I've been trying to add an email confirmation system to my website when people sign up and create an account but it will not add the key and the user id in the database. The other problem I'm running across is I'm trying to send a confirmation email but the email does not send. It echo's "message sent successfully" but when I check the email I put in, it is not received. Thanks in advance for your help! And yes, I am aware that mysql is prone to sql injection, but I would like to figure this out with mysql.
Here is my code:
EDIT: I replaced $insert_confirm with $hin and I renamed the table confirm to email_confirmation to maybe get rid of reserved words but I'm still getting an error
<?php
require_once '../scripts2/app_config.php';
require_once '../scripts2/database_connection.php';
$upload_dir = HOST_WWW_ROOT . "/uploads/profile_pics/";
$image_fieldname = "user_pic";
$first_name = trim($_REQUEST['first_name']);
$last_name = trim($_REQUEST['last_name']);
$name = $first_name . " " . $last_name;
$username = trim($_REQUEST['username']);
$password = trim($_REQUEST['password']);
$email = trim($_REQUEST['email']);
$bio = trim($_REQUEST['bio']);
if(isset($_POST['submit1'])) {
if($_POST['picture'] == 'picture1') {
$radio_value = "/home/users/web/b2620/ipg.knecktcom/testphp/uploads/profile_pics/1387503042-autopicture2.png";
} else if($_POST['picture'] == 'picture2') {
$radio_value = "/home/users/web/b2620/ipg.knecktcom/testphp/uploads/profile_pics/1387547040-auto_pic_grey2.png";
} else if($_POST['picture'] == 'picture3') {
$radio_value = "/home/users/web/b2620/ipg.knecktcom/testphp/uploads/profile_pics/1387503042-autopicture2.png";
} else {
$radio_value = "/home/users/web/b2620/ipg.knecktcom/testphp/uploads/profile_pics/1387503042-autopicture2.png";
}
}
$bgcolor = "#FF0000";
$check_email = "SELECT `email`" .
" FROM users" .
" WHERE `email` = '$email'";
$query_email = mysql_query($check_email);
$check_username = "SELECT `username`" .
" FROM users" .
" WHERE `username` = '$username'";
$query_username = mysql_query($check_username);
if(mysql_num_rows($query_email)>0 || mysql_num_rows($query_username)>0 ) {
if(mysql_num_rows($query_email)>0) {
$email_msg = "This email is already taken: {$email}";
header("Location:signup2.php?error_message={$email_msg}");
} else if(mysql_num_rows($query_username)>0) {
$username_msg = "This username is already taken: {$username}";
header("Location:signup2.php?error_message={$username_msg}");
} else {
$msg = "This email and username is already taken: {$email} , {$username}";
header("Location:signup2.php?error_message={$msg}");
}
} else {
$insert_sql = sprintf("INSERT INTO users " .
"(first_name, last_name, name, username, " .
"password, email, " .
"bio, " .
"user_pic_path, bgcolor) " .
"VALUES ('%s', '%s', '%s', '%s', '%s', '%s',
'%s', '%s', '%s');",
mysql_real_escape_string($first_name),
mysql_real_escape_string($last_name),
mysql_real_escape_string($name),
mysql_real_escape_string($username),
mysql_real_escape_string(crypt($password, $username)),
mysql_real_escape_string($email),
mysql_real_escape_string($bio),
mysql_real_escape_string($radio_value),
mysql_real_escape_string($bgcolor));
//insert the user into the database
$insert_user = mysql_query($insert_sql);
$private_user_id = mysql_insert_id();
function generateRandomString($length = 20) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, strlen($characters) - 1)];
}
return $randomString;
}
$private_user_key = generateRandomString();
$hin = sprintf("INSERT INTO email_confirmation " .
"(user_id, key) " .
"VALUES (%d, '%s');",
mysql_real_escape_string($private_user_id),
mysql_real_escape_string($private_user_key));
//insert the user into the database
mysql_query($hin);
echo mysql_error();
$name = mysql_real_escape_string($_POST['name']);
$create_user_table = mysql_query("CREATE TABLE `".$email."` ( friend_id INT, friend_status INT)");
if($insert_user && $create_user_table) {
// Email the new user the confirmation key
$to = $email;
$subject = 'Welcome!';
$message = "
<html>
<head>
<title>Welcome!</title>
</head>
<body>
<p>Please click the following link to confirm your email:</p>
<p>Confirm Email</p>
</body>
</html>
";
// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Additional headers
$headers .= 'From: Admin <email#email.com>' . "\r\n";
// Mail it
$retval = mail($to, $subject, $message, $headers);
if( $retval == true )
{
echo "Message sent successfully...";
echo "\n" . $to . "\n" . $message . "\n" . "\n" . $subject;
}
else
{
echo "Message could not be sent...";
}
}
//Redirect this user to the page that displays user information
// $msg = "Please check your email to confirm your email address";
// header("Location: newuser_signinA.php?error_message={$msg}");
// exit();
}
?>
Related
Below code should send email to learners but the code is giving me error:
"Fatal error: Call to undefined method mysqli_result::fetch() in /home/train4/public_html/hocotest/cron-email-expire-1.php on line 46"
I replaced fetch(PDO::FETCH_OBJ) with fetch_object() then the file runs fine no error but the learners are not getting emails.
there is 2 parts of this email,
1. it will send email to learners
2. Send email to admin that to whom the system have system have sent the email.
the second part run fine, admin get the email but there is no info to whom the system have sent emails to, as part 1 is not working.
