I have tried creating a cookie but my value is not being saved. Here is my code. I have tried checking my connection details but it looks alright. Please help since i cannot find a solution to this problem.
<form method="POST">
<hr>
<div class="accounttype">
<input type="radio" value="Teacher" id="radioOne" name="account" checked/>
<label for="radioOne" class="radio" chec><span style="font-size: 23px;">Teacher</span></label>
<input type="radio" value="Student" id="radioTwo" name="account" />
<label for="radioTwo" class="radio"><span style="font-size: 23px;">Student</span></label>
</div>
<hr>
<label id="icon" for="name"><i class="icon-envelope "></i></label>
<input type="text" name="logid" id="logid" placeholder="Email" required/>
<label id="icon" for="name"><i class="icon-user"></i></label>
<input type="text" name="logName" id="logName" placeholder="Name" required/>
<label id="icon" for="name"><i class="icon-shield"></i></label>
<input type="password" name="logPassword" id="logPassword" placeholder="Password" required/>
<center><table>
<tr>
<td><center>
<input type="submit" name="Login" id="Login" value="Login" style="background-color: #3a57af; color: #ffffff; width: 105px; height: 40px;-webkit-border-radius: 20px;-moz-border-radius: 20px;border-radius: 20px;border: 0px;">
</center>
</td>
<?php
$userId = $_POST['logid'];
//$userName = $_POST['logName'];
$password = $_POST['logPassword'];
$account = $_POST['account'];
$teacher = "Teacher";
$student = "Student";
if ($account == $teacher) {
# code...
$sql = "SELECT * FROM teacherRecord WHERE email = '$userId' AND password='$password'";
$result = mysqli_query($con,$sql);
$check = mysqli_fetch_array($result);
if(isset($check)){
setcookie("email", $userId, time() + (86400 * 30), "/");
echo $_COOKIE['email'];
//echo "<script>window.location='profile.php'</script>";
}
}
?>
Related
I have a member page that lands after user signs in. From there I need to populate that page with all their data in a form format (same as the one they filled out initially) so they can edit and update/save.
<form>
<fieldset>
<legend>Edit My Account
</legend>
<div>
<label class="label" for="username">Username</label>
<input class="user" type="text" name="username" id="username" value="<?php if(isset($error)){ echo $_POST['username']; } ?>" tabindex="2" required />
</div>
<div>
<label class="label" for="email">Email</label>
<input class="email" type="email" name="email" id="email" value="<?php if(isset($error)){ echo $_POST['email']; } ?>" tabindex="3" required />
</div>
<div>
<label class="label" for="password">Password</label>
<input class="password" type="password" name="password" id="password" tabindex="4" required />
</div>
<div>
<label class="label" for="passwordConfirm">Confirm Password</label>
<input class="password" type="password" name="passwordConfirm" id="passwordConfirm" tabindex="5" required />
</div>
<div>
<input class="showbox" type="checkbox" name="terms" id="terms" tabindex="6" onFocus="this.tabIndex=1;"onBlur="this.tabIndex=6;"required />
<label for="terms">I agree to the Terms</label>
</div>
</fieldset>
<fieldset>
<div>
<input name="submit" type="submit" value="Update" />
</div>
</fieldset>
</form>
Secondly I want them to be able to delete their entire account with a "Delete My Account" button via a input type 'submit' that would appear on same member page.
<fieldset>
<form action="delete.php?" method="post">
<input type="hidden" name="id" value="<?php echo $members['memberID']; ?>">
<input type="submit" name="submit" value="Delete My Account">
</form>
</filedset>
I've been searching for days now... mostly this platform and have not found any sound solution(s).
I'm using MySQL db using PDO $stmt = $db->prepare('INSERT INTO... to create insert for new users and that all works fine.
I include a separate connection config file for db connection as well.
I created a delete.php file for the statement.
