Bypass the check if the Username is unchanged in the form - php

FORM
<!DOCTYPE HTML>
<html>
<head>
<title>
</title>
</head>
<body>
<form id='updateholder' action='updateacc.php' method='post'>
<fieldset >
<legend>Update Account</legend>
Username:
<input type='text' name='username' id='username' value = "<?php echo $row['user_Username']?>"/>
Current Password:
<input type='text' name='curpassword' id='curpassword' value = "" maxlength="50" />
New Password:
<input type='text' name='confirm' id='newpassword' value = "" maxlength="50" />
Confirm New Password:
<input type='text' name='confirm' id='confirmpassword' value = "" maxlength="50" />
Middle Name:
<input type='text' name='middlename' id='middlename' value = "<?php echo $row['user_Mname']?>"/>
Last Name:
<input type='text' name='lastname' id='lastname' value = "<?php echo $row['user_Lname']?>"/>
<input type='Submit' name='Submit' value='Submit' />
</fieldset>
</form>
LOGOUT
</body>
</html>
Update.php
<?php
session_start();
include('dbconn.php');
$user_ID = $_SESSION['user_ID'] ;
$sql = "SELECT * FROM tbl_user WHERE user_ID = '$user_ID'";
$result = mysqli_query($con, $sql);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
if (isset($_POST['Submit'])) {
$username = $_POST["username"];
$curpassword = $_POST["curpassword"];
$middlename = $_POST["middlename"];
$lastname = $_POST["lastname"];
$username = trim(mysqli_escape_string($con, $username));
$curpassword = trim(mysqli_escape_string($con, $curpassword));
$middlename = trim(mysqli_escape_string($con, $middlename));
$lastname = trim(mysqli_escape_string($con, $lastname));
$sql2= "SELECT user_Username FROM tbl_user WHERE user_Username='$username'";
$sql3= "SELECT user_Password FROM tbl_user WHERE user_ID='$accholder_ID'";
$result2 = mysqli_query($con, $sql2);
$result3 = mysqli_query($con, $sql3);
$row2 = mysqli_fetch_array($result, MYSQLI_ASSOC);
$row3 = mysqli_fetch_array($result2, MYSQLI_ASSOC);
if (mysqli_num_rows($result) == 1) {
echo "Sorry...This Username already exist..";
} else {
$query = mysqli_query($con, "Update tbl_user SET user_Mname = "$middlename", user_Lname = "$lastname", user_Username = "$username", user_Password = "$curpassword"");
if ($query) {
echo "Account Updated";
}
}
}
?>
I have a Code here that shows the data of the tbl_user in html form
but when it checks if the username existed
it will always echo "Sorry...This Username already exist.."
Since it will also include his own existing username in the check if it is submitted
Is there a way to bypass the check if the Username is unchanged


If you want to bypass check for unchanged username just add one check like:
Example:
if(trim($_POST["username"]) == $row['user_Username']){
//return unchanged username stuff
}
else{
// your stuff for changed username
}
If form value and database values are same it means username is unchanged else changed.


You can check directly by
if($_POST["username"] == $row['user_Username'])
{
echo "User Name Matched";
}
else
{
echo "Unique User Name";
}

