I am trying to make a webiste with Yahoo OpenID.
Everything works fine until I log out and then log in again.
In my sql database I get duplicated results. Only the hash is changed. It seems that $sql = $db->query("SELECT * FROM users WHERE steamid = '" . $steamid . "'"); can't find any users with the steamid to it creates a new entry in the db.
I tried this with Steam too and it's working. With Yahoo, I get duplicate results with my email adress(here $steamid), and name(here $name). The hashes are different.
case 'login':
include 'openid.php';
try
{
$openid = new LightOpenID('http://'.$_SERVER['SERVER_NAME'].'/');
if (!$openid->mode) {
$openid->identity = 'https://me.yahoo.com/a/6eqERecwyZfHsDm6VBa7H2uWNu3W5.UvCw--'; //http://steamcommunity.com/openid/
$openid->required = array(
'contact/email',
'namePerson',
);
header('Location: '.$openid->authUrl());
} elseif ($openid->mode == 'cancel') {
echo '';
} else {
if ($openid->validate()) {
//$id = $openid->identity;
//$ptn = "/^http:\/\/steamcommunity\.com\/openid\/id\/(7[0-9]{15,25}+)$/";
//preg_match($ptn, $id, $matches);
//$url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=78DC279A43117B222DDEE0FCCCAD38FD&steamids=$matches[1]";
//$json_object = file_get_contents($url);
//$json_decoded = json_decode($json_object);
//foreach ($json_decoded->response->players as $player) {
$data = $openid->getAttributes();
$steamid = $data['contact/email'];
$name = $data['namePerson'];
//$avatar = $player->avatar;
//}
$hash = md5($steamid . time() . rand(1, 50));
$sql = $db->query("SELECT * FROM `users` WHERE `steamid` = '" . $steamid . "'");
$row = $sql->fetchAll(PDO::FETCH_ASSOC);
if (count($row) == 0) {
$db->exec("INSERT INTO `users` (`hash`, `steamid`, `name`) VALUES ('" . $hash . "', '" . $steamid . "', " . $db->quote($name) . ")");
} else {
$db->exec("UPDATE `users` SET `hash` = '" . $hash . "', `name` = " . $db->quote($name) . "' WHERE `steamid` = '" . $steamid . "'");
}
setcookie('hash', $hash, time() + 3600 * 24 * 7, '/');
header('Location: http://45.55.69.74/');
}
}
} catch (ErrorException $e) {
exit($e->getMessage());
}
break;
The problem was that the steamid length in the database was smaller. Everytime it checked if the entire steamid is the same as the smaller steamid.
Related
I've created a page where I've place for updating the attachment. While doing so, if a file with same name, size, extension is attached, the attachment table need not be updated. This is the scenario. This is how I tried to do:
else if($mode == "attachment_update") {
$id = intval(mysqli_real_escape_string($mysqli, $_REQUEST["_id"]));
$upload_directory = "upload/attachment/";
$result = file_upload("attachment", "../".$upload_directory);
$file_name = '".addslashes($result[file_name])."';
write_log($file_name);
$file_extension = '".$result[file_extension]."';
write_log($file_extension);
$file_size = '".$result[file_size]."';
write_log($file_size);
$uploaded_file_name = '".$result[uploaded_file_name]."';
write_log($uploaded_file_name);
$uploaded_file_path = '".$upload_directory.$result[uploaded_file_name]."';
write_log($uploaded_file_path);
$query_select = "SELECT
file_name,
file_extension,
file_size,
uploaded_file_name,
uploaded_file_path
FROM
attachments
WHERE
id = 'id';";
$result1 = mysqli_query($mysqli, $query_select) or throwexception(mysqli_error($mysqli));
$row = mysqli_fetch_row($result1);
write_log($row[0]);
write_log($row[1]);
write_log($row[2]);
write_log($row[3]);
write_log($row[4]);
if($row[0] == $file_name &&
$row[1] == $file_extension &&
$row[2] == $file_size &&
$row[3] == $uploaded_file_name &&
$row[4] == $uploaded_file_path)
{
write_log("inside if");
} else {
if($result[status] == true) {
$query = "UPDATE
attachments
SET
file_name = '".addslashes($result[file_name])."',
file_extension = '".$result[file_extension]."',
file_size = '".$result[file_size]."',
uploaded_file_name = '".$result[uploaded_file_name]."',
uploaded_file_path = '".$upload_directory.$result[uploaded_file_name]."',
recorded_by = '$recorded_by',
recorded_datetime = '$recorded_datetime'
WHERE
id = 'id';";
mysqli_query($mysqli, $query) or throwexception(mysqli_error($mysqli));
}
}
echo json_encode(array("message" => "Updated successfully"));
exit;
}
The if condition does the thing. If all are true, the table will not be updated. If even any one fails, the table will be updated.
