Here I have code where user is going to be created, they have to enter one accesscode given by admin. That accesscode is limited by some users like 10 or 20. After that it shows error like your accesscode is limited. So until now, it's working fine.
Now if user tries to enter accesscode that is not given by admin it has to show error message like your accesscode is wrong.
Here is my code:
<?php
require('../config.php');
require_once($CFG->dirroot . '/user/editlib.php');
$errorMessage = '';
$successMessage = '';
if(isset($_SESSION['successMessage'])) {
$successMessage = $_SESSION['successMessage'];
unset($_SESSION['successMessage']);
}
if (isset($_POST['register'])) {
$errors = array();
$data = array();
$chk_sql = "SELECT * FROM {user} u where username = ?";
if (!empty($chk_sql) ) {
$errorMessage = 'Username already taken';
}
if(!$chk_username = $DB->get_record_sql($chk_sql, array($_POST['username']))) {
$secret = $_POST['secret'];
$access_code_sql = "SELECT * FROM {accesscode} WHERE random_no= ? and `number` > `used` and status=1";
if($chk_secret = $DB->get_record_sql($access_code_sql, array($secret))) {
$cadminid = $chk_secret->cadmin_id;
$clientid = $chk_secret->clientid;
$DB->execute("UPDATE {accesscode} SET used = used+1 WHERE random_no = '$secret'");
$insert_record = new stdClass();
$insert_record->firstname = $_POST['firstname'];
$insert_record->lastname = $_POST['lastname'];
$insert_record->username = $_POST['username'];
$insert_record->secret = $secret;
$insert_record->password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$insert_record->timecreated = time();
$insert_record->maildigest = $cadminid;
$insert_record->maildisplay = $clientid;
$insert_record->idnumber = 1;
$insert_record->mnethostid = 1;
$insert_record->confirmed = 1;
$insert_record->email = $_POST['email'];
if ($result = $DB->insert_record('user', $insert_record)) {
$_SESSION['successMessage'] = "record created successfully";
header('Location: register.php');
} else
$errorMessage = "error! can you please try again";
} else
$errorMessage = "your access code limit completed";
}
}
?>
Can you give us more information about your problem? What doesn't work?Try some "var_dump()" in your loop to know if you pass through or not so you can tell us where is the problem !
But first thing I see is here :
if(! $chk_username = $DB->get_record_sql($chk_sql, array($_POST['username'])) )
and here :
if($result = $DB->insert_record('user', $insert_record))
You should use "==" or "===" because using "=" means you assign a value to "$chk_username" and "result".
Then here is some librairie you can use if you want to display flash message, this is just for your information :
https://github.com/plasticbrain/PhpFlashMessages
And if you want to do it in JS you can use : https://github.com/CodeSeven/toastr
Hope it helps !
i changed the condition like this
<?php
require('../config.php');
require_once($CFG->dirroot . '/user/editlib.php');
$errorMessage = '';
$successMessage = '';
if(isset($_SESSION['successMessage']))
{
$successMessage = $_SESSION['successMessage'];
unset($_SESSION['successMessage']);
}
if (isset($_POST['register'])) {
$errors = array();
$data = array();
$chk_sql = "SELECT * FROM {user} u where username = ?";
if (!empty($chk_sql) ) {
$errorMessage='Username already taken';
}
if(!$chk_username = $DB->get_record_sql($chk_sql, array($_POST['username']))
)
{
$secret = $_POST['secret'];
$access_code_sql = "SELECT * FROM {accesscode} WHERE random_no= ? and
status=1";
if($chk_secret = $DB->get_record_sql($access_code_sql, array($secret)) )
{
if ( $chk_secret->used >= $chk_secret->number ) {
$errorMessage = "your access code limit completed..";
}else
{
$cadminid = $chk_secret->cadmin_id;
$clientid = $chk_secret->clientid;
$DB->execute("UPDATE {accesscode} SET used = used+1 WHERE random_no = '$secret'");
$insert_record = new stdClass();
$insert_record->firstname = $_POST['firstname'];
$insert_record->lastname = $_POST['lastname'];
$insert_record->username = $_POST['username'];
$insert_record->secret = $secret;
$insert_record->password = password_hash($_POST['password'],
PASSWORD_DEFAULT);
$insert_record->timecreated = time();
$insert_record->maildigest = $cadminid;
$insert_record->maildisplay = $clientid;
$insert_record->idnumber = 1;
$insert_record->mnethostid = 1;
$insert_record->confirmed = 1;
$insert_record->email = $_POST['email'];
if($result = $DB->insert_record('user', $insert_record))
{
$_SESSION['successMessage'] = "record created successfully";
header('Location: register.php');
}
else
$errorMessage = "error! can you please try again";
}
}
else
$errorMessage = "your access code is wrong..";
}
}
?>
it's working..