I tried running the script without array, so the system send 1 email for each course, if the learners are enrolled in 7 courses and not completed 5 courses then they will get 5 emails.. it work fine. but i want to send only one email with all not completed course details.
<?php
include 'db.php';
function check_emailaddress($email) {
// First, we check that there is one # symbol, and that the lengths are right
if (!ereg("^[^#]{1,64}#[^#]{1,255}$", $email))
{
// Email invalid because wrong number of characters in one section, or wrong number of # symbols.
return false;
}
// Split it into sections to make life easier
$email_array = explode("#", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++)
{
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i]))
{
return false;
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) // Check if domain is IP. If not, it should be valid domain name
{
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2)
{
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++)
{
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i]))
{
return false;
}
}
}
return true;
}
$extraParam = "";
if (isset($_GET["ex"]) ) {
$extraParam = $_GET["ex"]."---";
}
//get system sender email address from settings table
$srs = $db->query("SELECT adminemail, systememail FROM tbl07systemsettings");
$srow = $srs->fetch(PDO::FETCH_OBJ);
$from = $srow->systememail; //"From: info#visiondesigngroup.ca\r\n";
$email_from = "From: $from\r\n";
$admin_email = "toralhc6#gmail.com";
$email_to = "" ;//"respite#safeguards-training.net";
$tempsql = "SELECT a06subject, a06templatebody, usetemplate FROM tbl06emailtemplates WHERE a06name = 'autoreminder'";
$rs = $db->query($tempsql);
$rowemail = $rs->fetch(PDO::FETCH_OBJ);
$usetemplate = $rowemail->usetemplate;
if ($usetemplate == 0) exit; // not send email if course reminder email template was set not to send email *************
$email_subject = $rowemail->a06subject;
//$from = "From: info#visiondesigngroup.ca\r\n";
$eb = $rowemail->a06templatebody;
$strSQL_expire = "SELECT * FROM tbl01user, tbl04usercourses, tbl03courses
WHERE a01User=a04UserId AND a03CourseId=a04CourseId
AND DATEDIFF(CURDATE(),a04StartDate) > 0 AND a04Completion=0
AND a01UserRoll=0 AND a01Status=1 AND a04Status=1";
$query = $db->query($strSQL_expire) or die ("Error querying database.<br>$strSQL_expire");
$nofinish = array();
$course = "";
$pre_email = "";
$pre_fn = "";
$n = 0;
while($email_row=$query->fetch(PDO::FETCH_OBJ)){
$fn = $email_row->a01FirstName;
$email = $email_row->a01Email;
$password = $email_row->a002password;
if ($pre_email == $email){
$course .= "web url" . $email_row->a03CourseName . "</a><br>";
$pre_email = $email;
$pre_fn = $fn;
$pre_password = $password;
}else{
$nofinish[] = array('firstname'=>$pre_fn, 'email'=>$pre_email, 'courses'=>$course, 'password'=>$pre_password);
$course = "web url" . $email_row->a03CourseName . "</a><br>";
$pre_email = $email;
$pre_fn = $fn;
$pre_password = $password;
}
}
$nofinish[] = array('firstname'=>$pre_fn, 'email'=>$pre_email, 'courses'=>$course, 'password'=>$pre_password);
array_shift($nofinish);
set_time_limit(600);
$eb1 = nl2br($eb);
$i = 0;
foreach($nofinish as $no){
$email_from = $from;
$email_address = $no['email'];
// $email_address = "lyan3000#gmail.com";
// if ($i++ >= 4) exit;
// need to comment the above two lines before go live***********************************************
$email_subject = "Course Completion Reminder";
$top = "<div style='font-family:Arial'>";
$top .= "<div style='background-color:#045FB4; color:white;width:100%;padding:10px 10px;'><h1>Service Centre</h1></div>";
$variable = array(
'{$firstname}' => $no['firstname'],
'{$course}' => $no['courses'],
'{$password}'=> $no['password'],
'{$email}'=> $no['email']
);
$email_body = strtr($eb1, $variable);
$bottom = "<p><img src='cid:logoimg'></p>";
$bottom .="<div style='background-color:#045FB4; height:25px;width:100%'> </div></div>";
$email_message = $top . $email_body . $bottom;
/*
echo $email_from . "<br>";
echo $email_address . "<br>";
