I've got a function on my website so that when people click on a link, they are supposed to have 5 points added to their profile, but that doesn't seem to be working, instead their points just stick to 5.
The following code is what I have used to set up a function:
$points = $user_data['points'];
function pointAdd($user_id, $points) {
$user_id = (int)$user_id;
$pointsPlus = $points += 5;
mysql_query("UPDATE `users` SET `points` = '$pointsPlus' WHERE `user_id` = $user_id");
}
And I have added this to the page, so that when they enter it, the code is put into play:
$target = $_GET['target'];
if(logged_in() === true){
pointAdd($session_user_id, $pointsPlus);
header('Location: ' . $target);
exit();
}
But, when they enter the page, the function doesn't work and the user is just set to 5 points instead of having 5 extra added to their profile.
Your pointsPlus variable that you pass into your function is empty. I don't know where user_data comes from, but the solution is something like this. And also the name 'pointsPlus' is logically incorrect, because there are the base points that the user already has.
$target = $_GET['target'];
if(logged_in() === true){
$points = $user_data['points'];
pointAdd($session_user_id, $points);
header('Location: ' . $target);
exit();
}
Related
what my code does now is its posting the session in the database and everytime I refresh this page it keeps posting the same session again and again. I don't get why? The solution is probably a simple one but I tried everything. Hope to get some help.
<?php
session_start();
require '../../required/connection.php';
require '../../required/functions.php';
if (!isset($_SESSION['alive']))
{
$id = $_GET['trxid'];
$_SESSION['alive'] = uniqid();
$currentSession = $_SESSION['alive'];
$checkQuery = "SELECT token FROM request_data WHERE token='$currentSession'";
$checkResult = mysqli_query($con, $checkQuery);
$row = mysqli_num_rows($checkResult);
if($row < 1)
{
$firstQuery = "INSERT INTO request_data (token, link) VALUES ('$currentSession', '$id')";
$firstResult = mysqli_query($con, $firstQuery);
}
}
I think that something went wrong in your connection.php or functions.php. Is it also possible that you have server errors that lead to this behavior? Further it could be that you have modified the configurations of sessions in the php.ini (for example the lifetime)?
The following example is based on your code and works on the page phpfiddle.org
<?php
session_start();
// just for testing - you can comment it in and out
//$_SESSION['alive'] = null;
if (!isset($_SESSION['alive'])) {
echo 'FALSE; <br/>';
$_SESSION['alive'] = uniqid();
echo 'AFTER = "'. $_SESSION['alive'] . '"';
} else {
echo 'TRUE = "'. $_SESSION['alive'] . '"';
}
?>
end web developer, i was given a CMS done from another team and i have to link with my front-end. I have made some modifications, but due to my lack of php knowledge i have some issue here.
My users are able to fill up a form, where 1 text field is asking for their photo link. I want to check for if the value entered is not equal to what i want, then i will query insert a default avatar photo link to mysql to process.
code that i tried on php
// check if the variable $photo is empty, if it is, insert the default image link
if($photo = ""){
$photo="images/avatarDefault.png";
}
doesn't seem to work
<?php
if($_SERVER["REQUEST_METHOD"] === "POST")
{
//Used to establish connection with the database
include 'dbAuthen.php';
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
else
{
//Used to Validate User input
$valid = true;
//Getting Data from the POST
$username = sanitizeInput($_POST['username']);
$displayname = sanitizeInput($_POST['displayname']);
