I've an member system now I've made when somebody register an account, he need to activate it by his email. He will receive an valid link in his inbox So for example:
activate.php?email=ipoon2#outlook.com&email_code=b5b90ae21e31229878d681680db16bdf This link is valid so when I go to this link, he activates the account succesfully.
You see after ?email= ipoon2#outlook.com So when I change that into ipodn2#outlook.com and the email_code is still the same, he cannot activate his account. He needs to receive an error like We cannot find that email, and when he changes the email_code He will receive an error like this problem activate your account
Thats the problem what I've got When I change the email I don't receive any error. Neither for email_code
I've a file that is called activate.php which this code is including:
<?php
} else if (isset($_GET['email'], $_GET['email_code']) === true) {
$email = urldecode(trim($_GET['email']));
$email_code = trim($_GET['email_code']);
$user = new User();
if(User::email_exists($email) === false) {
echo 'We cannot find that email'; // return error doesn't show up
} else if (User::activate($email, $email_code) === false) {
echo 'problem activate your account'; // return error doesn't show up
}
}
?>
Also I've 2 functions made, there are in the class file User.php
public function email_exists($email) {
require './config.php';
$email = urldecode(trim($_GET['email']));
$sql_30 = $db->query("SELECT COUNT(id) FROM users WHERE email = '$email'");
if ($sql_30->fetch_object() === true) {
return true;
} else if ($sql_30->fetch_object() === false) {
return false;
}
}
public function activate($email, $email_code) {
require './config.php';
$email = urldecode($email);
$email_code = $db->real_escape_string($email_code);
$sql_33 = $db->query("SELECT COUNT(`id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `group` = 0");
if ($sql_33->fetch_object()) {
$db->query("UPDATE `users` SET `group` = 1 WHERE `email` = '$email' AND `email_code` = '$email_code'");
return true;
} else {
return false;
}
}
To me, your email_exists() and activate() are wrong.
if ($sql_30->fetch_object() === true) {
return true;
} else if ($sql_30->fetch_object() === false) {
return false;
}
From the php documentation of mysqli_result::fetch_object :
Returns an object with string properties that corresponds to the fetched row or NULL if there are no more rows in resultset. So your test must be :
if ($sql_30->fetch_object() !== NULL) {
return true;
}
return false;
I guess it should solve your problem.
Related
I would like to output an error message on login if the website is under maintenance however my current code doesn't work and seems to just run as if the maintenance code isn't there. I would like it so if the maintenance column in MySQL database which i have already defined as $maintenance is empty then the user can login like normal however if it contains 1 then the user will see the error message however admins with their IP in the array can still login. I have defined $maintenance in a different file which is included already in my class.user.php. Code is below.
Settings.php
$auth_user = new USER();
$site_name = $auth_user->runQuery("SELECT * FROM `settings` LIMIT 1");
$site_name->execute();
while ($show = $site_name -> fetch(PDO::FETCH_ASSOC)){
$maintenance = $show['maintenance'];
}
Class.user.php
require_once('settings.php');
....other functions here
....other functions here
.....other functions here
.....
