I have 2 tables :
newpw_ask
email
code
users
id
username
password
email
sid
newpw_code
I have this PHP code:
$code = $_POST['code2'];
$email = mysql_query("SELECT email FROM pw_ask WHERE code='$code'");
if ($pass == $pass2) {
if ($email) {
$pass3 = md5($pass);
mysql_query("UPDATE users SET password='$pass3' WHERE email='$email'");
mysql_query("UPDATE users SET newpw_code='' WHERE email='$email'");
mysql_query("DELETE FROM pw_ask WHERE code='$code'");
header("Location: index.php?ret=pw");
} else {
echo 'Wrong code';
}
}
Only this query got executed:
mysql_query("DELETE FROM pw_ask WHERE code='$code'");
Also when I enter the right code, it says “Wrong code”.
You need to select the email correctly :
$sql = mysql_query("SELECT email FROM pw_ask WHERE code='$code'");
$row = mysql_fetch_array($sql);
$email = $row['email'];
btw you can also update multiple fields in 1 query :
mysql_query("UPDATE users SET password='$pass3' , newpw_code='' where email='$email'");
Related
I want to select data from database and assign it into session. later i want to call it and used it..
$sql = "SELECT * FROM users WHERE email = '$email' AND password =
'$password'";
$query = mysqli_query($mysqli, $sql) or die ("Error: " .
mysqli_error($mysqli));
$row = mysqli_num_rows($query);
if($row == 0)
{
echo "Invalid Username/Password. Click here to <a href =
'login.html'>Login</a>";
}
else
{
$sql = "SELECT accname FROM account WHERE email = '$email'";
$result=mysqli_query($mysqli,$sql);
$row=mysqli_fetch_all($result,MYSQLI_BOTH);
$_SESSION['accname']= array_column($rows, 'accname');
$r = mysqli_fetch_assoc($query);
$_SESSION['fname'] = $r['fname'];
$_SESSION['lname'] = $r['lname'];
$_SESSION['email'] = $r['email'];
header("Location: dashboard.php");
}
If a user can have multiple accname values associated with their email address, then you can use array_column to extract all those values from your result data:
$sql = "SELECT accname FROM account WHERE email = '$email'";
$result=mysqli_query($mysqli,$sql);
$rows=mysqli_fetch_all($result,MYSQLI_BOTH);
$_SESSION['accname']= array_column($rows, 'accname');
If there can be only one accname, you can simply change the call to mysqli_fetch_all to mysqli_fetch_assoc:
$sql = "SELECT accname FROM account WHERE email = '$email'";
$result=mysqli_query($mysqli,$sql);
$row=mysqli_fetch_assoc($result);
$_SESSION['accname']= $row['accname'];
I got a problem for my profile page in my login system. When I want to update the user's username and email, I can only update one of the two. Look where I putted the points. If I use username it only updates the username and the same goes for the email.
Here is my code:
function updateProfile($db, $errors)
{
$id = $_SESSION['user']['id'];
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$field_check_query = "SELECT * FROM users WHERE username='$username' email='$email'";
$result = mysqli_query($db, $field_check_query);
$field = mysqli_fetch_assoc($result);
// Checks if username is already taken
if ($field) {
if ($field['username'] === $username) {
array_push($errors, "Gebruikersnaam is al reeds ingenomen");
}
// Checks if email is already taken
if ($field['email'] === $email) {
array_push($errors, "E-mailadres is al reeds ingenomen");
}
}
if (count($errors) == 0) {
if (isset($_POST['.......'])) {
$query = "UPDATE users SET username='$username' email='$email' WHERE id=$id";
mysqli_query($db, $query);
header('location: profile.php?profileeditedsuccesfully');
die($query);
}
}
}
Add AND to WHERE in Select:
$field_check_query = "SELECT * FROM users WHERE username='$username' AND email='$email'";
Add comma to separate the pairs in Update.
=$query = "UPDATE users SET username='$username', email='$email' WHERE id=$id";
I'm building a site which requires users to register and login. I have the majority working but the bit that isn't working 100% is the email activation.
When the user registers it sends an email with a link (http://example.com/activate?email=name#example.com&activationCode=e7870fadcf79c39584dca1fc33c47ef9)
If the user clicks on this link it goes to /activate checks to see if the email and code exist in the database and activates the account by changing the value 'active' from 0 to 1 if these do exist but, if the user just logs in it automatically activates the account which I don't want (sort of defeats the purpose of the activation email).
