Please i want logged in user to be able to view and edit their previous details in a mysql database..here is my code so far
<?php session_start(); include 'dpconfig.php';
if (isset($_SESSION['uid']))
{
echo $_SESSION['uid'];
}
else
{
echo "You are not Logged In!"; header("Location: header.php");
}
$n = mysqli_query($conn,"Select * from user");
$run = mysqli_query($conn,"Select * from user");
$row = mysqli_fetch_array($run, MYSQLI_BOTH);
{
$showid = $row[0];
$showfirst = $row[1];
$showlast = $row[2];
$showuid = $row[3];
echo $showid;
echo $showfirst;
}
?>
Thanks
What you need to do when your user have log in you then need to have links in the dashboard to profile page then you need to have a query string in your link
eg
<?php
session_start();
include 'dpconfig.php';
if (isset($_SESSION['uid']))
{
echo $_SESSION['uid'];
echo "<a href=\"profile.php?id=".$_SESSION['uid']."&action=view\">View Profile<a/>";
echo "Edit Profile";
}else{
// not allowed redirect
}
?>
The above code is just a basic dashboard after the user have loggedin, we display to links to profile.php with two query string parameters, namely id we will use this to identify the current user, and action, this one will help us to know what action the user is doing(viewing/editing) their profile
Then once they on any of the link, it will go to the profile.php page with url params. then we use GET method to do our proccessing
Read about Get method here
profile.php
<?php
session_start();
include 'dpconfig.php';
if(isset($_GET['id']) && isset($_GET['action'])){
if($_GET['action'] === "view"){
// show user profile
}
if(isset($_GET['action']) ==="edit"):?>
show html form with profile info to edit then process
<?php
endif;
}else{
// not allowed do something
}
?>
Hope this will atleast point you to the correct direction.
Related
Currently my php login form will only carry acrocss the username on the session, I want this to carry across the user id (automatically created when the user registers).
As shown below I have included the user_id but it is not displaying on my webpage, the username is however.
Just wondering if anyone can help me with this? (I'm new to PHP)
Login process:
require_once('connection.php');
session_start();
if(isset($_POST['login']))
{
if(empty($_POST['username']) || empty($_POST['PWORD']))
{
header("location:login.php?Empty= Please Fill in the Blanks");
}
else
{
$query="select * from users where username='".$_POST['username']."' and PWORD='".$_POST['PWORD']."'";
$result=mysqli_query($con,$query);
if(mysqli_fetch_assoc($result))
{
$_SESSION['User']=$_POST['username'];
$_SESSION['user_id'] = $row['user_id'];
header("location:../manage_event.php");
}
else
{
header("location:login.php?Invalid= Please Enter Correct User Name and Password ");
}
}
}
else
{
echo 'Not Working Now Guys';
}
Session on next page:
session_start();
if(isset($_SESSION['User']) || isset($_SESSION['user_id']))
{
echo ' Welcome ' . $_SESSION['User'].'<br/>';
echo ' User ID ' . $_SESSION['user_id'].'<br/>';
}
else
{
header("location:login/login.php");
}
Though your security is questionable, i’ll answer your question anyway. As stated in another response you aren’t assigning your variables the right way. See an example here
The following code will fix your problems contrary to the other solution:
$query="select * from users where username='".$_POST['username']."' and PWORD='".$_POST['PWORD']."'";
if ($result = mysqli_query($con, $query)) {
/* fetch associative array */
while ($row = mysqli_fetch_assoc($result)) {
$_SESSION['User']=$_POST['username'];
$_SESSION['user_id']=$row['user_id'];
header("location:../manage_event.php");
}
}else {
header("location:login.php?Invalid= Please Enter Correct User Name and Password ");
}
}
Make sure to replace this code with your old fetching code block. Thus in the first ‘else’ clause.
How about assigning the fetched result to $row:
$query="select * from users where username='".$_POST['username']."' and PWORD='".$_POST['PWORD']."'";
$result=mysqli_query($con,$query);
if( $row = mysqli_fetch_assoc($result))
{
$_SESSION['User']=$_POST['username'];
$_SESSION['user_id'] = $row['user_id'];
I've a login page, where I'm setting the admin ID as a session variable
$_SESSION['adminUserId'] = $row['id'];
Now I've a header.php file which is called first on every page. To display the header.
And the first line of Header.php has
if (!isset($_SESSION['adminUserId'])) {
header("Location: ../index.php");
}
Now the strange part about this is, while I'm doing echo $_SESSION['adminUserId']), it displays the value of the variable. But when I'm checking the variable with isset, the result is false. I'm unable to understand this, as how this is happening.