Related

getting data by id from database after submitting to another page

I m trying to get data on another page by id which is on showdetails.php page.but i m unable to please help.
Showdetails.php
this page shows details of user with id and button which will allow user to edit details on another page
<!DOCTYPE html>
<html>
<head>
<title>Details</title>
</head>
<body>
<?php
require('database.php');
?>
<h1>User Lists</h1>
<?php
$select = "SELECT id, firstname, lastname FROM signup";
$selectdata = $conn->query($select);
if ($selectdata->num_rows > 0){
while($row = mysqli_fetch_array($selectdata)) {
$id = $row['id'];
$first = $row['firstname'];
$last = $row['lastname'];
?>
<form method="get" action="editdetails.php">
<p><b>ID: <?php echo $id; ?></b></p>
<p>Name: <?php echo $first; ?> <?php echo $last; ?></p>
<?php
$edit = "SELECT id FROM signup WHERE id= '" .$id. "'";
$selectedit = $conn->query($edit);
?>
<p><input type="submit" name="display" value="Edit Details"></p>
</form>
<?php
}
}
?>
</body>
</html>
editdetails.php
On this page, user will be able to edit details, and i want details by id
<!DOCTYPE html>
<html>
<head>
<title>Edit User Details</title>
</head>
<body>
<?php
require('database.php');
$select = "SELECT firstname, lastname, age, phone_no, age, username, password FROM signup";
$selectdata = $conn->query($select);
if ($selectdata->num_rows > 0){
$row = mysqli_fetch_array($selectdata);
$first = $row['firstname'];
$last = $row['lastname'];
$age = $row['age'];
$phone_no = $row['phone_no'];
$username = $row['username'];
$password = $row['password'];
}
?>
<?php
if (isset($_POST['update'])) {
# code...
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$age = mysqli_real_escape_string($conn, $_POST['age']);
$phone = mysqli_real_escape_string($conn, $_POST['phone_no']);
$username = mysqli_real_escape_string($conn, $_POST['user']);
$password = mysqli_real_escape_string($conn, $_POST['pass']);
$update = "UPDATE signup SET firstname= '$first', lastname= '$last', age= '$age', phone_no = '$phone', username = '$username', password = '$password' WHERE id= '$id'";
$updatedata = $conn->query($update);
if ($updatedata) {
# code...
echo $status = "Details Updated";
}
else {
# code...
echo $status = "Not Updated";
}
}
if (isset($_POST['delete'])) {
# code...
$delete = "DELETE FROM signup WHERE firstname = $first";
$deletedata = $conn->query($delete);
if ($deletedata) {
# code...
echo $status = "Details Deleted";
}
else {
# code...
echo $status = "Not Deleted";
}
}
?>
<h1>Edit Details</h1>
<form method="post" action= "<?php htmlspecialchars($_SERVER['PHP_SELF']) ?>">
<p>FirstName: <input type="text" name="first" value="<?php echo $first; ?>"></p>
<p>LastName: <input type="text" name="last" value="<?php echo $last; ?>"></p>
<p>Phone no: <input type="number" name="phone_no" value="<?php echo $phone_no; ?>"></p>
<p>Age: <input type="number" name="age" value="<?php echo $age; ?>"></p>
<p>User: <input type="text" name="user" value="<?php echo $username; ?>"></p>
<p>Password: <input type="password" name="pass" value="<?php echo $password; ?>"></p>
<p><input type="submit" name="update" value="Update">
<input type="submit" name="delete" value="Delete"></p>
</form>
<p><?php echo $status; ?></p>
</body>
</html>
Thank You.

Add in your HTML form a hidden input, like so:
<input type="hidden" name="id" value="<?php echo $id; ?>">
Then in your editdetails.php file you can access it with: $_GET["id"].
Update:
Add the hidden input to the form in Showdetails.php.
Then in editdetails.php add at the top of the page $id = (int)$_GET["id"];
Then add to your SELECT query in editdetails.php a WHERE statement for selecting the correct user:
$select = "SELECT ... FROM signup WHERE id = $id";
For the update query you are then good to go since you are already using there WHERE id = $id. (but before your $id variable was not defined)

How to preserve my session in PHP?

I'm making video-portal, so I've authentication system and if I post some comment, or image sessions disapper.
And i Get "Undefined index: email in C:\xampp\htdocs\social_site\assets\login.php on line 2"
AND "Notice: Undefined index: password in C:\xampp\htdocs\social_site\assets\login.php on line 3
".
login.php
<?php
$email = $_POST['email'];
$password = $_POST['password'];
$sql = "SELECT * FROM members WHERE email='$email'";
$query = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($query);
$hash_password = $row['password'];
$hash = password_verify( $password, $hash_password);
$y = $_session['username'] = $row['username'];
$x = $_session['id'] = $row['id'];
if (isset($_POST['submit'])) {
if ($hash == 0) {
header('location: index.php?fillpassword');
exit();
}
else{
$sql = "SELECT * FROM members WHERE email='$email' AND password='$hash_password'";
$result = mysqli_query($conn, $sql);
if (!$row = mysqli_fetch_assoc($result)) {
echo "<script>alert('You have no access here. You must login.')</script>";
header ("Location: ../index.php?erorr=noaccess");
}
}
}
?>
main.php
<?php
if ($_SESSION['id'] = $row['id']) {
echo "<form method='POST' action='".setComments($conn)."' enctype='multipart/form-data'>
<input type='hidden' name='size' value='1000000'>
<input type='file' name='image' value='Upload photo'>
<textarea name='text' rows='8' cols='80'></textarea>
<br/>
<input type='submit' name='upload' value='Submit'>
</form>";
}
?>

You have to add a session_start at the begin of your script.
If you don't want to have php's warning when the session is destroyed add also a check to see if the session is still there:
if(isset($_SESSION['password')){ [..] }

Maybe you used dreamweaver , the dreamweaver add hidden some charackters, you can check or remove it by HXD software . Download it from here .

