I am building a three part signup system using sessions. The first part is on the homepage, there is a login here called form1 and a signup called form2. This question is about signup form2. In form2 the user inserts email and password into the DB table, and the iduser is created auto automatically. A sessions is created, this part works fine. In signup_part2.php using sessions I echo out the iduser and email to prove that the info was inserted into the database. Then in signup_part2.php there is a second form, however when I hit submit nothing is inserted into the database table into those user's fields. How can I insert data into the DB table during a user's session?
home.php
<?php
session_start();
require('connect.php');
require('header.php');
$form1 = <<<EOT
<div id="homebox1">
<div id="logohome">
<h2>Welcome</h2></br>
</div>
<div id="homecolumn1">
<p>Login</p></br>
<form id="login" action="home.php" method="POST">
<input name="emaillogin" placeholder="email" type="email" rows="20"> </input></br>
<input name="passwordlogin" placeholder="password" type="password" rows="20"> </input></br>
<input type="submit" name="submita" value="Log In"> </input>
</form>
</div>
EOT;
$form2 = <<<EOT
<div id="homecolumn2">
<p>Sign Up</p></br>
<form id="signuppart1" action="home.php" method="post">
<input name="signupemail" placeholder="email" type="email" rows="20" required> </input></br>
<input pattern="(?=^.{8,50}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$" name="signuppassword" placeholder="password" type="password" rows="20" required> </input></br>
<input name="submitb" type="submit" value="Sign Up"> </input>
</form>
</div>
EOT;
$footer = <<<EOT
<div id="footerhome1">
</div>
</div>
EOT;
/*-------------------------------------form1----------------------------------------*/
if(isset($_POST['submita'])){
$email = mysql_escape_string($_POST['emaillogin']);
$pass = mysql_escape_string($_POST['passwordlogin']);
$salt = '458mn$8n#bty67mg%563!&78fj^543*41s';
$pass = md5($pass . $salt);
$sql = mysql_query ("SELECT * FROM `profile` WHERE `email` = '$email' AND `password`= '$pass' ");
if(mysql_num_rows($sql) > 0){
// ADDITIONAL CODE //pull userdata from db
while($row = mysql_fetch_array($sql)){
$_SESSION['logged_in']['fnlname'] = $row['fnlname'];
$_SESSION['logged_in']['username'] = $row['username'];
$_SESSION['logged_in']['gender'] = $row['gender'];
}
// END ADDITIONAL CODE
header('location: profile.php');
}else{
echo <<<EOT
<div id="homebox1">
<div id="logohome">
<h2>Welcome</h2></br>
</div>
<div id="homecolumn1">
<p>Login</p></br>
<form id="login" action="home.php" method="POST">
<input name="emaillogin" placeholder="email" type="email" rows="20"> </input></br>
<input name="passwordlogin" placeholder="password" type="password" rows="20"> </input></br>
<input type="submit" name="submita" value="Log In"> </input>
<p style="color:red;">"Wrong password or username"</p>
</form>
</div>
EOT;
}
}else{
echo $form1;
}
/*-------------------------------------form2----------------------------------------*/
if(isset($_POST['submitb'])){
//perform verification
$email1 = $_POST['signupemail'];
$pass1 = $_POST['signuppassword'];
if ($pass1 == NULL){
echo <<<EOT
<p style="color:red;">"Enter a password"</p>
EOT;
exit();
}
$email1 = mysql_escape_string($email1);
$password = mysql_escape_string($pass1);
$salt = 'justasalt';
$password = md5($password . $salt);
$sql2 = mysql_query("SELECT * FROM `profile` WHERE `email` = '$email1' ");
if(mysql_num_rows($sql2) > 0){
echo $form2;
echo <<<EOT
<p style="color:red;">"Sorry, that email already exists!"</p>
EOT;
exit();
}
else{
mysql_query("INSERT INTO `profile` (`iduser`, `password`, `email`)VALUES(NULL, '$password', '$email1')");
$sql = mysql_query ("SELECT * FROM `profile` WHERE `email` = '$email1' AND `password`= '$password' ");
if(mysql_num_rows($sql) > 0){
// ADDITIONAL CODE //pull userdata from db
while($row = mysql_fetch_array($sql)){
$_SESSION['logged_in']['iduser'] = $row['iduser'];