$password = sanitizeInput($_POST['password']);
//hash the password using Bcrypt - this is to prevent
//incompatibility from using PASSWORD_DEFAULT when the default PHP hashing algorithm is changed from bcrypt
$hashed_password = password_hash($password, PASSWORD_BCRYPT);
//Determining Type of the User
//if B - User is student
//if A - User is adin
if($_POST['type'] == 'true')
$type = 'B';
else
$type = 'A';
$email = sanitizeInput($_POST['email']);
$tutorGroup = sanitizeInput($_POST['tutorGroup']);
$courseID = sanitizeInput($_POST['courseID']);
$description = sanitizeInput($_POST['desc']);
$courseYear = date("Y");
$website = sanitizeInput($_POST['website']);
$skillSets = sanitizeInput($_POST['skillSets']);
$specialisation = sanitizeInput($_POST['specialisation']);
$photo = sanitizeInput($_POST['photo']);
// this is what i tried, checking if the value entered is empty, but doesn't work
if($photo = ""){
$photo="images/avatarDefault.png";
}
$resume = sanitizeInput($_POST['resume']);
//Validation for Username
$sql = "SELECT * FROM Users WHERE UserID= '$username'";
if (mysqli_num_rows(mysqli_query($con,$sql)) > 0){
echo 'User already exists! Please Change the Username!<br>';
$valid = false;
}
if($valid){
//Incomplete SQL Query
$sql = "INSERT INTO Users
VALUES ('$username','$displayname','$hashed_password','$type','$email', '$tutorGroup', ";
//Conditionally Concatenate Values
if(empty($courseID))
{
$sql = $sql . "NULL";
}
else
{
$sql = $sql . " '$courseID' ";
}
//Completed SQL Query
$sql = $sql . ", '$description', '$skillSets', '$specialisation', '$website', '$courseYear', '$photo', '$resume', DEFAULT)";
//retval from the SQL Query
if (!mysqli_query($con,$sql))
{
echo '*Error*: '. mysqli_error($con);
}
else
{
echo "*Success*: User Added!";
}
}
//if student create folder for them
if ($type == 'B')
{
//Store current reporting error
$oldErrorReporting = error_reporting();
//Remove E_WARNING from current error reporting level to prevent users from seeing code
error_reporting($oldErrorReporting ^ E_WARNING);
//Set current reporting error();
error_reporting($oldErrorReporting);
}
mysqli_close($con);
}
}
function sanitizeInput($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
i've tried finding a way on mysql to insert default values but it seem impossible, so i have no choice but to query insert through php.
I have the logic but i'm not sure how to implement on the php with my lack of knowledge, i was thinking of checking either
1) if the photo link does not have the word .png/.jpg, $photo != ".png"
2) if the photo link length is too low $.photo.length < 10
can someone help me look into the code and tell me what i'm doing wrong? Thanks!
A very simple way with default values could be:
$photo = isset($photo) ? $photo : 'images/avatarDefault.png' ;
How it works is that it first it asks if the photo is set, if it is, use all ready inserted value, otherwise insert your default value,
Another (very alike) method to use:
$photo = !empty($photo) ? $photo : 'images/avatarDefault.png' ;
UPDATE
To check if it contains a certain "extension" would be a simple rewrite
$photo = preg_match('#\b(.jpg|.png)\b#', $photo ) ? $photo : "images/avatarDefault.png" ;
This way it checks wether the text / image link in $photo contains the .png file type, if it doesn't it inserts your default image
First thing that I notice is to use double =
if($photo == ""){
//...
}
I used to store all my data in 000webhost, today I decided to move to hostinger. So.. after moving it I replaced the old mysql_connect info by the new one. Alright, after doing that I tested it, everything has ran fine, except some echo functions.
