I am having problems with displaying out users profile information when clicking on their profile. the data shown is my own when logged in so it isn't switching. I cannot find the issue and wondering where I maybe going wrong?
So the information should be showing out on profile.php
if (isset($_GET['username']) === true && empty ($_GET['username']) === false) {
$username = $_GET['username'];
if (user_exists($username) === true) {
$user_id = user_id_from_username($username);
$profile_data = user_data($user_id, 'first_name', 'last_name', 'email');
?>
<h1><?php echo $profile_data['first_name']; ?> profile</h1>
<p><?php echo $profile_data['email'] ?></p>
<?php
} else {
echo 'Sorry, that user does not exist';
}
} else {
header('Location: index.php');
exit();
}
It shows my information and not the user I am trying to view. If I type in a bogus username on the URL it does error out and say they do not exist.
Here is my script to pick the data out of the database:
if (logged_in() === true) {
$session_user_id = $_SESSION ['user_id'];
$user_data = user_data($session_user_id, 'user_id', 'username', 'password', 'first_name', 'last_name', 'email', 'type', 'profile');
if(user_active($user_data['username']) === false) {
session_destroy();
header('Location: index.php');
exit();
}
}
$errors = array();
Im using a .htaccess file o initliase the vanity URL
RewriteEngine On
RewriteCon %{REQUEST_FILENAME} !-f
RewriteCon %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /profile.php?username=$1
so my URL would look like this...
http://mywebsite.com/myname
here is the function for user_data
function user_data($user_id) {
$data = array();
$user_id = (int)$unser_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1){
unset($func_get_args[0]);
$fields = '`' . implode('`, `', $func_get_args) . '`';
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `users` WHERE 'user_id' = $user_id"));
return $data;
}
}
And it does work by changing myname but not switching the user data on the profile page to other users data.
As requested: user_exists() function
function user_exists($username) {
$username = sanitize($username);
$query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'");
return (mysql_result($query, 0) == 1) ? true : false;
}
Try this
function user_data($user_id, $fields = '*') {
// type cast to int
$user_id = (int) $user_id;
// if an array is passed, we implode the array to get fields,
// otherwise we return all rows
if (is_array($fields))
{
$fields = implode('`, `', $fields) . '`';
}
//build query, with LIMIT 1 , I assume username is unique
$qry = "SELECT {$fields} FROM `users` WHERE 'user_id' = {$user_id} LIMIT 1";
$sql = mysql_query($qry);
$result = mysql_fetch_assoc($sql);
// if we have a result, return it, otherwise return false
return (mysql_num_rows($sql) == 1) ? $result : false ;
}
to be used:
$profile_data = user_data($user_id, array('user_id', 'username', 'password', 'first_name', 'last_name', 'email', 'type', 'profile'));
or
$fields = array(
'user_id',
'username',
'password',
'first_name',
'last_name',
'email',
'type',
'profile'
);
$profile_data = user_data($user_id, $fields);
Related
I am using PHP in CodeIgniter. In the Registration function in Controller, I use password_hash for security. Now, I know I need to put password_verify in order to login, but I can't figure out where I am going to put and how.
if(isset($_POST['btnRegister'])){
$this->load->library('form_validation');
$data['first_name'] = $this->form_validation->set_rules('first_name','First Name','required|ucwords|min_length[3]|trim|callback_alpha_dash_space');
$data['last_name'] = $this->form_validation->set_rules('last_name','Last Name','required|ucwords|min_length[3]|trim|callback_alpha_dash_space');
$data['gender'] = $this->form_validation->set_rules('gender','Gender','required');
$data['email'] = $this->form_validation->set_rules('email','Email','required|valid_email');
$data['password'] = $this->form_validation->set_rules('password', 'Password','required');
$data['passconf'] = $this->form_validation->set_rules('passconf', 'Password Confirmation','required|min_length[5]|matches[password]');
if($this->form_validation->run() == FALSE){
$this->load->view('main_view', $data);
}else{
$data = array(
'first_name' => $this->input->post('first_name'),
'last_name' => $this->input->post('last_name'),
'gender' => $this->input->post('gender'),
'email' => $this->input->post('email'),
'password' => password_hash($this->input->post('password'),PASSWORD_DEFAULT)
);
$this->crud_model->insert($data);
redirect(base_url() . 'main/inserted');
}
}else{
$this->load->view('main_view', $data);
}
}
I don't know if it's in the Model or in Controller
check_login in Controller:-
public function check_login(){
$this->load->library('form_validation');
$this->form_validation->set_rules('email', 'Email', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
if($this->form_validation->run()){
$email = $this->input->post('email');
$password = $this->input->post('password');
$num_row = $this->crud_model->login_model($email,$password);
if($num_row->num_rows() > 0){
foreach($num_row->result() as $row):
$my_id['user_id'] = $row->user_id;
endforeach;
$this->session->set_userdata($my_id);
$user_id = $this->session->userdata('user_id');
redirect(base_url() . 'main/home');
}else {
redirect(base_url() . 'main/login' . '?email=' . md5(rand(1,1000)));
}
}else{
$this->login();
}
}
the login_model function in Model:-
function login_model($email, $password){
$this->db->where('email', $email);
$this->db->where('password', $password);
$query = $this->db->get('users_tbl');
return $query;
}
Note:- What you need is to do with firstly fetch the record based on email from the DB where only the email matches (assuming it is the Unique key), after that get the hashed password from Database and compare it with the user inputted password.