$_SESSION['logged_in']['fnlname'] = $row['fnlname'];
$_SESSION['logged_in']['username'] = $row['username'];
$_SESSION['logged_in']['gender'] = $row['gender'];
$_SESSION['logged_in']['location'] = $row['location'];
$_SESSION['logged_in']['website'] = $row['website'];
$_SESSION['logged_in']['age'] = $row['age'];
$_SESSION['logged_in']['joined'] = $row['joined'];
$_SESSION['logged_in']['email'] = $row['email'];
}
header("location: signup_part2.php");
}
}
}
else{
echo $form2;
}
?>
signup_part2.php
<?php
session_start();
include "connect.php";
include "header.php";
$iduser=$_SESSION['logged_in']['iduser'];
$sql = mysql_query("SELECT * FROM `profile` WHERE `iduser` = '$iduser' ");
while($row = mysql_fetch_array($sql)){
$iduser = $row['iduser'];
$password = $row['password'];
$email = $row['email'];
$fnlname = $row['fnlname'];
$username = $row['username'];
$joineddate = $row['joineddate'];
$gender = $row['gender'];
$age = $row['age'];
$location = $row['location'];
$website = $row['website'];
}
echo "$iduser $password $email";
$form1 = <<<EOT
<div id="homebox1">
<div id="logohome">
<h2>Welcome</h2></br>
</div>
<div id="signupcolumn1">
<p>Please fillout your info</p>
<form id="signup2" action="signup_part2.php" method="POST">
<p><input name="fnlname" placeholder="First and Last Name" type="text" size="50" required>*</br>
<input name="username" placeholder="Username" type="text" size="50" required>*</br>
<input name="age" placeholder="Your Age" type="" size="50" required>*</br></p>
<p><input style="text-align:left;" type="radio" name="gender" value="male"/>Male</br>
<input style="text-align:left;" type="radio" name="gender" value="female"/>Female</br>
<input style="text-align:left;" type="radio" name="gender" value="blank"/>Leave Blank</br></p>
<p><input name="location" placeholder="Location" type="" size="50" >Opt.</br>
<input name="website" placeholder="Website" type="" size="50">Opt. </br></p>
<input name="joineddate" placeholder="joineddate" type="hidden" size="50">
<input type="submit" name="submita" value="Next">
</div>
</form>
EOT;
if(isset($_POST['submita'])){
//perform verification
$fnlname = $_POST['fnlname'];
$username = $_POST['username'];
$age = $_POST['age'];
$gender = $_POST['gender'];
$location = $_POST['location'];
$website = $_POST['website'];
$joineddate = $_POST['joineddate'];
$iduser=$_SESSION['logged_in']['iduser'];
/*$fnlname = mysql_escape_string($fnlname);
$username = mysql_escape_string($username);
$age = mysql_escape_string($age);
$gender = mysql_escape_string($gender);
$location = mysql_escape_string($location);
$website = mysql_escape_string($website); */
$sql1 = mysql_query("SELECT * FROM `profile` WHERE `username` = '$username' ");
if(mysql_num_rows($sql1) > 0){
echo "Sorry, that username already exists!";
}else{
mysql_query("UPDATE profile SET fnlname='$fnlname' joineddate='$joineddate' gender='$gender' age='$age' location='$location' website='$website' WHERE iduser=$iduser ");
}
}else{
echo $form1;
}
?>
Found my mistake
if(isset($_POST['submit']))
should be
if(isset($_POST['submita']))
Related
while I was trying to make a login system, I got this error:
Impossibile interrogare il database No such file or directory
The PHP process code is this:
<?php
session_start();
include('db-conn-dashboard.php');
$nomeutente = $_POST['nomeutente'];
$password = $_POST['password'];
$nomeutente = stripcslashes($nomeutente);
$password = stripcslashes($password);
$nomeutente = mysql_real_escape_string($nomeutente);
$password = mysql_real_escape_string($password);
$result = mysql_query("SELECT * FROM profili WHERE nomeutente = '$nomeutente' and password = '$password'")
or die("Impossibile interrogare il database ".mysql_error());
$row = mysql_fetch_array($result);
if($row['nomeutente'] == $nomeutente && $row['password'] == $password){
$_SESSION['login_user1'] = "autorizzato1";
$_SESSION['autorizzato'] = 1;
header('location: ../pages/home.php');
} else {
echo '<script type="text/javascript">alert("Nome utente o password errati. Riprova.")