Also, another strange thing, include header.php is the first line of code for every page, it works fine for all the pages apart from one, where it redirects the user to index.php
I've tried changing the variable name, setting the variable in a different way. But doesn't work for the specific page.
if (!isset($_SESSION['adminUserId'])) {
header("Location: ../index.php");
}
The expected result for a logged in user should be true but for a not logged in user it should be false, but it is showing vice versa
index.php (Here the session is getting set)
$qry = $DB_con->prepare("SELECT * FROM user WHERE username = '".$username."' AND password = '".$password."' AND role ='".$role."' AND country ='".$country."'");
$qry->execute();
$admin = $qry->fetchAll(PDO::FETCH_ASSOC);
// print_r($admin);
if($admin){
foreach($admin as $row)
{
if($username==$row['username'] && $password==$row['password'] && $role == 'Admin')
{
$country = $row['country'];
$_SESSION['Country'] = $country;
$DEO_id = $row['id'];
$_SESSION['adminUserId'] = $DEO_id;
$session_role = $row['role'];
$_SESSION['session_role'] = $session_role;
$usernameAdmin = $row['username'];
$_SESSION['city'] = $usernameAdmin;
$_SESSION['isAdminLoggedIn'] = "True";
header('location:admin/dashboard.php');
}
elseif($username==$row['username'] && $password==$row['password'] && $role == 'Data Entry User')
{
$DEO_id = $row['id'];
$_SESSION['dataEntry_ID'] = $DEO_id;
$country = $row['country'];
$_SESSION['Country'] = $country;
$session_role = $row['role'];
$_SESSION['session_role'] = $session_role;
header('location:data_operator/dashboard.php');
}
else
{
$error = "Invalid Username or Password.";
}
}
}
{
$error = "Invalid Username or Password.";
}
dashboard.php (Where the header.php is called and code works fine)
<?php include('header.php');
include('../include/dbcon.php');
?>
Now there's another link in the dashboard page
<a href="new-registration.php" class="btn btn-success btn-icon-split" style="width:100%">
<span class="text">New Registration</span>
</a>
When I see the new-registration.php page, this is how it looks like
<?php include('header.php');
include('../include/dbcon.php');
?>
And now the final header.php(where all this action is taking place)
<?php
include('../include/dbcon.php');
if(!isset($_SESSION['adminUserId']))
{
header("Location: ../index.php");
}
?>
I am trying to create two separate sessions- one for if the user is admin and another if the user is author. $type stored type as enum (can be either author or admin). But my code is creating author session even for admin. I am new to PHP and MySQL . can somebody tell me where the error is in my code.
<?php
include("dbconnect.php");
$con= new dbconnect();
$con->connect();
//create and issue the query
$sql = "SELECT type FROM users WHERE username = '".$_POST["username"]."' AND password = PASSWORD('".$_POST["password"]."')";
$result = mysql_query($sql);
//get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {
$type_num=0;
//if authorized, get the values
while ($info = mysql_fetch_array($result)) {
$type =$info['type'];
}
if($type == "admin")
{
$_SESSION['type']=1;
$u = 'welcome.php';
header('Location: '.$u);
}
else
{
$_SESSION['type']=$type_num;
$u = 'welcome.php';
header('Location: '.$u);
}
}
else {
//redirect back to loginfailed.html form if not in the table
header("Location: loginfailed.html");
exit;
}
?>
My welcome.php is as below
<?php
session_start();
?>
<html>
<body>
<h2>Welcome.</h2>
<?
if($_SESSION['type']==1){
echo "You are of the usertype Admin and your session id is ";
echo session_id();
}
else {
echo "You are of the usertype Author and your session id is ";
echo session_id();
}
?>
</body>
</html>
Thank You so much in advance.
Try to use roles for your permissions.
In general you have just one session. I mean you don't have two variables called _SESSION.
With the concept of roles you can simply check if a user has the permission to do something.
You have to call session_start() in the first part of the code, before register the var $_SESSION['type'] in the session
No your code seams fine, I think.
I don't see where you are calling the database
And what you have in there
So here is how you trouble shoot
while ($info = mysql_fetch_array($result)) {
$type =$info['type'];
echo $type . '<br />';
}
OR
echo '<pre>';
while ($info = mysql_fetch_array($result)) {
$type =$info['type'];
print_r($info);
}
echo '</pre>';
If you never see admin in there, and it must be 'admin' not Admin or ADMIN; then the problem is in your database. You don't have admin as admin defined, or spelled right.
By the way. see how nicely I formatted that. It's easier to read that way.
Coders wont look at your code if you don't do that.
Try using session_regenerate_id(); method to create different session ids.
I'm really struggling with this now for a while and can't seem to get it working. In members.php (where I show all the registered users) I have a list printed out with a link "ADD TO FRIENDS" next to each user.