<?php require('config.php');
$id=$_SESSION['memberID'];
$stmt = $db->prepare('DELETE FROM members where memberID = $id');
?>
I'm not able to find a solution to populate the member page with logged in user data then edit and update it and/or capture the users logged in memberID to submit the delete account request using that memberID.
Some guidance would be appreciated, Thanks!
Here is my login.php code
<?php
//include config
require_once('config.php');
//check if already logged in move to home page
if( $user->is_logged_in() ){ header('Location: memberpage.php'); }
//process login form if submitted
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($user->login($username,$password)){
$_SESSION['username'] = $username;
header('Location: memberpage.php');
exit;
} else {
$error[] = '<h2 class="red ctr thanks">Wrong username or password or your account has not been activated.</h2>';
}
}//end if submit
?>
At first you must set id user.after login user in admin page
and next you can use of that
<?php
$userId= $_GET['id'];//get user id you can use session also
if (isset($_POST['submit'])){
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$passwordConfirm = $_POST['passwordConfirm'];
$terms = $_POST['terms'];
if (($password===$passwordConfirm) and ($terms===1)){
$query = "UPDATE members SET username = :username ,email = :email,"
."password = :password WHERE id = :id";
$stmt = $db->prepare($query);
$stmt->bindParam(':username',$username, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR);
$stmt->bindParam(':id',$userId, PDO::PARAM_INT);
}
}
$query = "SELECT * FROM `members` WHERE id = `$userId`"; //Get user info
$sth = $db->prepare($query);
$sth ->execute();
$result = $sth->fetchAll(PDO::FETCH_ASSOC);
if ($result) {
// output data of each row
foreach($result as $row){
$username = $row['username'];
$email = $row['email'];
$password = $row['password'];
}
}
?>
<form method="post" class="form-horizontal" action="<?php filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?>">
<fieldset>
<legend>Edit My Account
</legend>
<div>
<label class="label" for="username">Username</label>
<input class="user" type="text" name="username" id="username" value="<?php echo $username ?>" tabindex="2" required />
</div>
<div>
<label class="label" for="email">Email</label>
<input class="email" type="email" name="email" id="email" value="<?php echo $email?>" tabindex="3" required />
</div>
<div>
<label class="label" for="password">Password</label>
<input class="password" type="password" name="password" value="<?php echo $password ?>" id="password" tabindex="4" required />
</div>
<div>
<label class="label" for="passwordConfirm">Confirm Password</label>
<input class="password" type="password" name="passwordConfirm" id="passwordConfirm" tabindex="5" required />
</div>
<div>
<input class="showbox" type="checkbox" name="terms" id="terms" tabindex="6" onFocus="this.tabIndex=1;"onBlur="this.tabIndex=6;"required />
<label for="terms">I agree to the Terms</label>
</div>
</fieldset>
<fieldset>
<div>
<input name="submit" type="submit" value="Update" />
</div>
</fieldset>
</form>
I am trying to update the record in my database but after submiting form it does not go back to the page committee.php and records does not get updated. Is there any problem with my query?
