We are trying to complete / fix the below code, We cant seem to do the following.
Check if 'Check_Activation' is set to 'NULL' within the Database
IF value is NULL direct the user to one of the forms (1,2,3)
And finally if the 'Check_Activation' has already been activated and isn't 'NULL' prevent user from accessing one of the 3 forms.
I know its basicly there but we can't seem to figure out the final bug.
Please have a quick look at the code below and if anyone notices anything that isn't right please advice us.
Paste Bucket / Version
Website URL
<?php
$username = $_POST['username'];
$activation_code = $_POST['activation_code'];
$activation_codeurl = $activation_code;
$usernameurl = $username;
$db_host = "localhost";
$db_name = "aardvark";
$db_use = "aardvark";
$db_pass = "aardvark";
$con = mysql_connect("localhost", $db_use, $db_pass);
if (!$con){
die('Could not connect: ' . mysql_error());
}
mysql_select_db($db_name, $con);
$checkcustomer = mysql_query("SELECT `Check_Activation` FROM `members` WHERE `Username` = '".$username."' & `Activation` = '".$activation_code."'; ");
$array = mysql_fetch_array($checkcustomer);
if (is_null($array['Check_Activation'])) {
$username = substr($username, 0, 1);
if($username == '1') {
$redirect_url='form-one.php?membernumber='.$usernameurl.'&activation_code='.$activation_codeurl;
} elseif($username == '2') {
$redirect_url='form-two.php?membernumber='.$usernameurl.'&activation_code='.$activation_codeurl;
} elseif($username == '3') {
$redirect_url='form-three.php?membernumber='.$usernameurl.'&activation_code='.$activation_codeurl;
}
header("Location:". $redirect_url);
}
else
{
?>
Try this, You need to fetch the row from table and then you can check the values,
$val = mysql_fetch_array($checkcustomer);
if (is_null($val['Check_Activation']))
instead of
$val = mysql_query($checkcustomer);
if ($val == 'NULL')
NOTE: Use mysqli_* functions or PDO instead of using mysql_* functions(deprecated)
before I get into the technicality of what your are trying to accomplish, I have some advice for your code in general. You should avoid using the mysql api as it is deprecated, and use the mysqli api instead. I think you will also find that it is easier to use.
Now for the code:
You have this line in your code which seems to be incorrect, $checkcustomer is a result set from your previous query, so why are you running it as a query again?
$val = mysql_query($checkcustomer);
You already have the result set so do this:
$array = mysql_fetch_array($checkcustomer);
And then take the value of Check_Aviation;
if (is_null($array['Check_Aviation'])) {
//Do Something
}
Should solve your issue
Related
Here it's I have a problem with my PHP Code + Oracle Login form.
In this PHP file, I make login function. But I have an error like this :
Warning: oci_num_rows() expects parameter 1 to be resource, string given in C:\xampp\htdocs\developers\it\session.php on line 12
Wrong
-
<?php
session_start();
include ("config.php");
$username = $_POST['username'];
$password = $_POST['password'];
$do = $_GET['do'];
if($do=="login")
{
$cek = "SELECT PASSWORD, USER_LEVEL FROM T_USERS WHERE USERNAME='$username' AND PASSWORD='$password'";
$result = oci_parse($conn, $cek);
oci_execute($result);
if(oci_num_rows($cek)==1)
{
$c = oci_fetch_array($result);
$_SESSION['username'] = $c['username']; ociresult($c,"USERNAME");
$_SESSION['USER_LEVEL'] = $c['USER_LEVEL']; ociresult($c,"USER_LEVEL");
if($c['USER_LEVEL']=="ADMINISTRATOR")
{
header("location:supervisor.php");
}
else if($c['user_level']=="User")
{
header("location:user.php");
}
else if($c['user_level']=="Root")
{
header("location:administrator.php");
}
else if($c['user_level']=="Manager")
{
header("location:manager.php");
}
else if($c['user_level']=="Admin")
{
header("location:admin.php");
}
else if($c['user_level']=="Director")
{
header("location:director.php");
}
}
else
{
echo "Wrong";
}
}
?>
I have tried to search in google, but still don't find anything.