I managed, for testing purposes to display each members id well (so it gets the ID) but when I click the link it directs to the friends.php where it seems the fault is in. I don't know how to get that friend's id I clicked on IN THE friends.php file. Please have a look!
members.php
<?php
include 'connect.php';
include 'header.php';
if(isset($_SESSION['signed_in']) == false || isset($_SESSION['user_level']) != 1 )
{
//the user is not an admin
echo '<br/>';
echo 'Sorry! You have to be <b>logged in</b> to view all the <b>registered</b> members.';
echo '<br/><br/>';
}
else
{
echo '<h2>Registered users:</h2>';
$sql = "SELECT * FROM users ORDER BY user_name ASC";
$result = mysql_query($sql);
$num=mysql_numrows($result);
$i=0;
while ($i < $num)
{
//$name = mysql_result($result,$i,"user_name");
//$id = mysql_result($result,$i,"user_id");
//$picture = mysql_result($result,$i,"pic_location");
//?friend_id="'. $id .'
while($user = mysql_fetch_array($result)){
echo $user['user_name'].'<br/><br/>ADD TO FRIENDS<br/>';
echo $user['user_id'];
echo '<br/><br/>';
}
$i++;
}
///////////////////////////////
/// adding users as friends ///
///////////////////////////////
//while($user = mysql_fetch_array($result))
//echo $user['user_name'].'
//ADD TO FRIENDS<br/>';
//NOW I WANT TO MAKE A SPECIFIC "ADD AS FRIEND" LINK NEXT TO EACH USER
}
include 'footer.php';
?>
As I said I'm not sure how to get this so please have a look! Thanks!
J
friends.php
<?php
include "connect.php";
include "header.php";
if(isset($_SESSION['signed_in']) == false || isset($_SESSION['user_level']) != 1 )
{
//the user is not an admin
echo '<br/>';
echo 'Sorry! You have to be <b>logged in</b> if you want to add the person as a friend!';
echo '<br/><br/>';
}
else
{
$sql = "SELECT * FROM users";
$result = mysql_query($sql);
//friend_id is the ID of the friend that is clicked on...
//HOW DO I GET THAT ID THAT IS CLICKED ON IN THE WHILE "loop" in members.php?
$friends = ("INSERT INTO friends SET user_id='" . $_SESSION['user_id'] . "', friend_id='".$id."', status='0'");
$result_friends = mysql_query($friends);
if(!$friends)
{
//When you can't add this person as a friend this error will show!
echo 'You cannot add this user at this time. Please try again later!';
}
else
{
//When the friend is now added to the system!
echo 'Great! Now the user needs to approve before you can be friends!';
}
}
?>
On your friends.php use
$_GET['user_id']
Instead of $id, $id is undefined, to get the value of id from the query string you call it using an $_GET variable like,
$_GET['name_of_query_string_value']
I have a problem with the online users list.
The code works fine, all the online users are displayed on the screen but when I click on refresh, the same user's email is displayed again and when I click on refresh for the second time the user's email is displayed three times and so on.
Here is my code:
<?php
require_once("db.php");
db_connect();
session_start();
$player_timeout = time() - 5 * 60;
$time = time();
if (isset($_SESSION['email'])) {
$login=mysql_query("insert into activePlayer(player_email,time_visited,status) values('".$_SESSION['email']."','".$time."', 'true')");
}
else
{echo "You are not logged in";}
$tmout = mysql_query("DELETE FROM activePlayer WHERE time_visited < ".$player_timeout);
$online_member = mysql_query("SELECT player_email FROM activePlayer");
$row=mysql_num_rows($online_member);
$member_row=mysql_fetch_array($online_member);
echo "Welcome '".$_SESSION['email']."'";
?>
<body>
<select > <?php
if ($row<1)
{
echo " ";
}
else
{?> <p><p>Online Players:<option><?php echo $member_row['player_email'];?>
</option>}
<?php for ($i=1;$i<$row;$i++)
{
$member_row=mysql_fetch_array($online_member);?>
<p><p>Online Players:<option><?php echo $member_row['player_email']; }}?>
</option></select>
</body>
please how can I solve this problem
Every time you refresh you insert a row into the db if the user is logged in. You have to check if the user already exists in the db and update his record instead. If he has no record then just create a new as you do.
$hasRow = mysql_query("SELECT * FROM activePlayer WHERE player_email='".$_SESSION['email']."' LIMIT 1");
if(mysql_num_rows($hasRow) > 0) {
$login = mysql_query("UPDATE activePlayer SET visited=".time()." WHERE player_email='".$_SESSION['email']."'");
} else {
$login=mysql_query("insert into activePlayer(player_email,time_visited,status) values('".$_SESSION['email']."','".$time."', 'true')");
}
What you need to do is a redirect:
if (isset($_SESSION['email'])) {
mysql_query("INSERT INTO activePlayer (player_email,time_visited,status)
VALUES ('".$_SESSION['email']."','".$time."', 'true')");
unset($_SESSION['email']);
header("Location: otherpage.php"); // or it can be the same page
}