window.location= "../pages/login.php"</script>';
}
?>
And the form is this:
<form role="form" action="../php/processo-accesso.php" method="POST">
<fieldset>
<div class="form-group">
<input class="form-control" placeholder=" Nome utente" name="nomeutente" type="text" style="font-family: fontawesome, arial;" onkeyup="this.value = this.value.toUpperCase();" required>
</div>
<div class="form-group">
<input class="form-control" placeholder=" Password" style="font-family: fontawesome, arial;" name="password" type="password" required>
</div>
<input type="submit" name="accedi" class="btn btn-primary" value="Accedi" style="width: 100%;">
</fieldset>
</form>
Try this
$sql= mysql_query("SELECT * FROM profili WHERE nomeutente = '$nomeutente' and password = '$password'")
or die("Impossibile interrogare il database ".mysql_error());
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
I have a session.php and a welcome.php page. There I have my userprofile.
I am trying to update the email field.
When I change my email address and press the update button I get the echo Update Successful, but it does not update. I think it still has the old value from the session and I need to clear it.
session.php:
<?php
include('connection.php');
session_start();
$user_check = $_SESSION['login_user'];
$ses_sql = mysqli_query($db,"select * from clients where email = '$user_check'");
$row = mysqli_fetch_array($ses_sql,MYSQLI_ASSOC);
$_SESSION['email']= $row['email'];
$_SESSION['username']= $row['username'];
$_SESSION['firstname']= $row['firstname'];
$_SESSION['lastname']= $row['lastname'];
$_SESSION['birthdate']= $row['birthdate'];
$_SESSION['street']= $row['street'];
$_SESSION['streetnr']= $row['streetnr'];
$_SESSION['city']= $row['city'];
$_SESSION['plzz']= $row['plzz'];
if(!isset($_SESSION['login_user'])){
header("
location:http://localhost:81/Left_over_youth_website/pages/login.php");
}
?>
welcome.php:
<?php
include("../php/session.php");
?>
<div>
<div class="col-md-9">
<div class="imagepageback">
<div class="card">
<div class="profilimage"></div>
<hr class="verticalline">
<?php
$sql = "UPDATE clients SET emaill = $_SESSION WHERE email = $user_check";
$update = mysqli_query($db, $sql);
if($update){
echo("update sucessful");
$_SESSION["emaill"] = $email_session;
}
?>
<form class="form" action="" method="post">
<input id="usernamee" class="usernamee" type="text" name="username" value="<?php echo $_SESSION['username']; ?>" readonly>
<input id="emaill" class="emaill" type="text" name="email" value="<?php echo $_SESSION['email']; ?>" readonly>
<input id="firstnamee" class="firstnamee" type="text" name="firstname" value="<?php echo $_SESSION['firstname']; ?>" readonly>
<input id="lastnamee" class="lastnamee" type="text" name="lastname" value="<?php echo $_SESSION['lastname']; ?>" readonly>
<input id="birthdatee" class="birthdatee" type="text" name="birthdate" value="<?php echo $SESSION['birthdate']; ?>" readonly>
<div>
<input id="streett" class="streett" type="text" name="street" value="<?php echo $_SESSION['street']; ?>" readonly>
<input id="nrr" class="nrr" type="text" name="streetnr" value="<?php echo $_SESSION['streetnr']; ?>" readonly>
</div>
<div>
<input id="cityy" class="cityy" type="text" name="city" value="<?php echo $_SESSION['city']; ?>" readonly>
<input id="plzz" class="plzz" type="text" name="plzz" value="<?php echo $_SESSION['plzz']; ?>" readonly>
</div>
<a href="#" class="editprofilelink" id="editprofilelink" onclick="editable(); showbt()"; >Edit Profile</a>
Change Password
<input hidden id="btupdate" type="submit" name="btupdate" value="Update">
</form>
</div>
</div>
</div>
</div>
</div>
echo 'update successful' on update query.