Here the problem is $file_name, $file_extension, $file_size, $uploaded_file_name are going null. I don't know how to retrieve it. Can someone tell how to retrieve those data, so that if can check it with the if condition?
In your case, You do not need to fire select query. just add AND condition in update query.
if ($mode == "attachment_update") {
$id = intval(mysqli_real_escape_string($mysqli, $_REQUEST["_id"]));
$upload_directory = "upload/attachment/";
$result = file_upload("attachment", "../" . $upload_directory);
$file_name = '".addslashes($result[file_name])."';
write_log($file_name);
$file_extension = '".$result[file_extension]."';
write_log($file_extension);
$file_size = '".$result[file_size]."';
write_log($file_size);
$uploaded_file_name = '".$result[uploaded_file_name]."';
write_log($uploaded_file_name);
$uploaded_file_path = '".$upload_directory.$result[uploaded_file_name]."';
write_log($uploaded_file_path);
$query = "UPDATE
attachments
SET
file_name = '" . addslashes($result[file_name]) . "',
file_extension = '" . $result[file_extension] . "',
file_size = '" . $result[file_size] . "',
uploaded_file_name = '" . $result[uploaded_file_name] . "',
uploaded_file_path = '" . $upload_directory . $result[uploaded_file_name] . "',
recorded_by = '$recorded_by',
recorded_datetime = '$recorded_datetime'
WHERE
id = 'id'
and file_name <> '" . addslashes($result[file_name]) . "',
and file_extension = '" . $result[file_extension] . "',
and file_size = '" . $result[file_size] . "',
and uploaded_file_name = '" . $result[uploaded_file_name] . "',
and uploaded_file_path = '" . $upload_directory . $result[uploaded_file_name] . "',
;";
mysqli_query($mysqli, $query) or throwexception(mysqli_error($mysqli));
echo json_encode(array("message" => "Updated successfully"));
exit;
}
Your question need more clarity.
Can you share the function,
$result = file_upload("attachment", "../".$upload_directory);
Are you able to log the values of $filename and $row?
write_log($file_name);
AND
write_log($row[0]);
So what I am trying to do is receiving data about a player from the Steam API.
Basically, a player logs in via the Steam website and then gets redirected to a page of my website where data about the player is registered into the database.
It seems that the data about the player (which is being retrieved from the Steam API) is null (it cant be retrieved)
When I try to access the API in the browser, it works just fine.
Here is the code for registering the data:
$url = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&steamids=". $matches[1];
$json_object = file_get_contents($url);
$json_decoded = json_decode($json_object);
foreach ($json_decoded->response->players as $player) {
$steamid = $player->steamid;
$name = $player->personaname;
$avatar = $player->avatar;
}
$hash = md5($steamid . time() . rand(1, 50));
$sql = $db->query("SELECT * FROM `users` WHERE `steamid` = '" . $steamid . "'");
$row = $sql->fetchAll(PDO::FETCH_ASSOC);
if (count($row) == 0) {
$db->exec("INSERT INTO `users` (`hash`, `steamid`, `name`, `avatar`) VALUES ('" . $hash . "', '" . $steamid . "', " . $db->quote($name) . ", '" . $avatar . "')");
} else {
$db->exec("UPDATE `users` SET `hash` = '" . $hash . "', `name` = " . $db->quote($name) . ", `avatar` = '" . $avatar . "' WHERE `steamid` = '" . $steamid . "'");
}
If you want to try the API out your self, copy the $url and replace $matches[1] with this steam id: 76561198117114460
Thanks in advance,
Guus Huizen
i am finding little bit difficult to check duplicate data from database using MYsql,PHP and angular.js.I am explaining my code below.