LOGIN
if (isset($_POST['submit'])) { // Create variables from submitted data
$uname = mysqli_real_escape_string($db_connect, $_POST['uname']);
$password = mysqli_real_escape_string($db_connect, $_POST['loginPassword']);
$passHash = md5($password); // Encrypt password
$query1 = mysqli_query($db_connect, "SELECT * FROM `users` WHERE `uname` = '".$uname."' AND `password` = '".$passHash."' AND `active` = '1' ") or die(mysqli_connect_error()); // Uname and password match and account is active
$result1 = (mysqli_num_rows($query1) > 0);
$query2 = mysqli_query($db_connect, "SELECT * FROM `users` WHERE `uname` = '".$uname."' AND `password` = '".$passHash."' AND `active` = '0' ") or die(mysqli_connect_error()); // Uname and password match and account is not active
$result2 = (mysqli_num_rows($query2) > 0);
if ($result1) { // If uname and password match and account is active
$_SESSION['uname'] = $_POST['uname'];
header("Location: /profile");
} else if ($result2) { // If uname and password match but account is not active
echo "<p>Your account has not been activated! Please check your email inbox.</p><br />";
back();
} else { // If uname and password do not match
echo "<p>The combination of username and password is incorrect!</p><br />";
back();
forgotPword();
register();
}
} else {
login();
forgotPword();
register();
}
ACTIVATE PAGE
if (isset($_GET['email'], $_GET['activationCode']) === true) { // If email and email code exist in URL
$email = trim($_GET['email']);
$activationCode = trim($_GET['activationCode']);
$query1 = mysqli_query($db_connect, "SELECT * FROM `users` WHERE `email` = '".$email."' ") or die(mysqli_connect_error());
$result1 = (mysqli_num_rows($query1) > 0);
$query2 = mysqli_query($db_connect, "SELECT * FROM `users` WHERE `activationCode` = '".$activationCode."' ") or die(mysqli_connect_error());
$result2 = (mysqli_num_rows($query2) > 0);
$query3 = mysqli_query($db_connect, "SELECT COUNT(`userID`) FROM `users` WHERE `email` = '".$email."' AND `activationCode` = '".$activationCode."' AND `active` = '0' ") or die(mysqli_connect_error());
$result3 = (mysqli_num_rows($query3) > 0);
// Check email exists in database
if ($result1) {
// Check activation code exists in database
if ($result2) {
// THIS IS THE PART NOT DOING IT'S JOB PROPERLY
// Check active status
if ($result3) {
mysqli_query($db_connect, "UPDATE `users` SET `active` = '1' WHERE `email` = '".$email."' AND `activationCode` = '".$activationCode."' AND `active` = '0' ") or die(mysqli_connect_error()); // Activate account
echo "<p>Your account is now activated. You may <a href='/login'>Log In</a></p>";
exit();
} else {
echo "<p>Your account has already been activated. You may <a href='/login'>Log In</a></p>";
exit();
}
// ------------------------------------------------------------------------------------
} else { // Activation code is invalid
echo "<p>Hmmm, the activation code seems to be invalid!</p>";
exit();
}
} else { // Email does not exist
echo "<p>Hmmm, ".$email." email does not seem to exist in our records!</p>";
exit();
}
} else {
header("Location: /login");
exit();
}
Any help on where i'm going wrong is much appreciated.
You could add an " AND active = 1" condition to your sql query on login
After several painful hours of looking through and rewriting code, I have figured out what was causing the issue.
It was actually the registration page where the email is sent. I have wrapped the activation link in the body of the message in single quotes and it now works perfectly. You see them in the email...
'http://www.example.com/activate?email=".$email."&activationCode=".$activationCode."'
but the link works so I am sticking with it.
Cheers for all your help, really appreciate it.
i am currently having problem matching my md5 password in database with data entered by the user, i know that i should not use such type of password matching but i want to know why this does not work.
here is my login script
<?php
//Login Script
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
$user_login = $_POST["user_login"];
$password_login = $_POST["password_login"];
$md5password_login = md5($password_login);
$sql = mysqli_query($conn, "SELECT id FROM users2 WHERE username='$user' AND password='$md5password_login' LIMIT 1"); // query the person
//Check for their existance
$userCount = mysqli_num_rows($sql); //Count the number of rows returned
if ($userCount == 1) {
while($row = mysqli_fetch_array($sql,MYSQLI_ASSOC)) {
$rahul = $row["id"];
}
$_SESSION["id"] = $rahul;
$_SESSION["user_login"] = $user_login;
$_SESSION["password_login"] = $password_login;
exit("<meta http-equiv=\"refresh\" content=\"0\">");
} else {
echo 'That information is incorrect, try again';
exit();
}
}
?>
Whenever i enter the correct details, it throws your information is incorrect, earlier it used to work in mysql_query but now it's deprecated.
Incorrect pass in a user & pass in here :
$sql = mysqli_query($conn, "SELECT id FROM users2 WHERE username='$user' AND password='$pass' LIMIT 1");
you should change it :
$sql = mysqli_query($conn, "SELECT id FROM users2 WHERE username='$user_login' AND password='$md5password_login' LIMIT 1");
for a long time i have been using username as only option to log in to my website account but most of the users forget their username so i want to add email and username both as options to login.
here is my code to create a session and log in the user.
<?php
if(isset($_POST["user_login"]) && isset($_POST["password_login"])) {
$user_login = preg_replace('#[^A-Za-z0-9#._\(\)\']#i', '', $_POST["user_login"]);
$password_login = preg_replace('#[^A-Za-z0-9!#._]#i', '', $_POST["password_login"]);
$md5password_login = md5($password_login);
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$md5password_login' LIMIT 1");
//check for their existance
$userCount = mysql_num_rows($sql); //count the number of rows returned
if ($userCount == 1) {
while($row = mysql_fetch_array($sql)) {
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["user_login"] = $user_login;
$_SESSION["password_login"] = $password_login;
exit("<meta http-equiv=\"refresh\" content=\"0\">");
} else {
echo "Your Username or Password is Incorrect. please try again.";
exit();
}
}
?>
How can i add email with username login ?
Note : the teacher who taught me php showed me how to use mysql_query and not the latest version and i know it is being deprecated so i have already changed all my query's, this is an old code.
You can give option on your login form to select login (radio button) type as username or Email.Then change your query accordingly:
if($logintype=="Username")
{
//Current Username query
}
else
{
//Email Login query
}
or you can use both in query as:
$sql = mysql_query("SELECT id FROM users WHERE (username='$user_login' || email='$_POST[user_login]') AND password='$md5password_login' LIMIT 1");
try this.. by checking post data is email or not
$email = $_POST["user_name"];
if (preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/",$email))
{
// email query
}
else
{
// username query
}