Someone knows, what's the problem ?
Thanks for advance.
According to your script instead of
if(oci_num_rows($cek)==1)
you should call
if(oci_num_rows($result)==1)
You probably want to use $result and not $cek when you're asking for the number of rows returned from oci_num_rows(). However, you really want to avoid using $username and $password directly in the string like that. It'll make you wide open for SQL injection attacks, so look into using oci_parse together with oci_bind_by_name.
After that you should also always call exit() after the sequence of redirects, as the script will continue running if you don't (and that might be a security issue other places).
I also got the same case, so I tricked it with a script like this, but I don't know whether there was an impact or not. because the session and validation went smoothly.
$username =$_POST['username'];
$password = $_POST['password'];
$conn = oci_connect('xxx', 'xxx', 'localhost/MYDB');
$pass_encription = md5($password);
$query = "SELECT * from *table_name* WHERE *field1*='".$username."' and *field2*='".$password."'";
$result = oci_parse($conn, $query);
oci_execute($result);
$exe = oci_fetch($result);
if ($exe > 0)
{
oci_close($conn);
oci_execute($result);
$row =oci_fetch_array($result);
$sid = $row['field_1_parameter'];
$snama = $row['field_2_parameter'];
$sjab = $row['field_3_parameter'];
$session = array (
'field_1_array' =>$sid,
'field_2_array' =>$snama,
'field_3_array' =>$sjab
);
if($sjab == 'Administrator')
{
$this->session->set_userdata($session);
redirect('redirecting_page');
}
`
The following code is part of my ajax notification system and for some reason, it is working only 50%. When I call the code, it runs and then echo's either success or remove but it doesn't seem to change the database values. Any reason? I have tried putting my column names in quotes but that echo's an error. Please help, thanks!
<?php
require_once('.conf.php');
$notid = mysql_real_escape_string($_GET['notification_id']);
$username = mysql_real_escape_string($_SESSION['uname']);
$action = mysql_real_escape_string($_GET['action']);
if ($action == 'add') {
$insert = mysql_query("UPDATE updates SET object_fav = '1' WHERE username = '$username' AND id = '$notid'") or die('Could not connect: ' . mysql_error());
echo 'success';
} elseif($action == 'sub') {
$remove = mysql_query("UPDATE updates SET object_fav = '0' WHERE username = '$username' AND id = '$notid'") or die('Could not connect: ' . mysql_error());
echo 'remove';
} else {
echo 'error';
}
?>
I know it is not the javascript, I have checked the network tab and it is sending the correct values.
If this is the start of the script, you have not called session_start(), and therefore $_SESSION['uname'] will contain an empty value. The query succeeds because it is syntactically correct, but doesn't match any rows and therefore performs no update.
session_start();
require_once('.conf.php');
$notid = mysql_real_escape_string($_GET['notification_id']);
$username = mysql_real_escape_string($_SESSION['uname']);
$action = mysql_real_escape_string($_GET['action']);
Echo $insert and $remove and find which values are missing.
can some one point out the problem with this code? It supposed to fetch data from mysql but it returns blank. Here is the full code.
