occupation is not admin.
Unless occupation equals student, it redirects to admin and $occupation = $row['$occupation']. However, I don't see you set the value of $row anywhere. So, the redirect will always be to admin.
I've created a registration form which takes a user's name, username, email and password. I've also created a sql database using XAMPP control panel, named the database 'registration' and created a table called 'users' to store all the inputs.
When the user enters this data, they should be presented with the login page and in the background the data should be store int he database..but when I opened up phpmyadmin to check the table, there is no data saved.
Below is the code I used to sent the inputs from the user to the database which is my 'server.php' file:
<?php
session_start();
// initializing variables
$name = "";
$email = "";
$username = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', 'root', 'registration');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$name = mysqli_real_escape_string($db, $_POST['name']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($name)) { array_push($errors, "Name is required");
}
if (empty($email)) { array_push($errors, "Email is required");
}
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: login.php');
}
}
// ...
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: https://georginahughes48.wixsite.com/makeupyourmind');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
Please let me know if any further code is needed to assist me with this issue..Thanks in advance!
After connection code add this line
if($db->connect_errno)
{
echo "Error: ( " .$db->errorno. " )". $db->error;
die;
}
Just replace this code
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
if( mysqli_query($db, $query))
{
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: login.php');
}
else
{
echo mysqli_error($db);
}
}
}
Check if it gives any errors.
Try your code in try catch block. Replace your register part with this:
// Finally, register user if there are no errors in the form
try {
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: login.php');
}
} catch (Exception $e) {
echo 'Caught exception: ', $e->getMessage(), "\n";
}
This will give you error if anything breaks in between, else your code is seems okay.
Step 1 : change the code like following:
<?php
session_start();
// initializing variables
$name = "";
$email = "";
$username = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', '', 'registration');
if (!$db) {
die("Connection failed: " . mysqli_connect_error());
}
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$name = mysqli_real_escape_string($db, $_POST['name']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$username = mysqli_real_escape_string($db, $_POST['username']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($name)) { array_push($errors, "Name is required");
}
if (empty($email)) { array_push($errors, "Email is required");
}
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (name, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
if( mysqli_query($db, $query))
{
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: login.php');
}
else
{
echo mysqli_error($db);
}
}
}
// ...
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: https://georginahughes48.wixsite.com/makeupyourmind');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
Assuming there is no password for mysql.
Step 2:
Recheck mysql connection and table names case and spelling
Step 3:
Check the nullable fields, field types and length in table. If you have primary key check if auto increment is there or not. hope this will help.
Below is the code I'm running. I'm trying to get it so my CMS index.php will deny access if the users user_level is under 1. I'm logging in with a test account setup with the user_level at 1 but I'm not having any luck.
Code on top of my index.html:
<?php
if($_SESSION['user_level'] == "1"){
header("Location: index.php");
exit;
}else{ header("Location: login.php");
exit;
}
So if user_level is 1 or higher, proceed to index.html (which is my CPanel index, not my actual sites index.
If the user_level is below 1, redirect back to login.
Here's my server.php code where all the magic happens after you click login.
<?php
session_start();
// variable declaration
$fullname = "";
$useremail = "";
$age = "";
$igname = "";
$profileurl = "";
$errors = array();
// connect to database
$db = mysqli_connect('****', '****', '****',
'****');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$fullname = mysqli_real_escape_string($db, $_POST['fullname']);
$useremail = mysqli_real_escape_string($db, $_POST['useremail']);
$age = mysqli_real_escape_string($db, $_POST['age']);
$igname = mysqli_real_escape_string($db, $_POST['igname']);
$profileurl = mysqli_real_escape_string($db, $_POST['profileurl']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled
if (empty($fullname)) { array_push($errors, "Full name is required"); }
if (empty($useremail)) { array_push($errors, "Email is required"); }
if (empty($age)) { array_push($errors, "Age is required"); }
if (empty($igname)) { array_push($errors, "In game name is required"); }
if (empty($profileurl)) { array_push($errors, "Truckers-MP Profile URL is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (fullname, email, age, igname, profileurl, password)
VALUES('$fullname', '$useremail', '$age', '$igname', '$profileurl', '$password')";
mysqli_query($db, $query);
$_SESSION['useremail'] = $useremail;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
echo '<script language="javascript">';
echo 'alert("Once an admin reviews your account, they will send you an email alerting you that you can login. Please be patient.")';
echo '</script>';
}
}
// ...
// LOGIN USER
if (isset($_POST['login_user'])) {
$useremail = mysqli_real_escape_string($db, $_POST['useremail']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($useremail)) {
array_push($errors, "Email is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE email='$useremail' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['user_level'] = $row['user_level'];
$_SESSION['useremail'] = $useremail;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
I'm sure I'm not doing it right but at least I can say I damn well tried. Any help would be greatly apprechiated.
There is undefined variable $row. Define it first (fetch_assoc()), then you can assign it into session.
if (mysqli_num_rows($results) == 1) {
$row = mysqli_fetch_assoc($results);
$_SESSION['user_level'] = $row['user_level'];
$_SESSION['useremail'] = $useremail;
...
}
mysqli_num_rows returns the number of rows in a result set. Not the indexes! You can keep this code and assign this way -> $_SESSION['user_level'] = $row[some index]; (if your table is like id,user,pass,mail' some index will be 1.
If you want to have a text index, just look for the mysqli_fetch_array