public function doLogin($uname,$umail,$upass)
{
try
{
$stmt = $this->conn->prepare("SELECT user_id, user_name, user_email, user_pass, status FROM users WHERE user_name=:uname OR user_email=:umail ");
$stmt->execute(array(':uname'=>$uname, ':umail'=>$umail));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() == 1)
{
if(password_verify($upass, $userRow['user_pass']))
{
session_regenerate_id(false);
return ["correctPass"=>true, "banned"=> ($userRow['status']== 1) ? true : false, "maintenance"=> ($maintenance== 1) ? true : false];
}
else
{
return ["correctPass"=>false];
}
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
Login.php
$validation = $login->doLogin($uname,$umail,$upass);
if($validation["correctPass"]){
if($validation["maintenance"]){
if (!in_array(#$_SERVER['REMOTE_ADDR'], array('1.1.1.1'))){
$error = "Website under maintenance";
}
}
if($validation["banned"]){
$error = "User has been banned";
}else{
if(Token::check($_POST['token'])) {
$stmtt = $login->runQuery("SELECT user_id FROM users WHERE user_name=:uname OR user_email=:umail ");
$stmtt->execute(array(':uname'=>$uname, ':umail'=>$umail));
$userRow=$stmtt->fetch(PDO::FETCH_ASSOC);
$_SESSION['user_session'] = $userRow['user_id'];
$success = "Logged in successfully, redirecting..";
header( "refresh:3;url=dashboard" );
} else {
$error = "Unexpected error occured";
}
}
}
else{
$error = "Incorrect username/email or password";
}
As others have pointed out in comments $maintenance is outside the scope of your doLogin function. If you are interested in just using it as a global variable, you can setup your doLogin function like this:
public function doLogin($uname,$umail,$upass)
{
global $maintenance;
...
Using the global keyword allows you to access variables outside the scope of the current function. A better way would probably be to pass the $maintenance variable into the function as a parameter like this:
public function doLogin($uname,$umail,$upass,$maintenance)
{
...
Then just use in in your Login.php file like this:
$validation = $login->doLogin($uname,$umail,$upass,$maintenance);
Do either of those options work for you?
Alright so, I made this little account check using simple SQL & PHP but it seems to return false instead of true if account exists.
public function ifExists($name) {
$handler = new sql();
$sql = $handler->connect();
$sql->real_escape_string($name);
$result = $sql->query("SELECT ime FROM users WHERE ime='".$name."'");
if($result == false) {
if($result->num_rows != 0) {
$echo = 'account exists';
return true;
}
else {
return false;
}
}
}
And now here is the check
if($result->num_rows != 0) {
$echo = 'account exists';
return true;
}
else {
return false;
}
There is a row with ime='toma' in the sql
if($result == false)
query() only returns false on a syntax error. Also, this is backwards. You should only want to run the code if it's not false. Drop that if block out and it should work
Alright so for some reason, Im always getting that email already exists if it doesnt.
public function emailExists($mail) {
$handler = new sql();
$sql = $handler->connect();
$sql->real_escape_string($mail);
$result = $sql->query("SELECT email FROM users WHERE email='".$mail."'");
if($result->num_rows != 0) return true;
else {
$handler->log_write($mail, "register_fail","NULL");
return false;
}
$sql->close();
return false;
}
Now here is the check
if($user->emailExists() == false) {
$user->create($name, $pass, $email, $age, $gender);
jquery_alert("You have been registered. Thank you for using our services. Enjoy your stay!");
jquery_reload();
}
else {
jquery_alert("This email already exists");
}
Pass email address as argument in method.
if($user->emailExists($email) == false) {
// your code here
}
In your function your returning default value is false
And Also Pass email address in your method.
Try this solution
if($user->emailExists($email) == true) {
$user->create($name, $pass, $email, $age, $gender);
jquery_alert("You have been registered. Thank you for using our services. Enjoy your stay!");
jquery_reload();
}
else {
jquery_alert("This email already exists");
}
I was wondering if anyone could help me - I have successfully created a log in system allowing a user (student) to log in. My system also requires an admin log in, with the admin having privileges to view pages that the student does not. Both the admin and student information comes from two different tables. Below is the code I have used for the student log in (there are two different pages - users and login). I am stuck as to how to implement the admin log in. Any help is appreciated!
