i would like to a fix a problem with my code, that regard an user profile system. During registration user set their personal information, including address. Address value is used by API google maps.UPDATE query doesnt work.Why?
N.B: data type lat, lng are 'decimal(10,8)decimal(11,8)'
<?php
include("database.php");
session_start();
$error = "";
if(isset($_POST['submit']))
{
$username = mysql_real_escape_string($_POST['username']);
$name = mysql_real_escape_string($_POST['name']);
$surname = mysql_real_escape_string($_POST['surname']);
$affiliation = mysql_real_escape_string($_POST['affiliation']);
$department = mysql_real_escape_string($_POST['department']);
$address = mysql_real_escape_string($_POST['address']);
$position = mysql_real_escape_string($_POST['position']);
$email = mysql_real_escape_string($_POST['email']);
$web = mysql_real_escape_string($_POST['web']);
$telephone = mysql_real_escape_string($_POST['telephone']);
$mobile = mysql_real_escape_string($_POST['mobile']);
$password = $_POST['password'];
$passwordConfirm = $_POST['passwordConfirm'];
$privacy = $_POST['privacy'];
//validare i valori inseriti dall'utente
if(!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$error = "Inserisci una email valida ";
}
else if (strlen($password < 8)) {
$error = "La password deve contenere almeni 8 caratteri";
}
else if ($password != $passwordConfirm)
{
$error = "Le password devono coincidere!";
}
else {
$error = "Ti sei appena registrato su B";
}
$sql = "INSERT INTO users(username, name, surname, affiliation, department,address,position,email,web,telephone,mobile,password,privacy) VALUES('$username','$name','$surname','$affiliation','$department','$address','$position','$email','$web','$telephone','$mobile','$password','$privacy')";
mysqli_query($database,$sql) or die(mysqli_error($database));
if($address !=''){
$request_url = "http://maps.googleapis.com/maps/api/geocode/xml?address=".$address."&sensor=true";
$xml = simplexml_load_file($request_url) or die("url not loading");
$status = $xml->status;
if ($status=="OK"){
$lat = $xml->result->geometry->location->lat;
$lng = $xml->result->geometry->location->lng;
}
$sql1 = "UPDATE users SET lng='$lng', lat='$lat' WHERE username='$username'";
mysqli_query($database,$sql1) or die(mysqli_error($database));
}
}
?>
instead of using AND, you need to separate with a comma ,
$sql1 = "UPDATE users SET lng='$lng', lat='$lat' WHERE username='$username'";
Do not use And and don't forget to add backticks :) and good to see that newbies are completely avoiding mysql_* :D
$sql1 = "UPDATE `users` SET `lng`='$lng', `lat`='$lat' WHERE `username`='$username'";
Replace AND with comma in update statement
Related
I don't know exactly how to explain ...