addUser.php:
<?php
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$user_name=$request->user_name;
$user_email=$request->user_email;
$mob_no=$request->mob_no;
$login_name=$request->login_name;
$password=$request->password;
$user_status=$request->user_status;
$con = mysql_connect('localhost', 'root', 'Oditek123#');
mysql_select_db('go_fasto', $con);
$selquery = "SELECT * FROM db_user WHERE login_name='".$login_name."' and mob_no='".$mob_no."' and email='" . $user_email . "'";
$selres = mysql_query($selquery);
if(mysql_num_rows($selres ) > 0)
{
$erresult=mysql_fetch_array($selres);
header("HTTP/1.0 401 Unauthorized");
$erresult['msg'] = 'This user login name or mobile no or email is already exist.';
}else{
$qry ='INSERT INTO db_user (user_name,email,mob_no,login_name,password,user_status) values ("' . $user_name . '","' . $user_email . '","' . $mob_no . '","' .$login_name . '","' . $password . '","' . $user_status . '")';
$qry_res = mysql_query($qry);
$user_type = 5;
$display_name = $user_name."_admin";
$qry ='INSERT INTO db_Admin_Master (user_type,user_name,display_name,password) values ("' . $user_type . '","' . $login_name . '","' . $display_name . '","' .$password . '")';
$qry_res = mysql_query($qry);
$query='SELECT * from db_user order by user_id desc';
$res=mysql_query($query);
$result=mysql_fetch_array($res);
if ($result) {
$result['msg'] = "New User has added successfully";
} else {
header("HTTP/1.0 401 Unauthorized");
$result['msg'] = "Sorry, User could not added ";
}
echo json_encode($result);
}
?>
If you will check my code i am checking three column such as login_name,email and mob_no from database and checking it inside if statement.Here even if i am inserting the same data again it is not checking and else part is executing.Please help me to resolve this issue.
$selquery = "SELECT *
FROM db_user
WHERE login_name='".$login_name."'
OR mob_no='".$mob_no."'
OR email='" . $user_email . "'";
use OR instead of AND try
There are lots of posts about PHP sessions being lost after a header redirect. My issue is that I have one script where the session is preserved after a header redirect and another case where it isn't.
The session is preserved after the header redirect in this script:
<?php
session_start();
include 'settings.php';
include 'mysql_connect.php';
$name = mysqli_real_escape_string($conn, $_POST['user_name']);
$email = mysqli_real_escape_string($conn, $_POST['user_email']);
$fbid = mysqli_real_escape_string($conn, $_POST['user_fbid']);
$sql = "SELECT * FROM users WHERE email = '" . $email . "'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
if($row = $result->fetch_assoc()) {
$_SESSION['user_name'] = $row['name'];
$_SESSION['user_email'] = $row['email'];
$_SESSION['user_fb_id'] = $row['fb_id'];
$_SESSION['user_pundit_name'] = $row['pundit_name'];
$_SESSION['user_id'] = $row['id'];
header('Location: ' . $site_url . 'whats_next.php');
}
} else {
$insert_new_user = "INSERT INTO users (name, email, fb_id) VALUES ('" . $name . "', '" . $email . "', '" . $fbid . "')";
$result = $conn->query($insert_new_user);
$_SESSION['user_name'] = $name;
$_SESSION['user_email'] = $email;
$_SESSION['user_fb_id'] = $fb_id;
$_SESSION['user_id'] = $row['id'];
$msg = wordwrap("Congratulations " . $name . ",\nYou are now a registered Pundit. Like all pundits, you will be consulted for your wisdom from time from time to time. You will receive emails announcing an “open question” to be answered by you and your fellow pundits [or, if you have selected that option, you can go to PUNDITNETWORK.com and answer open question whenever you want.] The questions will usually ask you to forecast the outcome of an event in the near future. The question will remain open for a certain period of time. After that time, you can go to the Pundit forum at PUNDITNETWORK and discuss the question with fellow Pundits. We will add points to your Pundit rating for every right answer. High ratings can lead to recognition and prizes. As the PUNDITNETWORK grows, the opportunities for both recognition and prizes will also grow. In the meantime, enjoy the game! And feel free to challenge friends, relatives, classmates, teachers, co-workers or anybody who thinks he/she “knows it all” to test their skills and join you for a little friendly competition.", 70);
mail($email, "Welcome to PunditNetwork", $msg);
