In my page, I have:
1. Registration Page
2. Login Page
3. Successful Registration Page
4. Referral Form
In my registration Page, User can register thru this.
In my Log-in page, I have two types of user, Applicant and Employee
In my Successful Registration Page, there will be a button there going to Referral Form.
In my Referral Form Page, I have a modal there to update referral information provided by the user during the registration.
The following information are:
Referrer ID
Fullname
Current Position
ContactID
Email Address
MObile Number
Member Since
If you created an account on my page, either you are a Applicant or Employee, if you successfully register, my successful registration page will prompt to you and once you have click the button going to Referral Form The following information will be displayed to your referral information based on you supplied during the registration.
If you register as an Applicant, your Referrer ID is always set into 0 and you may edit it thru Referral Form Page
or if you register as an Employee, your Referrer ID is based on you provide during the registration._
Example:
Referrer ID (Allowed to edit if you register as an applicant)
Fullname Sherlock Holmes
Current Position (This has no value and may be edit once you created an account)
ContactID CON12344
Email Address SherlockHolmes#gmail.com
MObile Number +987676758857
Member Since 2014-05-06 04:41:21
Here's my problem that I encounter.
I created an account and Successful registration page prompt to me, and I click the button going to Referral Form Page to edit my information. I edit it and Log-it out and try to relog-in, My Information updated and now reflecting on my Information. It works well.
But
When I created an account and promt successful registration page and click the button going to referral form page, If I did not edited my information and tried to log it out and try to re-login, my information becomes having all null values. LIke this,
Referrer ID 0
Fullname
Current Position
ContactID
Email Address
MObile Number
Member Since
Which was incorrect because even I did not edit my information, my information should just becomes like this.
Referrer ID 0(You can edit it)
Fullname Sherlock Holmes
Current Position (You can edit it)
ContactID CON12345678
Email Address sherlockholmes#gmail.com (You can edit it)
MObile Number +93456789 (You can edit it)
Member Since 2014-05-06 04:41:21
Problem Occurs when I didn't edit my information for a new created account, but when I edit it before I log it out, it's okay.
here is my Successful registration PHp
<?php
include('../include/dbconnection.php');
include('../include/functions.php');
if(!isset($_SESSION))
{
session_start();
}
$empid = $_SESSION['SESS_EMP_ID'];
$conid = $_SESSION['SESS_CONID'];
$fName = $_SESSION['SESS_FIRSTNAME'];
$lName = $_SESSION['SESS_LASTNAME'];
$contactNo = $_SESSION['SESS_CONTACT_NO'];
$mobile = $_SESSION['SESS_MOBILE'];
$email = $_SESSION['SESS_EMAIL'];
$bday = $_SESSION['SESS_BDAY'];
if($conid == '')
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.location.href='index.php';
</SCRIPT>");
}
else
{
//Nothing
}
?>
Here is my code in Referral Form
/**** Start Session ****/
session_start();
//Check whether the session variable SESS_EMP_ID is present or not
if(!isset($_SESSION['SESS_EMP_ID']) || (trim($_SESSION['SESS_EMP_ID']) == '')) {
header("Location: LoginPage.php");
exit();
}
/**** End ****/
/**** Redirects automatically to index ****/
header("Refresh: 15 * 60; url=index.php");
/**** End ****/
/**** authentication ****/
//require_once('../function/auth_emp.php');
/**** End ****/
$empid = $_SESSION['SESS_EMP_ID'];
$bdate = $_SESSION['SESS_BDAY'];
/**** Database connection ****/
require_once('../include/config.php');
/**** End ****/
include'../GlobalConstants.php';
include_once ('../refer/updateInfo.php');
mysql_select_db($db_name, $con) or die("ERR_COULD_NOT_SEE_DB");
if($empid == 0)
{
$fname = $_SESSION['SESS_FIRSTNAME'];
$lname = $_SESSION['SESS_LASTNAME'];
$bdate = $_SESSION['SESS_BDAY'];
$pos = $_SESSION['SESS_POSITION'];
$empid = $_SESSION['SESS_EMP_ID'];
$qry= "SELECT vtiger_contactdetails.firstname,
vtiger_contactdetails.contact_no,
vtiger_contactscf.cf_703,
vtiger_contactscf.cf_715,
vtiger_contactscf.cf_717,
vtiger_contactdetails.email,
vtiger_contactdetails.lastname,
vtiger_contactdetails.mobile,
vtiger_contactdetails.contactid,
vtiger_crmentity.createdtime
FROM vtiger_contactdetails
INNER JOIN vtiger_contactscf
ON vtiger_contactdetails.contactid = vtiger_contactscf.contactid
INNER JOIN vtiger_crmentity
ON vtiger_contactdetails.contactid = vtiger_crmentity.crmid
INNER JOIN vtiger_contactsubdetails
ON vtiger_contactsubdetails.contactsubscriptionid= vtiger_contactdetails.contactid
WHERE vtiger_contactdetails.firstname = '".$fname."'
