I try to insert the variable randomString into the table user2 into the column code, but it wont work. All other values are in the table, but the generated string wont. The column code have the type varchar(8). Where is my mistake?
<?php
session_start();
$message = array();
if (!empty($_POST)) {
if(isset($_POST['f']['country']) )
{
$country = $_POST['f']['country'];
}
function generateRandomString($length = 8) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
$randomString = generateRandomString();
if (
empty($_POST['f']['username']) ||
empty($_POST['f']['password']) ||
empty($_POST['f']['password_again']) ||
empty($_POST['f']['email']) ||
empty($_POST['f']['firstname']) ||
empty($_POST['f']['lastname']) ||
empty($_POST['f']['phone']) ||
empty($_POST['f']['town']) ||
empty($_POST['f']['street']) ||
empty($_POST['f']['zip'])
) {
$message['error'] = 'Es wurden nicht alle Felder ausgefüllt.';
} else if ($_POST['f']['password'] != $_POST['f']['password_again']) {
$message['error'] = 'Die eingegebenen Passwörter stimmen nicht überein.';
} else {
unset($_POST['f']['password_again']);
$salt = '';
for ($i = 0; $i < 22; $i++) {
$salt .= substr('./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789', mt_rand(0, 63), 1);
}
$_POST['f']['password'] = crypt(
$_POST['f']['password'],
'$2a$10$' . $salt
);
$mysqli = #new mysqli('localhost', '', '', '');
if ($mysqli->connect_error) {
$message['error'] = 'Datenbankverbindung fehlgeschlagen: ' . $mysqli->connect_error;
}
$query = sprintf(
"INSERT INTO user2 (username, password, email, firstname, lastname, phone, town, street, zip, country, code)
SELECT * FROM (SELECT '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') as new_user
WHERE NOT EXISTS (
SELECT username FROM user2 WHERE username = '%s'
) LIMIT 1;",
$mysqli->real_escape_string($_POST['f']['username']),
$mysqli->real_escape_string($_POST['f']['password']),
$mysqli->real_escape_string($_POST['f']['email']),
$mysqli->real_escape_string($_POST['f']['firstname']),
$mysqli->real_escape_string($_POST['f']['lastname']),
$mysqli->real_escape_string($_POST['f']['phone']),
$mysqli->real_escape_string($_POST['f']['town']),
$mysqli->real_escape_string($_POST['f']['street']),
$mysqli->real_escape_string($_POST['f']['zip']),
$mysqli->real_escape_string($_POST['f']['country']),
$mysqli->real_escape_string($randomString),
$mysqli->real_escape_string($_POST['f']['username'])
);
$mysqli->query($query);
if ($mysqli->affected_rows == 1) {
$message['success'] = 'Neuer Benutzer (' . htmlspecialchars($_POST['f']['username']) . ') wurde angelegt, weiter zur Anmeldung.';
header('Location: http://' . $_SERVER['HTTP_HOST'] . '//login.php');
$_SESSION = array(
'login' => true,
'user' => array(
'username' => $row['username']
)
);
} else {
}
$mysqli->close();
}
}
?>
You are not using function generateRandomString anywhere. I don't understand its purpose quite well right now.
If $randomString has some value (input name in variable), you are looking for
$_POST[$randomString]
If you have input with name randomString, you are looking for
$_POST['randomString']
Anyway, currently you are trying to get value of input named $randomString. I bet you don't have input named like this.
If your variable is in single quotes, it is treated as plain string.
If you are trying just to save random string, use your function
$randomString = generateRandomString();
And save it
$mysqli->real_escape_string($randomString),
Few mistake in your code
1) $randomString = $_POST['$randomString']; change to $randomString = $_POST['randomString'];
2) $mysqli->real_escape_string($_POST['$randomString']), change to $mysqli->real_escape_string($_POST['randomString']),
And you not shows us how you call this function
generateRandomString()
in youe code??