<ul class="list">
<?php
require("object/db.class.php");
error_reporting(0);
function entry_tickets() {
if($_SESSION['dojopress_global:root'] == false) {
$entry_ticket .= <<<ENTRY_TICKET
<li><p><img src="http://cdn1.iconfinder.com/data/icons/humano2/32x32/apps/gnome-keyring-manager.png" />Access denied</p></li>
ENTRY_TICKET;
} elseif($_SESSION['dojopress_global:root'] == true) {
$q = "SELECT * FROM `notice` ORDER BY nid LIMIT 12 DESC";
$r = mysql_query($q);
if ( mysql_num_rows($r) == 0 ) {
$entry_ticket .= <<<ENTRY_TICKET
<li><p><img src="http://cdn1.iconfinder.com/data/icons/humano2/32x32/status/dialog-information.png" /> Nothing to display</p></li>
ENTRY_TICKET;
} elseif ( $r !== false && mysql_num_rows($r) > 0 ) {
while ( $a = mysql_fetch_array($r) ) {
$nid = stripslashes($a['nid']);
$note = stripslashes($a['note']);
$type = stripslashes($a['type']);
$private = stripslashes($a['private']);
$date = stripslashes($a['date']);
$author = stripslashes($a['author']);
function note_type($type) {
if($type == 1) { $type = "posted a comment!"; } elseif($type == 2) { $type = "raised a support ticket!"; } else { }
return ($type);
}
$entry_ticket .= <<<ENTRY_TICKET
<li><p> $athor, note_type($type)</p></li>
ENTRY_TICKET;
return $entry_ticket;
}
}
}
}
echo entry_tickets();
?>
</ul>
<div style="clear:both;height:10px;"></div>
sorry forgot db.class.php
<?php
session_start();
//connect.php
$host = "localhost";
$db_user = "root";
$db_pass = "";
$db_name = "au";
$connectClass = mysql_connect("$host", "$db_user", "$db_pass") or die ("Couldn't establish connection to database server.");
$dbObject = mysql_select_db("$db_name", $connectClass) or die ("Couldn't select database.");
?>
error reporting disabled error code
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in D:\wamp\www\ageis\note.php on line 22
Your mysql syntax looks bad. You have:
SELECT * FROM `notice` ORDER BY nid LIMIT 12 DESC
try
SELECT * FROM `notice` ORDER BY nid DESC LIMIT 12
Erik's comments should have pointed you in the right direction, however:
Figure out where PHP logs errors. Either turn up php's error reporting level so you see more errors, or start tailing your apache error_log
You should always check for errors after running mysql_query and do some sort of logging on failure. This is probably best accomplished by writing a wrapper function for mysql_query that does this, or using a 3rd party db wrapper that has already solved this problem.
You're redefining function note_type every time through your while loop. You have a return call outside the function, below it. Really I can't see how this is even syntactically correct. It looks like you have a large problem with mismatched brackets.
As for an actual database issue, you should check mysql_error() if no rows return from the call because it's likely something went wrong.
Also I recommend using PDO which is a true database class instead of the native function based ones.
I dont know if this is the right place to ask this question. But as time is limited and here I have always got the right answers I am asking it away.
I want to setup a login page on a local server so as to communicate with it via android. As time permits, I googled and found out the necessary php script and mySQL code needed for the same. I don't know where to add these code in the local server and connect them. :( (This is mainly for testing purpose as we would develop a website in Django latter on.) Any help would be much appreciated..
<?php
unset($_GET);
if( isset($_POST['username']) && isset($_POST['password']) ) {
echo '<?xml version="1.0"?>'."\n";
echo "<login>\n";
if (!#mysql_connect('host', 'user', 'pass')) { error(1); }
if (!mysql_select_db('database')) { error(2); }
if(get_magic_quotes_gpc()) {
$login = stripslashes($_POST['username']);
$pass = stripslashes($_POST['password']);
} else {
$login = $_POST['username'];
$pass = $_POST['password'];
}
unset($_POST);
$kid = login($login, $pass);
if($kid == -1) {
error(3);
} else {
printf(' <user id="%d"/>'."\n",$kid);
}
echo "</login>";
}
function error($ec) {
printf(' <error value="%d"/>'."\n".'</login>',$ec);
die();
}
function login($login, $pass) {
$select = "SELECT user_id FROM auth_table ";
$where = "WHERE username = '%s' AND password = '%s'";
$fixedlogin = mysql_real_escape_string($login);
$fixedpass = mysql_real_escape_string($pass);
$query = sprintf($select.$where, $fixedlogin, $fixedpass);
$result = mysql_query($query);
if(mysql_num_rows($result) != 1) { return -1; }
$row = mysql_fetch_row($result);
return $row[0];
}
?>
The Webroot (the base folder which is accessed by Apache to serve the website) should be something like /var/www.