Try the following.
in welcome.php:
<?php
if(isset($_POST['btupdate'])){
$email = $_REQUEST['email'];
$sql = "UPDATE clients SET emaill = '$email' WHERE email = '$email_session'";
$update = mysqli_query($db, $sql);
if($update)
{
echo("update successful");
}
?>
You have a fatal error over this code:
<?php
$email = "SELECT * From Clients";
$sql = "UPDATE clients". "SET emaill = $email". "WHERE email = $email_session";
if(isset($_POST['btupdate'])){
$update = mysqli_query($db, $sql);
echo("update sucessful");
}
?>
this part ("UPDATE clients". "SET emaill = $email". "WHERE email = $email_session") returns this string "UPDATE clientsSET emaill = example#example.comWHERE email = example2#example.com
try this instead:
$sql="UPDATE clients SET emaill = $email WHERE email = $email_session"
be careful when using concatinate it won't add any space for you.
And you are not changing the $_SESSION["email"] after changing it. you must add $_SESSION["email"] = $email;
<?php
$email = "SELECT * From Clients";
$sql = "UPDATE clients SET emaill = $email WHERE email = $email_session";
$update = mysqli_query($db, $sql);
if($update){
echo("update sucessful");
}
?>
I'm currently logged in using a session, I want the user to be able to update their info. However on submit nothing happens. The session works because when I check the iduser email and password echo out. I think I might be writing the query wrong or I'm using the session incorrectly.Can someone explain why nothing in the database is being updated?
<?php
session_start();
include "connect.php";
include "header.php";
$iduser=$_SESSION['logged_in']['iduser'];
$sql = mysql_query("SELECT * FROM `profile` WHERE `iduser` = '$iduser' ");
while($row = mysql_fetch_array($sql)){
$iduser = $row['iduser'];
$password = $row['password'];
$email = $row['email'];
$fnlname = $row['fnlname'];
$username = $row['username'];
$joineddate = $row['joineddate'];
$gender = $row['gender'];
$age = $row['age'];
$location = $row['location'];
$website = $row['website'];
}
echo "$iduser $password $email";
$form1 = <<<EOT
<div id="homebox1">
<div id="logohome">
<h2>Welcome</h2></br>
</div>
<div id="signupcolumn1">
<p>Please fillout your info</p>
<form id="signup2" action="signup_part2.php" method="POST">
<p><input name="fnlname" placeholder="First and Last Name" type="text" size="50" required>*</br>
<input name="username" placeholder="Username" type="text" size="50" required>*</br>
<input name="age" placeholder="Your Age" type="" size="50" required>*</br></p>
<p><input style="text-align:left;" type="radio" name="gender" value="male"/>Male</br>
<input style="text-align:left;" type="radio" name="gender" value="female"/>Female</br>
<input style="text-align:left;" type="radio" name="gender" value="blank"/>Leave Blank</br></p>
<p><input name="location" placeholder="Location" type="" size="50" >Opt.</br>
<input name="website" placeholder="Website" type="" size="50">Opt. </br></p>
<input name="joineddate" placeholder="joineddate" type="hidden" size="50">
<input type="submit" name="submita" value="Next">
</div>
</form>
EOT;
if(isset($_POST['submita'])){
//perform verification
$fnlname = $_POST['fnlname'];
$username = $_POST['username'];
$age = $_POST['age'];
$gender = $_POST['gender'];
$location = $_POST['location'];
$website = $_POST['website'];
$joineddate = $_POST['joineddate'];
$iduser=$_SESSION['logged_in']['iduser'];
$fnlname = mysql_escape_string($fnlname);