Related
I keep getting duplicate posts in the SQL DB.
This is the code I am using to create the table and insert data into the DB..
$query = "SELECT * FROM '.$cname.' WHERE name='$itemname' and price='$price'";
$result = mysqli_query($db, $query);
$count = mysqli_num_rows($result);
if($count == 0){
//insert doesn't exist, continue
//insert sizes
$list = "";
$number = count($sizes);
$num = 0;
if($usesize == 'yes'){
$num = 1;
if($number > 0){
for($i=0; $i<$number; $i++){
if(trim($_POST["size"][$i] != '')){
if(empty($list)){
$list = $_POST["size"][$i];
}else{
$list .= ",".$_POST["size"][$i];
}
}
}
echo $list;
}
$quantitylist = "";
$quantitynumber = count($quantity);
if($quantitynumber > 0){
for($a=0; $a<$quantitynumber; $a++){
if(trim($_POST["quantity"][$a] != '')){
if(empty($quantitylist)){
$quantitylist = $_POST["quantity"][$a];
}else{
$quantitylist .= ",".$_POST["quantity"][$a];
}
}
}
echo $quantitylist;
}
}else{
$num = 0;
}
$colorlist = "";
$colornumber = count($colors);
$cnum = 0;
if($usecolors == 'yes'){
$cnum = 1;
if($colornumber > 0){
for($i=0; $i<$colornumber; $i++){
if(trim($_POST["colors"][$i] != '')){
if(empty($colorlist)){
$colorlist = $_POST["colors"][$i];
}else{
$colorlist .= ":".$_POST["colors"][$i];
}
}
}
echo $colorlist;
}
}else{
$cnum = 0;
}
$query = "INSERT INTO ".$cname." (name, description, imgpath, price, sold, usesize, usecolors) VALUES ('$itemname', '$description', '$insertloc"."$name', '$price', '0', '$num', '$cnum')";
if(mysqli_query($db, $query)){
//inserted successfully
echo "Inserted successfully!";
}else{
$uploadOk = 0;
echo mysqli_error($db);
}
$conn = mysqli_connect('localhost', 'grampmkn_gramsandpops', 'Grams123', 'grampmkn_shop_quantity');
if($conn){
$query = "CREATE TABLE `".$itemname."` (
id int NOT NULL AUTO_INCREMENT,
size varchar(500),
color varchar(500),
quantity int(100),
PRIMARY KEY(id),
UNIQUE(size)
);";
$array = explode(',', $list);
if(mysqli_query($conn, $query)){
mysqli_select_db($conn, $name);
$array = explode(',', $list);
foreach($array as $value){
$arrays = explode(':', $colorlist);
foreach($arrays as $values){
$arrays1 = explode(',', $quantitylist);
foreach($arrays1 as $values1){
$query = "INSERT INTO `".$itemname."` (size, color, quantity) VALUES ('$value', '$values', '$values1')";
if(mysqli_query($conn, $query)){
echo "Successfully inserted data into grampmkn_shop_quantity!";
}else{
echo mysqli_error($conn);
}
}
}
}
}else{
echo "Could not create table";
}
}else{
echo "Could not connect to shop quantity database!";
echo mysqli_errno($conn);
}
}else{
//insert already exists
echo "Insert already exists!";
$uploadOk = 0;
}
Image from DB.
If I remove the nested loops, then how would I get all the data in the arrays to insert into the sql database.
I am only creating the table once, I am just inserting multiple times to get all the data into the db.
Any help is appreciated.
How can I use another function to check if the email is in the right format ([number of symbols]#[number of symbols].[number of symbols]) and if it's unique while adding it using the insertUser? (All info is read from a .txt file).