<?php
include_once('connection.php');
if(isset($_GET['details_id']))
{
$id=$_GET['details_id'];
if(isset($_POST['submit']))
{
$title = $_POST['title'];
$pageno = $_POST['page'];
$author = $_POST['author'];
//$authorimg = $_POST['image'];
$article_status = $_POST['articlestatus'];
$sketch_status = $_POST['sketchstatus'];
$final_approval_person = $_POST['finalperson'];
$final_approval_date = $_POST['finaldate'];
$status = $_POST['status'];
$query = "update details set title='$title', page_no='$pageno', author='$author', article_status='$article_status', sketch_status='$sketch_status', final_approve_person='$final_approval_person', final_approve_date='$final_approval_date', status='$status', where id=$id";
$res = mysqli_query($DBCONNECT,$query);
if($res)
{
header('location:committee.php');
}
else
{
echo mysql_error();
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
</head>
<body style="margin-left:30%;">
<div class="form-style-2">
<div class="form-style-2-heading">Provide Following Information</div>
<form action="" method="post">
<label for="field1"><span>Title <span class="required">*</span></span><input type="text" class="input-field" name="title" value="" /></label>
<label for="field1"><span>Page No. </span><input type="number" class="input-field" name="page"
min="0" max="100" step="10" value="30"></label>
<label for="field2"><span>Author <span class="required">*</span></span><input type="text" class="input-field" name="author" value="" /></label>
<label for="field1"><span>Author Image <span class="required">*</span></span><input type="file" class="input-field" name="image" value="" /></label>
<label for="field4"><span>Article Status</span><select name="articlestatus" class="select-field">
<option value="notrecieved">Not Recieved</option>
<option value="recieved">Recieved</option>
</select></label>
<label for="field4"><span>Sketch Status</span><select name="sketchstatus" class="select-field">
<option value="notapproved">Not Approved</option>
<option value="approved">Approved</option>
</select></label>
<label for="field2"><span>Final Approval Person <span class="required">*</span></span><input type="text" class="input-field" name="finalperson" value="" /></label>
<label for="field2"><span>Final Approval Date <span class="required">*</span></span><input type="date" class="input-field" name="finaldate" value="" /></label>
<label for="field2"><span>Status <span class="required">*</span></span><input type="text" class="input-field" name="status" value="" /></label>
<!--<label for="field4"><span>Regarding</span><select name="field4" class="select-field">
<option value="General Question">General</option>
<option value="Advertise">Advertisement</option>
<option value="Partnership">Partnership</option>
</select></label>
<label for="field5"><span>Message <span class="required">*</span></span><textarea name="field5" class="textarea-field"></textarea></label>
-->
<label><span> </span><input type="submit" value="submit" name="submit" /></label>
</form>
</div>
</body>
</html>
Your query is wrong. Use this
$query = "update details set title='$title', page_no='$pageno',
author='$author', article_status='$article_status',
sketch_status='$sketch_status', final_approve_person='$final_approval_person',
final_approve_date='$final_approval_date', status='$status' where id=$id";
No need comma here status='$status', where id=$id
Also add single quote for $id in the where clause.
I have issue with my login page, when I add my code don't display any action.
please see the below
Index.html
<form >
<fieldset style="width:355;">
<legend></legend>
<div id="Form">
<br><p><b> Log in</b></p>
<br>
</div>
<div class="col1 pad_left1">
<form name="logForm" onsubmit="return log()" action="log_exe.php" method="POST" >
<label style="font-size:100%;" >Email:</label> </br>
<input type="text" name="email1" placeholder="user#hotmail.com" id="email1" style="border:1px solid black; width:80%;" /> <b style="color:red;">*</b> </br><br>