echo $email_subject . "<br>";
echo $email_message;
echo "<hr>";
*/
if (mail($email_address, $email_subject, $email_message, $email_from))
{
//echo "Reminder email sent to: " . $no['firstname'] . "<br>";
echo "Yes. <br>";
}else{
//echo "Sorry, There is a mail server error. Please try it again later " . $no['firstname'] . "<br>";
echo "No. <br>";
}
}
$file_name = "record_for_cron_expire_email.txt";
$tz = 'EST';
$timestamp = time();
$dt = new DateTime("now", new DateTimeZone($tz)); //first argument "must" be a string
$dt->setTimestamp($timestamp); //adjust the object to correct timestamp
$date = $dt->format('Y-m-d h:i:s A');
$text = "This script runs on $date " . PHP_EOL;
file_put_contents ( $file_name , $text, FILE_APPEND);
//send summurized email to admin
$sql = "SELECT a06subject, a06templatebody FROM tbl06emailtemplates WHERE a06name = 'remindertoadmin'";
$rs = $db->query($sql);
$row = $rs->fetch_object();
$email_subject = $row->a06subject;
//$from = "From: $email_from\r\n";
$date = date('Y-m-d');
$eb = $row->a06templatebody;
$variable = array(
'{$learnerCourse}' => $learnercourse,
'{$date}' => $date
);
$email_body = strtr($eb, $variable);
mail($admin_email, $email_subject, $email_body, $email_from);
//SET inactive all expired courses
$expiredRightNow = date("Y-m-d");
$strSQL_setExpire = "UPDATE tbl04usercourses
SET a04Status = 0
WHERE a04ExpirationDate <= '$expiredRightNow'
AND a04Completion = 0";
$query = $db->query($strSQL_setExpire) or die ("Error querying database.<br>$strSQL_setExpire");
?>
mysqli_result::fetch_all() requires MySQL Native Driver (mysqlnd).
chances are you might be missing it.
have a look at this posts, that might help you.
mysqli fetch_all() not a valid function?
below is the minimal code I can think of:
$strSQL_expire = "SELECT * FROM tbl01user, tbl04usercourses, tbl03courses
WHERE a01User=a04UserId AND a03CourseId=a04CourseId
AND DATEDIFF(CURDATE(),a04StartDate) > 0 AND a04Completion=0
AND a01UserRoll=0 AND a01Status=1 AND a04Status=1";
$query = $db->query($strSQL_expire) or die ("Error querying database.<br>$strSQL_expire");
$nofinish = array();
$course = "";
$pre_email = "";
$pre_fn = "";
$n = 0;
while($email_row=$query->fetch(PDO::FETCH_OBJ)){
$fn = $email_row->a01FirstName;
$email = $email_row->a01Email;
$password = $email_row->a002password;
if ($pre_email == $email){
$course .= "web url" . $email_row->a03CourseName . "</a><br>";
$pre_email = $email;
$pre_fn = $fn;
$pre_password = $password;
}else{
$nofinish[] = array('firstname'=>$pre_fn, 'email'=>$pre_email, 'courses'=>$course, 'password'=>$pre_password);
$course = "web url" . $email_row->a03CourseName . "</a><br>";
$pre_email = $email;
$pre_fn = $fn;
$pre_password = $password;
}
}
$nofinish[] = array('firstname'=>$pre_fn, 'email'=>$pre_email, 'courses'=>$course, 'password'=>$pre_password);
array_shift($nofinish);
set_time_limit(600);
$eb1 = nl2br($eb);
$i = 0;
foreach($nofinish as $no){
$email_from = $from;
$email_address = $no['email'];
$email_subject = "Course Completion Reminder";
$top = "<div style='font-family:Arial'>";
$top .= "<div style='background-color:#045FB4; color:white;width:100%;padding:10px 10px;'><h1>Service Centre</h1></div>";
$variable = array(
'{$firstname}' => $no['firstname'],
'{$course}' => $no['courses'],
'{$password}'=> $no['password'],
'{$email}'=> $no['email']
);
$email_body = strtr($eb1, $variable);
$bottom = "<p><img src='cid:logoimg'></p>";
$bottom .="<div style='background-color:#045FB4; height:25px;width:100%'> </div></div>";
$email_message = $top . $email_body . $bottom;
if (mail($email_address, $email_subject, $email_message, $email_from))
{
echo "Yes. <br>";
}else{
echo "No. <br>";
}
}
I have the following code and for my last variable called $duration, it should say 1 week but I think it is only showing 1. Should the following code work? I am trying to send the following link to an activation page but on the activation page, instead of showing 1 week for the variable $duration, it is only showing as 1. I don't think this is correct I thought that it should have worked..