AND vtiger_contactdetails.lastname = '".$lname."'
AND vtiger_contactsubdetails.birthday = '".$bdate."'";
$result = mysql_query($qry);
} else
{
$qry= "SELECT vtiger_contactdetails.firstname,
vtiger_contactdetails.contact_no,
vtiger_contactscf.cf_703,
vtiger_contactscf.cf_715,
vtiger_contactscf.cf_717,
vtiger_contactdetails.email,
vtiger_contactdetails.lastname,
vtiger_contactdetails.mobile,
vtiger_contactdetails.contactid,
vtiger_crmentity.createdtime
FROM vtiger_contactdetails
INNER JOIN vtiger_contactscf
ON vtiger_contactdetails.contactid = vtiger_contactscf.contactid
INNER JOIN vtiger_crmentity
ON vtiger_contactdetails.contactid = vtiger_crmentity.crmid
WHERE vtiger_contactscf.cf_739 = '".$empid."'";
$result = mysql_query($qry);
}
if($result)
{
if(mysql_num_rows($result)> 0)
{
$row = mysql_fetch_assoc($result);
$contact_no = $row['contact_no'];
$fname = $row['firstname'];
$mname = $row['cf_703'];
$lname = $row['lastname'];
$mobile = $row['mobile'];
$pos = $row['cf_715'];
$program = $row['cf_717'];
$email = $row['email'];
$conid = $row['contactid'];
$memberdate = $row['createdtime'];
}
}
$erp = "ERP";
/**** Stores the firstname and lastname in the session ****/
$_SESSION['SESS_EMP_ID'] = $empid;
$_SESSION['SESS_CONID'] = $conid;
$_SESSION['SESS_FIRSTNAME'] = $fname;
$_SESSION['SESS_MIDDLENAME'] = $mname;
$_SESSION['SESS_LASTNAME'] = $lname;
$_SESSION['SESS_MOBILE'] = $mobile;
$_SESSION['SESS_EMAIL'] = $email;
$_SESSION['SESS_POSITION'] = $pos;
$_SESSION['SESS_GEN'] =$erp;
$_SESSION['login_time'] = time();
?>
Do I have problem passing the session variable when the user didn;t fill up the information after they created an account?
If user edit and fill up all information and try to relogout and relogin. It seems okay and works.
But after user created an account, and If he didn;t edit the information and log it out and try to relogin, it does not reflect the values. Can you help me with this
Related
currently I'm stuck with how I should identify/differentiate a particular account from many accounts that exists in my database. Let's say I am in home page and I click an account and I want the information to be displayed of that particular account that I viewed, but I couldn't display it as I don't know how to identify that particular account that I try to view.
Here's my php code to display all the accounts.
$username = $_SESSION['username'];
$sql1 = "SELECT username, address, country, zipcode, photo, bio FROM user WHERE NOT username = '$username'";
$result = $conn->query($sql1);
if($result->num_rows > 0)
{
while($row = $result->fetch_assoc())
{
echo "<div id = 'account'>";
echo "<span id = 'image'><a id = 'accounts' href = 'accounts.php'><img src = '".$row['photo']."' alt = 'profile photo' width = '100px' height = '100px' style = 'margin-right:40px; margin-top: 5px;'></span>";
echo "<div id = 'username'><big><b style='text-transform:lowercase;'>".$row['username']."</big></a></b><br><small><i><q>".$row['bio']."</q></i></small><br>Lives in <b style='text-transform: capitalize;'>".$row['address']."</b><br>From <b>".$row['country']."</b></div><button id = 'addFriend' type = 'button' onclick = 'addFriends()'>Add friend</button>";
echo "</div>";
}
}
From the above code I can easily identify the user(person who logged in) account by storing his/her username in session from the input text while signing up. But now as theres no textfield or anything from where I can get the username to store in session, I am stuck on how to identify a user. And to retrieve it from database too, I think I pretty much need to identify the user first. Hope I am clear.