<label style="font-size:100%;" > password:</label> </br>
<input type="password" name="pass1" placeholder="Password" id="pass1" style="border:1px solid black; width:80%;" /> <b style="color:red;">*</b>
<b style="display:none; color:red;" id="hide1">Sorry !! Wrong username or password</b>
</br>
<br>
<input style="font-size:120%;width:40%;padding:1%" type="submit" value="Log in" name="login" /></br><br>
</form>
</div>
</fieldset>
</form>
log_exe.php
<?php
session_start();
$DB_HOST = 'localhost';
$DB_USER = 'root';
$DB_PASSWORD = '';
$DB_DATABASE = 'la';
$con=mysql_connect($DB_HOST,$DB_USER,$DB_PASSWORD);
if(!$con)
{
die('Failed to connect to server: '.mysql_error());
}
$db=mysql_select_db($DB_DATABASE);
if(!$db)
{
die("Unable to select database");
}
$email =$_POST['email1'];
$pass =$_POST['pass1'];
$qry="SELECT Email FROM user WHERE Email='".$email."' AND Password='".$pass."';";
$qry2="SELECT email FROM Admin WHERE email='".$email."' AND password='".$pass."';";
$result=mysql_query($qry);
$result2=mysql_query($qry2);
if(mysql_num_rows($result) == 1)
{
$admin = mysql_fetch_assoc($result);
$_SESSION['Email'] = $admin['Email'];
header("location: schedule.php?Email=".$admin['Email']);
exit();
}
if(mysql_num_rows($result2) == 1)
{
$admin = mysql_fetch_assoc($result2);
$_SESSION['Email'] = $admin['Email'];
header("location: controlpanel.php?Email=".$admin['Email']);
exit();
}
else
{
die ("<script> window.confirm(\"Sorry !! Wrong username or password !!\");</script> <a href='index.html#!/page_Schedule'>Click here</a> to return to login page");
}
?>
My problem is my website don't gave me response , when I enter email and pass the page is refresh to other page and the link became like this
http://localhost/myfolder/index.html?email1=user%40hotmail.com&pass1=123&login=Log+in#.php
Thank you for your response
remove these <form > </form> tag and you can see your action. your code will be like below
<fieldset style="width:355;">
<legend></legend>
<div id="Form">
<br><p><b> Log in</b></p>
<br>
</div>
<div class="col1 pad_left1">
<form name="logForm" onsubmit="return log()" action="log_exe.php" method="POST" >
<label style="font-size:100%;" >Email:</label> </br>
<input type="text" name="email1" placeholder="user#hotmail.com" id="email1" style="border:1px solid black; width:80%;" /> <b style="color:red;">*</b> </br><br>
<label style="font-size:100%;" > password:</label> </br>
<input type="password" name="pass1" placeholder="Password" id="pass1" style="border:1px solid black; width:80%;" /> <b style="color:red;">*</b>
<b style="display:none; color:red;" id="hide1">Sorry !! Wrong username or password</b>
</br>
<br>
<input style="font-size:120%;width:40%;padding:1%" type="submit" value="Log in" name="login" /></br><br>
</form>
</div>
</fieldset>
Remove the unwanted form from your index.html. ie modify the code like the following:
<fieldset style="width:355;">
<legend></legend>
<div id="Form">
<br><p><b> Log in</b></p>
<br>
</div>
<div class="col1 pad_left1">
<form name="logForm" onsubmit="return log()" action="log_exe.php" method="POST" >
<label style="font-size:100%;" >Email:</label> </br>
<input type="text" name="email1" placeholder="user#hotmail.com" id="email1" style="border:1px solid black; width:80%;" /> <b style="color:red;">*</b> </br><br>
<label style="font-size:100%;" > password:</label> </br>
<input type="password" name="pass1" placeholder="Password" id="pass1" style="border:1px solid black; width:80%;" /> <b style="color:red;">*</b>
<b style="display:none; color:red;" id="hide1">Sorry !! Wrong username or password</b>
</br>
<br>
<input style="font-size:120%;width:40%;padding:1%" type="submit" value="Log in" name="login" /></br><br>
</form>
</div>
</fieldset>
I have a form which displays a blank page.The form details doesnt appear. It is a blank page. The form as to diplay the details such as membership no, month date, amount. But it is a blank page with no details displayed What is the problem with the code.