Related
So, this is my code:
class Functions{
public static function login($email,$password){
$email = $_GET['email'];
$password = $_GET['password'];
if(isset($_GET['submit']) AND isset($email) AND isset($password)){
$password = md5($password);
$sql = "SELECT * FROM users WHERE email='$email' AND password='$password'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
$_SESSION['nume'] = $row["name"];
$_SESSION['uid'] = $row["id"];
$_SESSION['admin'] = $row["admin"];
$_SESSION['email'] = $row["email"];
$_SESSION['points'] = $row["points"];
}else{
$errortxt = "Invalid Login Credentials";
$error = true;
}
}
return $error;
}
}
In my HTML file I'm calling for the function like this:
Function::login($email,$password);
But I'm wondering how can I get the $errortxt string to echo in the HTML file.
Thanks!
You just need a simple fix:
class Functions{
public static function login($email,$password){
$response['error'] = false;
$response['errortxt'] = "";
$email = $_GET['email'];
$password = $_GET['password'];
if(isset($_GET['submit']) AND isset($email) AND isset($password)){
$password = md5($password);
$sql = "SELECT * FROM users WHERE email='$email' AND password='$password'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
$_SESSION['nume'] = $row["name"];
$_SESSION['uid'] = $row["id"];
$_SESSION['admin'] = $row["admin"];
$_SESSION['email'] = $row["email"];
$_SESSION['points'] = $row["points"];
}else{
$response['error'] = true;
$response['errortxt'] = "Invalid Login Credentials";
}
}
return $response;
}
}
And you need to call it this way:
$fnCallStatus = Function::login($email,$password); //Now you have the response;
if($fnCallStatus['error']) //we have an error
{
echo $fnCallStatus['errortxt']; //we print the message
}
Hi I fixed little bit your code because it lacks good coding principles and good taste (calling superglobal $_GET variable will always get you something after request despite you place something else into function parameters).
class Functions{
public static function login($email,$password)
{
$error['is'] = true;
$email = htmlspecialchars($email);
$password = md5(htmlspecialchars($password));
if(!empty($email) AND !empty($password))
{
$sql = "SELECT * FROM users WHERE email='$email' AND password='$password'";
$result = $conn->query($sql);
if ($result->num_rows > 0)
{
$row = $result->fetch_assoc();
$_SESSION['nume'] = $row["name"];
$_SESSION['uid'] = $row["id"];
$_SESSION['admin'] = $row["admin"];
$_SESSION['email'] = $row["email"];
$_SESSION['points'] = $row["points"];
} else {
$error['mismatch'] = "Email or password does not match.";
return $error;
}
} else {
$error['empty'] = "Please fill all login fields. Thank you";
return $error;
}
}
}
$error = Function::login($_GET['email'],$_GET['password']);
if($error['is'])
{
if ($error['mismatch']) {
echo $error['mismatch'];
} elseif ($error['empty']) {
echo $error['empty']
}
}
Your function also always return $error despite none occurred. I fixed that and function return error only in not query case.
Functions can return arrays. So if you need to set multiple fields with different text, you can place into array anything you like. This solution is more buletproof.
