Change the value of ENUM in database - php

I am trying to change the value of an ENUM in a mySQL database that will help identify when a user is logged on or logged off on a website to be displayed to all users of the site. I set an ENUM column with possible values of 0 and 1. 0 being logged off, and 1 being logged on. But it doesnt seem to be changing anything. Here is my code:
//LOGIN
session_start();
$username = ($_POST['username']);
$password = ($_POST['password']);
$sql = "SELECT * FROM users WHERE username = '$username' LIMIT 1";
$query = mysqli_query($conn, $sql);
if ($query) {
$row = mysqli_fetch_row($query);
$userid = $row[0];
$dbusername = $row[1];
$dbpassword = $row[2];
$email = $row[4];
$status = $row[7];
$permit = $row[6];
$active = $row[5];
$fname = $row[8];
$lname = $row[9];
$dob = $row[10];
$signupdate = $row[3];
$ipadd = $row[11];
$loggedin = $row[12];
}
if ($username == $dbusername && $password == $dbpassword){
$_SESSION['username'] = $username;
$_SESSION['id'] = $userid;
$_SESSION['email'] = $email;
$_SESSION['status'] = $status;
$_SESSION['permit'] = $permit;
$_SESSION['email_activation'] = $active;
$_SESSION['first_name'] = $fname;
$_SESSION['last_name'] = $lname;
$_SESSION['dob'] = $dob;
$_SESSION['sign_up_date'] = $signupdate;
$_SESSION['ipv4'] = $ipadd;
$_SESSION['loggedin'] = $loggedin;
$sql = "UPDATE username SET loggedin = '1'";
header("Location: ../main.php");


Replace your update query with this one
"UPDATE users SET loggedin = '1' where `id` = $userid ";


//LOGIN
session_start();
$username = ($_POST['username']);
$password = ($_POST['password']);
$sql = "SELECT * FROM users WHERE username = '$username' LIMIT 1";
$query = mysqli_query($conn, $sql);
if ($query) {
$row = mysqli_fetch_row($query);
$userid = $row[0];
$dbusername = $row[1];
$dbpassword = $row[2];
$email = $row[4];
$status = $row[7];
$permit = $row[6];
$active = $row[5];
$fname = $row[8];
$lname = $row[9];
$dob = $row[10];
$signupdate = $row[3];
$ipadd = $row[11];
$loggedin = $row[12];
$sql = "UPDATE users SET loggedin = '1' where id = '$userid'";
mysqli_query($conn, $sql);
}
if ($username == $dbusername && $password == $dbpassword){
$_SESSION['username'] = $username;
$_SESSION['id'] = $userid;
$_SESSION['email'] = $email;
$_SESSION['status'] = $status;
$_SESSION['permit'] = $permit;
$_SESSION['email_activation'] = $active;
$_SESSION['first_name'] = $fname;
$_SESSION['last_name'] = $lname;
$_SESSION['dob'] = $dob;
$_SESSION['sign_up_date'] = $signupdate;
$_SESSION['ipv4'] = $ipadd;
$_SESSION['loggedin'] = $loggedin;
header("Location: ../main.php");

Related

storing users information in a session

session_start();
require_once 'config.php';
if(isset($_POST['username']) && isset($_POST['password'])){
$uname = $_POST['username'];
$upass = $_POST['password'];
//select users information from database
$buildsql = "SELECT * FROM umembersd WHERE uusername = '$uname' AND upassword = '$upass'";
$myexec = mysqli_query($conn, $buildsql) or die (mysqli_error($conn));
if($myexec->num_rows > 0){
while($data = $myexec->fetch_assoc()){
$_SESSION['no'] = 'id';
$_SESSION['firstname'] = 'ufname';
$_SESSION['lastname']= 'ulname';
$_SESSION['phonenumber'] = 'uphone';
$_SESSION['emailaddress']= 'uemail';
$_SESSION['datejoined'] = 'uregdate';
$_SESSION['datereg'] = 'uusername';
header('location: index.php?successful');
}
}else{
header('location: login.php?nerror');
}
}

Where to store user ids of users with a cookie and no session (Remember me)