Change Login Model to this:-
public function login_model($email, $password){
$this->db->where('email', $email); // fetch by email first
$query = $this->db->get(users_tbl);
$result = $query->row(); // get the row first
if(!empty($result) && password_verify($password, $result->password)){
// if this email exists,then the input password is verified using password_verify() function by database.
return $result;
} else {
return false;
}
}
Please change your Controller Code to :-
$num_row = $this->crud_model->login_model($email,$password);
if($num_row->num_rows() > 0){
foreach($num_row->result() as $row):
$my_id['user_id'] = $row->user_id;
endforeach;
$this->session->set_userdata($my_id);
$user_id = $this->session->userdata('user_id');
redirect(base_url() . 'main/home');
}else {
redirect(base_url() . 'main/login' . '?email=' . md5(rand(1,1000)));
}
}else{
$this->login();
}
This:-
$admin_result = $this->crud_model->login_model($email,$password);
if ($admin_result >0){ //active user record is present
$this->session->set_userdata('admin_session',$admin_result);
$this->session->set_flashdata('login_message', '<div class="alert alert-success text-center">You are Successfully Login to your account!</div>');
redirect(base_url().'main/home');
}else{
redirect(base_url() . 'main/login' . '?email=' . md5(rand(1,1000)));
}
}else{
$this->login();
}
It solved my problem by putting it into Controller and here's the code:
public function check_login(){
$this->load->library('form_validation');
$this->form_validation->set_rules('email', 'Email', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
if($this->form_validation->run()){
$email = $this->input->post('email');
$password = $this->input->post('password');
$query = $this->crud_model->login_model($email, $password);
if($query->num_rows() > 0){
$rowquery = $query->row();
if (password_verify($password, $rowquery->password)){
foreach($query->result() as $row):
$my_id['user_id'] = $row->user_id;
endforeach;
$this->session->set_userdata($my_id);
$user_id = $this->session->userdata('user_id');
redirect(base_url() . 'main/home');
}
}else {
redirect(base_url() . 'main/login' . '?email=' . md5(rand(1,1000)));
}
}else{
$this->login();
}
}
while the login model should be this:
function login_model($email, $password){
$this->db->where('email', $email);
$query = $this->db->get('users_tbl');
return $query;
}
I'm getting error:
Undefined variable: user_data in loggedin.php
My register page is fine it register successfully users.When i log in it displays me all the information but not the user_data.If somebody can write me where is my fault.My
init.php
<?php
session_start();
error_reporting(0);
require 'database/connect.php';
require 'functions/general.php';
require 'functions/users.php';
$_SESSION['user_id'] = (int)1;
if(logged_in() === false) {
$session_user_id = $_SESSION['user_id'];
$user_data = user_data($session_user_id, 'user_id', 'username', 'password', 'first_name', 'last_name', 'email', 'profile', 'textarea', 'writingname', 'writing');
echo $user_data['password'];
if(user_active($user_data['username']) === false) {
session_destroy();
header('Location: index2.php');
exit();
}
}
$errors = array() ;
?>
users.php :
function user_data($user_id) {
$data = array();
$user_id = (int)$user_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1) {
unset($func_get_args[0]);
$fields = '`' . implode ('`, `', $func_get_args) . '`';
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `users` WHERE `user_id` = $user_id"));
return $data;
}
}
function logged_in() {
return (isset($_SESSION['user_id'])) ? true : false;
}
function user_exists($username) {
$username = sanitize($username);
return (mysql_result( mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` ='$username' "), 0) == 1) ? true : false;
}
And my
loggedin.php :
<div class="widget">
<h2 onClick="document.location.href='index2.php'">Hello<?php echo $user_data['first_name']; ?> ! </h2>
<div class="inner">
did you pass your $user_data from init.php to loggedin.php???