$username = mysql_escape_string($username);
$age = mysql_escape_string($age);
$gender = mysql_escape_string($gender);
$location = mysql_escape_string($location);
$website = mysql_escape_string($website);
$sql1 = mysql_query("SELECT * FROM `profile` WHERE `username` = '$username' ");
if(mysql_num_rows($sql1) > 0){
echo "Sorry, that username already exists!";
}else{
mysql_query("UPDATE profile SET fnlname='$fnlname' joineddate='$joineddate' gender='$gender' age='$age' location='$location' website='$website' WHERE iduser=$iduser ");
}
}else{
echo $form1;
}
?>
Your query should be like this
UPDATE profile SET fnlname='$fnlname', joineddate='$joineddate', gender='$gender', age='$age' ,location='$location', website='$website' WHERE iduser='$iduser'
You missed commas And if $iduser is a string you must encapsulate with single quote
This is a school project and this particular page is to register a new user it does not display errors but it does not fill the MYSQL data base the connection for the database is in another page and I used the require function functions.php is where I am writing the connection function please help :(
<?php
include_once("menu.php");
?>
<form action="login.php" method="POST">
<?php
if ((isset($_POST['username']))&& (isset($_POST['password'])) && (isset($_POST['password2'])) && (isset($_POST['email'])))
{
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
$email = $_POST['email'];
if ($password == $password2)
{
require_once("functions.php");
$connection = connectToMySQL();
$Query = "SELECT count(*) FROM tbl_users WHERE username='$username'";
$Result = mysqli_query($connection,$Query)
or die("Error in the query :". mysqli_error($connection));
$row = mysqli_fetch_row($Result);
$counter = $row[0];
if ($counter > 0)
{
echo "Username alredy exsist with the movie assosiation website<br/>";
echo "<input type=\"submit\" class=\"button\" value=\"Back\"/>";
}
else
{
$insertQuery = "INSERT INTO 'tbl_users'(username,password,email,role) VALUES ('$username',sha1('$password'),'$email','registered')";
$insertResult = mysqli_query($connection,$insertQuery)
or die("Error in the query :". mysqli_error($connection));
echo "account created !! <br />";
echo "<input type=\"button\" class=\"button\" value=\"Log In\" onclick=\"location.href='login.php'\"> ";
}
}
}
else
{
?>
<label>
<span>Username:</span>
<input id="username" type="text" name="username" placeholder="enter your Username" required />
</label></br>
<label>
<span>Password</span>
<input id="password" type="password" name="password" placeholder="enter your Password" required />
</label></br>
<label>
<span>Re-Enter Password</span>
<input id="password2" type="password" name="password2" placeholder="re-enter your Password" required />
</label></br>
<label>
<span>Email</span>
<input id="email" type="email" name="email" placeholder="enter email" required />
</label></br>
<label>
<span> </span>
<input id="submit" class="button" type="submit" name="submit" value="Submit"/>
</label>
</form>
<?php
}
?>
<?php
require_once("footer.php")
?>
remove single quote from your table name
try this
$insertQuery = "INSERT INTO `tbl_users`(username,password,email,role) VALUES ('$username',sha1('$password'),'$email','registered')";
instead of
$insertQuery = "INSERT INTO 'tbl_users'(username,password,email,role) VALUES ('$username',sha1('$password'),'$email','registered')";
Error in your sql statement.