When I log in, on a browser page, enter the correct user, but if I open another page, still in the browser in use, and I refresh it automatically chooses one of the two users, deleting the other
I don't know if I have explained myself well, I don't know how to explain myself well. excuse me
This is a private page code (page after log in)
session_start();
function authenticate()
{
return array_key_exists('email', $_SESSION);
};
if (authenticate() !== true) {
header("location: /private/login/log-in.php");
}
$user_id = $_SESSION['id'];
$email = $_SESSION['email'];
$password = $_SESSION['password'];
$check_id = "SELECT * FROM usertable WHERE email = '$email'";
$result = mysqli_query($conn, $check_id);
if (mysqli_num_rows($result) > 0) {
$fetch_info = mysqli_fetch_assoc($result);
$user_id = $fetch_info['id'];
};
This is a login code
session_start();
$user_id = $_SESSION['id'];
$email = $_SESSION['email'];
$password = $_SESSION['password'];
$check_id = "SELECT * FROM usertable WHERE email = '$email'";
$result = mysqli_query($conn, $check_id);
if (mysqli_num_rows($result) > 0) {
$fetch_info = mysqli_fetch_assoc($result);
};
if (isset($_POST['login'])) {
$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
$password = md5($_POST['password'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
date_default_timezone_set("Europe/Rome");
$date = date('Y-m-d H:i:s');
$sql_insert_date = mysqli_query($conn, "UPDATE usertable SET activeLogInDate = '$date'");
$check_email = "SELECT * FROM usertable WHERE email = '$email' ";
$res = mysqli_query($conn, $check_email);
if (mysqli_num_rows($res) > 0) {
$fetch = mysqli_fetch_assoc($res);
$_SESSION['id'] = $fetch['id'];
$uniqueID = $fetch['uniqueID'];
$username = $fetch['username'];
$name = $fetch['name'];
$fetch_pass = $fetch['password'];
if (password_verify($password, $fetch_pass)) {
$activeStatus = "Online";
$sql2 = mysqli_query($conn, "UPDATE usertable SET activeStatus = '$activeStatus'");
$_SESSION['email'] = $email;
$status = $fetch['status'];
if ($status == 'verified') {
$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
header("location: /private/private_page/private.php?us=$uniqueID?nm=$username");
} else {
$info = "Non è stata verificata la tua identità,controlla il messaggio inviato all' email $email";
$_SESSION['info'] = $info;
header('location: /private/otp/otp-code.php');
}
} else {
$errors['email'] = "Inserimento password o email non corretto!";
}
} else {
$errors['email'] = "Sembra che tu non sia ancora un membro! Clicca sul pulsante registrati per iscriverti.";
}
};
The line -
$password = md5($_POST['password'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
is incorrect. md5()'s second parameter is meant to be a bool; you've got a likely copy/paste/edit error from the previous line, filter_var();
Take out the second parameter.
BTW you shouldn't really rely on md5 these days. There's a password_hash() function that's what you should be using now.
I want to create an API for registration with OTP verification. The OTP is successfully sent on mobile. But the value of users is not inserted in the database. Here is my signup code.
signup.php
<?php
include('config.php');
if( !empty($_POST['name']) &&
!empty($_POST['mobile']) &&
!empty($_POST['email']) &&
!empty($_POST['password'])
){
$name = $_POST['name'];
$mobile = $_POST['mobile'];
$email = $_POST['email'];
$password = $_POST['password'];
$str = mt_rand(100000, 999999);
$avalible_user_name="";
$avalible_user_email="";
$SQL= mysql_query("SELECT * FROM users WHERE mobile='".$mobile."' ");
while($row=mysql_fetch_array($SQL)){
$avalible_user_name=$row['mobile'];
}
$SQL= mysql_query("SELECT * FROM users WHERE email='".$email."' ");
while($row=mysql_fetch_array($SQL)){
$avalible_user_email=$row['email'];
}
if($avalible_user_name=="" && $avalible_user_email==""){
$SQLQUERY = mysql_query("INSERT INTO users SET
name = '" . $name."',
mobile = '" . $mobile."',
email = '" . $email."',
password = '" . md5($password)."',
otp = '".$str."',
status = 0 ");
$msg = "Your verification code:".$str.".";
$sms_text = str_replace(" ","%20",$msg);
$api_key = '2584909553545C';
$from = 'chkotp';
$api_url = "**My otp url**";
$response = file_get_contents($api_url);
die(json_encode(array("success"=>"true","message"=>"OTP sent to your mobile number please verify.")));
}else{
die(json_encode(array("success"=>"false","message"=>"Mobile or email all ready exits ")));
}
}else{
die(json_encode(array("success"=>"false","message"=>"Empty Parameters..!!")));
}
?>
Your insert query syntax is wrong,
$new_pass = md5($password);
$SQLQUERY = mysql_query("INSERT INTO users( name, mobile, email, password) values('$name','$mobile','$email','$new_pass')");
I hope it helps.
I am creating a user management system. During the registration process the user enters their personal information, including the address attribute.
