I have a problem calling php function when i click submit button:
<?php
if (isset($_GET['username']) === true and empty($_GET['username']) === false) {
$username = $_GET['username'];
if(user_exists($username) === true) {
$profile_user_id = user_id_from_username($username, 'username');
$my_id = $_SESSION['user_id'];
$profile_data = user_data($profile_user_id, 'username', 'first_name', 'last_name', 'email', 'profile');
?>
<h1><?php echo $profile_data['first_name']; ?>'s Profile</h1>
<?php
if($profile_user_id != $my_id) {
$check_friend_query = mysql_query("SELECT id FROM friends WHERE (user_one='$my_id' AND user_two='$profile_user_id') OR (user_one='$profile_user_id' AND user_two='$my_id')");
if(mysql_num_rows($check_friend_query) > 0) {
echo 'Already Friends - Unfriend '. $profile_data['username'] .'';
} else {
$from_query = mysql_query("SELECT id FROM friend_request WHERE `from` = '$profile_user_id' AND `to` = '$my_id'");
$to_query = mysql_query("SELECT id FROM friend_request WHERE `from` = '$my_id' AND `to` = '$profile_user_id'");
if(mysql_num_rows($from_query) == 1) {
echo 'Ignore or Accept';
} elseif(mysql_num_rows($to_query) == 1){
echo 'Cancel Request';
} else {
if(isset($_GET['submit'])) {
friend_request();
header('Location: '.$profile_user_id);
exit();
}
?>
<form action="">
<input type="submit" name="submit" value="Send friend request!">
</form>
<?php
}
}
}
?>
That last else isser($GET['submit'] and function call with form.What is wrong I cant find the solution,it just refreshes the page but doenst send mysql_query. Function that i call is this:
function friend_request() {
if (isset($_GET['username']) === true and empty($_GET['username']) === false) {
$username = $_GET['username'];
if(user_exists($username) === true) {
$profile_user_id = user_id_from_username($username, 'username');
$my_id = $_SESSION['user_id'];
$profile_data = user_data($profile_user_id, 'username', 'first_name', 'last_name', 'email', 'profile');
mysql_query("INSERT INTO friend_request VALUES('', '$my_id', '$profile_user_id')");
}}}
Please help me,im new to php and this annoys me, i've been stuck on this since yesterday evening trying to figure it out.I really dont see whats the problem.How do i change my code?Everything works perfectly expect that friend_request() function part.
in your form username input is missing, Based on the username value you have allowed into the block if (isset($_GET['username']) === true and empty($_GET['username']) === false) {
<form action="">
<input type="text" name="username" value="your value">
<input type="submit" name="submit" value="Send friend request!">
</form>
Related
I tried this but it doesn't works.
HTML:
<form id="login" method="post">
<input type="text" name="login"><br>
<input type="password" name="pass">
<input type="submit">
</form>
PHP
$login = "citybank";
$pass = array("ticket3", "ticket2", "ticket1");
if(isset($_POST["login"])){
if($_POST["login"] == $login and $_POST["pass"] == $pass){
echo 'You are logged';
echo "
<script>
var post = document.querySelector('#login');
post.style.display = 'none';
</script>
";
}else{
echo "You are not logged.";
}
}
I think i have a problem with my array.
I dont know if its right the way i am using.
Thanks
First of all you have syntax error here:
$pass = array("ticket3", "ticket2, "ticket1"); // missing "
Also you searched for value in array, so you should use in_array():
<form id="login" method="post">
<input type="text" name="login"><br>
<input type="password" name="pass">
<input type="submit">
</form>
<?php
$login = "citybank";
$pass = array("ticket3", "ticket2", "ticket1");
if(isset($_POST["login"])){
if($_POST["login"] == $login and in_array($_POST["pass"], $pass)){
echo 'You are logged';
echo "
<script>
var post = document.querySelector('#login');
post.style.display = 'none';
</script>
";
}else{
echo "You are not logged.";
}
}
?>
Warning: Never, ever implement login logic like that, if it is for test it's OK, but on production environment is FORBIDDEN!
Here is example of login system which is secured.
You can use in_array() function to solve your issue.