(Admin will log in using 'adminnum' and 'adminpassword'.
login.php
<?php
include "core/init.php";
include "includes/content.php";
if (empty($_POST) === false) {
$studentemail = $_POST ['studentemail'];
$studentpassword = $_POST ['studentpassword'];
if (empty($studentemail) === true || empty($studentpassword) === true) {
$errors[] = "You need to enter an email address and password";
} else if (user_exists($studentemail) === false) {
$errors[] = "We can't find that email address. Have you registered?";
} else {
if (strlen($studentpassword) > 32) {
$errors[] = 'Password too long';
}
$login = login($studentemail, $studentpassword);
if ($login === false) {
$errors[] = 'That email/password combination is incorrect';
} else {
$_SESSION['studentid'] = $login;
header('Location: index.php');
exit();
}
}
} else {
$errors[] = 'No data received';
}
include "includes/overall/overall_header.php";
if (empty($errors) === false) {
?>
<h2> We tried to log you in, but...</h2>
<?php
echo output_errors($errors);
}
?>
<center><input id="submit" type="submit" value="Back" onclick="location.href='Login2.php'"></center>
<?php
include "includes/overall/overall_footerloggedout.php";
?>
users.php
<?php
function logged_in() {
return (isset($_SESSION['studentid'])) ? true : false;
}
function user_exists($studentemail) {
$studentemail = sanitize($studentemail);
$query = mysql_query("SELECT COUNT(`studentid`) FROM `student` WHERE `studentemail`
= '$studentemail'");
return (mysql_result($query, 0) == 1) ? true : false;
}
function studentid_from_student ($studentemail) {
$studentemail = sanitize($studentemail);
return mysql_result(mysql_query("SELECT `studentid` FROM `student` WHERE `studentemail` = '$studentemail'"), 0, 'studentid');
}
`function login($studentemail, $studentpassword) {
$studentid = studentid_from_student($studentemail);
$studentemail = sanitize($studentemail);
$studentpassword = md5($studentpassword);
return (mysql_result(mysql_query("SELECT COUNT(`studentid`) FROM `student` WHERE `studentemail` = '$studentemail' AND `studentpassword` = '$studentpassword'"), 0) == 1) ? $studentid : false;
}
?>
I suggest to change your logic, extracting users and admins from two different table. Make them in only one table, but all users should contain column flag for example, where flag=1 is ADMIN and flag=0 is USER.
all i can suggest as i am not a php coder but have done some in the past is to add another field in your database where you will set levels of privileges for users (0 for normal members, 1 for admin). After you have done that just add it to your users script through php coding which i barely know. Hope that helps a little bit.
Im getting this error in a basic register script:
Warning: mysql_result() expects parameter 1 to be resource, boolean given in /Applications/XAMPP/xamppfiles/htdocs/func/user.func.php on line 23
The part of the register.php that's giving me the error is:
<?php
include('init.php'); // user.func.php is included in this file
include('template/header.php');
?>
<h3>Register</h3>
<?php
// Typical $_POST stuff here, down the line the next line is where the error happenes. Also, $register_email below is equal to $_POST['register_email'];
if(user_exists($register_email)) { ***THIS FUNCTION IS WHERE THE PROBLEM IS. THE ACTUAL FUNCTION IS DEFINED BELOW***
$errors[] = 'That email has already been registered';
}
The function from user.func.php that's giving me the error is:
function user_exists($email) {
$email = mysql_real_escape_string($email);
$query = mysql_query("SELECT COUNT(user_id) FROM users WHERE email = '$email'");
return (mysql_result($query, 0) == 1) ? true : false; // ***THIS LINE RIGHT HERE***
}
Any ideas on what might be causing this error. It's an annoying error. Not the first time I've gotten that one.
