I have successfully been able to allow users to invite a friend by sending them an email with a unique invite code,
however I am trying to add to ability to check if it is a valid email address and if the email is already registered in another table 'users' (same database) as it would be a headache for someone who is already registered to receive invite emails.
I have tried to check for a valid email and if it exists by writing this script:
function email_registered($email) {
$email = sanitize($email);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email'"), 0) ==1) ? true : false;
}
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
$errors[] = 'A valid email address is required';
}
if (email_registered($_POST['email']) === true) {
$errors[] = 'Sorry, the email \'' . $_POST['email'] . '\' is already in use';
}
This was successful for checking emails addresses when registering a user but registering a account was in the same table as already registered account. I am unsure how to use the same script in the invite code as I am trying to check an email in the registered separate table.
Currently it does not check if it is a valid email or if it exists.
The Full PHP:
include 'config.php';
function email_registered($email) {
$email = sanitize($email);
return (mysqli_result(mysqli_query("SELECT mysqli_num_rows()(`user_id`) FROM `users` WHERE `email` = '$email'"), 0) ==1) ? true : false;
}
if(!empty($_POST)){
if(!empty($_POST['email'])){
$email = mysqli_real_escape_string($conn,$_POST['email']);
$length = 10;
$inviteCode = "";
$characters = "0123456789abcdefghijklmnopqrstuvwxyz";
for ($p = 0; $p < $length; $p++) {
$inviteCode .= $characters[mt_rand(10, strlen($characters))];
}
function email_registered($email)
{
if (!empty($email)) {
$ret_val = false;
$query = sprintf(
"SELECT id FROM users WHERE email = '%s'",
mysqli_real_escape_string($email)
);
$result = mysqli_query($query);
$num_rows = mysqli_num_rows($result);
if ($num_rows > 0) {
//email exists
?>
<p>User Exists</p>
<?php
$ret_val = true;
} else {
$query = sprintf(
"SELECT id FROM invites WHERE email = '%s'",
mysqli_real_escape_string($email)
);
$result = mysqli_query($query);
$num_rows = mysqli_num_rows($result);
if ($num_rows > 0) {
//email exists
?>
<p>User Exists</p>
<?php
$ret_val = true;
}
}
return $ret_val;
}
}
else {
$query = mysqli_query($conn, "INSERT INTO `referrals` (`email`, `inviteCode`) VALUES ('$email', '$inviteCode') "); }
//you might want to consider checking more here such as $query == true as it can return other statuses that you may not want
if($query){
include 'userinvite.php';
?>
<p> "Thank you for inviting your friends!"</p>
<?php
}
else{
?>
<p>Sorry there must have been a problem</p>
<?php
die('Error querying database. ' . mysqli_error($conn));
}
}
else {
?>
<p>Please enter an email</p>
<?php
}
}
?>
I am just trying to check if the email is registered in the 'users' table and if the email entered is a valid email.
I think your main question is how to check if an email exists in another table. If that's wrong, let me know and I can update my answer :P Here's a rough draft of a function you should be able to use.
I'm assuming you have these two tables:
Table 1: users
||id||email||name||
Table 2: invites
||id||email||inviter_user_id||
You can use this function to check if the email exists in either table
<?php
/**
* Check if the given email already exists in the DB
*
* #param $email string the email to check
*/
function email_exists($email)
{
if (!empty($email)) {
$ret_val = false;
$query = sprintf(
"SELECT id FROM users WHERE email = '%s'",
mysqli_real_escape_string($email)
);
$result = mysqli_query($query);
$num_rows = mysqli_num_rows($result);
if ($num_rows > 0) {
//email exists
$ret_val = true;
} else {
$query = sprintf(
"SELECT id FROM invites WHERE email = '%s'",
mysqli_real_escape_string($email)
);
$result = mysqli_query($query);
$num_rows = mysqli_num_rows($result);
if ($num_rows > 0) {
//email exists
$ret_val = true;
}
}
return $ret_val;
}
}
?>
Related
I'm working on a script that checks to see if an email exists in the database barn_users, in order to reset a password. And if the email doesn't exists, the token/code is not generated and stored in the database. Everything works perfectly, until I enter an email that is not in the system. The else statement with the error "Could not find email in the system.", doesn't trigger. What am I doing wrong to not get that?
