I'm working on a website with where a user profile page is part of.
This is my code on top of the page:
<?php
require 'includes/connect.inc.php';
session_start();
$id = $_SESSION['user_id'];
$userResult = mysqli_query("SELECT * FROM users where user_id ='$id'");
while($userRow = mysqli_fetch_array($userResult)) {
$avatar = $userRow['avatar'];
$locatie = $userRow['locatie'];
$info = $userRow['info'];
$email = $userRow['email'];
$username = $userRow['username'];
}
?>
And this is the part where it has to display the rows from the database (the part the user can see when he is on his own profile page)
<?php if(isset($_SESSION['username'])){
?>
<div class="col-lg-6">
<h4>Naam:</h4>
<p><?php echo $username; ?></p>
<h4>Locatie:</h4>
<p><?php echo $locatie; ?></p>
<h4>E-mailadres:</h4>
<p><?php echo $email; ?></p>
<h4>Informatie:</h4>
<p><?php echo $info; ?></p>
Klik hier om uw profiel te bewerken.
</div>
<div class="col-lg-6">
<?php echo "<img class='useravatar' src='/avatar/user" . $id . ".jpg'></img>"; ?>
<?php
} else {
echo "U hebt geen bevoegdheid om deze pagina te bekijken";
}
?>
Why does it not show anything?
this is the verify page from the login form:
$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die(mysql_error());
$row = mysql_num_rows($query) or die(mysql_error());
if($row == 1){
$queryFetch = mysql_fetch_array($query);
session_start();
$_SESSION['username'] = $queryFetch['username'];
$_SESSION['role'] = 'user';
$_SESSION['email'] = $queryFetch['email'];
$_SESSION['user_id'] = $queryFetch['user_id'];
if(isset($_SESSION['username'])){
header ('location: /usercp.php');
}
}
}
?>
Related
I'm currently doing a private chat (style messenger), and I got a problem..
I have a href a link which sends an ID using GET to another page, the thing is that on the other page I load a jquery script which again sends to another page, suddenly it no longer finds the ID GET, what should I do? I want to actualise the page (the messages) thanks (noted that I'm new, I'm not enough good to use ajax or something..)
message.php
message
<?php
// $allUsers = 'SELECT * FROM members WHERE name LIKE "%cc%" ORDER BY id DESC' / SEARCH MEMBERS
$allUsers = $dbh->query('SELECT * FROM members ORDER BY id DESC LIMIT 0, 5');
if ($allUsers->rowCount() > 0)
{
while ($user = $allUsers->fetch())
{
?>
<div id="s_un_main">
<div class="s_un_main_pun">
<img src="../images/avatar/<?php echo $user['avatar'];?>">
<p><?php echo $user['name']; ?></p>
</div>
<div class="s_un_main_pdeux">
<a class="private" target="_blank" href="private.php?id=<?php echo $user['id']; ?>">Message</a>
</div>
</div>
<?php
}
}
else
{
echo "<p>" . "Aucun utilisateur trouvé. " . "</p>";
}
?>
private.php
private
<div id="get_name">
<?php
// USERINFO
if (isset($_SESSION['id']) AND !empty($_SESSION['id']))
{
$getid = $_GET['id'];
$req = $dbh->prepare('SELECT * FROM members WHERE id = :getid');
$req->bindValue('getid', $getid);
$req->execute();
$userinfo = $req->fetch();
}
?>
<div>
<img id="img_header" width="50" src="../images/avatar/<?php echo $userinfo['avatar'];?>">
</div>
<?php echo "<p>" . $userinfo['name'] . "</p>"; ?>
</div>
<section id="zz">
<div id="show_msg">
<?php
// AFFICHER LES MESSAGES
$getid = $_GET['id'];
$takeMsg = $dbh->prepare('SELECT * FROM private WHERE id_sender = :sender AND id_receipter = :receipter OR id_sender = :senderr AND id_receipter = :receipterr');
$takeMsg->bindValue('sender', $_SESSION['id']);
$takeMsg->bindValue('receipter', $getid);
$takeMsg->bindValue('senderr', $getid);
$takeMsg->bindValue('receipterr', $_SESSION['id']);
$takeMsg->execute();
while ($message = $takeMsg->fetch())
{
if ($message['id_receipter'] == $_SESSION['id'])
{
?>
<p style="color: red"><?php echo $message['message']; ?></p>
<?php
}
elseif ($message['id_receipter'] == $_GET['id'])
{
?>
<p style="color: green "><?php echo $message['message']; ?></p>
<?php
}
}
?>
</div>
</section>
<form id="private_form" method="POST" action="">
<textarea name="message"></textarea>
<input type="submit" name="send"></input>
</form>
<script>
setInterval('load_messages()', 1500);
function load_messages()
{
$('#zz').load('private_message.php');
}
</script>
private_message.php
error
<!-- DB -->
<?php include("../db/db.php"); ?>
<!-- DB -->
<?php
// AFFICHER LES MESSAGES
$getid = $_GET['id'];
var_dump($getid);
$takeMsg = $dbh->prepare('SELECT * FROM private WHERE id_sender = :sender AND id_receipter = :receipter OR id_sender = :senderr AND id_receipter = :receipterr');
$takeMsg->bindValue('sender', $_SESSION['id']);
$takeMsg->bindValue('receipter', $getid);
$takeMsg->bindValue('senderr', $getid);
$takeMsg->bindValue('receipterr', $_SESSION['id']);
$takeMsg->execute();
while ($message = $takeMsg->fetch())
{
if ($message['id_receipter'] == $_SESSION['id'])
{
?>
<p style="color: red"><?php echo $message['message']; ?></p>
<?php
}
elseif ($message['id_receipter'] == $_GET['id'])
{
?>
<p style="color: green "><?php echo $message['message']; ?></p>
<?php
}
}
?>
var_dump($id) = not found
How to detect link in some text which is included from chat database and detect default meta information and put it to text like on discord.
