The value is not inserting in database - php

I want to create an API for registration with OTP verification. The OTP is successfully sent on mobile. But the value of users is not inserted in the database. Here is my signup code.
signup.php
<?php
include('config.php');
if( !empty($_POST['name']) &&
!empty($_POST['mobile']) &&
!empty($_POST['email']) &&
!empty($_POST['password'])
){
$name = $_POST['name'];
$mobile = $_POST['mobile'];
$email = $_POST['email'];
$password = $_POST['password'];
$str = mt_rand(100000, 999999);
$avalible_user_name="";
$avalible_user_email="";
$SQL= mysql_query("SELECT * FROM users WHERE mobile='".$mobile."' ");
while($row=mysql_fetch_array($SQL)){
$avalible_user_name=$row['mobile'];
}
$SQL= mysql_query("SELECT * FROM users WHERE email='".$email."' ");
while($row=mysql_fetch_array($SQL)){
$avalible_user_email=$row['email'];
}
if($avalible_user_name=="" && $avalible_user_email==""){
$SQLQUERY = mysql_query("INSERT INTO users SET
name = '" . $name."',
mobile = '" . $mobile."',
email = '" . $email."',
password = '" . md5($password)."',
otp = '".$str."',
status = 0 ");
$msg = "Your verification code:".$str.".";
$sms_text = str_replace(" ","%20",$msg);
$api_key = '2584909553545C';
$from = 'chkotp';
$api_url = "**My otp url**";
$response = file_get_contents($api_url);
die(json_encode(array("success"=>"true","message"=>"OTP sent to your mobile number please verify.")));
}else{
die(json_encode(array("success"=>"false","message"=>"Mobile or email all ready exits ")));
}
}else{
die(json_encode(array("success"=>"false","message"=>"Empty Parameters..!!")));
}
?>


Your insert query syntax is wrong,
$new_pass = md5($password);
$SQLQUERY = mysql_query("INSERT INTO users( name, mobile, email, password) values('$name','$mobile','$email','$new_pass')");
I hope it helps.

Related

Is there any other way of fixing this OTP verification problem?

Am making an verification system after the user signup he/she will be redirected to verify the with otp code. The code doesn't seem to work when i tried it out and displays no error to show.
<?php
include_once("__DIR__ . '/../connection/conn.php");
if(isset($_POST['submit'])){
$username = mysqli_real_escape_string($conn, $_POST['username']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$pass = mysqli_real_escape_string($conn, md5($_POST['password']));
$cpass = mysqli_real_escape_string($conn, md5($_POST['cpassword']));
$role = 'user';
$verification_status = '0';
$otp = mt_rand(1111,9999); //create 4 digits otp
$activation_code = rand(time(),10000000); //create a user unique id
$select_users = mysqli_query($conn, "SELECT * FROM `userssystem1` WHERE email = '$email' AND password = '$pass'") or die('query failed');
if(mysqli_num_rows($select_users) > 0){
$message[] = 'user already exist!';
}else{
if($pass != $cpass){
$message[] = 'confirm password not matched!';
}else{
mysqli_query($conn, "INSERT INTO `userssystem1`(username, email, password, role, otp, activation_code, verification_status) VALUES('$username', '$email' , '$cpass' , '$role', '$otp', '$activation_code' , '$verification_status')") or die('query failed to insert');
$message[] = 'registered successfully!';
header('location:verify.php?code='.$activation_code);
}
}
}
?>
After i copy the otp from the data table into the otp input field to make the necessary changes on the data table in the database, the verification_status is supposed to change to verified and otp code will be empty from the database table. `verification_status = 'verified'
<?php
//if user verified, so don't show verify page
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1); error_reporting(E_ALL);
include_once("__DIR__ . '/../connection/conn.php");
if(isset($_POST['submit_otp'])){
if(isset($_GET['code'])){
$activation_code = $_GET['code'];
$otp = $_POST['otp'];
$sqlselect = "SELECT * FROM userssystem1 WHERE activation_code = '".$activation_code."'";
$resultSelect = mysqli_query($conn, $sqlselect);
if (mysqli_num_rows($resultSelect) > 0){
$rowSelect = mysqli_fetch_assoc($resultSelect);
$rowOtp = $rowSelect['otp'];
if ($rowOtp !== $otp) {
echo "<script>alert(Please provide correct OTP...!)</script>";
}else{
$sqlUpdate = "UPDATE userssystem1 SET otp = '', verification_status = 'verified' WHERE otp = '".$otp."' AND activation_code = '".$activation_code."'";
$resultUpdate = mysqli_query($conn, $sqlUpdate);
if ($resultUpdate){
echo "<script>alert(Your email has been verified)</script>";
header("Refresh:1; url=signup.php");
}else{
echo "<script>alert(Your email is not verify)</script>";
}
}
}
}
else{
header("Refresh:1; url=verify.php");
}
}
?>