$sql_1 = "SELECT * FROM password_reset WHERE email='$email'";
$sql_2 = "SELECT * FROM barn_users WHERE email='$email'";
$generate = mysqli_query($conn, $sql_1);
$searchEmail = mysqli_query($conn, $sql_2);
while($row = mysqli_fetch_array($searchEmail)) {
if(mysqli_num_rows($searchEmail) > 0) {
if (mysqli_num_rows($generate) > 1) {
} else if (mysqli_num_rows($generate) < 1) {
$sql = "INSERT INTO password_reset (code,email) VALUES ('$code','$email')";
} else {
$sql = "UPDATE password_reset SET code='$code' WHERE email='$email'";
}
if ($conn->query($sql) == TRUE) {
echo "Reset password has been emailed to you";
} else {
}
} else {
echo "Could not find email in the system.";
}
}
Thank you #Bleach and #ivanivan for your comments. Both your answers helped out. Here's the working result. Making a variable false outside of the loop, gave me the answer I was looking for.
$sql_1 = "SELECT * FROM password_reset WHERE email='$email'";
$sql_2 = "SELECT * FROM barn_users WHERE email='$email'";
$generate = mysqli_query($conn, $sql_1);
$searchEmail = mysqli_query($conn, $sql_2);
$found = false;
while($row = mysqli_fetch_array($searchEmail)) {
$found = true;
if(mysqli_num_rows($searchEmail) > 0) {
if (mysqli_num_rows($generate) > 1) {
} else if (mysqli_num_rows($generate) < 1) {
$sql = "INSERT INTO password_reset (code,email) VALUES ('$code','$email')";
} else {
$sql = "UPDATE password_reset SET code='$code' WHERE email='$email'";
}
if ($conn->query($sql) == TRUE) {
echo "Reset password has been emailed to you";
} else {
}
} else {
}
}
if ($found == false) {
echo "Sorry, that email was not found in the system. Please try again.";
}
So I am currently building a user authentication system using php and mysql in Xampp.
I have managed to get it to recognize if a user exists by their email address, but the other functions don't seem to be working. For example to check if the user has activated their account or not comes back as they haven't even if I change their active status to 1 in the database. Or with the login function even if both email and password are correct it will say that they are incorrect.
Here is my login.php script
<?php
include 'init.php';
function sanitize($data){
return mysql_real_escape_string($data);
}
//check if user exists
function user_exists($email){
$email = sanitize($email);
//$query = mysql_query("SELECT COUNT('ID') FROM 'register' WHERE 'email' = '$email'");
return (mysql_result(mysql_query("SELECT COUNT(ID) FROM register WHERE email = '$email'"),0) == 1)? true : false;
}
//check if user has activated account
function user_activate($email){
$email = sanitize($email);
//$query = mysql_query("SELECT COUNT('ID') FROM 'register' WHERE 'email' = '$email'");
return (mysql_result(mysql_query("SELECT COUNT(ID) FROM register WHERE email = '$email' AND 'active' =1"),0) == 1)? true : false;
}
function user_id_from_email($email){
$email = sanitize($email);
return (mysql_result(mysql_query("SELECT id FROM register WHERE email = '$email'"),0,'id'));
}
function login($email,$password){
$user_id = user_id_from_email($email);
$email = sanitize($email);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(id) FROM register WHERE email = '$email' AND 'password' ='$password'"),0) == 1)? $user_id : false;
}
if(empty($_POST)=== false){
$email = $_POST['email'];
$password = $_POST['password'];
}
if(empty($email)|| empty($password) === true){
$errors[] = "You must enter a username and a password";
}
else if(user_exists($email) === false){
$errors[] = "Email address is not registered";
}
else if(user_activate($email) === false){
$errors[] = "You haven't activated your account yet";
}
else{
$login = login($email, $password);
if($login === false){
$errors[] = "email/password are incorrect";
} else {
echo "ok";
}
}
print_r($errors);
/*$email = $_POST['email'];
$password = $_POST['password'];
if($email&&$password){
$connect = mysql_connect("localhost","root","") or die ("Couldn't Connect");
mysql_select_db("users") or die("Couldn't find Database");
}
else
die("Please enter a username and a password");
$query = mysql_query("SELECT * FROM register WHERE email = '$email'");
$numrows = mysql_num_rows($query);
echo $numrows;*/
?>
My database is called 'users' and at the moment only has 1 table called 'register'. With the rows: id, firstname, lastname, email, password, and active.
in your function login, try to remove the quotes ' arround the field name password. Or prefer use this one ` .