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$db = "anthonys";
//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL");
mysql_select_db($db,$dbhandle) or die('cannot select db');
if(isset($_POST['update'])){
$uid=$_REQUEST['uid'];
$month=$_REQUEST['month'];
$date=$_POST['date'];
$amount=$_POST['amount'];
mysql_query("UPDATE payment SET uid='$uid',month ='$month', date='$date', amount='$amount' WHERE uid='$uid' and month='$month'") or die(mysql_error());
echo "<script>alert('Record Updated!!')</script>";
$myData= mysql_query("SELECT * FROM payment where uid='$uid' and month='$month'")or die(mysql_error());
while($record = mysql_fetch_assoc($myData))
{
?>
<section id="sheet" style="background-color: Transparent;">
<div id="content_inner">
<div id="col2">
<h2>PAYMENT RECEIPT</h2><br /><br />
<table border="0px" style="border-collapse:collapse; width:810px;" align="center">
<tr>
<td>
<form name="XIForm" id="XIForm" method="post" action="modifypay3.php">
<span style="float:right; width:500px;margin-top:-55px;">
<label type="text" name="uid" maxlength="50" size="30" class="label" >Membership No</label><br />
<input type="text" name="uid" value="<?php echo $record['uid'];?>"readonly><br /><br /></span>
<label type="text" name="month" maxlength="50" size="30" class="label">Month</label><br />
<input type="text" name="month" class="input" size="40" value="<?php echo $record['month']; ?>"> <br /><br />
<label type="text" name="date" maxlength="50" size="30" class="label">Date</label><br />
<input type="text" name="date" class="input" style="width:370px;" value="<?php echo $record['date']; ?>"><br /><br />
<label type="text" name="amount" maxlength="50" size="30" class="label">Amount Paid</label><br />
<input type="text" name="amount" class="input" size="39" value="<?php echo $record['amount']; ?>"> <br /><br />
<input type=hidden name=hidden value="<?php echo $record['uid'];?>"><br/><br/>
<input type="submit" name="submit" value="UPDATE" class="button" />
</form>
<?php }?>
<?php }?>
</body>
</html>
It's more secure to use PDO except mysql_connect.
The form is print only when you POST the form.
Please use below code and test, if you want this.
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$db = "anthonys";
//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL");
mysql_select_db($db,$dbhandle) or die('cannot select db');
if(isset($_POST['submit'])){
$uid=$_REQUEST['uid'];
$month=$_REQUEST['month'];
$date=$_POST['date'];
$amount=$_POST['amount'];
mysql_query("UPDATE payment SET uid='$uid',month ='$month', date='$date', amount='$amount' WHERE uid='$uid' and month='$month'") or die(mysql_error());
echo "<script>alert('Record Updated!!')</script>";
};
$myData= mysql_query("SELECT * FROM payment where uid='$uid' and month='$month'")or die(mysql_error());
while($record = mysql_fetch_assoc($myData))
{?>
<section id="sheet" style="background-color: Transparent;">
<div id="content_inner">
<div id="col2">
<h2>PAYMENT RECEIPT</h2><br /><br />
<table border="0px" style="border-collapse:collapse; width:810px;" align="center">
<tr>
<td>
<form name="XIForm" id="XIForm" method="post" action="modifypay3.php">
<span style="float:right; width:500px;margin-top:-55px;">
<label type="text" name="uid" maxlength="50" size="30" class="label" >Membership No</label><br />
<input type="text" name="uid" value="<?php echo $record['uid'];?>"readonly><br /><br /></span>
<label type="text" name="month" maxlength="50" size="30" class="label">Month</label><br />
<input type="text" name="month" class="input" size="40" value="<?php echo $record['month']; ?>"> <br /><br />
<label type="text" name="date" maxlength="50" size="30" class="label">Date</label><br />
<input type="text" name="date" class="input" style="width:370px;" value="<?php echo $record['date']; ?>"><br /><br />
<label type="text" name="amount" maxlength="50" size="30" class="label">Amount Paid</label><br />
<input type="text" name="amount" class="input" size="39" value="<?php echo $record['amount']; ?>"> <br /><br />
<input type=hidden name=hidden value="<?php echo $record['uid'];?>"><br/><br/>
<input type="submit" name="submit" value="UPDATE" class="button" />
</form>
<?php }?>
</body>
</html>
I have a working registration and login system. I am trying to create a form where a user can add product registration info (via mysql update). I can't seem to get the db to actually update the fields. What am I missing here?!?