Code:
class User{
function randomPassword($length = 8){
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, strlen($characters) - 1)];
}
return $randomString;
}
function insertUser($firstName, $lastName, $email){
global $DB;
$DB->query("INSERT INTO `users` (`fname`, `lname`, `password` , `email`) values ('$firstName', '$lastName', '" . randomPassword() . "', '$email') ");
}
In the index file:
$USER = new User();
$data = readData();
foreach($data as $nr => $user){
$USER->insertUser($user['first_name'], $user['last_name'], $user['email']);
}
Call as $this->randomPassword();
Email validation
function checkEmail($email) {
if(preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])
?*#([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/",$email)){
list($username,$domain)=split('#',$email);
if(!checkdnsrr($domain,'MX')) {
return false;
}
return true;
}
return false;
}
To insert the random string you should do this :
Change the insertUser function to :
function insertUser($firstName, $lastName, $email){
global $DB;
$DB->query("INSERT INTO `users` (`fname`, `lname`, `password` , `email`) values ('$firstName', '$lastName', '" . $this->randomPassword() . "', '$email') ");
}
I'm working on a domain shortening service called "sHTTP". It uses a MySQL database to store the shortened URLs. I can't insert them though.
Here's my code:
function db(){
$link = mysqli_connect('sqlserver', 'user', 'pass', 'db') or die(mysqli_error());
return $link;
}
$url = mysqli_real_escape_string(db(), $_POST['url']);
$ip = $_SERVER['REMOTE_ADDR'];
function checkexists($name){
// check if shttp exists
$q = mysqli_num_rows(mysqli_query(db(),"SELECT name FROM shttp WHERE name = '$name'"));
if($q > 0){
return true;
} else {
return false;
}
}
function generateRandStr($length){
// generate string for placeholder name
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randomString = '';
for($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, strlen($characters) - 1)];
}
return $randomString;
}
if(checkexists($name)){
die('sHTTP name exists already!');
}
if($_POST['url'] == ''){
die('No URL entered!');
}
if(!$_POST['name']){
$name = generateRandStr(5);
}else{
$name = mysqli_real_escape_string(db(), $_POST['name']);
}
//THIS IS MY MAIN PROBLEM HERE GUISE
$query = "INSERT INTO shttp(name, url, ip) VALUES ($name, $url, $ip)";
//Y U NO WORKING
$exe = mysqli_query(db(), "INSERT INTO shttp (name, url, ip) VALUES ($name, $url, $ip)");
if(!$exe){
//I'M GETTING THE DIE HALP
die('Error: Could not be processed');
} else {
echo 'sHTTP created!<br>URL: <a href=http://shttp.tk/ '.$name.'>http://shttp.tk/'.$name.'</a>';
}
I'm getting the "Error: Could not be processed" I set up.
Also, my DB table is this:
name varchar(255)
url varchar(255)
ip varchar(255)
I believe that's how I set it up in my code as well.
If anyone can help, I would appreciate it. Thank you for your time.
You need to use quote for the string values as
$query = "INSERT INTO shttp(name, url, ip) VALUES ('$name', '$url', '$ip')" ;
Ok, so I have downloaded mibew messenger and I want to customize the buttons, so I go into login.php and the actual submit button for the login is type="image" so I changed to to type="submit" and when I submit the form I get a incorrect username/password error, anyway I was very confused so I was looking through loads of the other files to see if I can find anything that's related to the type="image" just in-case there's something that identifies the type="image", well I dunno, I didn't find anything but what I did notice is that when I type in admin into the username and click login the submit button it returns the login error but also in the box where I put admin there is now the value of the type="submit" so in this case it says login because the value is value="login", I'm really confused, I think maybe it is submitting "login" instead of "admin" as the username.
Here is the before and after submit buttons:
NEW
<input type="submit" name="login" value="login" >
ORIGINAL
<input type="image" name="login" src='<?php echo $webimroot.getlocal("image.button.login") ?>' alt='<?php echo getlocal("button.enter") ?>'/>
If i change it back to the original it works fine, but i want to use css not images.
Also, it would be quite hard to make a jsfiddle, otherwise i would have made one.