<?php
include_once __DIR__.'/header2.php';
if(!isset($_SESSION['u_uid'])) {
echo "<meta http-equiv='refresh' content='0;url=index.php?level1promo_competitions_winner=notlogin'>";
exit();
} else {
if($_SESSION['u_permission'] == 0) {
echo "<meta http-equiv='refresh' content='0;url=header2.php?level1promo_competitions_winner=nopermission'>";
exit();
} else {
if(!isset($_POST['submit'])) {
echo "<meta http-equiv='refresh' content='0;url=header2.php?level1promo_competitions_winner=error'>";
exit();
} else {
include_once __DIR__.'/includes/dbh.php';
$levelpromo_competitions_winner_form = strip_tags($_POST['levelpromo_competitions_winner_form']);
if ($levelpromo_competitions_winner_form == $levelpromo_competitions_winner_form) {
$limit = 1;
$sql = "SELECT * FROM level1promo_participants WHERE entry_id = ? ORDER BY RAND() LIMIT ?;";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error";
} else {
mysqli_stmt_bind_param($stmt, "si", $levelpromo_competitions_winner_form, $limit);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$resultCheck = mysqli_num_rows($result);
if($resultCheck < 1) {
echo '<div class="nolevel1promo_competitions_winner">There are no Level 1 Promo Competition\'s Winner yet for that entry id</div>';
exit();
} else {
$row = mysqli_fetch_assoc($result);
$useruid = $row['user_uid'];
$email = $row['user_email'];
$duration = $row['duration'];
$sql2 = "INSERT INTO level1promo_winner (entry_id, duration, user_uid, user_email) VALUES (?,?,?,?);";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql2)) {
echo "SQL statement failed";
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "ssss", $levelpromo_competitions_winner_form, $duration, $useruid, $email);
mysqli_stmt_execute($stmt);
$subscriptionplan = 'Level 1';
$level1promocode = 'qqewreqreqwsdfdfdafcbvcQERFGHFGHGFHRETERTDF!##$%^^()';
$level1promocode = str_shuffle($level1promocode);
$level1promocode = substr($level1promocode, 0, 10);
$sql3 = "UPDATE memberships
SET subscriptionplan = ?, token = ?
WHERE user_uid = ? AND user_email = ? AND subscriptionplan IS NULL
;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql3)) {
echo "SQL statement failed";
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "ssss", $subscriptionplan, $level1promocode, $_SESSION['u_uid'], $_SESSION['u_email']);
mysqli_stmt_execute($stmt);
$stmt = mysqli_stmt_init($conn);
$sql4 = "SELECT * FROM level1promo_winner WHERE entry_id = ?;";
if (!mysqli_stmt_prepare($stmt, $sql4)) {
echo "SQL statement failed";
} else {
//Bind parameters to the placeholder
mysqli_stmt_bind_param($stmt, "s", $levelpromo_competitions_winner_form);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
$to = $_SESSION['u_email'];
//sender
$from = 'pianocourse101#hotmail.com';
$fromName = 'PianoCourse101';
//email subject
$subject = 'Congratulation Level 1 Promo Winner!';
//attachment file path
$file = "codexworld.pdf";
//email body content
$htmlContent = "<h1>Congratulation Level 1 Promo Winner!</h1>
<p>Dear ".$_SESSION['u_first']." ".$_SESSION['u_last'].", <br />Thank you for applying for the Level 1 Promo Competition with the following entry_id: ".$row['entry_id']." with PianoCourse101! You are receiving this e-mail because you or someone else claiming to be you has applied for the Level 1 Promo Competition. \n\n You must activate your Level 1 Promo Code by clicking on the link below: \n\n Click here to activate your Level 1 Promo Code.\n\nAlternatively, you can use the following token to manually activate your Level 3 Yearly Membership Plan by clicking on the 'Activate Membership\s Section:' \n\nToken:.$level1promocode;
</p>";
//header for sender info
$headers = "From: $fromName"." <".$from.">";
//boundary
$semi_rand = md5(time());
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
//headers for attachment
$headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\"";
//multipart boundary
$message = "--{$mime_boundary}\n" . "Content-Type: text/html; charset=\"UTF-8\"\n" .
"Content-Transfer-Encoding: 7bit\n\n" . $htmlContent . "\n\n";
//preparing attachment
if(!empty($file) > 0){
if(is_file($file)){
$message .= "--{$mime_boundary}\n";
$fp = #fopen($file,"rb");
$data = #fread($fp,filesize($file));
#fclose($fp);
$data = chunk_split(base64_encode($data));
$message .= "Content-Type: application/octet-stream; name=\"".basename($file)."\"\n" .
"Content-Description: ".basename($file)."\n" .