UPDATE
Thanks for the answers, I've tried each one and I'm getting the exact same error. Here's the full register.php so far:
<?php
include('init.php');
include('template/header.php');
?>
<h3>Register</h3>
<?php
if(isset($_POST['register_email'], $_POST['register_name'], $_POST['register_password'])) {
$register_email = $_POST['register_email'];
$register_name = $_POST['register_name'];
$register_password = $_POST['register_password'];
$errors = array();
if(empty($register_email) || empty($register_name) || empty($register_password)) {
$errors[] = 'All fields required';
} else {
echo 'OK';
}
if(filter_var($register_email, FILTER_VALIDATE_EMAIL) == false) {
$errors[] = 'Email address is not valid';
}
if(strlen($register_email) > 255 || strlen($register_name) > 35 || strlen($register_password) > 35) {
$errors[] = 'Ayo, quit tampering with the html';
}
if(user_exists($register_email)) {
$errors[] = 'That email has already been registered';
}
}
if(!empty($errors)) {
foreach($errors as $error) {
echo $error.'<br />';
}
} else {
}
?>
Now, I must say first that I'm not a mysql specialist and I normally use a DB class (so should you.) But if you are saying that return (mysql_result($query, 0) == 1) ? true : false; line is giving you an error. It means that the line above is not working. Meaning that it is not returning a resource.
You should first debug your function..
function user_exists ($email) {
$email = mysql_real_escape_string($email);
if (!mysql_select_db("users")) {
echo 'Could not select "users" DB.<br />Error: ' . mysql_error();
}
$query = mysql_query("SELECT COUNT(user_id) AS `count` FROM `users` WHERE `email` = '$email'");
echo 'The count is currently: '$query['count'];
// return (mysql_result($query, 0) == 1) ? true : false;
}
If it says that it couldn't select the users DB. Then the problem is in your connections. As I said, I'm no pro. But you should probably connect it like this:
$conn = mysql_connect('localhost', 'mysqluser', 'mypass');
Now you can try this:
function user_exists ($email) {
global $conn;
$email = mysql_real_escape_string($email);
if (!mysql_ping($conn)) {
echo 'Could not ping the mysql. Connection is lost probably :(';
}
$query = mysql_query("SELECT COUNT(user_id) AS `count` FROM `users` WHERE `email` = '$email'", $conn);
echo 'The count is currently: ' . mysql_result($query, 0);
// return (mysql_result($query, 0) == 1) ? true : false;
}
If the code is been debugged and connection is AWESOME! Then:
function user_exists ($email) {
global $conn;
if ($email) {
$query = mysql_query("SELECT COUNT(user_id) AS `count` FROM `users` WHERE `email` = '$email'", $conn);
if (mysql_result($query, 0)) {
return true;
}
}
return false;
}
Or:
function user_exists ($email) {
global $conn;
if ($email) {
$query = mysql_query("SELECT COUNT(user_id) AS `count` FROM `users` WHERE `email` = '$email'", $conn);
if ($result = mysql_fetch_array($query)) {
if ($result['count'] == 0) {
return true;
}
}
}
return false;
}
If you look in the manual, mysql_query() can return a ressource (thats what you expect) OR FALSE if an error occur.
For SELECT, SHOW, DESCRIBE, EXPLAIN and other statements returning resultset, mysql_query() returns a resource on success, or FALSE on error.
For other type of SQL statements, INSERT, UPDATE, DELETE, DROP, etc, mysql_query() returns TRUE on success or FALSE on error.
Change to:
function user_exists($email) {
$email = mysql_real_escape_string($email);
$query = mysql_query("SELECT email FROM users WHERE email = '$email'");
if (false === $query) return false;
return (mysql_num_rows($query) == 1);
}
use
function user_exists($email) {
if(isset($email){
$email = mysql_real_escape_string($email);
$query = mysql_query("SELECT COUNT(user_id) FROM users WHERE email = '$email'");
$result = mysql_result($query,0);
if($result ===false) {
//error occur with the sql statement
//handel the error
}
else
return ($result == 1) ? true : false; // ***THIS LINE RIGHT HERE***
}
}
function user_exists($email) {
$email = mysql_real_escape_string($email);
$query = mysql_query("SELECT COUNT(user_id) FROM users WHERE email = '$email'");
//return (mysql_result($query, 0) == 1) ? true : false; // ***THIS LINE RIGHT HERE***
if( $query ) return ( mysql_result($query, 0) != "" ) ? true : false;
}