$user_data is not a session, so you can't just make $user_data in init.php and echo it in loggedin.php...
CMIIW
var_dump might help you tho'
change you init.php code to this one below.
<?php
session_start();
error_reporting(0);
require 'database/connect.php';
require 'functions/general.php';
require 'functions/users.php';
$_SESSION['user_id'] = (int)1;
if(logged_in() === false) {
$session_user_id = $_SESSION['user_id'];
$user_data = user_data($session_user_id);// just send user id here stored in session.
echo $user_data['password'];
if(user_active($user_data['username']) === false) {
session_destroy();
header('Location: index2.php');
exit();
}
}
$errors = array() ;
?>
I'm a bit new to Codeigniter, so I need some help, please if you can just post here the answer. Thank you.
Here is my Controller:
public function login()
{
$this->load->library('form_validation');
$this->form_validation->set_rules('email', 'Email', 'required|valid_email|min_length[3]');
$this->form_validation->set_rules('passwd', 'Passwd', 'required|min_length[3]');
$data = array();
if ($this->form_validation->run())
{
$email = $this->input->post('email');
$passwd = $this->input->post('passwd');
$this->load->model('user_model');
if ($this->user_model->check($email, $passwd))
{
$this->session->set_userdata('user', $email);
redirect(base_url('/'));
}
else
{
$data['error'] = 'Wrong e-mail or password.';
}
}
$this->load->view('login', $data);
}
and here is my Model:
public function __construct()
{
// Call the CI_Model constructor
parent::__construct();
}
public function check($email = NULL, $password = NULL)
{
$this->db->select('id');
$this->db->where('email', $email);
$this->db->where('password', sha1($password));
$this->db->limit(1);
$result = $this->db->get('php_users_login');
return ($result->num_rows() == 1);
}
I would like to put user-id into the session (database structure like id, email, password...)
Thank you for helping!
try this
Model
$this->db->select('id');
$this->db->where('email', $email);
$this->db->where('password', sha1($password));
$this->db->limit(1);
$result = $this->db->get('php_users_login');
return $result->row();
Controller
$checkData=$this->user_model->check($email, $passwd);
if(count($checkData)==1){
$this->session->set_userdata('user_id', $checkData->id);
}
Try this
In Controller
public function login()
{
$this->load->library('form_validation');
$this->load->model('user_model');
$this->form_validation->set_rules('email', 'Email', 'required|valid_email|min_length[3]');
$this->form_validation->set_rules('passwd', 'Passwd', 'required|min_length[3]');
$data = array();
if ($this->form_validation->run())
{
$email = $this->input->post('email');
$passwd = $this->input->post('passwd');
$result = $this->user_model->check($email, $passwd);
if ($result == true)
{
$newdata = array(
'email' => $email,
'logged_in' => TRUE
);
$this->session->set_userdata($newdata);
$this->load->view('home', $data); # load view
}
else
{
$data['error'] = 'Wrong e-mail or password.';
$this->load->view('login', $data);
}
}
else{
echo "Form validation Error";
}
}
In model
public function check($email, $password)
{
$query = $this->db->query("SELECT * FROM php_users_login WHERE email = '$email' AND password = sha1('$password') ");
$result = $query->result_array();
$count = count($result);
if (empty($count) || $count > 1 ) {
return false;
}
else{
return true;
}
}
You can set userid in session as:
Use this in your model:
public function check($email = NULL, $password = NULL)
{
$userid = 0;
$this->db->select('id');
$this->db->where('email', $email);
$this->db->where('password', sha1($password));
$this->db->limit(1);
$result = $this->db->get('php_users_login');
if($result->num_rows() == 1){
$data = $query->result_array();
$userid = $data[0]['id'];
}
return $userid;
}
In Controller:
// if login successfull
$this->load->model('user_model');
$userid = $this->user_model->check($email, $passwd);
if ($userid > 0)
{
// session array
$session_data = array(
'session_userid' => $userid,
'session_email' => $email
);
$this->session->set_userdata($session_data);
redirect(base_url('/'));
}
else
{
$data['error'] = 'Wrong e-mail or password.';
}
Side Note:
I didn't see session library included in your code, make sure you are using in autoload.php or included in the same controller.
$this->load->library('session');
So I have created a function:
function user_data($user_id) {
$data = array();
$user_id = (int)$unser_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1){
unset($func_get_args[0]);
$fields = '`' . implode('`, `', $func_get_args) . '`';
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `users` WHERE 'user_id' = $user_id"));
return $data;
}
}
By mistake I crated a typo unser_id but didnt relise up until I had to troubleshoot further along the line in my code.