<?php
define('INCLUDE_CHECK',true);
require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined
session_name('tzLogin');
// Starting the session
session_set_cookie_params(2*7*24*60*60);
// Making the cookie live for 2 weeks
session_start();
if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])
{
// If you are logged in, but you don't have the tzRemember cookie (browser restart)
// and you have not checked the rememberMe checkbox:
$_SESSION = array();
session_destroy();
// Destroy the session
}
if(isset($_GET['logoff']))
{
$_SESSION = array();
session_destroy();
header("Location: index_login3.php");
exit;
}
if($_POST['submit']=='Login')
{
// Checking whether the Login form has been submitted
$err = array();
// Will hold our errors
if(!$_POST['username'] || !$_POST['password'])
$err[] = 'All the fields must be filled in!';
if(!count($err))
{
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$_POST['rememberMe'] = (int)$_POST['rememberMe'];
// Escaping all input data
$row = mysql_fetch_assoc(mysql_query("SELECT * FROM electrix_users WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));
if($row['usr'])
{
// If everything is OK login
$_SESSION['usr']=$row['usr'];
$_SESSION['id'] = $row['id'];
$_SESSION['email'] = $row['email'];
$_SESSION['first'] = $row['first'];
$_SESSION['last'] = $row['last'];
$_SESSION['address1'] = $row['address1'];
$_SESSION['address2'] = $row['address2'];
$_SESSION['city'] = $row['city'];
$_SESSION['state'] = $row['state'];
$_SESSION['zip'] = $row['zip'];
$_SESSION['country'] = $row['country'];
$_SESSION['product1'] = $row['product1'];
$_SESSION['serial1'] = $row['serial1'];
$_SESSION['product2'] = $row['product2'];
$_SESSION['serial2'] = $row['serial2'];
$_SESSION['product3'] = $row['product3'];
$_SESSION['serial3'] = $row['serial3'];
$_SESSION['rememberMe'] = $_POST['rememberMe'];
// Store some data in the session
setcookie('tzRemember',$_POST['rememberMe']);
}
else $err[]='Wrong username and/or password!';
}
if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
// Save the error messages in the session
header("Location: index_login3.php");
exit;
}
else if($_POST['submit']=='Register')
{
// If the Register form has been submitted
$err = array();
if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32)
{
$err[]='Your username must be between 3 and 32 characters!';
}
if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username']))
{
$err[]='Your username contains invalid characters!';
}
if(!checkEmail($_POST['email']))
{
$err[]='Your email is not valid!';
}
if(!count($err))
{
// If there are no errors
$pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);
// Generate a random password
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['first'] = mysql_real_escape_string($_POST['first']);
$_POST['last'] = mysql_real_escape_string($_POST['last']);
$_POST['address1'] = mysql_real_escape_string($_POST['address1']);
$_POST['address2'] = mysql_real_escape_string($_POST['address2']);
$_POST['city'] = mysql_real_escape_string($_POST['city']);
$_POST['state'] = mysql_real_escape_string($_POST['state']);
$_POST['zip'] = mysql_real_escape_string($_POST['zip']);
$_POST['country'] = mysql_real_escape_string($_POST['country']);
// Escape the input data
mysql_query(" INSERT INTO electrix_users(usr,pass,email,first,last,address1,address2,city,state,zip,country,regIP,dt)
VALUES(
'".$_POST['username']."',
'".md5($pass)."',
'".$_POST['email']."',
'".$_POST['first']."',
'".$_POST['last']."',
'".$_POST['address1']."',
'".$_POST['address2']."',
'".$_POST['city']."',
'".$_POST['state']."',
'".$_POST['zip']."',
'".$_POST['country']."',
'".$_SERVER['REMOTE_ADDR']."',
NOW()
)");