Without seeing more of your code this is really just a guess, but you're checking for $_POST['submit_otp'] but then later down assign $otp to the value of $_POST['otp']. My guess is that maybe the first if (isset(... is coming back false because the $_POST key is wrong. Or, the second assignment is wrong and the SQL comes back with no rows.

Validation for username not working

I have written this code , its working to add users but for duplicate user it again saved the value os same user name. i wanted to give popup message if username already taken. i m beginner please help.
<?php
ob_start();
include("db.php");
if(isset($_POST['send'])!="") {
$username = mysqli_real_escape_string($con, $_POST['username']);
$usermail = mysqli_real_escape_string($con, $_POST['usermail']);
$usermobile = mysqli_real_escape_string($con, $_POST['usermobile']);
$bool = true;
$con = mysqli_connect("localhost","root","","demo");
$result = mysqli_query("SELECT `username` FROM `sample` WHERE username = '$username'");
if(mysqli_num_rows($result)>0)
{
Print '<script>alert("Username has been taken!");</script>';
}
if ($bool) {
$inssql = "insert into sample set
username = '" . $username . "',
emailid = '" . $usermail . "',
mobileno = '" . $usermobile . "',
created = now()";
$update = mysqli_query($con, $inssql);
}
}

Make sure you finish the script or turn off your flag before making the insert:
if(mysqli_num_rows($result)>0)
{
Print '<script>alert("Username has been taken!");</script>';
die('username already taken');
//$bool = FALSE;
}
If you still having duplicate entries, debug what is the result of $username and compare it with the value in the database.

PHP UPDATE query doesn't work

i would like to a fix a problem with my code, that regard an user profile system. During registration user set their personal information, including address. Address value is used by API google maps.UPDATE query doesnt work.Why?
N.B: data type lat, lng are 'decimal(10,8)decimal(11,8)'
<?php
include("database.php");
session_start();
$error = "";
if(isset($_POST['submit']))
{
$username = mysql_real_escape_string($_POST['username']);
$name = mysql_real_escape_string($_POST['name']);
$surname = mysql_real_escape_string($_POST['surname']);
$affiliation = mysql_real_escape_string($_POST['affiliation']);
$department = mysql_real_escape_string($_POST['department']);
$address = mysql_real_escape_string($_POST['address']);
$position = mysql_real_escape_string($_POST['position']);
$email = mysql_real_escape_string($_POST['email']);
$web = mysql_real_escape_string($_POST['web']);
$telephone = mysql_real_escape_string($_POST['telephone']);
$mobile = mysql_real_escape_string($_POST['mobile']);
$password = $_POST['password'];
$passwordConfirm = $_POST['passwordConfirm'];
$privacy = $_POST['privacy'];
//validare i valori inseriti dall'utente
if(!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$error = "Inserisci una email valida ";
}
else if (strlen($password < 8)) {
$error = "La password deve contenere almeni 8 caratteri";
}
else if ($password != $passwordConfirm)
{
$error = "Le password devono coincidere!";
}
else {
$error = "Ti sei appena registrato su B";
}
$sql = "INSERT INTO users(username, name, surname, affiliation, department,address,position,email,web,telephone,mobile,password,privacy) VALUES('$username','$name','$surname','$affiliation','$department','$address','$position','$email','$web','$telephone','$mobile','$password','$privacy')";
mysqli_query($database,$sql) or die(mysqli_error($database));
if($address !=''){
$request_url = "http://maps.googleapis.com/maps/api/geocode/xml?address=".$address."&sensor=true";
$xml = simplexml_load_file($request_url) or die("url not loading");
$status = $xml->status;
if ($status=="OK"){
$lat = $xml->result->geometry->location->lat;
$lng = $xml->result->geometry->location->lng;
}
$sql1 = "UPDATE users SET lng='$lng', lat='$lat' WHERE username='$username'";
mysqli_query($database,$sql1) or die(mysqli_error($database));
}
}
?>