Php Mysql login

i have created two tables named login and gotest.in gotest table i have stored user details and unique in that table is ID.in login table i am storing refid, username and password.refid is the primary key which contains same value of ID in gotest table.i am getting from ID from one form when it passed through the URl.but when iam trying to login it gives me this errpor " The Username or password are incorrect! ".
Here is my php code
<?php
include_once 'dbconnect.php';
$renewid = $_GET['ID'];
$query = "SELECT refid, username, password FROM ipay_login WHERE refid = '$renewid'";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array($result)) {
$renewid = $row['refid'];
$uname = $row['username'];
$upass = $row['password'];
echo $renewid . '<br />';
echo $uname . '<br />';
echo $upass . '<br />';
}
if(isset($_POST['btn-signup'])) {
$uname = $_POST['username'];
$upass = $_POST['password'];
/*echo $uname,$upass,$renewid;*/
$result1 = mysql_query("SELECT * FROM ipay_login WHERE username = '$uname' AND password = '$upass'");
if(mysql_num_rows($result1) > 0 )
{
echo "sucesss";
}
else
{
echo 'The Username or password are incorrect!';
}
}
?>
<html>
<head></head>
<body>
<form id="convertion" method="post">
<!--<input type="hidden" id="refid" name="refid" value="<?php /*$_GET['refid']; */?>" /><br/>-->
<input type="text" id="username" name="username" /><br/>
<input type="text" id="password" name="password" /><br/>
<button type="submit" id="btn-signup" name="btn-signup">SUBMIT</button>
</form>
</body>
</html>
URL of my login page
http://xxx.yyy.example?ID=1000

Try this ..first of all change your refid column in login to ID.then run following code
<?php
include_once 'dbconnect.php';
$renewid = $_GET['ID'];
$query = "SELECT * FROM login WHERE ID = '$renewid'";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array($result)) {
$uname = $row['username'];
$upass = $row['password'];
echo $uname . '<br />';
echo $upass . '<br />';
}
if(isset($_POST['btn-signup'])) {
$uname = $_POST['username'];
$upass= $_POST['password'];
$result1 = mysql_query("SELECT * FROM login WHERE username = '$uname' AND password = '$upass'");
if(mysql_num_rows($result1) > 0 )
{
echo "sucess";
}
else
{
echo 'The username or password are incorrect!';
}
}
?>
<html>
<head></head>
<body>
<form id="convertion" method="post">
<input type="text" id="username" name="username" /><br/>
<input type="text" id="password" name="password" /><br/>
<button type="submit" id="btn-signup" name="btn-signup">SUBMIT</button>
</form>
</body>
</html>

php form submission to mysql database

I have a registration form. In the database, the username and email are unique index. When the form submits and username or email are already present in the database, the values are not inserted. I want to notify the user that the values were not inserted. How can i do this?
HTML
<form action="register.php" method="post" id="reg" onsubmit='return validate();'>
Company Name:
<input type="text" class="inputs" name="name" id="name" /><br />
Email:
<input type="text" class="inputs" name="email" id="txtEmail" /><br />
User name:
<input type="text" class="inputs" name="uname" id="uname"/><br />
Password:
<input type="password" class="inputs" name="pass" id="pass1"/><br />
Conferm Password:
<input type="password" class="inputs" name="cpass" id="pass2"/><br /><br />
<input type="submit" value="Register" class="button" />
</form>
register.php:
include ("db.php");
if (isset($_POST['register'])) {
echo $name = ($_POST["name"]);
echo $email = ($_POST["email"]);
echo $uname = ($_POST["uname"]);
echo $password = ($_POST["pass"]);
mysqli_query($con,"INSERT INTO company_profile(user_name, password, company_name, email, phone, country, activation_string) VALUES ('$uname','$password','$name','$email','','','')");
}

*Sweet And Short *
First check that username or email is exist or not using select query if resulting is 0 (it means not exists), Insert query will run ahead
<?php
if($_POST['register']){
$uname = $_POST['uname'];
$email = $_POST['email'];
$name= $_POST['name'];
$pass= $_POST['pass'];
$result = mysqli_query($con, 'SELECT * from TABLE_NAME where email_id = "'.$email.'" or username = "'.$uname.'" ');
if(mysqli_num_rows($result) > 0){
echo "Username or email already exists.";
}else{
$query = mysqli_query($con , 'INSERT INTO TABLE_NAME (`email_id`, `username`,`name`,`pass`) VALUES("'.$email.'", "'.$email.'", "'.$uname.'","'.$name.'", "'.$pass.'")');
if($query){
echo "data are inserted successfully.";
}else{
echo "failed to insert data.";
}
}
}
?>

The query method would return true or false, depending on if the row has been inserted or not.