This is login.php where is posts the data
require_once('../libs/common.php');
require_once('../libs/operator.php');
$errors = array();
$page = array('formisRemember' => true, 'version' => $version);
if (isset($_POST['login']) && isset($_POST['password'])) {
$login = getparam('login');
$password = getparam('password');
$remember = isset($_POST['isRemember']) && $_POST['isRemember'] == "on";
$operator = operator_by_login($login);
if ($operator && isset($operator['vcpassword']) && $operator['vcpassword'] == md5($password)) {
$target = isset($_SESSION['backpath'])
? $_SESSION['backpath']
: "$root/agent/index.php";
login_operator($operator, $remember);
header("Location: $target");
exit;
} else {
$errors[] = getlocal("page_login.error");
$page['formlogin'] = $login;
}
}
$page['localeLinks'] = get_locale_links("$root/agent/login.php");
start_html_output();
require('../display/login.php');
This is the included operator.php in login.php
$can_administrate = 0;
$can_takeover = 1;
$can_viewthreads = 2;
$can_modifyprofile = 3;
$can_count = 4;
$permission_ids = array(
$can_administrate => "admin",
$can_takeover => "takeover",
$can_viewthreads => "viewthreads",
$can_modifyprofile => "modifyprofile"
);
function operator_by_login($login)
{
global $mysqlprefix;
$link = connect();
$operator = select_one_row(
"select * from ${mysqlprefix}chatoperator where vclogin = '" . mysql_real_escape_string($login) . "'", $link);
mysql_close($link);
return $operator;
}
function operator_by_email($mail)
{
global $mysqlprefix;
$link = connect();
$operator = select_one_row(
"select * from ${mysqlprefix}chatoperator where vcemail = '" . mysql_real_escape_string($mail) . "'", $link);
mysql_close($link);
return $operator;
}
function operator_by_id_($id, $link)
{
global $mysqlprefix;
return select_one_row(
"select * from ${mysqlprefix}chatoperator where operatorid = $id", $link);
}
function operator_by_id($id)
{
$link = connect();
$operator = operator_by_id_($id, $link);
mysql_close($link);
return $operator;
}
function operator_get_all()
{
global $mysqlprefix;
$link = connect();
$query = "select operatorid, vclogin, vclocalename, vccommonname, istatus, (unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time " .
"from ${mysqlprefix}chatoperator order by vclogin";
$operators = select_multi_assoc($query, $link);
mysql_close($link);
return $operators;
}
function operator_is_online($operator)
{
global $settings;
return $operator['time'] < $settings['online_timeout'];
}
function operator_is_available($operator)
{
global $settings;
return $operator['istatus'] == 0 && $operator['time'] < $settings['online_timeout'] ? "1" : "";
}
function operator_is_away($operator)
{
global $settings;
return $operator['istatus'] != 0 && $operator['time'] < $settings['online_timeout'] ? "1" : "";
}
function update_operator($operatorid, $login, $email, $password, $localename, $commonname)
{
global $mysqlprefix;
$link = connect();
$query = sprintf(
"update ${mysqlprefix}chatoperator set vclogin = '%s',%s vclocalename = '%s', vccommonname = '%s'" .
", vcemail = '%s', vcjabbername= '%s'" .