ATTACHMENT
CODE
<?
session_start();
include('../../php/connect.php');
if(isset($_GET['uid']) && isset($_GET['cid']) && isset($_SESSION['user'])) {
$uid = $_GET['uid'];
$user = $_SESSION['user'];
$check = mysqli_query($con, "SELECT * FROM users WHERE id = '$uid'");
$ch = mysqli_fetch_array($check);
if($ch['username'] == $user) {
$cid = $_GET['cid'];
$uq = mysqli_query($con, "SELECT * FROM users WHERE id = '$cid'");
$u = mysqli_fetch_array($uq);
$asd = $u['username'];
$photo = $ch['photo'];
$query = mysqli_query($con, "SELECT * FROM users WHERE username = '$asd'");
$q = mysqli_fetch_array($query);
$row = mysqli_query($con, "SELECT * FROM messages WHERE (user1,user2,type) = ('$user','$asd','message') OR (user2,user1,type) = ('$user','$asd','message') ORDER BY id ASC");
while($result = mysqli_fetch_object($row)) { $date = date_create($result->sent); $time = date_format($date, 'H:i'); $date = date_format($date, 'd.m.Y');
?>
<div class="message" id="message">
<div class="hr-text">
<span>
<? echo $date; ?>
</span>
</div>
<div id="avatar" class="avatar-u"><img src="<? if($result->user1 == $asd) { echo '../../img/avatars/'.$q['photo']; } elseif($result->user1 == $user) { echo '../../img/avatars/'.$photo; } ?>">
</div>
<span class="username-u">
<? echo $result->user1; ?>
</span>
<span class="time">
<? echo $time; ?>
</span>
<div class="message-content">
<? echo '<xmp>'.$result->content.'</xmp>'; ?>
</div>
</div>
<?
}
} else {
header('location: ../index.php');
}
} else {
header('location: ../index.php');
}
?>
AJAX imports this site to #content-frame every 750ms.
I just want for example paste detected link to <a> element and then write some meta information like in ATTACHMENT upper
I went through multiple processes of trying to accomplish this, but couldn't quite figure it out. I went on Stack Overflow to find duplicate answers. I found some and try to adjust them into my code. Still no use. I'm trying to say if I'm logged in go to the profile page and if a username is in the database, I want you to display their name. If not in the database, then just don't show anything. Here is what I came up with:
if (isset($_SESSION['user_id'])){
$username = mysqli_real_escape_string($con, $_POST['username']);
$sql = "SELECT * FROM users WHERE username = '".$username."'";
$result = mysqli_query($con,$sql);
if(mysqli_num_rows($result)>=1){
echo "User was found in the database";
}
else{
echo "User was not found in the database.";
}
}
So the if isset user_id basically says if I'm logged in then do this. The code after that is trying to find if a username is found in that database. If so then say it's found. If not, then don't. I hope this was clear! Thank you!