<?php
include("database.php");
$error = "";
if(isset($_POST['submit']))
{
$username = mysql_real_escape_string($_POST['username']);
$name = mysql_real_escape_string($_POST['name']);
$address = mysql_real_escape_string($_POST['address']);
$passwordConfirm = $_POST['passwordConfirm'];
$privacy = $_POST['privacy'];
//validare i valori inseriti dall'utente
if(!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$error = "Inserisci una email valida ";
}
else if (strlen($password < 8)) {
$error = "La password deve contenere almeni 8 caratteri";
}
else if ($password != $passwordConfirm)
{
$error = "Le password devono coincidere!";
}
else {
$error = "Ti sei appena registrato";
}
$sql = "INSERT INTO users(username, name, surname, affiliation, department,address,position,email,web,telephone,mobile,password,privacy) VALUES('$username','$name','$surname','$affiliation','$department','$address','$position','$email','$web','$telephone','$mobile','$password','$privacy')";
mysqli_query($database,$sql) or die(mysqli_error($database));
header("location:index.php");
}
echo "$error";
?>
Thanks to 'geocode.php' I get the geographical coordinates of the address. I managed to implement a version in which the geolocation occurs after user registration. In this way (geocode.php)
<?php
session_start();
include("database.php");
if(isset($_SESSION['username'])){
$current_user = $_SESSION['username'];
$sql = "SELECT address FROM users WHERE username='$current_user'";
$result = mysqli_query($database,$sql);
$row = mysqli_fetch_array($result);
}
$address = urlencode($row['address']);
$request_url = "http://maps.googleapis.com/maps/api/geocode/xml?address=".$address."&sensor=true";
$xml = simplexml_load_file($request_url) or die("url not loading");
$status = $xml->status;
if ($status=="OK"){
$lat = $xml->result->geometry->location->lat;
$lng = $xml->result->geometry->location->lng;
$latlng = "$lat,$lng";
}
if(isset($_SESSION['username'])){
$temp=$_SESSION['username'];
$sql1 = "UPDATE users SET lat='$lat',lng='$lng' WHERE username='$temp'";
mysqli_query($database,$sql1);
}
?>
I wish I had some advice to make sure that the API call to google maps occurs during user registration.
I am not 100% sure what you are looking for.
According my understanding you want to add geo location code during registration process.
what you can do is you add following code after sanitizing address.
if($address !='')
{
$address_code = urlencode($row['address']);
$request_url = "http://maps.googleapis.com/maps/api/geocode/xml?address=".$address_code."&sensor=true";
$xml = simplexml_load_file($request_url) or die("url not loading");
$status = $xml->status;
if ($status=="OK"){
$lat = $xml->result->geometry->location->lat;
$lng = $xml->result->geometry->location->lng;
$latlng = "$lat,$lng";
}
// Now you have latitude and Longitude saved in $lat and $lang respectively. You can add this in your insert query.
}
I hope this make sense.
I'm using notepad++ and Godaddy's phpMyAdmin to host the server. The file does not display anything when posted and whenever I put it in a PHP code checker it tells me this:
Error: There is 1 more opening parenthesis '(' found This count is unaware if parenthesis are inside of a string)
and
Error: There is 1 more opening curly braces '{' found
This count is unaware if curly braces are inside of a string
Any help would be much appreciated.`
//Declaring them as variables
$username = $_POST["username"];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
//error handling
if((!$username) || (!$fname) || ($lname) || ($email) || ($pass1) || ($pass2))
{
$message = "please insert all fields in theform below!";
}
else
{
if($pass1 != $pass2)
{
$message = "Passwords do not match!"