" where operatorid = %s",
mysql_real_escape_string($login),
($password ? " vcpassword='" . md5($password) . "'," : ""),
mysql_real_escape_string($localename),
mysql_real_escape_string($commonname),
mysql_real_escape_string($email),
'',
$operatorid);
perform_query($query, $link);
mysql_close($link);
}
function update_operator_avatar($operatorid, $avatar)
{
global $mysqlprefix;
$link = connect();
$query = sprintf(
"update ${mysqlprefix}chatoperator set vcavatar = '%s' where operatorid = %s",
mysql_real_escape_string($avatar), $operatorid);
perform_query($query, $link);
mysql_close($link);
}
function create_operator_($login, $email, $password, $localename, $commonname, $avatar, $link)
{
global $mysqlprefix;
$query = sprintf(
"insert into ${mysqlprefix}chatoperator (vclogin,vcpassword,vclocalename,vccommonname,vcavatar,vcemail,vcjabbername) values ('%s','%s','%s','%s','%s','%s','%s')",
mysql_real_escape_string($login),
md5($password),
mysql_real_escape_string($localename),
mysql_real_escape_string($commonname),
mysql_real_escape_string($avatar),
mysql_real_escape_string($email), '');
perform_query($query, $link);
$id = mysql_insert_id($link);
return select_one_row("select * from ${mysqlprefix}chatoperator where operatorid = $id", $link);
}
function create_operator($login, $email, $password, $localename, $commonname, $avatar)
{
$link = connect();
$newop = create_operator_($login, $email, $password, $localename, $commonname, $avatar, $link);
mysql_close($link);
return $newop;
}
function notify_operator_alive($operatorid, $istatus)
{
global $mysqlprefix;
$link = connect();
perform_query("update ${mysqlprefix}chatoperator set istatus = $istatus, dtmlastvisited = CURRENT_TIMESTAMP where operatorid = $operatorid", $link);
mysql_close($link);
}
function has_online_operators($groupid = "")
{
global $settings, $mysqlprefix;
loadsettings();
$link = connect();
$query = "select count(*) as total, min(unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time from ${mysqlprefix}chatoperator";
if ($groupid) {
$query .= ", ${mysqlprefix}chatgroupoperator where groupid = $groupid and ${mysqlprefix}chatoperator.operatorid = ${mysqlprefix}chatgroupoperator.operatorid and istatus = 0";
} else {
$query .= " where istatus = 0";
}
$row = select_one_row($query, $link);
mysql_close($link);
return $row['time'] < $settings['online_timeout'] && $row['total'] > 0;
}
function is_operator_online($operatorid, $link)
{
global $settings, $mysqlprefix;
loadsettings_($link);
$query = "select count(*) as total, min(unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time " .
"from ${mysqlprefix}chatoperator where operatorid = $operatorid";
$row = select_one_row($query, $link);
return $row['time'] < $settings['online_timeout'] && $row['total'] == 1;
}
function get_operator_name($operator)
{
global $home_locale, $current_locale;
if ($home_locale == $current_locale)
return $operator['vclocalename'];
else
return $operator['vccommonname'];
}
function append_query($link, $pv)
{
$infix = '?';
if (strstr($link, $infix) !== FALSE)
$infix = '&';
return "$link$infix$pv";
}
function check_login($redirect = true)
{
global $root, $mysqlprefix;
if (!isset($_SESSION["${mysqlprefix}operator"])) {
if (isset($_COOKIE['webim_lite'])) {
list($login, $pwd) = preg_split("/,/", $_COOKIE['webim_lite'], 2);
$op = operator_by_login($login);
if ($op && isset($pwd) && isset($op['vcpassword']) && md5($op['vcpassword']) == $pwd) {
$_SESSION["${mysqlprefix}operator"] = $op;
return $op;
}
}
$requested = $_SERVER['PHP_SELF'];
if ($_SERVER['REQUEST_METHOD'] == 'GET' && $_SERVER['QUERY_STRING']) {
$requested .= "?" . $_SERVER['QUERY_STRING'];
}
if ($redirect) {
$_SESSION['backpath'] = $requested;
header("Location: $root/agent/login.php");
exit;
} else {
return null;
}
}
return $_SESSION["${mysqlprefix}operator"];
}
function get_logged_in()
{
global $mysqlprefix;
return isset($_SESSION["${mysqlprefix}operator"]) ? $_SESSION["${mysqlprefix}operator"] : FALSE;
}
function login_operator($operator, $remember)
{
global $root, $mysqlprefix;