instead of using AND, you need to separate with a comma ,
$sql1 = "UPDATE users SET lng='$lng', lat='$lat' WHERE username='$username'";

Do not use And and don't forget to add backticks :) and good to see that newbies are completely avoiding mysql_* :D
$sql1 = "UPDATE `users` SET `lng`='$lng', `lat`='$lat' WHERE `username`='$username'";

Replace AND with comma in update statement

Email verification using php

I am new here, and I am continuing previous developer website for the client.
This web will sent an verification email for user after the user sign up for member in the web.
The email is send to the user but my problem now is that the verification doesn't work. When the user click on the verification link, it's does link to the verification.php but show a blank page.
I don't know where is the problem.
This is the account_verification.php file:
session_start();
require_once 'cms/configuration.php';
$username = $_GET['e_username'];
$key = $_GET['key'];
$sql = "SELECT * FROM member WHERE username = '$username'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
$memberID = $row['id'];
if ($key == md5($username.$row['id']))
{
$sql = "UPDATE member SET verified = '1' WHERE id = '{$row['id']}'";
$result = mysql_query($sql);
echo ' <script type="text/javascript">
alert("Your account is activated.");
window.location = "homepage.php";
</script>';
}
?>
And this is the membersignup.php file:
<?php
session_start();
require_once 'cms/configuration.php';
include "includes/phpmailer.php";
foreach ($_POST as $key => $value)
{
$_POST[$key] = $value;
}
$e_username = trim($_POST['username']);
$password = $_POST['password'];
$ic_no = $_POST['ic_no'];
$email = $_POST['email'];
$dob = $_POST['dob'];
$contact = $_POST['contact'];
$address = $_POST['address'];
$comp_name = $_POST['comp_name'];
$comp_address = $_POST['comp_address'];
$comp_contact = $_POST['comp_contact'];
$comp_fax = $_POST['comp_fax'];
$comp_email = $_POST['comp_email'];
$about_us = $_POST['about_us'];
$datetime = $_POST['datetime'];
;
$result = mysql_query("SELECT username FROM member WHERE username='$e_username'");
$num_records = mysql_num_rows($result);
if ($num_records !=0){
echo "Please use different username.";
exit();
}
$sql = sprintf("INSERT INTO member (username, password, ic_no,email, birthday, contact, address, company_name, company_address, company_contact, company_fax, company_email, about_us, register_date)
VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s',NOW())",
mysql_real_escape_string($e_username),
md5($password),
mysql_real_escape_string($ic_no),
mysql_real_escape_string($email),
mysql_real_escape_string($dob),
mysql_real_escape_string($contact),
mysql_real_escape_string($address),
mysql_real_escape_string($comp_name),
mysql_real_escape_string($comp_address),
mysql_real_escape_string($comp_contact),
mysql_real_escape_string($comp_fax),
mysql_real_escape_string($comp_email),
mysql_real_escape_string($about_us),
mysql_real_escape_string($datetime)
);
$result = mysql_query($sql) or die(mysql_error());
$insertID = mysql_insert_id();
$key = md5($_POST['username'].$insertID);
$link = "http://___/account_verification.php?username={$_POST['username']}&key=$key";
$body = "<div>
<p style='padding:10px;'>
Hello {$_POST['username']}!
</p>
<p style='padding:10px;'>
Thank you for creating an account at ___.
</p>
<p style='padding:10px;'>
Please keep this e-mail for your records. Your account information is as follows:<br/>
Username : $e_username <br/>
Password : {$_POST['password']}
</p>
<p style='padding:10px;'>
Verify your account to complete your registration by clicking the link:<br/>
<a href='$link' target='_blank'>$link</a>
</p>
<p style='padding:10px;'> </p>
<p style='padding:10px;'>
Thanks,<br/>Admin
</p>
</div>";
$subject = "Member Registration and Verification";
if ($result)
{
$sendMailResult = sendPHPMail('noreply#___.com', '___', $_POST['email'], $subject, $body);
if($sendMailResult == TRUE)
echo 1;
else
echo "There's problem sending validation mail to your email. Please try again later.";
}
else
{
echo "There's problem saving your registration details to our database. Please try again later.";
}
?>
Can anyone help me to find what is the problem here?