I have read a ton of question about it and the discussions are different along with the answers on this matter.
I need to have the User ID in order to retrieve his data from the DB and create a session with this data in order to create a continues login.
Hashing the session:
function createNewUserSession($uid, $email, $salt){
$session_key = $email.$salt;
$options = [
'cost' => 11
];
$session_key = password_hash($session_key, PASSWORD_BCRYPT, $options);
$connect = mysqliConnect();
$query = "UPDATE `users` SET";
$query .= " session_key = '$session_key'";
$query .= " WHERE id = '$uid'";
mysqli_query($connect, $query);
return $session_key;
}
function generateRandomString($length) {
return substr(str_shuffle(str_repeat($x='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!##$%^&*()_+|"}?><~', ceil($length/strlen($x)) )),1,$length);
}
$user_session_salt = generateRandomString(32);
if (isset($_COOKIE['sk'])) {
if (password_verify($email.$_COOKIE['sk'], $session_key)) {
// Creating Sessions
$_SESSION['uid'] = $uid;
$_SESSION['fName'] = $fName;
$_SESSION['lName'] = $lName;
} else {
// Creating New Sessions
createNewUserSession($uid, $email, $user_session_salt);
$_SESSION['uid'] = $uid;
$_SESSION['fName'] = $fName;
$_SESSION['lName'] = $lName;
// Creating Cookies
setcookie("sk", $user_session_salt, time() + (90 * 24 * 60 * 60), '/', '.mywebsite.io');
}
}
Renew Session:
function restoreSession($uid) {
$connect = mysqliConnect();
$query = "SELECT * FROM `users` WHERE id = '$uid'";
$result = mysqli_query($connect, $query);
if (mysqli_num_rows($result) == 1) {
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$uid = $row['id'];
$email = $row['email'];
$fName = $row['first_name'];
$lName = $row['last_name'];
$session_key = $row['session_key'];
if (isset($_COOKIE['sk']) && !isset($_SESSION['uid'])) {
$user_salt = $_COOKIE['sk'];
if (password_verify($email.$user_salt, $session_key)) {
// Creating Sessions
$_SESSION['uid'] = $uid;
$_SESSION['fName'] = $fName;
$_SESSION['lName'] = $lName;
}
}
}
}
I know this is not perfect, but I'm still learning and need some adequate input on this matter.

having problems with removing sha1 encryption from my code

ill like to remove the sha1 encryption on this code so i can store my password as typed in the database instead of the encrypted code. Am new to coding so I need help
The code (settings_model.php)
<?php
$settings = new Datasettings();
if(isset($_GET['q'])){
$settings->$_GET['q']();
}
class Datasettings {
function __construct(){
if(!isset($_SESSION['id'])){
header('location:../../');
}
}
function changepassword(){
include('../../config.php');
$username = $_GET['username'];
$password = $_GET['password'];
$current = sha1($_POST['current']);
$new = sha1($_POST['new']);
$confirm = sha1($_POST['confirm']);
$q = "select * from userdata where username='$username' and password='$current'";
$r = mysqli_query($db,$q);
if(mysqli_num_rows($r) > 0){
if($new == $confirm){
$r2 = mysqli_query($db,"update userdata set password='$new' where username='$username' and password='$current'");
header('location:../settings.php?msg=success&username='.$username.'');
}else{
header('location:../settings.php?msg=error&username='.$username.'');
}
}else{
header('location:../settings.php?msg=error&username='.$username.'');
}
}
function addaccount(){
include('../../config.php');
$level = $_GET['level'];
$id = $_GET['id'];
$q = "select * from $level where id=$id";
$r = mysqli_query($db,$q);
$row = mysqli_fetch_array($r);
if($level == 'student'){
$username = $row['studid'];
$fname = $row['fname'];
$lname = $row['lname'];
$password = sha1($username.'-'.$fname);
}else{
$username = $row['teachid'];
$fname = $row['fname'];
$lname = $row['lname'];
$password = sha1($username.'-'.$fname);
}
$verify = $this->verifyusername($username);
if($verify){
$q2 = "insert into userdata values(null,'$username','$password','$fname','$lname','$level')";
mysqli_query($db,$q2);
header('location:../'.$level.'list.php?r=added an account');
}else{
header('location:../'.$level.'list.php?r=updated');
}
}
function verifyusername($user){
$q = "select * from userdata where username='$user'";
$r = mysql_query($q);
if(mysql_num_rows($r) < 1){
return true;
}else{
return false;
}
}
function getuser($search){
include('../config1.php');
$user = $_SESSION['id'];
$q = "select * from userdata where username !='$user' and username like '%$search%' order by lname asc";
$r = mysqli_query($db, $q);
return $r;
}
function addaccounts(){
include('../../config1.php');
extract($_POST);
$q = "select * from $level where id=$id";
$r = mysqli_query($db,$q);
$row = mysqli_fetch_array($r);
if($level == 'student'){
$username = $row['studid'];
$fname = $row['fname'];
$lname = $row['lname'];
$password = sha1($username.'-'.$fname);
}else{
$username = $row['teachid'];
$fname = $row['fname'];
$lname = $row['lname'];
$password = sha1($username.'-'.$fname);
}
$verify = $this->verifyusername($username);
if($verify){
$q2 = "insert into userdata values(null,'$username','$password','$fname','$lname','$level')";
mysqli_query($db,$q2);
header('location:../'.$level.'list.php?r=added an account');
}else{
header('location:../'.$level.'list.php?r=updated');
}
}
}
?>
please help need an answer soon. thanks.