$_SESSION["${mysqlprefix}operator"] = $operator;
if ($remember) {
$value = $operator['vclogin'] . "," . md5($operator['vcpassword']);
setcookie('webim_lite', $value, time() + 60 * 60 * 24 * 1000, "$root/");
} else if (isset($_COOKIE['webim_lite'])) {
setcookie('webim_lite', '', time() - 3600, "$root/");
}
}
function logout_operator()
{
global $root, $mysqlprefix;
unset($_SESSION["${mysqlprefix}operator"]);
unset($_SESSION['backpath']);
if (isset($_COOKIE['webim_lite'])) {
setcookie('webim_lite', '', time() - 3600, "$root/");
}
}
function setup_redirect_links($threadid, $token)
{
global $page, $root, $settings, $mysqlprefix;
loadsettings();
$link = connect();
$operatorscount = db_rows_count("${mysqlprefix}chatoperator", array(), "", $link);
$groupscount = 0;
$groups = array();
if ($settings['enablegroups'] == "1") {
foreach (get_groups($link, true) as $group) {
if ($group['inumofagents'] == 0) {
continue;
}
$groups[] = $group;
}
$groupscount = count($groups);
}
prepare_pagination(max($operatorscount, $groupscount), 8);
$p = $page['pagination'];
$limit = $p['limit'];
$operators = select_multi_assoc(db_build_select(
"operatorid, vclogin, vclocalename, vccommonname, istatus, (unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time",
"${mysqlprefix}chatoperator", array(), "order by vclogin $limit"), $link);
$groups = array_slice($groups, $p['start'], $p['end'] - $p['start']);
mysql_close($link);
$agent_list = "";
$params = array('thread' => $threadid, 'token' => $token);
foreach ($operators as $agent) {
$params['nextAgent'] = $agent['operatorid'];
$status = $agent['time'] < $settings['online_timeout']
? ($agent['istatus'] == 0
? getlocal("char.redirect.operator.online_suff")
: getlocal("char.redirect.operator.away_suff")
)
: "";
$agent_list .= "<li><a href=\"" . add_params($root . "/agent/redirect.php", $params) .
"\" title=\"" . topage(get_operator_name($agent)) . "\">" .
topage(get_operator_name($agent)) .
"</a> $status</li>";
}
$page['redirectToAgent'] = $agent_list;
$group_list = "";
if ($settings['enablegroups'] == "1") {
$params = array('thread' => $threadid, 'token' => $token);
foreach ($groups as $group) {
$params['nextGroup'] = $group['groupid'];
$status = $group['ilastseen'] !== NULL && $group['ilastseen'] < $settings['online_timeout']
? getlocal("char.redirect.operator.online_suff")
: ($group['ilastseenaway'] !== NULL && $group['ilastseenaway'] < $settings['online_timeout']
? getlocal("char.redirect.operator.away_suff")
: "");
$group_list .= "<li><a href=\"" . add_params($root . "/agent/redirect.php", $params) .
"\" title=\"" . topage(get_group_name($group)) . "\">" .
topage(get_group_name($group)) .
"</a> $status</li>";
}
}
$page['redirectToGroup'] = $group_list;
}
$permission_list = array();
function get_permission_list()
{
global $permission_list, $permission_ids;
if (count($permission_list) == 0) {
foreach ($permission_ids as $permid) {
$permission_list[] = array(
'id' => $permid,
'descr' => getlocal("permission.$permid")
);
}
}
return $permission_list;
}
function is_capable($perm, $operator)
{
$permissions = $operator && isset($operator['iperm']) ? $operator['iperm'] : 0;
return $perm >= 0 && $perm < 32 && ($permissions & (1 << $perm)) != 0;
}
function prepare_menu($operator, $hasright = true)
{
global $page, $settings, $can_administrate;
$page['operator'] = topage(get_operator_name($operator));
if ($hasright) {
loadsettings();
$page['showban'] = $settings['enableban'] == "1";
$page['showgroups'] = $settings['enablegroups'] == "1";
$page['showstat'] = $settings['enablestatistics'] == "1";
$page['showadmin'] = is_capable($can_administrate, $operator);
$page['currentopid'] = $operator['operatorid'];
}
}
function get_all_groups($link)
{
global $mysqlprefix;
$query = "select ${mysqlprefix}chatgroup.groupid as groupid, vclocalname, vclocaldescription from ${mysqlprefix}chatgroup order by vclocalname";
return select_multi_assoc($query, $link);
}
function get_groups($link, $checkaway)
{
global $mysqlprefix;
$query = "select ${mysqlprefix}chatgroup.groupid as groupid, vclocalname, vclocaldescription" .