check file (connects to the server and do the login):
<?php
$servidorr = "mysql.XXXX.co.uk";
$bdd = "XXXXXXXX";
$usuarioo = "XXXXX";
$senhaa = "XXXXXXX";
if (!empty($_POST) AND (empty($_POST['usuario']) OR empty($_POST['senha']))) {
header("Location: geton"); exit;
}
mysql_connect($servidorr, $usuarioo, $senhaa) or trigger_error(mysql_error());
mysql_select_db($bdd) or trigger_error(mysql_error());
$usuario = mysql_real_escape_string($_POST['usuario']);
$senha = mysql_real_escape_string($_POST['senha']);
$lang = mysql_real_escape_string($_POST['lang']);
$sql = "SELECT `id`, `nome`, `nivel` FROM `usuarios` WHERE (`usuario` = '". $usuario ."') AND (`senha` = '". sha1($senha) ."') AND (`ativo` = 1) LIMIT 1";
$updatelang = "UPDATE usuarios SET lang='$lang' WHERE usuario='$usuario'";
$query = mysql_query($sql);
if (mysql_num_rows($query) != 1) {
echo "<script>alert('Oops! Looks like there is something wrong with your login! *perhaps a typo or you did not fill out the fields*'); location.href='geton'</script>"; exit;
} else {
$resultado = mysql_fetch_assoc($query);
mysql_query($updatelang);
if (!isset($_SESSION)) session_start();
$_SESSION['UsuarioID'] = $resultado['id'];
$_SESSION['UsuarioNome'] = $resultado['nome'];
$_SESSION['usuario'] = $resultado['usuario'];
$_SESSION['UsuarioNivel'] = $resultado['nivel'];
$_SESSION['lang'] = $resultado['lang'];
header("Location: http://mapmaking.zz.mu/pages/home"); exit;
}
?>
Home file (these echos are just for testing and this is not the original file, the original one has the same php stuff, except the echo functions, those are in random lines):
<?php
if (!isset($_SESSION)) session_start();
$tlang = $_SESSION['UsuarioLang'];
$aclevel = $_SESSION['UsuarioNivel'];
$nick = $_SESSION['UsuarioNome'];
$neededal = 1;
if (!isset($_SESSION['UsuarioID']) OR ($_SESSION['UsuarioNivel'] < $neededal)) {
session_destroy();
header("Location: http://inside.mapmaking.uk.to/geton"); exit;
}
session_start();
echo $tlang;
echo $aclevel;
echo $nick;
echo "$level$tlang$tlang";
?>
[this one basically start the session and check if the connected user acess level is 1]
Echo $tlang does not work! :( somehow it doesn’t, I have no idea why ;_;
Hope you guys help me, thank you!!
$_SESSION['lang'] != $_SESSION['UsuarioLang']
You assign a value to the first one, yet expect value from the second one.
$_SESSION['lang'] = $resultado['lang'];
$tlang = $_SESSION['UsuarioLang'];
Change this line:
$_SESSION['lang'] = $resultado['lang'];
to the following:
$_SESSION['UsuarioLang'] = $resultado['lang'];
You should also call session_start() without the isset check. Also, you should consider using && instead of AND and || instead of OR, as PHP has weird operator precedence rules (the assignment = has a higher precendence than either AND or OR).
I am working on a piece that allows user to create an article, but there are some restricted for an admin, which i identify as SgroupId 1. Now when I log in with my admin code, i realize i still cant post everything, except for what I identified in loadTypeUsers. I know i get the value of Sgroup1 with me, since the admin panel loads in the bar below. Also when I echo the value I get the return of 1, which should be fine.
But when I try to load the dropdown in my popup, it wont give me the full list. Instead, it loads just the list I specified in the LoadTypeUsers. Can somebody help me out here?
Thanks in advance.
~Dorv
function MakeArticleTypeDropdown(){
echo "<select name='ArticleTypeId'>";
if($SgroupId == 1 || $SgroupId == 1){
$results = LoadType();
}
else
{
$results = LoadTypeUsers();
}
while($row = mysql_fetch_array($results)){
echo "<option value='".$row['ArticleTypeId']."'>"
.$row['ArticleTypeName']."</option>";
}
echo "</select>";
}
This is tucked in the ArticleFunction.php file
function LoadTypeUsers(){
$query = "SELECT * FROM Articletype limit 1,3;";
$resultaat=SendQuery($query);
return $resultaat;
}
function LoadType(){
$query = "SELECT * FROM Articletype;";
$resultaat=SendQuery($query);
return $resultaat;
}
This is tucked in the Sentry.php file
session_start();
$UserName = $_SESSION['username'];
$result = mysql_query("select * from user where username='".$UserName."'");
while($row = mysql_fetch_array($result)){
$UserId = $row['UserId'];
$CharacterName = $row['CharacterName'];
$UserName = $row['UserName'];
$SgroupId = $row['SgroupId'];
};
$SgroupId is not defined in the function MakeArticleTypeDropdown() so it will always goes in else condition .Try something as follows
MakeArticleTypeDropdown($SgroupId)
{
//-----------your code
}
first of all, I don't see you passing the value of $SgroupId to MakeArticleTypeDropdown(). Maybe you have an scope problem and you're checking a variable $SgroupId that isn't set inside the function?
second: ($SgroupId == 1 || $SgroupId == 1) What is that || for?