EDIT: Here is the HTML Code:
<?php
session_start();
ob_start();
include_once('dbconnect.php');
?>
<div class="banner_container">
<div class="jumbotron text-center">
<?php
if (isset($_SESSION['user_id']) && isset($_POST['username'])){
if(($_SESSION['user_id'] != "") && ($_POST['username'] != "")){
$user_id = $_SESSION['user_id'];
$username = mysqli_real_escape_string($con, $_POST['username']);
$sql = "SELECT * FROM users WHERE username = '".$username."' AND user_id !=".$user_id;
$result = mysqli_query($con, $sql);
if(mysqli_num_rows($result) > 0){
echo "User was found in the database";
}
else{
echo "User was not found in the database.";
}
}
else{
echo "Username or user Id is empty";
}
}
?>
<?php
echo "<h1>";
echo $_SESSION['first_name'];
echo " ";
echo $_SESSION['last_name'];
echo "</h1>";
echo "<p>";
echo '"';
echo $_SESSION['quote'];
echo '"';
echo "<br>";
echo $_SESSION['who'];
echo "</p>";
?>
</div>
</div>
<li>Home</li>
<li> About</li>
<li class="qotd"> Quote of the Day</li>
<li class="all_categories">All Categories</li>
<li> Authors</li>
<?php
if(isset($_SESSION['user_id'])){
echo $_SESSION['user_id'];
echo '<li id="active" class="dropdown">';
echo '<a id="act_color" href="#" class="dropdown-toggle" data-toggle="dropdown">';
echo $_SESSION['first_name'];
echo "'s";
echo ' ';
echo "Profile";
echo '<b class ="caret"></b></a>';
echo '<ul class="dropdown-menu">';
echo '<li> Profile</li>';
echo '<li>Log out</li>';
echo '</ul>';
echo '</li>';
echo '</a>';
echo '</li>';
} else {
}
?>
This is the profile page that I'm on.
Use this code:
if (isset($_SESSION['user_id']) && isset($_POST['username'])){
if(($_SESSION['user_id'] != "") && ($_POST['username'] != "")){
$user_id = $_SESSION['user_id'];
$username = mysqli_real_escape_string($con, $_POST['username']);
$sql = "SELECT * FROM users WHERE username = '".$username."' AND user_id !=".$user_id;
$result = mysqli_query($con, $sql);
if(mysqli_num_rows($result) > 0){
echo "User was found in the database";
}
else{
echo "User was not found in the database.";
}
}
else{
echo "Username or user Id is empty";
}
}
I am trying to have make it so if a user looks at their page they can see the assignments that they have either been working on or have completed. Then I want to make it so that if they look at another users page they can see the projects that they have created.
$my_id = $_SESSION['user_id'];
$frnd_query = mysql_query("SELECT user_one, user_two FROM frnds WHERE user_one = '$my_id' OR user_two = '$my_id'");
while($run_frnd = mysql_fetch_array($frnd_query)) {
$user_one = $run_frnd['user_one'];
$user_two = $run_frnd['user_two'];
if($user_one == $my_id) {
$user = $user_one;
} else {
$user = $user_two;
}
$username = getuser($user, 'username');
echo "<a href = 'my_ideas.php?user=$user' class = 'list' style=display:block>Ideas</a>";
?>
<ul>
<li><a href = '#my_links'>Linked Ideas</a></li>
<li><a href = '#idea_chemistry'>My Idea Chemistry</a></li>
<li><a href = 'settings.php'>Profile Settings</a></li>>
</ul>
</div>
<div id = 'my_projects'>
<?php
if($user != $_SESSION['user_id']) {
$ideas_sql = "SELECT * FROM projects WHERE user_id = $username";
$query = mysql_query($ideas_sql) or die(mysql_error());
$rsIdeas = mysql_fetch_assoc($query);
do {
?>
<h2><a href = 'edit_post.php?id=<?php echo $rsIdeas['id']; ?>'><?php echo $rsIdeas['name']; ?></a></h2>
<?php echo $rsIdeas['keywords']; ?></p>
<p><?php echo $rsIdeas['description']; ?></p>
<?php } while ($rsIdeas = mysql_fetch_assoc($query));
} else {
$ideas_sql = "SELECT * FROM projects WHERE user_id = $my_id";
$query = mysql_query($ideas_sql) or die(mysql_error());
$rsIdeas = mysql_fetch_assoc($query);
do {
?>
<h2><a href = 'edit_post.php?id=<?php echo $rsIdeas['id']; ?>'><?php echo $rsIdeas['name']; ?></a></h2>
<p><?php echo $rsIdeas['keywords']; ?></p>
<p><?php echo $rsIdeas['description']; ?></p>
<?php } while ($rsIdeas = mysql_fetch_assoc($query));
}
?>
<?php
}
?>
I have googled this and searched for related questions on here but I cannot seem to find anything that helps with my problem.
This is basically a code review question. There is also another site on SO network where you could place this type of question. Although you should show that you have some knowledge of coding.
I am not sure why there isn't a starting PHP tag, but here is the first part.
