I'm trying to get users email addresses when they log in so I can they can be entered into my database and given a unique ID. I've managed to retrieve user display names and store them in the database using this code however its not working with the email address.
session_start();
if(property_exists($profile->profile,'displayName')){
$_SESSION['username'] = $profile->profile->displayName;
$_SESSION['email'] = $profile->profile->email;
$_SESSION['logged']="logged";
$username = $_SESSION['username'];
$email = $_SESSION['email'];
require_once("db_connect.php");
$query="SELECT email FROM users WHERE email = '$email'";
mysqli_select_db($db_server, $db_database);
$result=mysqli_query($db_server, $query);
if($result != $email){
$query = "INSERT INTO users (username, email) VALUES ('$username', '$email')";
mysqli_query($db_server, $query) or
die("Insert failed. ". mysqli_error($db_server));
}else{
echo "Login error.";
}
mysqli_free_result($result);
require_once("db_close.php");
header('location:home.php');
}else{
$_SESSION['username'] = '(Anonymous)';
$_SESSION['logged']="logged";
header('location:home.php');
}
Thanks for your help.
It sounds like it has to do with what information the providers share by default. I believe these steps should fix it:
Log in to https://dashboard.janrain.com/
Select your Engage application
In the "Providers" box, hover over the one that you are trying to authenticate with
Click the small wrench icon that appears after you've hovered over the provider
Make sure that the "Ask" box is checked next to "email"
Let me know if that works out for you!
Related
I'm new to PHP and I'm going to try to explain it the way I could :D. I'm trying to accomplish when the user logged in (using username and password), it opens a new page with the users name, address etc.
In my database table, I have a username, password, name and address.
I was able to accomplish the login page using session but would like to how to get/fetch those information like name and address to the new page it opens.
Thank you,
MD :)
correct me if i'm wrong.
Here is how u fetch the information from a certain table by using PHP and MySQL(PhpMyAdmin) database.
$conn = mysqli_connect("localhost", "root", "", "hotel"); //Connecting to the database
if($conn){
$sql = "SELECT USER_NAME, USER_PASS FROM USER"; //SELECT statement
$result = $conn->query($sql); //Executing the statement
if(mysqli_query($conn, $sql)){ //If query success
while($row = $result->fetch_assoc()){ //While loop to retrieve all data
$user = $row["USER_NAME"]; //Assign Column USER_NAME in database to $user
$pass = $row["USER_PASS"]; //Assign Column USER_PASS in database to $pass
echo $user."</br>".$pass."</br>"; //Displaying the content
}
}else{
echo "Query failed";
}
}else{
die("Fatal Error");
}
$conn->close(); //Close the database connection
I am a beginner in PHP & MySQL, I am trying to create this register form for a project I am working on currently, here is the PHP script, btw.. If there is a lot of mistakes, it is because I have just started!
The problem I am having is that it does not check the database if the email or username match, because if it did, it should reject.
PHP code:
<?php
//register php
error_reporting(0);
$regUsername = $_POST['reg-username'];
$regEmail = $_POST['reg-email'];
$regPassword = $_POST['reg-password'];
if(isset($regUsername) && isset($regEmail) && isset($regPassword)){
$connect = mysql_connect('localhost', 'root', '');
$selectDB = mysql_select_db('supermazad');
$query = mysql_query("INSERT INTO users (username, email, password) VALUES ('$regUsername', '$regEmail', '$regPassword')");
$checkIfSame = mysql_query("SELECT * FROM users WHERE username AND email LIKE '$query' ");
echo '<h1 class="successMessage">You have successfully registered!</h1>';
}
if($regUsername || $regEmail == $checkIfSame){
echo '<h1 class="errorMessage">The username or e-mail already exists.</h1>';
}
?>
You are trying to check if the username and email already exist in the database after inserting the username and email into the database. You should check beforehand either via a select with the username and email provided in the registraton, or by placing a unique key constraint on username and email fields.