Thank You in advance.
From what I understood you have an home page and when you click an account you want to display a page specific to that account.
Supposing that this is what you are looking for, you can identify the account using their id or user name.
What I usually do I use GET parameters to get the information and then I run a query to get the information. So what you need is a specific link https://example.com/user?id=3 like this.
As you can see after the domain and the page (https://example.com/user) we have a question mark and a name id in this case (can be whatever you want) and a value =3
this means that I have a value in the superglobal array $_GET which is accessible using id as key, so if I do this echo $_GET["id"]; //3 the output will be 3.
By doing so you can use this value to query the DB and get a specific account.
REMEMBER TO SANITIZE INPUT!!! other wise user can hack into you DB ( use this link for more info)
after you can run a query to get the information.
Detailed example:
-Home.php
/**/
Visit This Account!!
/**/
--User.php
/**/
$id = $_GET["id"]; //SANITIZE INPUT!!!!!!
$sql1 = "SELECT username, address, country, zipcode, photo, bio FROM user WHERE id = '$id'";
$result = $conn->query($sql1);
if($result->num_rows > 0)
{
while($row = $result->fetch_assoc())
{
echo "<div id = 'account'>";
echo "<span id = 'image'><a id = 'accounts' href = 'accounts.php'><img src = '".$row['photo']."' alt = 'profile photo' width = '100px' height = '100px' style = 'margin-right:40px; margin-top: 5px;'></span>";
echo "<div id = 'username'><big><b style='text-transform:lowercase;'>".$row['username']."</big></a></b><br><small><i><q>".$row['bio']."</q></i></small><br>Lives in <b style='text-transform: capitalize;'>".$row['address']."</b><br>From <b>".$row['country']."</b></div><button id = 'addFriend' type = 'button' onclick = 'addFriends()'>Add friend</button>";
echo "</div>";
}
}
/**/
P.S.
You should use PDO and prepered statement to prevent from attacks.
I am displaying the user names as links on a php page like this which on clicking navigates on particular user home page:
$msql=$db->prepare("SELECT * from users where id=? order by id desc");
$msql->bind_param("i",$user_id);
$msql->execute();
$msql = $msql->get_result();
$msql = $msql->num_rows;
while($usercount=$msql->fetch_assoc())
{
$Email = $usercount['email'];
$FirstName = $usercount['first_name'];
$LastName = $usercount['last_name'];
?>
<strong><?php echo $FirstName.' '.$LastName;?></strong>
<?php
}
?>
And for the navigation to the user home page on clicking the link, I am using like this :
<?php
if(isset($_GET['navigate']) && $_GET['navigate'] == "true"){
$_SESSION['email'] = $Email;
header('location: nextpage.php');
}
?>
So my page looks like this as link
user1
user2
user3
.
.
.
usern
My issue is whenever I click on any of the links it always stores the first email in the session variable.
So, if I output the SESSION in nextpage.php
echo $_SESSION['email'];
it always echoes the first link email.
My guess for this because of the while loop I am using it always picks up the first link data and stays with it, but my question is how do i get the data for others as well. I want to navigate to that user page for which the link is clicked and that can only be done if I get the correct email on clicking the link.
As you said id is not primary key, and i assume that your same id will contain different emails, you have to do below changes:-
<?php
$msql=$db->prepare("SELECT * from users where id=? order by id desc");
$msql->bind_param("i",$user_id);
$result = $msql->execute(); // assign to a variable
//$msql = $msql->get_result(); //you are over-writing to one variable which is not correct
//$msql = $msql->num_rows; //you are over-writing to one variable which is not correct
while($usercount=$result->fetch_assoc()){
$Email = $usercount['email'];
$FirstName = $usercount['first_name'];
$LastName = $usercount['last_name'];
?>
<strong><?php echo $FirstName.' '.$LastName;?></strong> <!-- send mail id to the url too otherwise how's you will get the email id to save it into SESSION-->
<?php } ?>
AND
<?php
if(isset($_GET['navigate']) && $_GET['navigate'] == "true"){
$_SESSION['email'][] = $_GET['email']; // assign each mail to SESSION ARRAY not SESSION variable
header('location: nextpage.php');
}
?>
AND
echo "<pre/>";print_r($_SESSION['email']); //to see all emails.