And take care, you are using function mysql_result and mysql_query that both are no longer supported in PHP 7.0
As you can see here :
http://php.net/manual/en/function.mysql-query.php
http://php.net/manual/en/function.mysql-result.php
I'm trying to create a MySQL UPDATE statement with an IF condition.
I would like to update the user's particulars if the email and username are not duplicate or found in database.
I'm stuck with this code:
<?php
include "connection.php";
$user = $_REQUEST['user'];
$em = $_REQUEST['email'];
$id = $_REQUEST['id_user'];
//Check Email in Database
$query = mysqli_query($con,"SELECT username, email from `user` where id_user = '$id'");
$result = mysqli_fetch_object($query);
if (strtolower(trim($query->email)) == strtolower(trim($em))
|| strtolower(trim($user->username)) == strtolower(trim($user))
) {
//next to condition username
} else {
$data_email = mysqli_query($con,"select email from user where em='".$em."'");
$total_email = mysqli_num_rows($data_email);
if($total_email > 0) {
echo "Email Not Available";
} else {
//next to condition username
}
}
//Check Username in Database
$data_us_user = mysqli_query($con,"select username from user where id_user='".$id."'");
$us_user = mysqli_fetch_object($data_us_user);
if (strtolower(trim($us_user->username))==strtolower(trim($user))) {
//next to query update
} else {
$data_username = mysqli_query($con,"select username from user where username='".$em."'");
$total_username = mysqli_num_rows($data_username);
if($total_username > 0) {
echo "Username Not Available";
} else {
//next to query update
}
} else {
//Finally Query Update
mysqli_query($con,"update user set username='".$user."',em='".$em."' where id_user='".$id."' ");
echo "OK";
}
The following PHP script will check for
IF the user's updated email and updated username are the same
IF the user's new email and username is already in use by another user
IF both conditions are not met, the user's details will be updated
PHP code:
<?php
include "connection.php";
$user = $_REQUEST['user'];
$em = $_REQUEST['email'];
$id = $_REQUEST['id_user'];
//Getting user' details in database
$query = mysqli_query($con, "SELECT username, email from `user` where id_user = '$id'");
$result = mysqli_query($query);
//Query to find if email exists
$query2 = mysqli_query($con,"SELECT `email` from `user` WHERE em = '$em'");
$result2 = mysqli_num_rows($query2);
//Query to find if username exists
$query3 = mysqli_query($con,"SELECT `email` from `user` WHERE id_user = '$user");
$result3 = mysqli_num_rows($query3);
while ($row = mysqli_fetch_row($result)){
list($userfromdb, $emfromdb) = $row;
}
if (strtolower(trim($userfromdb)) == strtolower(trim($user))){
//will return true if user's username is the same before updating
echo 'Username cannot be the same!';
} else if(strtolower(trim($emfromdb)) == strtolower(trim($em))) {
//will return true if user's email is the same before updating
echo 'Email cannot be the same!';
} else if($result2 > 0) {
echo "Email Not Available";
} else if($result3 > 0) {
echo "Username Not Available";
} else {
//Finally Query Update
mysqli_query($con, "UPDATE `user` set username = '$user',em = '$em' WHERE id_user = '$id'");
//check if row updated successfully
$result4 = mysqli_affected_rows($con);
if ($result4 > 0) {
echo "Updated details successfully";
} else {
echo "An error occurred while updated details.";
}
}
?>
This should work, thanks!