I am creating a login script but the point in which I am having to troubleshoot is showing profile data from my other users.
The reason I point out the typo part is because it for some reason is a strange error. If I change it to user_id it will not allow me to login anymore. If I leave it as under_id it works.
I am having to troubleshoot because I believe this is the cause of the problem I am having trying to view other users profiles and showing their information and not mine which is happening right now.
For example, in my url www.mywebsite.com/myprofile shows my username and my email address, if I type in www.mywebsite.com/otherprofile it still shows my information. But it does show a query if I type a user that does not exist in my database so that part works.
I believe the issue all stems form this typo but am really stuck as to appraoch a resolve?
So here is the other code:
profile page:
if (isset($_GET['username']) === true && empty ($_GET['username']) === false) {
$username = $_GET['username'];
if (user_exists($username) === true) {
$user_id = user_id_from_username($username);
$profile_data = user_data($user_id, 'first_name', 'last_name', 'email');
?>
<p><?php echo $profile_data['profile']; ?></p>
<h1><?php echo $profile_data['first_name']; ?> profile</h1>
<p><?php echo $profile_data['email'] ?></p>
<?php
} else {
echo 'Sorry, that user does not exist';
}
} else {
header('Location: index.php');
exit();
}
Here all the related functions:
function logged_in(){
return (isset($_SESSION['user_id'])) ? true : false;
}
function user_exists($username) {
$username = sanitize($username);
$query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'");
return (mysql_result($query, 0) == 1) ? true : false;
}
function email_exists($email) {
$email = sanitize($email);
$query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email'");
return (mysql_result($query, 0) == 1) ? true : false;
}
function user_active($username) {
$username = sanitize($username);
$query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `active` = 1");
return (mysql_result($query, 0) == 1) ? true : false;
}
function user_id_from_username($username) {
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id');
}
function login($username, $password) {
$user_id = user_id_from_username($username);
$username = sanitize($username);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password' "), 0) == 1) ? $user_id : false;
}
The problem in your first function is that you are quoting your column name with single quotes:
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `users` WHERE 'user_id' = $user_id"));
^ ^
That means that you are not actually using the column user_id but a string.
You should change that to:
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `users` WHERE `user_id` = $user_id"));
(or without the backticks...).
Apart from that you are using the deprecated mysql_* functions and you don't have any error handling. You should switch to PDO or mysqli using prepared statements and make sure it throws exceptions (both can) so that you know exactly what goes wrong.
You are replacing the argument $user_id passed to user_data by $unser_id:
$user_id = (int)$unser_id;
This way, the value of $user_id will always be whatever is stored in $unser_id, not what is passed to the function. You should try removing the line, so the code actually uses the user id you are passing it.
If you do not have any variable called $unser_id you should check the PHP error logs. I suspect there will be lines saying something like Undefined variable: unser_id.
i am creating a user accounts system for my website however when i use the include 'core/init.php'; function i get the error. This could be something really simple as I am a beginner and just learning.
Fatal error: Cannot redeclare user_data() (previously declared in C:\xampp\htdocs\PatchMyPC\core\functions\users.php:3) in C:\xampp\htdocs\PatchMyPC\core\functions\users.php on line 17
here is the code for my users.php & init.php files
init.php
<?php
session_start();
//error_reporting(0);
require 'database/connect.php';
require 'functions/users.php';
require 'functions/general.php';
if (logged_in() === true) {
$session_user_id = $_SESSION['user_id'];
$user_data = user_data($session_user_id, 'user_id', 'username', 'password', 'first_name', 'last_name', 'email');
if (user_active($user_data['username']) === false) {
session_destroy();
header('Location: index.php');
exit();
}
}
$errors = array();
?>
users.php
<?php
function user_data($user_id) {
$data = array();
$user_id = (int)$user_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1) {
unset($func_get_args[0]);
$fields = '`' . implode('`, `', $func_get_args) . '`';
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `users` WHERE `user_id` = $user_id"));
return $data;
}
}
function logged_in() {
return (isset($_SESSION['user_id'])) ? true : false;
}
function user_exists($username) {
$username = sanitize($username);
return (mysql_result($query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'"), 0) == 1) ? true : false;
}
function user_active($username) {
$username = sanitize($username);
return (mysql_result($query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `active` = 1"), 0) == 1) ? true : false;
}
function user_id_from_username($username) {
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id');
}
function login($username, $password) {
$user_id = user_id_from_username($username);
$username = sanitize($username);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'"), 0) ==1) ? $user_id : false;
}
?>
Probably you require users.php twice.
use:
require_once('users.php');
in all your files to overcome this problem.