Note:- You have to write session_start(); on top of your php page just after <?php if you want to work with SESSION on that page.
I'm making a site similar to Instagram. I am very new to php. I created a follow button in the user's profile.
How do you make the follow button disappear when you already followed the user?
How do you replace it with unfollow button?
// my php code for following
if (isset($_POST['addfriend'])){
$fromuser = $user;
$touser = $username;
if($fromuser == $username){
$Msg = "You cannot follow yourself<br/>";
}
else
{
$getID= mysql_query("SELECT userID FROM user WHERE username='$user'");
$get_ID_row = mysql_fetch_assoc($getID);
$ID_db = $get_ID_row['userID'];
$sql = "insert into following (userID, fromUser, toUser)
values ('$ID_db','$fromuser', '$touser')";
$result = mysql_query($sql);
$Msg= "Success! <br/>";
}
}
else{
//Do nothing
}
//my code for the follow button
<form action="<?php $user;?>" method ="POST">
<?php echo $Msg; ?>
<input type = "submit" name ="addfriend" value = "Follow"/>
</form>
On the page where you are going to show the Follow or Unfollow button, first run a MySQL query to find out if you are already following the person:
$sql = "select * from following
where userID = $user
and fromUser = $fromUser
and toUser = $toUser";
$result = mysql_query($sql);
if( $result) {
if( mysql_num_rows($result) > 0) {
// if we get here we know we are already following that person
....[see below]
Now dynamically create whichever button you need:-
if( mysql_num_rows($result) > 0) {
// if we get here we know we are already following that person
echo '<input type = "submit" name ="removefriend" value = "Un-follow"/>';
}
else
{
echo '<input type = "submit" name ="addfriend" value = "Follow"/>';
}
And on the following page where you are getting the form results, check for both buttons:
if (isset($_POST['addfriend'])) {
...[do what you already have]
}
else
if (isset($_POST['removefriend'])) {
...[do SQL to remove the record from the following table]
}
Please be aware also that as of PHP v5.5 this style of MySQL is deprecated. At some stage in the future you will have to convert your programs to the MySQLi or PDO_MySQL extensions, before they eventually discontinue support. See the PHP manual about this at eg http://php.net/manual/en/mysqlinfo.api.choosing.php.
Would be easier with OO PHP. However, if you chose procedural, let's assume we have a table of friends. Which keeps the id of each of my friends.
e.g.: Smith follows John
Then you do something like
$following = mysql_query("SELECT COUNT(*) FROM followers WHERE followerid = ".$_SESSION['id']." AND followeeid = ".$username);
Check if You follow the person already:
if($following){//$following == true
}
Hello there so I am having a little trouble here what I am trying to do is use my code below to show all the users friend requests on the same page, but what is happening is the page is showing only one request at a time then the page has to be refreshed or reloaded for the remaining requests to show up one by one instead off all of them listed down the page any help would be great as I'm trying to learn thank you
<?php
include ('views/header.php');
require_once ('config/config.php');
include ('config/connection.php');
{
global $user_name,$page_owner,$username;
$user_name = trim(strip_tags($_SESSION["user_name"])); //This is the user who logged into the system or logged in session
$page_owner = trim(strip_tags($_SESSION["user_name"])); // This is the owner of the page viewed
$username = mysql_query("select * from request where friend ='".$user_name."'");
$user_id = mysql_query("select user_id from users where user_id = 'user_id'");
//This is the page that checks for Friend Request
$check_request = mysql_query("select * from request where friend = '".$user_name."'"); //First Request receive, first to respond to
if(intval(mysql_num_rows($check_request))==0); //If there is a friend request for the logged in user then show it to the user otherwise do nothing
$get_request_details = mysql_fetch_array($check_request);
//Check friend who sent the request full info from the users table
$check_request_info = mysql_query("select * from `users` where `user_name` = '".mysql_real_escape_string($get_request_details["username"])."'");
//Get friend who sent the request full info from the users table
$get_request_info = mysql_fetch_array($check_request_info);
//Check logged in user full info from the users table
$check_logged_in_user_info = mysql_query("select * from `users` where `user_name` = '".$_SESSION['user_name']."'");
//Get logged in user full info from the users table
$get_logged_in_user_info = mysql_fetch_array($check_logged_in_user_info);
?>
new requests(<?php echo intval(mysql_num_rows($check_request)); ?>)
<div>Hello <?php echo strip_tags($get_logged_in_user_info["user_name"]);?><div>
<div style="font-family:Verdana, Geneva, sans-serif; font-size:11px; line-height:18px;" align="left">Here are your friend requests.</div>
<font style="color:blue;font-family:Verdana, Geneva, sans-serif; font-size:14px;"><?php echo strip_tags($get_request_info["user_name"]); ?> wants to be friends</font><div>
<div>
<div>
<a href="af.php?username=<?php echo $get_request_info["user_name"];
?>"class="square">Accept</a>
Decline
<?php
}
{
//Unknown page realized
}
?>
It's because you only print out one. You never loop through the array containing all friend requests - you echo the first one in the array. If you decline or accept that one, it'll show the next one, and so forth.