You are searching for a user that matches $username = $_GET['e_username']; when you are actually only sending in the url username
So, your account_verification.php should be
session_start();
require_once 'cms/configuration.php';
$username = $_GET['username'];
$key = $_GET['key'];
$sql = "SELECT * FROM member WHERE username = '$username'";
etc ...
And your link to this script should be as follows: (note: your username variable is changed to $_POST['e_username']
$link = "http://___/account_verification.php?username={$_POST['e_username']}&key=$key";

$_Post registration with variable return on registration status

So I'm trying to make a registration page that feeds back a variable when a certain flag is raised.. "All ready registered" "Registration limit" IS this the best way to do this or is there a better way? I'm a little new to PHP...I keep getting an error on the mysql_num_rows()..
Here is the code....
<?php
//not really
$dbhost = 'sample';
$dbname = 'contacts';
$dbuser = 'sample';
$dbpass = 'sample';
//retrieve our data from POST
$username = $_POST['username'];
$pass1 = $_POST['password'];
$pass2 = $_POST['timestamp'];
$pass3 = $_POST['deviceId'];
$pass4 = $_POST['phone'];
$pass5 = $_POST['name'];
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $conn);
//sanitize username
$username = mysql_real_escape_string($username);
$pass1 = mysql_real_escape_string($pass1);
$pass2 = mysql_real_escape_string($pass2);
$pass3 = mysql_real_escape_string($pass3);
$pass4 = mysql_real_escape_string($pass4);
$pass5 = mysql_real_escape_string($pass5);
function email_exists()
{
// $query = "SELECT * FROM Users WHERE username = '" . $username . "'";
$sql2 = mysql_query("SELECT username FROM Users WHERE username = '" . $username . "'");
// $sql2 = mysql_db_query("SELECT * FROM Users WHERE username = '" . $username . "'");
// $erg = mysql_num_rows($sql2) > 0;
return (mysql_num_rows($sql2)); //method 1
}
function device_exists()
{
$query2 = "SELECT * FROM Users WHERE deviceID = '" . $pass3 . "'";
//$sql2 = mysql_db_query("SELECT * FROM Users WHERE deviceID = '" . $pass3 . "'");
$sql3 = mysql_query($query2);
return (mysql_num_rows($sql3)); //method 2
}
if (email_exists() == 0) {
//(passed the no email in database, now lets check how many accounts under the device ID)
if (device_exists() < 3) {
$query = "INSERT INTO Users ( username, password, timestamp, deviceId, phone, name )
VALUES ( '$username' , '$pass1' , '$pass2', '$pass3', '$pass4', '$pass5');";
mysql_query($query);
mysql_close();
echo "1"; // Regstered succefully
} else {
echo "5"; //3 registered users per device only
}
} else {
echo "0"; //already have an account (email is used.....)
}
?>

You have may be same problem
Hello please try with the greaterthan operator (>) with zero
if ( email_exists()) // valid result
{
if ( email_exists() > 0 ) // more than 0 records
// rest code;
else
// insert operation;
}
Thanks... best luck

Categories