I am working on an Android App. I need to update a register, I didn't have issues with entries. But when I try to update the table, Doesn't work
this my PHP
<?php
require_once 'include/userupdate.php';
$username = "";
$name = "";
$movil="";
$email = "";
$password = "";
$fnac = "";
$calle_numero_piso ="";
$nom_urba = "";
$cod_postal ="";
$localidad="";
$observaciones="";
/////////////////
if(isset($_POST['username'])){
$username = $_POST['username'];
}
if(isset($_POST['name'])){
$name = $_POST['name'];
}
if(isset($_POST['movil'])){
$movil = $_POST['movil'];
}
if(isset($_POST['email'])){
$email = $_POST['email'];
}
if(isset($_POST['password'])){
$password = $_POST['password'];
}
if(isset($_POST['fnac'])){
$fnac = $_POST['fnac'];
}
if(isset($_POST['calle_numero_piso'])){
$calle_numero_piso = $_POST['calle_numero_piso'];
}
if(isset($_POST['nom_urba'])){
$nom_urba = $_POST['nom_urba'];
}
if(isset($_POST['cod_postal'])){
$cod_postal = $_POST['cod_postal'];
}
if(isset($_POST['localidad'])){
$localidad = $_POST['localidad'];
}
if(isset($_POST['observaciones'])){
$observaciones = $_POST['observaciones'];
}
// Instance of a User class
$userObject = new User();
// update user
$json_registration = $userObject->updateRegisterUser($username, $name, $movil, $email, $password, $fnac, $calle_numero_piso, $nom_urba, $cod_postal, $localidad, observaciones );
echo json_encode($json_registration);
}
?>
And this my update.php
<?php
include_once 'db.php';
class User{
private $db;
private $db_table = "users";
public function __construct(){
$this->db = new DbConnect();
}
mysqli_close($this->db->getDb());
return false;
}
public function updateRegisterUser($username, $name, $movil, $email, $password, $fnac, $calle_numero_piso, $nom_urba, $cod_postal, $localidad, $observaciones ){
$query = "UPDATE users SET name = '$name', movil = '$movil', email = '$email', password = '$password', fnac = '$fnac', calle_numero_piso = '$calle_numero_piso', nom_urba ='$nom_urba', cod_postal = '$cod_postal', localidad = '$localidad', observaciones = '$observaciones' WHERE username = $username;";
$updated = mysqli_query($this->db->getDb(), $query);
if($updated == 1){
$json['success'] = 1;
}else{
$json['success'] = 0;
}
mysqli_close($this->db->getDb());
return $json;
}
public function loginUsers($username, $password){
$json = array();
$canUserLogin = $this->isLoginExist($username, $password);
if($canUserLogin){
$json['success'] = 1;
}else{
$json['success'] = 0;
}
return $json;
}
}
?>
I believe I there is something wrong with both php, but I am not sure where.
try this , as obvious your username is a string so it should be kept inside single quotes
$query = "UPDATE users SET name = '$name', movil = '$movil', email = '$email', password = '$password', fnac = '$fnac', calle_numero_piso = '$calle_numero_piso', nom_urba ='$nom_urba', cod_postal = '$cod_postal', localidad = '$localidad', observaciones = '$observaciones' WHERE username = '$username'";
One advise for best practice is, always make some primary key recommended as int autoincrement which will help to enforce uniqueness because in this case you can have two users with same name which will be a problem when your database grows.
I am creating a registration form for a project, nothing secure or advanced, i am still fairly new to php etc.
I insert the data needed to into a login table and a customer tbl, the data inserts fine. But i cant get the code to check that its worked and fire off a an email and display a message to the user.
I have tried using a value retrieved from the database which would only be there is the user registered successfuly.