", (SELECT count(*) from ${mysqlprefix}chatgroupoperator where ${mysqlprefix}chatgroup.groupid = ${mysqlprefix}chatgroupoperator.groupid) as inumofagents" .
", (SELECT min(unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time " .
"from ${mysqlprefix}chatgroupoperator, ${mysqlprefix}chatoperator where istatus = 0 and ${mysqlprefix}chatgroup.groupid = ${mysqlprefix}chatgroupoperator.groupid " .
"and ${mysqlprefix}chatgroupoperator.operatorid = ${mysqlprefix}chatoperator.operatorid) as ilastseen" .
($checkaway
? ", (SELECT min(unix_timestamp(CURRENT_TIMESTAMP)-unix_timestamp(dtmlastvisited)) as time " .
"from ${mysqlprefix}chatgroupoperator, ${mysqlprefix}chatoperator where istatus <> 0 and ${mysqlprefix}chatgroup.groupid = ${mysqlprefix}chatgroupoperator.groupid " .
"and ${mysqlprefix}chatgroupoperator.operatorid = ${mysqlprefix}chatoperator.operatorid) as ilastseenaway"
: ""
) .
" from ${mysqlprefix}chatgroup order by vclocalname";
return select_multi_assoc($query, $link);
}
function get_operator_groupids($operatorid)
{
global $mysqlprefix;
$link = connect();
$query = "select groupid from ${mysqlprefix}chatgroupoperator where operatorid = $operatorid";
$result = select_multi_assoc($query, $link);
mysql_close($link);
return $result;
}
And it wont let me add any more code if you need common.php let me know
Without seeing your PHP it's hard to tell, but it could be that image submits "login" as POST/GET variable value array(x, y), where the submit type will just a string value. If you are checking the submission based on that value, you will need to make some changes.
EDIT:
Looking at your code, it looks like you might be using 'login' as the username and the submit button. Try changing the submit button name to something else.
<input type="submit" name="loginButton" value="login" />
After form submission browser shows just blank page. Nothing else. I've enabled error reporting. No error in php logs. Also tried (as you see) echo $sql; die();. Still no result. How to fix it? What's wrong with my code? My php code (which processes signup form data) looks like that
<?php
require '../includes/db.php';
require '../includes/ipurl.php';
require '../includes/common.php';
$page = 'signup';
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit( );
}
if ($_POST['submit'] == 'Tamam') {
$err = array( );
foreach ($_POST as $key => $value) {
$data[$key] = filter($value);
}
if (empty($data['fname']) || strlen($data['fname']) < 2 || empty($data['mname']) || strlen($data['mname']) < 2 || empty($data['lname']) || strlen($data['lname']) < 2) {
$err[ ] = 1;
}
if (!isUserID($data['login'])) {
$err[ ] = 2;
}
if (!isEmail($data['email'])) {
$err[ ] = 3;
}
if (!checkPwd($data['pwd'], $data['pwd2'])) {
$err[ ] = 4;
}
$pwd = PwdHash($data['pwd']);
$host = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$path = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$activ_code = rand(1000, 9999);
$email = $data['email'];
$login = $data['login'];
$dob = date('Y-m-d', strtotime($data['dob']));
$age = date("Y") - date('Y', strtotime($data['dob']));
$type = $data['type'];
$rs_duplicate = $db->query("select count(*) as total from users where email='$email' OR login='$login'") or die($db->error);
list($total) = $rs_duplicate->fetch_row();
if ($total > 0) {
$err[ ] = 5;
}
if (isset($type)) {
if ($type == 1) {
$region = $data['region'];
$school = $data['school'];
$class = $data['class'];