The MySQL code needs to be loaded into the MySQL Database to be accessed. You can do that using the MySQL Command Line, or through a package like phpMyAdmin.
This is pretty basic stuff, and should be Google-able with next to no hassle.
I have a signup page on my website where a user must provide a email address and password only.
I want to be able to create a username for this user automatically by using the first part of the email provided;
User supplies gordon#yourdomain.com, i want to make username 'gordon'
I don't need explanation on how to create form or submission of data to database, just the code to extract data from email provided, and if necessary, if duplicate occurs add number to end.
Hope this makes sense, seems like a basic function but couldn't find examples of it anywhere on net!
This is not a good idea, just use their full email address. The following email addresses could be different people, but they will become the same under your system.
samename#gmail.com
samename#yahoo.com
Adding a number to the end will make the user remember something unique to your system and cause much confusion on their end.
Agreed, you're stripping a necessarily unique ID into a non-unique ID. Unless you want to add some sort of handling to add a number to the username or something. If that's what you really want to do, this should set $username to the stuff before the email address:
<?php
$username = preg_replace('/([^#]*).*/', '$1', $email);
?>
Something like:
$username = left($email, stripos($email, '#'));
should do. You may want to learn regular expressions for these kinds of task.
Then you add the counter:
function countOccurrences($name)
{
$con = mysql_connect(___, ___, ___);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db(___, $con);
$result = mysql_query("
SELECT COUNT(*) AS countOccurrences
FROM users
WHERE username LIKE '" . mysql_real_escape_string($name, $con) . "%'
");
$row = mysql_fetch_array($result);
$number = $row['countOccurrences'];
mysql_close($con);
return $number;
}
and then:
$countUsers = countOccurrences($username);
if ($countUsers>0)
{
$username = $username . $countUsers;
}
IMPORTANT: Consider using the whole email as username: you don't want gordon#flash.net to be considered equal to gordon#clash.com
NOTE: example code counts gordon, gordon1, gordon2 but gordonbah, gordonq, gordonxxx too
NOTE: this is pretty rough, and should not be considered best PHP practice; it's just to give the general idea
$username = gordon#example.com;
$username_arr = explode('#',$username);
$username = $username_arr[0];
if( !is_taken( $username ) )
{
//The name is not taken.
}
else
{
//The name is taken, add numbers and do the search again.
}
function is_taken( $username )
{
$db_link = mysql_connect($host,$user,$pass) or die('Could not connect to database');
$username = mysql_real_escape_string( $username );
$sql = "SELECT * FROM `database`.`users` WHERE `username` = '$username'";
$res = mysql_query( $sql , $db_link );
return mysql_num_rows( $res ) == 1;
}
<?php
preg_match('/[^#]+)#/',$email,$matches);
$username = $matches[1];
check_availability($username);
?>
Should suit your needs :D
$username = substr($username, 0, strpos($username, '#'));
$username = mysql_real_escape_string($username);
$result = mysql_query('SELECT `username` FROM `users` WHERE `username` = \'' . $username . '%\';');
if (mysql_num_rows($result) > 0) {
$i = 0;
while ($name_arr = mysql_fetch_assoc($result)) {
$name = $name_arr['username'];
$after = substr($name, strlen($username));
if (ctype_digit($after)) {
if (($after = (int) $after) > $i) {
$i = $after;
}
}
}
if ($i > 0) {
$username .= $i;
}
}
As of PHP 5.3.0 you can also use:
$email = 'test#stackoverflow.com';
$user = strstr($email, '#', true);
This will return all the string from the beginning to the first occurrence of '#'. Which in this case is:
test
I use something like this,
$cust_email = "test#gmail.com";
$parts = explode("#", $cust_email);
$cust_name = $parts[0];
I use to set default User Name if user do not set his / her name in the profile.
You can use strstr function to find specific word from string
<?php
$username = strstr("username#domain.com",'#',true); //get text before #
/*
echo strstr("username#domain.com","#"); // get text after #
*/
check_availability($username);
?>