header('Location: ' . $site_url . 'whats_next.php');
}
?>
The session is not preserved after the header redirect in this script:
<?php
session_start();
include 'settings.php';
include 'mysql_connect.php';
$email = $_GET['email'];
$secret_key = $_GET['secret_key'];
$q = "SELECT * FROM email_confirmations WHERE email = '" . $email . "' AND secret_key = '" . $secret_key . "'";
$r = $conn->query($q);
if ($r->num_rows > 0) {
if($row = $r->fetch_assoc()) {
$q1 = "SELECT * from users WHERE email = '" . $row['email'] . "'";
$r1 = $conn->query($q1);
if ($r1->num_rows > 0) {
$q2 = "UPDATE users SET password = '" . $row['password'] . "' WHERE email = '" . $row['email'] . "'";
$r2 = $conn->query($q2);
$q3 = "SELECT * from users WHERE email = '" . $row['email'] . "'";
$r3 = $conn->query($q3);
if ($row3 = $r3->fetch_assoc()) {
$_SESSION['user_name'] = $row3['name'];
$_SESSION['user_email'] = $row3['email'];
$_SESSION['user_fb_id'] = $row3['fb_id'];
$_SESSION['user_pundit_name'] = $row3['pundit_name'];
$_SESSION['user_id'] = $row3['id'];
// var_dump($_SESSION); // session is correct when var dumped
header('Location: ' . $site_url . 'whats_next.php');
}
}
/*
else {
$q2 = "INSERT INTO users (name, email, password) VALUES ('" . $row['name'] . "', '" . $row['email'] . "', '" . $row['password'] . "')";
$r2 = $conn->query($q2);
$q3 = "SELECT * from users WHERE email = '" . $row['email'] . "'";
$r3 = $conn->query($q3);
if ($r3->num_rows > 0) {
if ($row3 = $r3->fetch_assoc()) {
$_SESSION['user_name'] = $row3['name'];
$_SESSION['user_email'] = $row3['email'];
$_SESSION['user_fb_id'] = $row3['fb_id'];
$_SESSION['user_pundit_name'] = $row3['pundit_name'];
$_SESSION['user_id'] = $row3['id'];
header('Location: ' . $site_url . 'whats_next.php');
}
}
}*/
}
}
else {
echo 'error, you got the wrong email';
}
?>
I had one similar issue once but it was for ASPx, still check if the url starts with or without "www" in both redirects, having them diff caused a new session id being created when I had the issue.Take a look it could be a similar case.
If someone wants to read about "www" and not "www"
"URL with WWW and URL without WWW" -Is there any difference between them?
I have created the below login function and called the same at another page as given below. But don't know why it is not working for me.
function auth_check_user1($login, $password, $agent )
{
$query = 'SELECT * FROM ' . USERS_TABLE . ' WHERE login = "' . $login . '" AND password ="' . $password . '" AND user_category ="' . $agent . '" LIMIT 1';
$r = $db->query ($query);
if ($db->numrows($r)==1)
{
$logged = TRUE;
}
else
{
$logged = FALSE;
}
return $logged;
}
if (auth_check_user1($session->fetch('login'), $session->fetch('password'), $session->fetch('agent')) )
{
$query= 'SELECT first_name,id FROM ' . USERS_TABLE . ' WHERE approved = 1 AND login = "' . $session->fetch('login') . '" LIMIT 1';
$r = $db->query( $query);
<?php echo URL; ?>/login_user.php"><?php echo $lang['Menu_User_Login']; ?>
<?php echo URL; ?>/index.php?req=logout"><?php echo $lang['Logout']; ?>
}
<?php echo URL; ?>/login_user.php"><?php echo $lang['Menu_User_Login']; ?>
<?php echo URL; ?>/index.php?req=logout"><?php echo $lang['Logout']; ?>
Why do you have <?php ?> inside code ? There should be:
echo URL.'/login_user.php">'.$lang['Menu_User_Login'];
echo URL.'/index.php?req=logout">'.$lang['Logout'];
And I am not sure about the > in your output.. that mess up HTML, if your URL is only URL and not some HTML code
if ($db->numrows($r)==1) {
$logged = TRUE;
Shouldn't it be > num_rows?
function auth_check_user1($login, $password, $agent )
{
$query = 'SELECT * FROM ' . USERS_TABLE . ' WHERE login = "' . $login . '" AND password ="' . $password . '" AND user_category ="' . $agent . '" LIMIT 1';
$r = $db->query ($query);
if ($db->numrows($r)==1) {
$logged = TRUE;
} else {
$logged = FALSE;
}
return $logged;
}
if (auth_check_user1($session->fetch('login'), $session->fetch('password'), $session->fetch('agent')) ) {
$query= 'SELECT first_name,id FROM ' . USERS_TABLE . ' WHERE approved = 1 AND login = "' . $session->fetch('login') . '" LIMIT 1';
$r = $db->query( $query);
echo URL . "/login_user.php" . $lang['Menu_User_Login'];
echo URL . "index.php?req=logout" . $lang['Logout'];
}
Aside from these edits, I can't speak for your functions, numrows could be incorrect.