just change this line
$confirm = sha1($_POST['confirm']);
to this
$confirm = $_POST['confirm'];

Login form validation always says WRONG USER DETAILS

This php code for login form validation. Why it always returns 'Wrong user data' (Грешни данни!). $name & $pass1 come from the login form which is in other file.
$activated has values 0 || 1 and it is to see if user confirmed registration from email.
<?php
//connection with database
require "db_connect.php";
require "password_compat-master/lib/password.php";
$name = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'name'))));
$pass1 = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'pass1'))));
$errorName = '';
$errorPass1 = '';
$feedback = '';
$mainError = false;
//get hash
$retHash = "SELECT password FROM users WHERE user_name='$name'";
$query_retHash = mysqli_query($conn, $retHash);
$row = mysqli_fetch_array($query_retHash);
$hash = $row['password'];
//get name
$retName = "SELECT user_name FROM users WHERE user_name='$name'";
$query_retName = mysqli_query($conn, $retName);
$row = mysqli_fetch_array($query_retName);
$uname = $row['user_name'];
//get 'activated'
$retAct = "SELECT user_name FROM users WHERE user_name='$name'";
$query_retAct = mysqli_query($conn, $retAct);
$row = mysqli_fetch_array($query_retAct);
$activated = $row['activated'];
if (filter_input_array(INPUT_POST)) {
if ($name !== $uname) {
$mainError = true;
}
if (!password_verify($pass1, $hash)) {
$mainError = true;
}
if ($activated != 1) {
$mainError = true;
}
if (!$mainError) {
$feedback = 'Здравей,' . $name . '!';
} else {
$feedback = 'Грешни данни!';
}
}
?>

As #Rajdeep Answered,
$retAct = "SELECT user_name FROM users WHERE user_name='$name'";
^ it should be activated
Better use one query. Fetch all details.
<?php
//connection with database
require "db_connect.php";
require "password_compat-master/lib/password.php";
$name = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'name'))));
$pass1 = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'pass1'))));
$errorName = '';
$errorPass1 = '';
$feedback = '';
$mainError = false;
//get hash
$retHash = "SELECT * FROM users WHERE user_name='$name'";
$query_retHash = mysqli_query($conn, $retHash);
$row = mysqli_fetch_array($query_retHash);
$hash = $row['password'];
$uname = $row['user_name'];
$activated = $row['activated'];
if (filter_input_array(INPUT_POST)) {
if ($name !== $uname) {
$mainError = true;
}
if (!password_verify($pass1, $hash)) {
$mainError = true;
}
if ($activated != 1) {
$mainError = true;
}
if (!$mainError) {
$feedback = 'Здравей,' . $name . '!';
} else {
$feedback = 'Грешни данни!';
}
}
?>

Look at this statement here,
//get 'activated'
$retAct = "SELECT user_name FROM users WHERE user_name='$name'";
^ it should be activated
And there's no point running three separate queries. You can achieve the same thing using only one query, like this:
// your code
$query = "SELECT user_name, password, activated FROM users WHERE user_name='$name' LIMIT 1";
$result = mysqli_query($conn, $query);
$row = mysqli_fetch_array($result);
$uname = $row['user_name'];
$hash = $row['password'];
$activated = $row['activated'];
if (filter_input_array(INPUT_POST)) {
// your code
}

can not log in with administrator?

what is wrong if my code or my database?
my code
if(isset($login)){
if($sbg=='administrator'){
$login = mysql_query("SELECT * FROM administrator WHERE email='$email' AND password='$pass'");
$rows= mysql_num_rows($login);
if($rows==0){
$data = mysql_fetch_array($login);
$_SESSION['login'] = true;
$_SESSION['nama'] = $data['nama'];
$_SESSION['email'] = $data['email'];
$_SESSION['password'] = $data['password'];
}else{

Looks like you have to change
if($rows==0)
with
if($rows>0)

you put your code in wrong if.
if($rows!=0){
$data = mysql_fetch_array($login);
$_SESSION['login'] = true;
$_SESSION['nama'] = $data['nama'];
$_SESSION['email'] = $data['email'];
$_SESSION['password'] = $data['password'];
}else{

if(isset($login)){
if($sbg=='administrator'){
$login = mysql_query("SELECT * FROM administrator WHERE email='$email' AND password='$pass'");
$rows= mysql_num_rows($login);
if($rows>0){
$data = mysql_fetch_assoc($login);
session_start();
$_SESSION['login'] = true;
$_SESSION['nama'] = $data['nama'];
$_SESSION['email'] = $data['email'];
$_SESSION['password'] = $data['password'];
}else{
}
you can just echo $rows to know if has some result if $rows shows 0 or nothing please check your mysql query.

Categories