"Content-Disposition: attachment;\n" . " filename=\"".basename($file)."\"; size=".filesize($file).";\n" .
"Content-Transfer-Encoding: base64\n\n" . $data . "\n\n";
}
}
$message .= "--{$mime_boundary}--";
$returnpath = "-f" . $from;
//send email
$mail = mail($to, $subject, $message, $headers, $returnpath);
//email sending status
echo $mail?"<h1>Mail sent.</h1>":"<h1>Mail sending failed.</h1>";
echo $duration;
When I echo $duration but in my mail function, it is only showing up as 1..
I added a cart function to this website, before It would only send one email after purchase because there was only one item at a time being purchased, now that I have added the cart function it needs to send one email instead of multiple emails.
This is the code I am using for processing the items purchased.
EDIT: Updated code
$item = array();
$size = array();
$color = array();
$price = array();
$querys = "SELECT * FROM ".$_SESSION["username"];
$ress = mysqli_query($connection, $querys);
if(mysqli_num_rows($ress) > 0){
while($rows = $ress->fetch_assoc()){
$bid = $rows["itemid"];
$description = $_POST["description"];
$bitem = $rows["itemname"];
$bsize = $rows["size"];
$bcolor = $rows["color"];
$bprice = $rows["price"];
$bcategory = $rows["category"];
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$company = $_POST["company"];
$address = $_POST["address"];
$suite = $_POST["suite"];
$city = $_POST["city"];
$state = $_POST["state"];
$zip = $_POST["zip"];
$country = $_POST["country"];
$saddress = $_POST["saddress"];
$ssuite = $_POST["ssuite"];
$scity = $_POST["scity"];
$sstate = $_POST["state"];
$szip = $_POST["szip"];
$scountry = $_POST["scountry"];
$phone = $_POST["phone"];
$fax = $_POST["fax"];
$email = $_POST["email"];
$website = $_POST["website"];
$creditcard = $_POST["creditcard"];
$exdate = $_POST["experationdate"];
$cvv = $_POST["cvv"];
$create_date = date( 'Y-m-d H:i:s' );
$str_bitem = str_replace("'", "''", $bitem);
array_push($item, $bitem);
array_push($size, $bsize);
array_push($color, $bcolor);
array_push($price, $bprice);
$gw = new gwapi();
$gw->setLogin("demo", "password");
$gw->setBilling($firstname, $lastname, $company, $address, $suite, $city, $state, $zip, $country, $phone, $fax, $email, $website);
$gw->setShipping($firstname, $lastname, $company, $saddress, $ssuite, $scity, $sstate, $szip, $scountry, $email);
$gw->setOrder($bid, $description, 0, 0, 0, $_SERVER["REMOTE_ADDR"]);
$gw->doSale($bprice, $creditcard, $exdate, $cvv);
if($gw->responses['response'] == 1){
$firstname = $_SESSION["firstname"];
$lastname = $_SESSION["lastname"];
$query = "INSERT INTO orders (item_name, item_id, item_size, item_color, payer_email, first_name, last_name, address_name, address_city, address_state, address_zip, amount, country, create_date, shipped)
VALUES ('$str_bitem', '$bid', '$bsize', '$bcolor', '$email', '$firstname', '$lastname', '$saddress', '$scity', '$sstate', '$szip', '$bprice', '$scountry', '$create_date', 0)";
if(mysqli_query($db, $query)){
if($bsize=="N/A" && $bcolor=="N/A"){
define('DB_SERVER1', 'localhost');
define('DB_USERNAME1', 'grampmkn_gramsandpops');
define('DB_PASSWORD1', 'Grams123');
define('DB_DATABASE1', 'grampmkn_shop');
$db1 = mysqli_connect(DB_SERVER1,DB_USERNAME1,DB_PASSWORD1,DB_DATABASE1);
$sqlquery = "UPDATE `".$bcategory."` SET sold='1' WHERE id='$bid'";
if(mysqli_query($db1, $sqlquery)){
echo "Worked!";
}else{
echo "Error! : ";
echo mysqli_error($db1);
}
}else{
echo $bsize;
echo ":::::::";
echo $bcolor;
$conn = mysqli_connect('localhost', 'grampmkn_gramsandpops', 'Grams123', 'grampmkn_shop_quantity');
$query = "SELECT quantity FROM `".$bitem."` WHERE size='$bsize' AND color='$bcolor'";
$result = $conn->query ($query) or die($conn->error);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()){
$q = --$row["quantity"];
$query = "UPDATE `$bitem` SET quantity='$q' WHERE size='$bsize' AND color='$bcolor'";
if(mysqli_query($conn, $query)){
}else{
echo "TESTHING1";
echo mysqli_error($conn);
}
}
}else{
$query = "SELECT quantity FROM `".$bitem."` WHERE size='$bsize'";
$result = $conn->query ($query) or die($db->error);
while($row = $result->fetch_assoc()){
$q = --$row["quantity"];
$query = "UPDATE `$bitem` SET quantity='$q' WHERE size='$bsize'";
if(mysqli_query($conn, $query)){
}else{
echo "TESTING";
echo mysqli_error($conn);
}
}