if(mysql_affected_rows($link)==1)
{
send_mail( 'noreply#electrixpro.com',
$_POST['email'],
'Your New Electrix User Password',
'Thank you for registering at www.electrixpro.com. Your password is: '.$pass);
$_SESSION['msg']['reg-success']='We sent you an email with your new password!';
}
else $err[]='This username is already taken!';
}
if(count($err))
{
$_SESSION['msg']['reg-err'] = implode('<br />',$err);
}
header("Location: index_login3.php");
exit;
}
if($_POST['submit']=='Update')
{
{
mysql_query(" UPDATE electrix_users(product1,serial1,product2,serial2,product3,serial3) WHERE usr='{$_POST['username']}'
VALUES(
'".$_POST['product1']."',
'".$_POST['serial1']."',
'".$_POST['product2']."',
'".$_POST['serial2']."',
'".$_POST['product3']."',
'".$_POST['serial3']."',
)");
if(mysql_affected_rows($link)==1)
{
$_SESSION['msg']['upd-success']='Thank you for registering your Electrix product';
}
else $err[]='So Sad!';
}
if(count($err))
{
$_SESSION['msg']['upd-err'] = implode('<br />',$err);
}
header("Location: index_login3.php");
exit;
}
if($_SESSION['msg'])
{
// The script below shows the sliding panel on page load
$script = '
<script type="text/javascript">
$(function(){
$("div#panel").show();
$("#toggle a").toggle();
});
</script>';
}
?>
Here are the forms:
<!-- Panel -->
<div id="toppanel">
<div id="panel">
<div class="content clearfix">
<div class="left">
<h1>My Electrix Account </h1>
<p class="grey">View and edit your contact information and product registrations</p>
</div>
<?php
if(!$_SESSION['id']):
?>
<div class="left">
<!-- Login Form -->
<form class="clearfix" action="" method="post">
<h1>Member Login</h1>
<?php
if($_SESSION['msg']['login-err'])
{
echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>';
unset($_SESSION['msg']['login-err']);
}
?>
<label class="grey" for="username">Username:</label>
<input class="field" type="text" name="username" id="username" value="" size="23" />
<label class="grey" for="password">Password:</label>
<input class="field" type="password" name="password" id="password" size="23" />
<label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> Remember me</label>
<div class="clear"></div>
<input type="submit" name="submit" value="Login" class="bt_login" />
</form>
</div>
<div class="left right">
<!-- Register Form -->
<form action="" method="post">
<h1>Not a member yet? Sign Up!</h1>
<?php
if($_SESSION['msg']['reg-err'])
{
echo '<div class="err">'.$_SESSION['msg']['reg-err'].'</div>';
unset($_SESSION['msg']['reg-err']);
}
if($_SESSION['msg']['reg-success'])
{
echo '<div class="success">'.$_SESSION['msg']['reg-success'].'</div>';
unset($_SESSION['msg']['reg-success']);
}
?>
<label class="grey" for="username">Username*:</label>
<input class="field" type="text" name="username" id="username" value="" size="23" />
<label class="grey" for="email">Email*:</label>
<input class="field" type="text" name="email" id="email" size="23" />
<label class="grey" for="first">First Name:</label>
<input class="field" type="text" name="first" id="first" size="23" />
<label class="grey" for="last">Last Name:</label>
<input class="field" type="text" name="last" id="last" size="23" />
<label class="grey" for="address1">Address line 1:</label>
<input class="field" type="text" name="address1" id="address1" size="23" />
<label class="grey" for="address2">Address line 2:</label>
<input class="field" type="text" name="address2" id="address2" size="23" />
<label class="grey" for="city">City:</label>
<input class="field" type="text" name="city" id="city" size="23" />
<label class="grey" for="state">State/Province:</label>
<input class="field" type="text" name="state" id="state" size="23" />