If specifying column related message is not the concern,
<?php
include "connection.php";
$user = $_REQUEST['user'];
$em = $_REQUEST['email'];
$id = $_REQUEST['id_user'];
$data_us_em = mysqli_query($con,"select count(email) as count from user where id_user='".$id."' OR em='".$em."' OR username='".$em."'");
if($data_us_em)
{
$us_em = mysqli_fetch_assoc($data_us_em);
$count=$us_em['count'];
if($count)
{
echo 'Can not update';
}else
{
mysqli_query($con,"update user set username='".$user."',em='".$em."' where id_user='".$id."' ");
echo "OK";
}
}
?>
$data_user= mysqli_query($con,"select email,username from user where id_user='".$id."'");
$userdetail = mysqli_fetch_object($data_user);
if (strtolower(trim($userdetail->email))==strtolower(trim($em)) || strtolower(trim($userdetail->username))==strtolower(trim($user)))
{
return "error message";
}else{
//your update method here
}
Im creating a login system for my website.
I got the problem that my mysqli_query is empty:
The code: $r = mysqli_query($dbc, $q); returns empty.
I think the problem is in the sql language that i pass it:
$q = "SELECT userid, fname, lname FROM User WHERE email='$e' AND pass=SHA1('$p')";
If i execute the sql above with the data that im actually is fetching from the form then i will get the result Im looking for. So i think its the php and sql combined that got an error.
if(empty($errors)){
$q = "SELECT userid, fname, lname FROM User WHERE email='$e' AND pass=SHA1('$p')";
$r = mysqli_query($dbc, $q);
//Check for right data
$errors[] = $e;
$errors[] = $p;
//Check if connection is up
if($dbc != null){
$errors[] = "Connection up";
}
//Check query
if(is_null($r)){
$errors[] = "Query is null";
}
//Check query for being empty
if(empty($r)){
$errors[] = "Its empty";
}
if( mysqli_num_rows($r) == 1){
$row = mysqli_fetch_array($r, MYSQLI_ASSOC);
return array(true, $row);
}else{
$errors[] = "Email address and password not found.";
}
return array(false, $errors);
}
You can try this
if(empty($errors)){
$p = sha1($p);
$q = "SELECT userid, fname, lname FROM User WHERE email = '$e' AND pass = '$p'";
$r = mysqli_query($dbc, $q);
if(!$r){
die(mysqli_error($dbc));
}
//Check for right data
$errors[] = $e;
$errors[] = $p;
//Check if connection is up
if($dbc != null){
$errors[] = "Connection up";
}
//Check query
if(is_null($r)){
$errors[] = "Query is null";
}
//Check query for being empty
if(empty($r)){
$errors[] = "Its empty";
}
if( mysqli_num_rows($r) > 0){
$row = mysqli_fetch_assoc($r);
return array(true, $row['userid'], $row['fname'], $row['lname']);
}else{
$errors[] = "Email address and password not found.";
}
return array_merge(array(true), $errors);
}
I'm trying secure more my member system.
So basicly if somebody wants to create an account he needs to activate it by email.
Now when I receive an email with the activation code: he says We cannot find that email This is strange since the email is in the database.
I got a script called activate.php
<?php
if (isset($_GET['succes']) === true && empty ($_GET['succes']) === true) {
?>
<h2>Thanks, your account has been activated!</h2>
<?php
} else if (isset($_GET['email'], $_GET['email_code']) === true) {
$email = trim($_GET['email']);
$email_code = trim($_GET['email_code']);
$user = new User();
if($user->email_exists($email) === false) {
echo 'We cannot find that email';
} else if ($user->activate($email, $email_code) === false) {
echo 'problem activate your account';
}
}
?>
In the classes dir I got a file called User.php
The activate function
function activate ($email, $email_code) {
$email = mysql_real_escape_string($email);
$email_code = mysql_real_escape_string($email_code);
require_once '../config.php';
if ($db->get($db->query("SELECT COUNT(`id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) == 1) {
$db->query("UPDATE `users` SET `group` = 1 WHERE `email` = '$email'");
return true;
} else {
return false;
}
}
And the email_exists function:
function email_exists($email) {
return ($this->_db->get($this->_db->query("SELECT COUNT(`id`) FROM `users` WHERE `email` = '$email'"), 0) == 1) ? true : false;
}
Use urlencode and urldecode funcitons while inserting/gettind email from url
$email = urldecode(trim($_GET['email']));
...
$url = 'http://site/?email='urlencode($email);
Check this:
function email_exists($email) {
var_dump($email);exit;
return ($this->_db->get($this->_db->query("SELECT COUNT(`id`) FROM `users` WHERE `email` = '$email'"), 0) == 1) ? true : false;
}