if($userID != null)
{
$msg1 = "Thank You! you are now registered, please check your email for a verification link to verify your new account! ";
$col1 = "green";
//require_once "Mail.php";
require_once "inc/email.php";
}
I have also tried this
if($query)
{
$msg1 = "Thank You! you are now registered, please check your email for a verification link to verify your new account! ";
$col1 = "green";
//require_once "Mail.php";
require_once "inc/email.php";
}
Thanks,
Edit - Here is all the code,
<?php
include ("inc/mysql.php");
error_reporting(0);
$msg = "";
$col = 'green';
function test_input($data){
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
// define variables and set to empty values
$name = $email = $chkemail = $password = $chkpassword =$address = $towncity = $postcode = "";
//Required field validation
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$msg = "Name is required";
$col = 'red';
} else {
$name = test_input($_POST["name"]);
}
if (empty($_POST["email"])) {
$msg = "Email is required";
$col = 'red';
} else {
$email = test_input($_POST["email"]);
}
if (empty($_POST["chkemail"])) {
$msg = "Please confirm your email address";
$col = 'red';
} else {
$chkemail = test_input($_POST["chkemail"]);
}
if (empty($_POST["password"])){
$msg = "Please enter a password";
$col = 'red';
}
if (empty($_POST["chkpassword"])){
$msg = "Please confirm your password ";
$col = 'red';
} else{
$chkpassword = test_input($_POST["chkpassword"]);
if(($_POST["password"]) != $chkpassword) {
$msg = "Please check your password is correct";
$col = 'red';
} else{
$password = test_input($_POST["password"]);
}
}
if (empty($_POST["address"])) {
$msg = "Please enter the first line of your address";
$col = 'red';
} else {
$address = test_input($_POST["address"]);
}
if (empty($_POST["towncity"])) {
$msg = "Please enter the first line of your Town or City";
$col = 'red';
} else {
$towncity= test_input($_POST["towncity"]);
}
if (empty($_POST["postcode"])) {
$msg = "Please enter your postcode";
$col = 'red';
} else {
$postcode = test_input($_POST["postcode"]);
$customerVeri = "N";
if($customerVeri == "N"){
$name = mysqli_real_escape_string($db, $name);
$email = mysqli_real_escape_string($db, $email);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password.substr($email,0,3));
$chkpassword = md5($password.substr($email,0,3));
$verifyLink = md5(substr($name,0,3).substr($email,0,3));
$sql="SELECT customerEmail FROM customer_tbl WHERE customerEmail='$email'";
$result=mysqli_query($db,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
if(mysqli_num_rows($result) == 1)
{
$msg1 = "Sorry...This email already exists, please enter another or login...";
$col1 = "red";
}
else
{
$query = mysqli_query($db, "INSERT INTO login_tbl (customerEmail, customerPassword)VALUES ('$email', '$password')");
$sql="SELECT userID FROM login_tbl WHERE customerEmail='$email'";
$result=mysqli_query($db,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
$userID = $row['userID'];
$query2 = mysqli_query($db, "INSERT INTO customer_tbl (customerName, userID, customerEmail, customerPassword, customerAddress, customerTowncity, customerPostcode, customerVerified, customerVerifiedlink)VALUES ('$name', '$userID', '$email', '$password','$address','$towncity','$postcode','$customerVeri','$verifyLink')");
echo("Error description: " . mysqli_error($db));
}
}
}
}
if($userID != null)
{
$msg1 = "Thank You! you are now registered, please check your email for a verification link to verify your new account! ";
$col1 = "green";
//require_once "Mail.php";
require_once "inc/email.php";
}
echo '<div style="color:'.$col.'">';
echo $msg;
echo '</div>';
echo '<div style="color:'.$col1.'">';
echo $msg1;
echo '</div>';
?>
Seems there was no issue, but instead an issue with the email.php that stopped the rest of the statement being executed. Now to pick that to bits. Sometimes a few hours away from the screen is all it needs!
Thanks all that answered..
You shouldn't check every statement for the success
The modern programming doesn't work this way. Any statement can report an error in case one occurs. While if there was no error, then everything went all right.
So, just get rid of all conditions and send your email.
This php code for login form validation. Why it always returns 'Wrong user data' (Грешни данни!). $name & $pass1 come from the login form which is in other file.
$activated has values 0 || 1 and it is to see if user confirmed registration from email.
<?php
//connection with database
require "db_connect.php";
require "password_compat-master/lib/password.php";
$name = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'name'))));
$pass1 = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'pass1'))));
$errorName = '';
$errorPass1 = '';
$feedback = '';
$mainError = false;
//get hash
$retHash = "SELECT password FROM users WHERE user_name='$name'";
$query_retHash = mysqli_query($conn, $retHash);
$row = mysqli_fetch_array($query_retHash);
$hash = $row['password'];
//get name
$retName = "SELECT user_name FROM users WHERE user_name='$name'";
$query_retName = mysqli_query($conn, $retName);
$row = mysqli_fetch_array($query_retName);
$uname = $row['user_name'];
//get 'activated'
$retAct = "SELECT user_name FROM users WHERE user_name='$name'";
$query_retAct = mysqli_query($conn, $retAct);
$row = mysqli_fetch_array($query_retAct);
$activated = $row['activated'];
if (filter_input_array(INPUT_POST)) {
if ($name !== $uname) {
$mainError = true;
}
if (!password_verify($pass1, $hash)) {
$mainError = true;
}
if ($activated != 1) {
$mainError = true;
}
if (!$mainError) {
$feedback = 'Здравей,' . $name . '!';
} else {
$feedback = 'Грешни данни!';
}
}
?>
As #Rajdeep Answered,
$retAct = "SELECT user_name FROM users WHERE user_name='$name'";
^ it should be activated
Better use one query. Fetch all details.