<label class="grey" for="zip">Zip/Postal Code:</label>
<input class="field" type="text" name="zip" id="zip" size="23" />
<label class="grey" for="country">Country:</label>
<input class="field" type="text" name="country" id="country" size="23" />
<p>
<label>A password will be e-mailed to you.</label>
<input type="submit" name="submit" value="Register" class="bt_register" />
</p>
</form>
</div>
<?php
else:
?>
<div class="left">
<h1>User Information</h1>
<p>
<?php echo $_SESSION['first']; ?>
<?php echo $_SESSION['last']; ?><br />
<?php echo $_SESSION['address1']; ?>
<?php echo $_SESSION['address2']; ?><br />
<?php echo $_SESSION['city']; ?>,
<?php echo $_SESSION['state']; ?>
<?php echo $_SESSION['zip']; ?><br />
<?php echo $_SESSION['country']; ?>
</p>
<p>Email: <?php echo $_SESSION['email']; ?></p>
<p>Downloads</p>
Log off
</div>
<div class="left right">
<!-- Product Registration Form -->
<form class="clearfix" action="" method="post">
<h1>Product Registration</h1>
<?php
if($_SESSION['msg']['upd-err'])
{
echo '<div class="err">'.$_SESSION['msg']['upd-err'].'</div>';
unset($_SESSION['msg']['upd-err']);
}
if($_SESSION['msg']['upd-success'])
{
echo '<div class="success">'.$_SESSION['msg']['upd-success'].'</div>';
unset($_SESSION['msg']['upd-success']);
}
?>
<label class="grey" for="product1">Product 1:</label>
<input class="field" type="text" name="product1" id="product1" value="<?php echo $_SESSION['product1']; ?>" size="23" />
<label class="grey" for="serial1">Serial 1:</label>
<input class="field" type="text" name="serial1" id="serial1" value="<?php echo $_SESSION['serial1']; ?>" size="23" />
<label class="grey" for="product2">Product 2:</label>
<input class="field" type="text" name="product2" id="product2" value="<?php echo $_SESSION['product2']; ?>" size="23" />
<label class="grey" for="serial2">Serial 2:</label>
<input class="field" type="text" name="serial2" id="serial2" value="<?php echo $_SESSION['serial2']; ?>" size="23" />
<label class="grey" for="product3">Product 3:</label>
<input class="field" type="text" name="product3" id="product3" value="<?php echo $_SESSION['product3']; ?>" size="23" />
<label class="grey" for="serial3">Serial 3:</label>
<input class="field" type="text" name="serial3" id="serial3" value="<?php echo $_SESSION['serial3']; ?>" size="23" />
<div class="clear"></div>
<input type="submit" name="submit" value="Update" class="bt_login" />
</form>
</div>
<?php
endif;
?>
</div>
</div> <!-- /login -->
<!-- The tab on top -->
<div class="tab">
<ul class="login">
<li class="left"> </li>
<li>Hello <?php echo $_SESSION['usr'] ? $_SESSION['usr'] : 'Guest';?>!</li>
<li class="sep">|</li>
<li id="toggle">
<a id="open" class="open" href="#"><?php echo $_SESSION['id']?'Open Panel':'Log In | Register';?></a>
<a id="close" style="display: none;" class="close" href="#">Close Panel</a>
</li>
<li class="right"> </li>
</ul>
</div> <!-- / top -->
</div> <!--panel -->
Your update query is way off. You need to do it in the form of
UPDATE `tablename`
SET col1=`value`,col2=`val2`
WHERE wherecol=`whereval`
change your query and see if that helps.
your query should be
UPDATE electrix_users
SET
product1= $_POST['product1'],
serial1 = $_POST['serial1'],
product2 = $_POST['product2'],
serial2 = $_POST['serial2'],
product3 = $_POST['product3'],
serial3 = $_POST['serial3']
WHERE usr=$_POST['username']
However you should always clean for sql injection on any user entered data. I did not do this in the example as this is something you should do in your own way. This example is given to you as an example and does not prevent any kind of sql injection as it stands now.
ALWAYS DO WHAT YOU CAN TO PREVENT SQL INJECTION!