See Populate PHP Array from While Loop
The function mysql_fetch_array() only fetches one result row at a time. You want to wrap this in a while loop like so:
while ($get_request_details = mysql_fetch_array($check_request))
{
// do repetitive processing
}
$user_name = mysql_real_escape_string($user_name);
$query ="SELECT user_id FROM users JOIN request ON users.user_id = request.user_id WHERE users.user_id = {$user_name}";
$request = mysql_query($query);
while ( $row = mysql_fetch_assoc($request)){
$results[] = $row;
}
//debug
echo '<pre>';
print_r($results);
and it's a good practice to use LIMIT in your SQL
I have a Login script that is on my home page for my Login form that is also on my home page. When the user submits the form to Login he/she submits his/her username and password.
The database that the script accesses has the Username, Password, and Email Address stored from the users registration.
Once the user logs in successfully, he/she is redirected to a page that loads their previous "reviews" on the page which are stored within a different table within the same database.
I need to send the email from one table to the query on the redirected page.
Here is the code of my PHP code that processes the Login:
<?php
//If the user has submitted the form
if(isset($_REQUEST['username'])){
//protect the posted value then store them to variables
$username = protect($_POST['username']);
$password = protect($_POST['password']);
//Check if the username or password boxes were not filled in
if(!$username || !$password){
//if not display an error message
echo "<center>You need to fill in a <b>Username</b> and a <b>Password</b>!</center>";
}else{
//if they were continue checking
//select all rows from the table where the username matches the one entered by the user
$res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."'");
$num = mysql_num_rows($res);
//check if there was no match
if($num == 0){
//if none, display an error message
echo "<center>The <b>Username</b> you supplied does not exist!</center>";
}else{
//if there was a match continue checking
//select all rows where the username and password match the ones submitted by the user
$res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
$num = mysql_num_rows($res);
//check if there was no match
if($num == 0){
//if none display error message
echo "<center>The <b>Password</b> you supplied does not match the one for that username!</center>";
}else{
//if there was continue checking
//split all fields from the correct row into an associative array
$row = mysql_fetch_assoc($res);
//check to see if the user has not activated their account yet
if($row['active'] != 1){
//if not display error message
echo "<center>You have not yet <b>Activated</b> your account!</center>";
}else{
//if they have log them in
//set the login session storing there id - we use this to see if they are logged in or not
$_SESSION['uid'] = $row['id'];
//update the online field to 50 seconds into the future
$time = date('U')+50;
mysql_query("UPDATE `users` SET `online` = '".$time."' WHERE `id` = '".$_SESSION['uid']."'");
//redirect them to the usersonline page
echo 'REDIRECT';
}
}
}
}
exit;
}
?>
Here is the PHP Code that is on the Re-directed to page:
<?php
$con=mysqli_connect("","","","");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM comments
WHERE email='$_POST[email]' ORDER BY dt");
while($row = mysqli_fetch_array($result))
{
echo $row['dt'] ." " . $row['email'] . " " . $row['body'];
echo "<br>";
echo "<br>";
}
?>
I need to add something to the first code to pick up the email address out of the table it uses to verify the Login information and send it to the second code to receive the "reviews." I have tried googling an answer and came up with nothing. Please help!
Since you have used the $_SESSION array in your code(which maybe is copied from somewhere), you can similarly store the email address in the same array.
$_SESSION['email'] = $row['email'];
In the later page, you'd need to replace $_POST['email'] with $_SESSION['email'].