<?php
//connection with database
require "db_connect.php";
require "password_compat-master/lib/password.php";
$name = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'name'))));
$pass1 = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'pass1'))));
$errorName = '';
$errorPass1 = '';
$feedback = '';
$mainError = false;
//get hash
$retHash = "SELECT * FROM users WHERE user_name='$name'";
$query_retHash = mysqli_query($conn, $retHash);
$row = mysqli_fetch_array($query_retHash);
$hash = $row['password'];
$uname = $row['user_name'];
$activated = $row['activated'];
if (filter_input_array(INPUT_POST)) {
if ($name !== $uname) {
$mainError = true;
}
if (!password_verify($pass1, $hash)) {
$mainError = true;
}
if ($activated != 1) {
$mainError = true;
}
if (!$mainError) {
$feedback = 'Здравей,' . $name . '!';
} else {
$feedback = 'Грешни данни!';
}
}
?>
Look at this statement here,
//get 'activated'
$retAct = "SELECT user_name FROM users WHERE user_name='$name'";
^ it should be activated
And there's no point running three separate queries. You can achieve the same thing using only one query, like this:
// your code
$query = "SELECT user_name, password, activated FROM users WHERE user_name='$name' LIMIT 1";
$result = mysqli_query($conn, $query);
$row = mysqli_fetch_array($result);
$uname = $row['user_name'];
$hash = $row['password'];
$activated = $row['activated'];
if (filter_input_array(INPUT_POST)) {
// your code
}
Hello Ladies and Gentlemen, I have been working on this project for some time now. And all of a sudden when I go into the web page to login I just get a blank screen at the 'success_login.php' which is literally just the login script that runs once login is clicked on my screen.
Here is the success_login.php script:
<?php
require_once($_SERVER['DOCUMENT_ROOT'] . '/luke/classes/userFunctions.php');
$userFunctions = new userFunctions();
session_start();
//assign all posted values to a session
if (!empty($_POST)) {
foreach($_POST as $key => $value) {
$_SESSION['login_info'][$key] = $value;
}
}
//Get the username and password
$username = htmlentities($_POST["username"], ENT_QUOTES);
$password = htmlentities($_POST["password"], ENT_QUOTES);
//Get the user id if the login was valid
$userId = $userFunctions->validLogin($username,$password);
if($userId != 0) {
$_SESSION['login_info']['username'] = $username;
$_SESSION['login_info']['password'] = $password;
$_SESSION['login_info']['user_id'] = $userId;
header('LOCATION: home.php');
exit;
}
header('LOCATION: login.php');
exit;
?>
and here is the function it refers to:
public function validLogin($username,$password) {
$dbact = new DbInteraction();
$query = "select * from person";
$result = $dbact->interact($query,true);
$row = mysql_numrows($result);
$valid = false;
$userId = 0;
while ($row = mysql_fetch_array($result)) {
//Check to see if the username and password are valid
$validUsername = strcmp($username,$row['username']);
if($validUsername == 0) {
$hashedPassword = md5($password . Constants::SALTED);
$validPassword = strcmp($hashedPassword,$row['password']);
if($validPassword == 0) {
$valid = true;
$userId = $row['idperson'];
}
}
}
if(!$valid) {
$_SESSION['login_info']['username'] = "error";
$_SESSION['login_info']['password'] = "";
header('LOCATION: login.php');
exit;
return $userId;
} else {
$_SESSION['login_info']['username'] = "";
$_SESSION['login_info']['password'] = "";
return $userId;
}
}
Like I said, its been working for months and now all of a sudden its not anymore, and it has me really worried. Could someone shed some light for me?
Thanks a million for your time!