I think that the LIMIT clause should be a WHERE clause.
i.e.
SELECT * FROM Articletype WHERE SgroupId = 1 OR SgroupId = 3
and perhaps the line
if($SgroupId == 1 || $SgroupId == 1){
should read
if($SgroupId == 1 || $SgroupId == 3){
I would like to know how to how to check if a field (column) is empty for a specific user.
I have connected successfully to a mySQL database, I have entered a user and I have fields that are empty. I have a post form that allows users to enter information. Based on whether other fields are empty, I would like them to fill accordingly. I would like to use logic to determine whether a field is empty or not. I am using the following:
if($_SERVER['REQUEST_METHOD'] == 'POST') {
if(trim($_POST['listing_link']) == '') {
}
else if(empty($listing_link1)) {
$listing_link1 = $_POST['listing_link'];
$listing_link1 = mysql_real_escape_string($_POST['listing_link']);
$query = "UPDATE `users`
SET `listing_link1`='$listing_link1'
WHERE `email`='$emailstring'";
}
else if(!empty($listing_link1) && empty($listing_link2)) {
$listing_link2 = $_POST['listing_link'];
$listing_link2 = mysql_real_escape_string($_POST['listing_link']);
$query = "UPDATE `users`
SET `listing_link2`='$listing_link2'
WHERE `email`='$emailstring'";
}
else if(!empty($listing_link2) && empty($listing_link3)) {
$listing_link3 = $_POST['listing_link'];
$listing_link3 = mysql_real_escape_string($_POST['listing_link']);
$query = "UPDATE `users`
SET `listing_link3`='$listing_link3'
WHERE `email`='$emailstring'";
}
else if(!empty($listing_link3) && empty($listing_link4)) {
$listing_link4 = $_POST['listing_link'];
$listing_link4 = mysql_real_escape_string($_POST['listing_link']);
$query = "UPDATE `users`
SET `listing_link4`='$listing_link4'
WHERE `email`='$emailstring'";
}
else if(!empty($listing_link4) && empty($listing_link5)) {
$listing_link5 = $_POST['listing_link'];
$listing_link5 = mysql_real_escape_string($_POST['listing_link']);
$query = "UPDATE `users`
SET `listing_link5`='$listing_link5'
WHERE `email`='$emailstring'";
}
$result = mysql_query($query);
}
?>
This code checks whether there is anything entered by the user when they hit the button for the "listing_link". If not, then nothing happens. If something is entered, then it will check to determine if any of the other fields are filled (listing_link1, listing_link2...listing_link5). The $listing_link1 - 5 variables are supposed to take on the information.
I cannot get the other else ifs to run except for:
else if(empty($listing_link1)) {
$listing_link1 = $_POST['listing_link'];
$listing_link1 = mysql_real_escape_string($_POST['listing_link']);
$query = "UPDATE `users`
SET `listing_link1`='$listing_link1'
WHERE `email`='$emailstring'";
And continually running the code by hitting the button for the form just replaces the listing_link1 variable with the newly entered information.
Perhaps there is something wrong with the logic written here. Please help if you can.
You're not defining $listing_link1 until after you've checked to see if it's empty:
else if(empty($listing_link1))
{
$listing_link1 = $_POST['listing_link'];
Flip 'em around:
$listing_link1 = $_POST['listing_link'];
if(empty($listing_link1))
{
If I got you right, this would solve your woes:
$empty = 0;
for($i=1; $i<=5; $i++){
$varname = "listinglink$i";
if(empty($$varname)){
$empty = $i;
break;
}
}
if($empty > 0){
$update_field = "listinglink{$empty}";
$update_data = $_POST['listing_link'];
mysql_query("UPDATE users SET `$update_field`='$update_data'
WHERE email='$emailstring'");
}
What I do there is spin a loop to check which one is the first empty *listing_link* and as soon as I find it, set some variable to its number and quit the loop. From there it's pretty much simple.
What this does: $$varname = 1; is that it takes the value of $varname and tries to use it as a variable name, for example:
$test = "groovy.";
$varname = "test";
echo $$varname; // eqivalent to "echo $test"
Fun technique :)