<?php
$my_id = $_SESSION['user_id'];
$frnd_query = mysql_query("SELECT user_one, user_two FROM frnds WHERE user_one = '".$my_id."' OR user_two = '".$my_id."'");
while($run_frnd = mysql_fetch_array($frnd_query)) {
$user_one = $run_frnd['user_one'];
$user_two = $run_frnd['user_two'];
if($user_one == $my_id) {
$user = $user_one;
} else {
$user = $user_two;
}
$username = getuser($user, 'username');
echo "<a href = 'my_ideas.php?user='".$user."' class = 'list' style=display:block>Ideas</a>";
?>
<ul>
<li><a href = '#my_links'>Linked Ideas</a></li>
<li><a href = '#idea_chemistry'>My Idea Chemistry</a></li>
<li><a href = 'settings.php'>Profile Settings</a></li>>
</ul>
<div id = 'my_projects'>
<?php
if($user != $_SESSION['user_id']) {
$ideas_sql = "SELECT * FROM projects WHERE user_id = '".$username."'";
$query = mysql_query($ideas_sql) or die(mysql_error());
$rsIdeas = mysql_fetch_assoc($query);
do {
?>
<h2><a href = 'edit_post.php?id=<?php echo $rsIdeas['id']; ?>'><?php echo $rsIdeas['name']; ?></a></h2>
<?php echo $rsIdeas['keywords']; ?></p>
<p><?php echo $rsIdeas['description']; ?></p>
<?php } while ($rsIdeas = mysql_fetch_assoc($query));
} else {
$ideas_sql = "SELECT * FROM projects WHERE user_id ='".$my_id."'";
$query = mysql_query($ideas_sql) or die(mysql_error());
$rsIdeas = mysql_fetch_assoc($query);
do {
?>
<h2><a href = 'edit_post.php?id=<?php echo $rsIdeas['id']; ?>'><?php echo $rsIdeas['name']; ?></a></h2>
<p><?php echo $rsIdeas['keywords']; ?></p>
<p><?php echo $rsIdeas['description']; ?></p>
<?php } while ($rsIdeas = mysql_fetch_assoc($query));
}
?>
<?php
}
?>
Question: Is this a custom function getuser().
I have a profile page where I retrieve users information.
Profile.php
<?php
require 'core/init.php';
if(!$username = Input::get('user')) {
Redirect::to('index.php');
} else {
$user = new User($username);
if(!$user->exists()) {
Redirect::to(404);
} else {
$data = $user->data();
}
?>
<h3><?php echo escape($data->username); ?></h3>
<p>Membership No: <?php echo escape($data->id); ?></p>
<p>Full name: <?php echo escape($data->name); ?></p>
<p>Date of birth: <?php echo escape($data->dob); ?></p>
<p>Location: <?php echo escape($data->location); ?></p>
<p>Join date: <?php echo escape($data->joined); ?></p>
<?php
I want to retrieve the id of my user to insert into another table in my order page, so far I have this
oerder.php
<?php
session_start();
require 'core/init.php';
$Band_id = mysql_real_escape_string($_POST['band']);
$user_id = $_SESSION['id'];
$sql = "INSERT INTO orders (band_id,user_id) VALUES('$Band_id', '$user_id')";
mysql_query ($sql, $linkme)
or die ("could not add to database");
?>
currently $user_id = $_SESSION['id']; is not placing the users id in my table orders.
I tried
<?php echo escape($data->id); ?>
and
$user_id = $_GET['id'];
but it dose not work, dose anyone know how to retrieve the users id so I can insert it into the db?
What you could do is save user data to the session
$_SESSION['user_data'] = $user->data();
you could assign it back to $data once you check $_SESSION['user_data'] is set, else re query the model.
And session_start() should also be at the top of every file you want to hold session for.
So something like:
Profile.php
<?php
session_start();
require 'core/init.php';
if(!$username = Input::get('user')) {
Redirect::to('index.php');
exit;
}
if(!isset($_SESSION['user_data'])){
$user = new User($username);
if(!$user->exists()) {
Redirect::to(404);
exit;
}
$_SESSION['user_data'] = $user->data();
}
?>
<h3><?php echo escape($_SESSION['user_data']->username); ?></h3>
<p>Membership No: <?php echo escape($_SESSION['user_data']->id); ?></p>
<p>Full name: <?php echo escape($_SESSION['user_data']->name); ?></p>
<p>Date of birth: <?php echo escape($_SESSION['user_data']->dob); ?></p>
<p>Location: <?php echo escape($_SESSION['user_data']->location); ?></p>
<p>Join date: <?php echo escape($_SESSION['user_data']->joined); ?></p>
oerder.php
<?php
session_start();
require 'core/init.php';
if(!isset($_SESSION['user_data'])){
Redirect::to('index.php');
exit;
}
$Band_id = mysql_real_escape_string($_POST['band']);
$user_id = $_SESSION['user_data']->id;
$sql = "INSERT INTO orders (band_id,user_id) VALUES('$Band_id', '$user_id')";
mysql_query ($sql, $linkme)
or die ("could not add to database");
?>
also you should move over to PDO or mysqli.