}
}
else
//gathering the data
{
$username = preg_replace("#[^0-9a-z]#i","",$username);
$fname = preg_replace("#[^0-9a-z]#i","",$fname);
$lname = preg_replace("#[^0-9a-z]#i","",$lname);
$pass1 = sha1(#pass1);
$email = mysql_real_escape_string($email);
//check for dublicates
$user_query = mysql_query("SELECT username FROM members WHERE username ='$username' LIMIT 1") or die("Could not check username");
$count_username = mysql_num_rows($user_query);
$user_query = mysql_query("SELECT email FROM members WHERE username ='$email' LIMIT 1") or die("Could not check email");
$count_email = mysql_num_rows($email_query);
if($count_username > 0)
{
$message = "Your username is alread in use";
}
else if($count_email > 0)
{
$message = " Your email is alread in use";
}
else
//insert the memebers to database
{
$ip_address = $_SERVER['REMOTE_ADDR'];
$query = mysql_query("INSERT INTO members(username, firstname, lastname,email,password,ip_adress,sign_up_date)VALUES('$username','$fname','$lname','$email', '$pass1','$ip_address',now()")or die("could not insert");
$member_id = mysql_insert_id();
mkdir(,"users/$member_id",0755);
$message = "You have now been registered";
}
}
The issue is that your else statement was misplaced. I moved it after the if statement where you check that the passwords match.
//Declaring them as variables
$username = $_POST["username"];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
//error handling
if((!$username) || (!$fname) || ($lname) || ($email) || ($pass1) || ($pass2))
{
$message = "please insert all fields in theform below!";
}
else
{
if($pass1 != $pass2)
{
$message = "Passwords do not match!"
}
else
{
//All required fields are filled
//Paswords match
//gathering the data
$username = preg_replace("#[^0-9a-z]#i","",$username);
$fname = preg_replace("#[^0-9a-z]#i","",$fname);
$lname = preg_replace("#[^0-9a-z]#i","",$lname);
$pass1 = sha1(#pass1);
$email = mysql_real_escape_string($email);
//check for dublicates
$user_query = mysql_query("SELECT username FROM members WHERE username ='$username' LIMIT 1") or die("Could not check username");
$count_username = mysql_num_rows($user_query);
$user_query = mysql_query("SELECT email FROM members WHERE username ='$email' LIMIT 1") or die("Could not check email");
$count_email = mysql_num_rows($email_query);
if($count_username > 0)
{
$message = "Your username is alread in use";
}
else if($count_email > 0)
{
$message = " Your email is alread in use";
}
else
//insert the memebers to database
{
$ip_address = $_SERVER['REMOTE_ADDR'];
$query = mysql_query("INSERT INTO members(username, firstname, lastname,email,password,ip_adress,sign_up_date)VALUES('$username','$fname','$lname','$email', '$pass1','$ip_address',now()")or die("could not insert");
$member_id = mysql_insert_id();
mkdir(,"users/$member_id",0755);
$message = "You have now been registered";
}
}
}
Here is the code
<?php
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$phone = $_POST['phone'];
$referral = $_POST['refer'];
$referred = false;
mysql_connect("localhost","username","password") or die (mysql_error());
mysql_select_db("database") or die ("Cannot connect to database");
$query = mysql_query("Select * from member");
while($row = mysql_fetch_array($query))
{
$table_users = $row['username'];
$table_email = $row['email'];
$table_phone = $row['phone'];
if($referral == $table_users)
{
$referred = true;
}
if($username == $table_users || $email == $table_email || $phone == $table_phone)
{
$bool = false;
}
}
if(($bool))
{
$username = mysql_real_escape_string($username);
mysql_query("INSERT INTO member (username, password, email, phone, refer) VALUES ('$username', '$password', '$email', '$phone', '$referral')");
if($referred)
{
$from="Sent from test";
$subject="New user referred.";
$message="A new user " . $username . " has been referred by " . $referral . "Please stay updated. ";
mail("mymail", $subject, $message, $from);
}
$_SESSION['login'] = true;
echo "Thank you for registering with us.You can login now to start earning.";
}
If the referral code field is left empty or it does not match any value in database it still sends
the mail. So, what is going on here? I have added some more code. I left a part of it earlier.
This statement if($referral == $table_users) doesn't look right. You have not set the $referral variable anywhere in your code.