Please use mysqli instead of mysql because it's safer
remove error_reporting(0)
don't use "like" because it might have many result
syntax error on the mysql query
try this one just debug if there are error but I think this works
$regUsername = $_POST['reg-username'];
$regEmail = $_POST['reg-email'];
$regPassword = $_POST['reg-password'];
if(isset($regUsername) && isset($regEmail) && isset($regPassword)){
$mysqli = mysqli_connect("localhost","root","","supermazad") or die("Error " . mysqli_error($mysqli));
$queryInsert = "INSERT INTO users (username, email, password)
VALUES
('$regUsername', '$regEmail', '$regPassword')";
mysqli_query($mysqli, $queryInsert); //this will insert the data from db
$queryUser = "SELECT username,email FROM users WHERE username = '$regUsername' AND email = '$regEmail'"; // this will authenticate and uses an exact match
$result = $mysqli->query($queryUser);
$row = mysqli_fetch_array($result);
echo '<h1 class="successMessage">You have successfully registered!</h1>';
}
if($regUsername == $row['username'] && $regEmail == $row['email']){ //this check if email and username are match with database $row['username'] store username from mysql field and $row['email'] do the same
echo '<h1 class="errorMessage">The username or e-mail already exists.</h1>';
}
by the way this is normal for a beginner but please improve your coding in the near future, make it cleaner and organize
I think you should do it like this after $selectDB = mysql_select_db('supermazad');:
$checkIfSame = mysql_query("SELECT * FROM users WHERE username LIKE '".$regUsername."' OR email LIKE '".$regEmail."' ");
if (mysql_num_rows($checkIfSame ) > 0) {
echo '<h1 class="errorMessage">The username or e-mail already exists.</h1>';
} else {
//insert new user here
$query = mysql_query("INSERT INTO users (username, email, password) VALUES ('$regUsername', '$regEmail', '$regPassword')");
}
Also, you have this in your post :
if the email or username match
so you should be using OR, not AND
Try this:
$checkIfSame = mysql_query("SELECT * FROM users WHERE username LIKE '".$regUsername."' OR email LIKE '".$regEmail."' ");
if (mysql_num_rows($checkIfSame ) > 0) {
echo '<h1 class="errorMessage">The username or e-mail already exists.</h1>';
} else {
//insert new user here
$query = mysql_query("INSERT INTO users (username, email, password) VALUES ('$regUsername', '$regEmail', '$regPassword')");
}
I want to check if the username of email already exists in the DB when a user signs up to my website.
I have the following code which isn't working and i'm not sure why. If anyone could point me in the right direction to validate against already existing info in the DB I would greatly appreciate it! Thanks
$query = mysql_query("
SELECT *
FROM users
WHERE username = '". $username ."'
OR email = '". $email ."'"
);
if (mysql_num_rows($query) > 0){
die ('Username or email already in use.');
}
This can be done by changing the username field as a primary key or unique.
Or run the sql
SELECT username FROM table WHERE username='$php_username_var';
Please look at the following code, this is being used on the sign up page of my site, I hope you get your answer.
$sq="SELECT * FROM users WHERE username='$username' and password='$password'";
$rsult=mysql_query($sq); $count=mysql_num_rows ($rsult);
if($count==1){echo "username already in use"; }
else
{
$sql="INSERT INTO $tbl_name(username, password, sex, place)
VALUES('$username', '$password', '$sex', '$place')"; }
$result=mysql_query($sql); if($result)
{header("location:home.php"); }
else
{ echo "Error, please go back and sign up again! "; } ?>
I have a registration script where the user id is saved as a session variable after registration and the user is redirected to their homepage. For some reason the user id is not being stored in the session variable. This exact same script worked on a different project, I simply took the project and changed the database connection settings and now it's not working.