}
}
}else{
echo mysqli_error($db);
echo " ::::: ";
echo mysqli_error($connection);
}
$masked = str_pad(substr($creditcard, -4), strlen($creditcard), '*', STR_PAD_LEFT);
$transid = $gw->responses['transactionid'];
$username = $_SESSION["username"];
$query = "DELETE FROM $username WHERE itemid='$bid'";
if(mysqli_query($connection, $query)){
echo "Worked";
}else{
echo "Error! ";
echo mysqli_error($connection);
}
$query = "show tables;";
$tres = $connection->query($query) or die($connection->error);
if($tres->num_rows > 0){
while($trow = $tres->fetch_assoc()){
$table = $trow["Tables_in_grampmkn_cart"];
$sql = "DELETE FROM `".$table."` WHERE category='$table' AND itemid='$bid'";
if(mysqli_query($connection, $sql)){
echo "Deleted items from others carts!";
}else{
echo "There were no similar items in others carts!";
echo $table." : ";
echo $tcategory." : ";
echo mysqli_error($connection);
}
}
}
}else{
?>
<div class="alert alert-warning">
<strong>Error!</strong> Your card was declined!
</div>
<?php
}
}
$itemlist = implode(', ', $item);
$sizelist = implode(', ', $size);
$colorlist = implode(', ', $color);
$pricelist = implode(', ', $price);
if(!empty($bcolor)){
$to = $email;
$subject = "Purchase Confirmation";
$txt = "Thank you for your purchase of <br> ".$sizelist." ".$itemlist." - ".$colorlist."<br>Price: ".$pricelist."<br>Transaction ID: ".$transid."<br>CC: ".$masked."<br> <img src='https://gramsandpops.com/images/Logo.png'>";
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$headers .= 'From: info#gramsandpops.com' . "\r\n" .
'Reply-To: info#gramsandpops.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
if(mail($to,$subject,$txt,$headers)){
}
}else{
$to = $email;
$subject = "Purchase Confirmation";
$txt = "Thank you for your purchase of <br> ".$sizelist." ".$itemlist."<br>Price: ".$pricelist."<br>Transaction ID: ".$transid."<br>CC: ".$masked."<br> <img src='https://gramsandpops.com/images/Logo.png'>";
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$headers .= 'From: info#gramsandpops.com' . "\r\n" .
'Reply-To: info#gramsandpops.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
if(mail($to,$subject,$txt,$headers)){
}
}
$to = "gramsandpopsblueridge#gmail.com";
$subject = "Purchase Order";
$txt = "Item: ".$itemlist."\n Size: ".$sizelist."\n Color: ".$colorlist."\n Price: ".$pricelist."\n Address: ".$saddress.
" ".$scity.", ".$sstate." ".$szip."\n Name: ".$firstname." ".$lastname."\n CC: ".$masked;
$headers = "From: admin#gramsandpops.com" . "\r\n" .
"CC: admin#gramsandpops.com";
if(mail($to,$subject,$txt,$headers)){
}
?>
<div class="alert alert-success">
<strong>Success!</strong> Your transaction was successfully processed! An email confirmation will be sent shortly.
</div>
<?php
}else{
echo mysqli_error($connection);
}
i have wrote a php script to send an emails.In this script it checks whether current date is equal with the emailfly_date and email is = o.if that satisfies email will sent to the user.this script is working for one user at a one time.that if database has five records that that matches current criteria it sends the email only to the last id.what is the reason for this?
id
250
251
252
253
it will send the email only to the ID 253.but not to the others.
Here is mycode
<?php
include_once 'dbconnect.php';
$query = "SELECT ID,email, emailfly_date, CURRENT_DATE AS nowtime FROM xxx WHERE reqnum = '' AND email_sent = '0'";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array($result)) {
$regid = $row['ID'];
$activemail= $row['nowtime'];
/*echo $regid . '<br />';
echo $activemail. '<br />';*/
}
$query = mysql_query("SELECT ID, email, reqnum, emailfly_date, email_sent FROM xxx WHERE ID = '$regid' AND emailfly_date = '$activemail'");
$rowdata = mysql_fetch_array($query);
$ID = $rowdata['ID'];
$email = $rowdata['email'];
$reqnum = $rowdata['reqnum'];
$emailfly_date = $rowdata['emailfly_date'];
$email_sent = $rowdata['email_sent'];
if ($reqnum != '') {
/* echo "not sucess";*/
} elseif ($email_sent == '1') {
/* echo "email already sent";*/
} elseif ($email_sent == '1' && $reqnum != '') {
/* echo "no way to send";*/
}
elseif($email_sent == '0' && $reqnum == '' ){
$ulink = "http://xxx.eewfewt.net/tttt/yyyy.php?ID=$regid";
$to = $email;
$subject = 'hoo'; // Give the email a subject
$message = '
Thanks for Using Trial Version!