Try this.
$insertQuery = "INSERT INTO tbl_users (username,password,email,role) VALUES ('{$username}',sha1('{$password}'),'{$email}','registered')";
or this
$insertQuery = "INSERT INTO tbl_users (username,password,email,role) VALUES ('".$username."',sha1('".$password."'),'".$email."','registered')";
I'm trying to create a social network and I'm having a problem with my "Update Profile" page, I'm trying to have the user upload a photo and edit information
Here is my php code
<?php
session_start();
include("connection.php");
include("function.php");
if($_SESSION['login'] != 'true'){
header("location:index.php");
}
$id = $_SESSION['member_id'];
$select = mysqli_query($dbc,"SELECT * FROM members WHERE member_id = '$id'");
$object = mysqli_fetch_array($select);
$username=$object['username'];
$first=$object['firstname'];
$last=$object['lastname'];
$pass=$object['password'];
$email=$object['email'];
if(isset($_POST['insert']))
{
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$password = $_POST['password'];
$email = $_POST['email'];
$sql = mysqli_query($dbc,"UPDATE members SET firstname = '$firstname', lastname = '$lastname', password = '$password', email = '$email', WHERE member_id = '$id'") or die(mysqli_error($dbc));
$result = mysqli_query($dbc,$sql);
if ($result){
$success = '<p style="color:blue;text-align:center;"> Records saved!</p>';
}
header("location:profiletest.php");
}
if(isset($_POST['Submit'])){
$member_id=$_SESSION['member_id'];
$name = $_FILES["image"] ["name"];
$type = $_FILES["image"] ["type"];
$size = $_FILES["image"] ["size"];
$temp = $_FILES["image"] ["tmp_name"];
$error = $_FILES["image"] ["error"];
mysqli_query($dbc,"UPDATE members SET photo = '$name' WHERE member_id = '$member_id'") or die(mysqli_error($dbc));
if ($error > 0){
die("Error uploading file! Code $error.");
}else{
if($size > 10000000) //conditions for the file
{
die("Format is not allowed or file size is too big!");
}
else
{
move_uploaded_file($temp,"image/members/".$name);
}
}
}
?>
And here are my html forms
<form name="" method="post" enctype='multipart/form-data'>
<input id="browse" type="file" name="image">
<input id="upload" type="submit" name="Submit"
value="Change your primary picture" /> <br> <br> <br>
</form> <form name="insert" method="post"><br>
<p>
Firstname: <input type="text" name="firstname" id="inputtype"
value="<?php echo $first; ?>">
Lastname:
<input type="text" name="lastname" id="inputtype"
value="<?php echo $last; ?>">
</p> <br>
<p>
Change Password: <input type="text" name="password" id="inputtype"
value="<?php echo $pass; ?>">
</p> <br>
<p>
EmailAddress:<input type="text" name="email" id="inputtype"
value="<?php echo $email; ?>">
</p> <br>
<p>
</p>
<br> <br>
<p align="right"style="padding-right: 129px; width: 121px; height: 48px;">
<input type="submit" id="inputsubmit" name="insert" value="Save" id="save" width="10px">
</p> <br />
</form>
<div class="art-blockcontent-body">
<h2 class="art-postheader"></h2>
<div class="cleared"></div>
<div>
<form method='post' action='profiletest.php'></form>
</div>
I get this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE member_id = ''' at line 1
Line one has the beginning php tag so I'm very confused :/
That's because you have error in this query:
UPDATE members SET firstname = '$firstname', lastname = '$lastname', password = '$password', email = '$email', WHERE member_id = '$id'
There is an obsolete comma before WHERE
PS: learn to debug your trivial issues yourself, debugging is what each social network developers do every day! ;-)