Here is the registration script:
mysqli_connect($db_host, $db_user, $db_pass) OR DIE (mysqli_error());
// select the db
mysqli_select_db ($link, $db_name) OR DIE ("Unable to select db".mysqli_error($db_name));
// our sql query
$sql = "INSERT INTO seekers (first_name, last_name, username, email, password, salt) VALUES ('$firstName', '$lastName', '$username', '$email', '$hashedPW', '$salt');";
//save the updated information to the database
$result = mysqli_query($link, $sql) or die("Error in Query: " . mysqli_error($link));
if (!mysqli_error($link)) {
$row = mysqli_fetch_assoc($result);
$_SESSION['user_id'] = mysqli_insert_id($link);
$_SESSION['loggedin'] = TRUE;
header("Location: ../index.php");
}
And here is the session checking and db query on the protected page:
session_start();
if(isset($_SESSION['loggedin']) && $_SESSION['user_id'] != 'user_id') {
include_once('includes/user.header.php');
//set user_id
$user_id = $_SESSION['user_id'];
//include the logged in user header
include_once('includes/user.header.php');
//select user information according to their logged in user_id
$sql = $link->query('SELECT * FROM seekers WHERE id = "'.$user_id.'"');
$row = mysqli_fetch_assoc($sql);
//create piece name together
$firstName = $link->real_escape_string($row['first_name']);
$lastName = $link->real_escape_string($row['last_name']);
$fullName = $firstName. " " .$lastName;
//get username
$username = $link->real_escape_string($row['username']);
When I am redirected to the index.php page, everything looks fine, except none of the user information is being queried from the DB.
Can anyone see what is wrong here? I know it's got to be something little and I'm just over looking it.
Please any help would be greatly appreciated.
EDIT: All information is being stored in the database successfully as well.
You are trying to use user_id without a select query ... indeed you must get the last insert id
changed line ;
$_SESSION["user_id"]=mysql_insert_id();
and
if (!mysqli_error($link))
should be
if (!mysqli_error($result))
and
$sql = $link->query('SELECT * FROM seekers WHERE id = "'.$user_id.'"');
to
$sql = $link->query('SELECT * FROM seekers WHERE user_id = "'.$user_id.'"');
I have set my database fields "username" and "email" to unquie, when using the code below this only works if the "username" already exists, an error is then echoed. If they email exists the user gets a mysql duplicate error, when the same error as above should be shown.
<?php
require_once ( 'connection.php' );
$username=$_POST['username'];
$password=md5($_POST['password']);
$email=($_POST['email']);
$ip=$_SERVER['REMOTE_ADDR'];
session_start();
$query = "INSERT INTO users (username, password, email, rank, ip, active) VALUES ('$username','$password', '$email', '1', '$ip', '0')";
$sql = "SELECT username AND email FROM users WHERE username = '$username' AND email = '$email'" ;
$result=mysql_query($sql);
$count=mysql_num_rows($result);
$row = mysql_fetch_array($result);
if ( $count== 0 )
{
if (!mysql_query($query))
{
die('Error: ' . mysql_error());
}
echo "You are signed up, please follow the link on your email to active your account.";
}
else
{
echo "Username or Email already exists"."<br>Try Again</br>";
}
?
Thanks
Try switching
WHERE username = '$username' AND email = '$email'"
to
WHERE username = '$username' OR email = '$email'"
Edit: I'm trying to guess what you're trying to do here. From your description, it seems you want either the username or the email to be unique and you have two separate unique indexes on those columns. Your code checks for the combination of username and email to be unique.
Edit 2: Also, I think you might want to look into the concepts of SQL Injection and Concurrency.
Switch to an OR clause in your WHERE statement instead of AND.
Also, DO NOT use the values given in $_POST (or $_GET and $_REQUEST for that matter) without making sure they are safe. What would happen if I sent a username with SQL in it?
','','','','',''); DELETE FROM users;
Make sure you using add_slashes() or a similar process to clean the data before sending to the database.