If You Wish to Continue with the Monthly Paid Package.
------------------------
Click Below
Site Renewal link: ' . $ulink . '
'.$emailfly_date.'
------------------------ ';
$headers .= 'From:werwerwer.aaa.net' . "\r\n";
$headers .= 'Bcc:ewrwerer.aaa.net' . "\r\n";
mail($to, $subject, $message, $headers);
$upadtequery = mysql_query("UPDATE xxx SET email_sent ='1' WHERE ID = '$regid'");
echo "sucess";
}
else{
echo "bye";
}
?>
From $query = mysql_query(.....bla...bla... to last else{
echo "bye";
} Put all this inside your while loop.
Also if you fetch data from same table try to use single query.
mysql_() is depreciated now. So try to use mysqli_()
include_once 'dbconnect.php';
$query = "SELECT ID,email, emailfly_date, CURRENT_DATE AS nowtime FROM xxx WHERE id in ('250','251','252','253') AND email_sent = '0'";
$result = mysql_query($query) or die(mysql_error());
while($rowdata = mysql_fetch_array($result))
{
$ID = $rowdata['ID'];
$email = $rowdata['email'];
$reqnum = $rowdata['reqnum'];
$emailfly_date = $rowdata['emailfly_date'];
$email_sent = $rowdata['email_sent'];
$ulink = "http://xxx.eewfewt.net/tttt/yyyy.php?ID=$regid";
$to = $email;
$subject = 'hoo'; // Give the email a subject
$message = '
Thanks for Using Trial Version!
If You Wish to Continue with the Monthly Paid Package.
------------------------
Click Below
Site Renewal link: ' . $ulink . '
'.$emailfly_date.'
------------------------ ';
$headers .= 'From:werwerwer.aaa.net' . "\r\n";
$headers .= 'Bcc:ewrwerer.aaa.net' . "\r\n";
mail($to, $subject, $message, $headers);
$upadtequery = mysql_query("UPDATE xxx SET email_sent ='1' WHERE ID = '$ID'");
echo "sucess";
}
I have been designing a website and everything has been working perfectly, until I started adding in little extras so it would work EXACTLY how I wanted it to work.
This is the script for a website that uploads a title, description, name of a person, image, email address and password for the advert that they are putting online. However it no longer wants to correctly name the image and it sends out an email twice, once in the instance that there may be an image and it instantly does it in the instance where someone may not upload an image, but it is reading it as if it is doing both because there is an error with the file upload.
Btw this is the first PHP script I have ever created so it may seem mashy as I have been kind of mixing it up from different things that I have found online :)
p.s the page where the magic happens is www.afterswap.com/give.php
p.p.s I have a global config file that sets all of the DB connection info etc, hence it being non-existent here.
<?PHP
include("inc/header.php");
foreach ($_POST as $key => $val)
$_POST[$key] = mysqli_real_escape_string($con, $val);
$back = "<a href='give.php'>Click Here To Go Back And Try Again</a>";
if (isset($_POST['upload']) && $_FILES['userfile']['size'] > 0) {
$title = mysqli_real_escape_string($title123);
$title123 = mysqli_real_escape_string($_POST['title']);
$description = mysqli_real_escape_string($description123);
$description123 = mysqli_real_escape_string($_POST['description']);
$Sell_by = $_POST['Sell_by'];
$name = mysqli_real_escape_string($name123);
$name123 = mysqli_real_escape_string($_POST['name']);
$email = $_POST['email'];
$password = $_POST['password'];
$imagename = basename($_FILES['userfile']['name']);
$uploadedfile = $_FILES['userfile']['tmp_name'];
if (empty($imagename)) {
$error = 1;
echo "<h2 class='error'>The name of the image was not found.</h2>" . $back;
}
if ($error != 1 && $noimg != 1) {
$filename = stripslashes($_FILES['userfile']['name']);
$extension = substr(strrchr($filename, '.'), 1);
$extension = strtolower($extension);
}
if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) {
echo '<h2 class="error">Error. Images Must Be Jpg, Gif, or Png Format! Please Go Back And Try Another Image.</h2>' . $back . '';
$errors = 1;
} else {
$time = time();
$newimage = "/photos/" . $time . $imagename;
$result = move_uploaded_file($_FILES['userfile']['tmp_name'], $newimage);
if (empty($result)) {
$error = 1;
echo "<h2 class='error'>There was an error uploading your image.</h2><br/>" . $back . "";
}
$date = date("Y/m/d H:i:s");
$query = "INSERT INTO classifieds (adid, title, description, Sell_by, name, email, password, picture, date, views, authorized ) VALUES ('', '$title123', '$description123', '$Sell_by', '$name123', '$email', '$password', '$newimage', '$date', '0', '0')";