$group = 0;
$subject = 0;
$university = 0;
$profession = 0;
}
if ($type == 2) {
$group = $data['group'];
$region = $data['region'];
$school = $data['school'];
$class = $data['class'];
$subject = 0;
$university = 0;
$profession = 0;
}
if ($type == 3) {
$group = 0;
$region = 0;
$school = 0;
$class = 0;
$subject = 0;
$university = $data['university'];
$profession = $data['profession'];
}
if ($type == 4) {
$group = 0;
$region = 0;
$school = 0;
$class = 0;
$university = 0;
$profession = 0;
$subject = $data['subject'];
}
}
if (!isset($type)) {
$err[ ] = 9;
}
if (empty($err)) {
$sql = "INSERT INTO users
(level,fname, mname, lname, dob, age, reg_date, phone, email, login, pwd, type, `group`, region, school, class, ip, subject, ban, university, profession, activation_code)
VALUES
('1','$data[fname]', '$data[mname]', '$data[lname]', '$dob', '$age', now(), '$data[phone]', '$email', '$login', '$pwd', '$type', '$group', '$region', '$school', '$class', '$ip', '$subject', NULL, '$university', '$profession', '$activ_code')";
echo $sql; die();
$result = $db->query($sql) or die(printf("Bazaya daxiletmə zamanı səhv: %s\n", $db->error));
$id = $db->insert_id;
$md5_id = md5($id);
$db->query("update users set md5_id='$md5_id' where id='$id'") or die(printf("Bazaya daxiletmə zamanı səhv: %s\n", $db->error));
include "../includes/success.php";
}
} else if (!empty($err)) {
include "../includes/error.php";
}
?>
By the way function filter from common.php sanitizing all posts
function filter($data) {
$data = trim(htmlentities(strip_tags($data)));
if (get_magic_quotes_gpc())
$data = stripslashes($data);
$data = mysql_real_escape_string($data);
return $data;
}
I think your check for a non-empty error array should be moved up a step to right after where you check for if there are any errors.
...
if (empty($err)) {
$sql = "INSERT INTO users
(level,fname, mname, lname, dob, age, reg_date, phone, email, login, pwd, type, `group`, region, school, class, ip, subject, ban, university, profession, activation_code)
VALUES
('1','$data[fname]', '$data[mname]', '$data[lname]', '$dob', '$age', now(), '$data[phone]', '$email', '$login', '$pwd', '$type', '$group', '$region', '$school', '$class', '$ip', '$subject', NULL, '$university', '$profession', '$activ_code')";
echo $sql; die();
$result = $db->query($sql) or die(printf("Bazaya daxiletmə zamanı səhv: %s\n", $db->error));
$id = $db->insert_id;
$md5_id = md5($id);
$db->query("update users set md5_id='$md5_id' where id='$id'") or die(printf("Bazaya daxiletmə zamanı səhv: %s\n", $db->error));
include "../includes/success.php";
} else if (!empty($err)) {
include "../includes/error.php";
}
}
I would strongly suggest getting XDebug installed on your development machine, and use an IDE like NetBeans, Eclipse PDT or even better PHPStorm to try and set breakpoints inside your code, and see at what point it breaks.
You can get XDebug here: http://xdebug.org
Alternatively, take a step back, and add the following line
exit("i was here!");
at line 1, to first determine if the script is actually running, and if you can see the output, step by step, move it a line down, save and rerun the script, rinse and repeat until it breaks.
I suppose as well, although you have error reporting turned on, there could be a line of code in any of the 3 files you are including that turns it back off again like in this snippet:
error_reporting(0);
or even:
ini_set('display_errors','Off');