Try the following Code
include ("db.php");
if (isset($_POST['register']))
{
echo $name = ($_POST["name"]);
echo $email = ($_POST["email"]);
echo $uname = ($_POST["uname"]);
echo $password = ($_POST["pass"]);
$var = mysqli_query('SELECT * from company_profile where email_id = "'.$email.'" or username = "'.$uname.'" ');
$num = mysqli_num_rows($var);
if($num==0)
{
$result = INSERT INTO company_profile(user_name, password, company_name, email, phone, country, activation_string) VALUES ('$uname','$password','$name','$email','','','');
$res = mysqli_query($result);
if($res)
{
echo "Records Inserted Successfully!!";
}
else
{
echo "Records Inserted Failed!!";
}
}
else
{
echo "User with the Details Already exists!!"
}
}

PHP/MySql Update Will Not Work

i have created 2 pages
update.php
edit.php
we start on edit.php so here is edit.php's script
<?php
$id = $_SESSION["id"];
$username = $_POST["username"];
$fname = $_POST["fname"];
$password = $_POST["password"];
$email = $_POST["email"];
mysql_connect('mysql13.000webhost.com', 'a2670376_Users', 'Password') or die(mysql_error());
echo "MySQL Connection Established! <br>";
mysql_select_db("a2670376_Pass") or die(mysql_error());
echo "Database Found! <br>";
$query = "UPDATE members SET username = '$username', fname = '$fname',
password = '$password' WHERE id = '$id'";
$res = mysql_query($query);
if ($res)
echo "<p>Record Updated<p>";
else
echo "Problem updating record. MySQL Error: " . mysql_error();
?>
<form action="update.php" method="post">
<input type="hidden" name="id" value="<?=$id;?>">
ScreenName:<br> <input type='text' name='username' id='username' maxlength='25' style='width:247px' name="username" value="<?=$username;?>"/><br>
FullName:<br> <input type='text' name='fname' id='fname' maxlength='20' style='width:248px' name="ud_img" value="<?=$fname;?>"/><br>
Email:<br> <input type='text' name='email' id='email' maxlength='50' style='width:250px' name="ud_img" value="<?=$email;?>"/><br>
Password:<br> <input type='text' name='password' id='password' maxlength='25' style='width:251px' value="<?=$password;?>"/><br>
<input type="Submit">
</form>
now here is the update.php page where i am having the MAJOR problem
<?php
session_start();
mysql_connect('mysql13.000webhost.com', 'a2670376_Users', 'Password') or die(mysql_error());
mysql_select_db("a2670376_Pass") or die(mysql_error());
$id = (int)$_SESSION["id"];
$username = mysql_real_escape_string($_POST["username"]);
$fname = mysql_real_escape_string($_POST["fname"]);
$email = mysql_real_escape_string($_POST["email"]);
$password = mysql_real_escape_string($_POST["password"]);
$query="UPDATE members
SET username = '$username', fname = '$fname', email = '$email', password = '$password'
WHERE id='$id'";
mysql_query($query)or die(mysql_error());
if(mysql_affected_rows()>=1){
echo "<p>($id) Record Updated<p>";
}else{
echo "<p>($id) Not Updated<p>";
}
?>
now on edit.php i fill out the form to edit the account "test" while i am logged into it now once the form if filled out i click on |Submit!| button
and it takes me to update.php and it returns this
(0) Not Updated
(0) <= id of user logged in
Not Updated <= MySql Error from
mysql_query($query)or die(mysql_error());
if(mysql_affected_rows()>=1){
i want it to update the user logged in and if i am not mistaken in this script it says
$id = (int)$_SESSION["id"];
witch updates the user with the id of the person who is logged in
but it isnt updating its saying that no tables were effected
if it helps heres my MySql Database picture
just click here http://i50.tinypic.com/21juqfq.png
even with
session_start();
it wont work returns the same thinf as before

it appears that you have not started your session, therefore $_SESSION['id'] is not set.
session_start();
And, as always don't use mysql_* functions, that time has gone. Use mysqli or PDO

it seems your session might have times out or you did not even initialize it at all.
from your output it shows the id is 0 so there is your problem

Categories