mysqli_query($query) or die(mysqli_error());
$pullback = "SELECT * FROM classifieds WHERE title = '$title123' AND email ='$email' limit 1";
$query2 = mysqli_query($pullback) or die(mysqli_error());
while ($row = mysqli_fetch_array($query2, MYSQL_ASSOC)) {
$newid = $row['adid'];
$pass = $row['pass'];
}
$url = "http://";
$url .= getenv("HTTP_HOST");
$Name = "AfterSwap";
$emailf = "noreply#afterswap.com";
$recipient = $email;
$mail_body = "Thank you for posting a new listing!<br /><br />You May Now Manage Your Ad by selecting one of the following options:<br /><br />Approve your listing: <a href='" . $url . "/approve.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Edit your listing: <a href='$url/edit.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Remove your listing: <a href='" . $url . "/remove.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br /><br />Regards,<br /><br />The AfterSwap Team";
$subject = "AfterSwap Ad Details";
$headers = "From: " . $Name . " <" . $emailf . ">\r\n";
$headers .= "Content-type: text/html\r\n";
mail($recipient, $subject, $mail_body, $headers);
echo "<div align='justify'><div class='success'>Your listing '" . $name123 . "' Has Been Submitted Successfully! <br/><br/>Please take note: Your listing will not show on the website until you verify it via the email sent to you. This email also allows you to edit and remove your listing as well.</div></div>";
}
} elseif (isset($_POST['upload'])) {
$title = mysqli_real_escape_string($title123);
$title123 = mysqli_real_escape_string($_POST['title']);
$description = mysqli_real_escape_string($description123);
$description123 = mysqli_real_escape_string($_POST['description']);
$Sell_by = $_POST['Sell_by'];
$name = mysqli_real_escape_string($name123);
$name123 = mysqli_real_escape_string($_POST['name']);
$email = $_POST['email'];
$password = $_POST['password'];
$date = date("Y/m/d H:i:s");
$query = "INSERT INTO classifieds (adid, title, description, cat, Sell_by, name, email, password, picture, date, views, authorized ) VALUES ('', '$title123', '$description123', '$category', '$Sell_by', '$name123', '$email', '$password', 'images/noimage.jpg', '$date', '0', '0')";
mysqli_query($query) or die(mysqli_error());
$pullback = "SELECT * FROM classifieds WHERE title = '$title123' AND email ='$email' limit 1";
$query2 = mysqli_query($pullback) or die(mysqli_error());
while ($row = mysqli_fetch_array($query2, MYSQL_ASSOC)) {
$newid = $row['adid'];
$pass = $row['pass'];
}
$url = "http://";
$url .= getenv("HTTP_HOST");
$Name = "AfterSwap";
$emailf = "noreply#afterswap.com";
$recipient = $email;
$mail_body = "Thank you for posting a new listing!<br /><br />You May Now Manage Your Ad by selecting one of the following options:<br /><br />Approve your listing: <a href='" . $url . "/approve.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Edit your listing: <a href='$url/edit.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Remove your listing: <a href='" . $url . "/remove.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br /><br />Regards,<br /><br />The AfterSwap Team";
$subject = "AfterSwap Ad Details";
$headers = "From: " . $Name . " <" . $emailf . ">\r\n";
$headers .= "Content-type: text/html\r\n";
mail($recipient, $subject, $mail_body, $headers);
echo "<div align='justify'><div class='success'>Thank you " . $name123 . ", your listing has been submitted successfully! <br/><br/>Please take note: Your isting will not show on the website until you verify it via the email sent to you. This email also allows you to edit and remove your listing as well.</div></div>";
} else {
?>
/* HTML Form here */
<?PHP } ?>
Try this
Change this line
} elseif (isset($_POST['upload'])) {
to
} elseif (isset ( $_POST ['upload'] ) && empty($_FILES)) {
The only thing I can think of would be a if, elseif, or else being passed twice because the condition is being met twice. You may want to revise the code with better indentation, and checking when the elseif, if, and else blocks are passed. Also, it would be a really good idea to take the advice from the two people that commented on your post, MYSQLI is a great way to go! One more thing: You should never pass $_POST unsanitized!! Here is a short easy sanitization script!
MYSQLI:
foreach($_POST as $key=>$val)
$_POST[$key] = mysqli_real_escape_string($con, $val);
MYSQL:
foreach($_POST as $key=>$val)
$_POST[$key] = mysql_real_escape_string($con, $val);