But you should use database to store password.
php
$login = "citybank";
$pass = array("ticket3", "ticket2", "ticket1");
if(isset($_POST["login"])){
if($_POST["login"] == $login && in_array($_POST["pass"], $pass)){
echo 'You are logged';
echo "
<script>
var post = document.querySelector('#login');
post.style.display = 'none';
</script>
";
}else{
echo "You are not logged.";
}
}
<?php
$login = "citybank";
$pass = array("ticket3", "ticket2", "ticket1");
if(isset($_POST["login"]))
{
$count=0;
if($_POST["login"] == $login)
{
for($i=0;$i<3;$i++)
{
if($_POST["pass"] == $pass[$i])
{
{
$count=1;
echo 'You are logged';
echo "
<script>
var post = document.querySelector('#login');
post.style.display = 'none';
</script>
";
break;
}
}
}
if($count==0)
{
echo "You are not logged.";
}
}
}
?>
I am making the login page in php.
However, no If worth of blank check of html form is operated (line4)
After entering in the html of the form, even if you press the login does not have moved if statement.
Since the cause is not know, I want you to tell me
if (isset($_POST["login"])) {//PUSH login button
//form blank check
if ($_POST["email"] = '') {
$error['email'] = "blank";
} else if ($_POST["pass"] = '') {
$error['pass'] = "blank";
}
}
if(!empty($_POST['email'])){
//email & password verification
if($_POST['email'] != '' && $_POST['pass'] != ''){
$email = $_POST['email'];
$pass = SHA1($_POST['pass']);
$query = "select * from human";
$result = mysqli_query($dbc,$query);
$data = mysqli_fetch_array($result);
if($data['email'] == $email) { //form email & password
if($data['pass'] === $pass) {
setcookie('email', $email, time()+(60*60*24*3));
setcookie('pass', $pass, time()+(60*60*24*3));
setcookie('name', $date['name'], time()+(60*60*24*3));
exit();
}else{
$error['match'] = "anmatch"; //Mismatch Error
}
}
}
<!DOCTYPE html>
<form action="" method="post">
<dl>
<dt>email</dt>
<dd>
<input type="text" name="email" size="35" maxlength="255"
value="<?php echo htmlspecialchars($_POST['email']); ?>">
<?php if($error['email'] == 'blank'): ?>
<p><font color="red">* Input email</font></p>
<?php endif; ?>
</dd>
<dt>password</dt>
<dd>
<input type="password" name="pass" size="35" maxlength="255"
value="<?php echo htmlspecialchars($_POST['pass']); ?>">
<?php if($error['pass'] == 'blank'): ?>
<p><font color="red">* Input password</font></p>
<?php endif; ?>
</dd>
</dl>
<input type="submit" id="login" name="login" value="sigh in">
</form>
Firstly as mentioned in the comments, you are assigning a value in your if statements. Also as a second point I'd guess because your condition is a nested else if the first assignment is always true so the second condition will never be tested.
//form blank check
if ($_POST["email"] = '') {
$error['email'] = "blank";
} else if ($_POST["pass"] = '') {
$error['pass'] = "blank";
}
The second condition statement will only evaluate when the first is false
You should try checking each variable independently nand make sure you use ==
//form blank check
if ($_POST["email"] == '') {
$error['email'] = "blank";
}
if ($_POST["pass"] == '') {
$error['pass'] = "blank";
}
I need to add a option in the Admin page where a admin can Select a user and add points to them, however I write the name and how many points to add, enter it and it shows up with no errors but saying it has been successfully added, but the points have not been added to that user...
Here's my code for the page with the form:
if (empty($_POST) === false) {
$required_fields = array('username', 'add');
foreach($_POST as $key=>$value) {
if (empty($value) && in_array($key, $required_fields) === true) {
$errors[] = 'Fields marked with an asterisk are required';
break 1;
}
}
}
if (empty($errors) === false) {
if (user_exists($_POST['username']) === true) {
$errors[] = 'Sorry, the username \'' . $_POST['username'] . '\' doesn\'t exist';
}
}
?>
<?php
if (isset($_GET['success']) === true && empty($_GET['success']) === true) {
echo 'The points have succesfully been added to the user!';
} else {
if (empty($_POST) === false && empty($errors) === true) {
$addpoints = array(
'username' => $_POST['username'],
'add' => $_POST['add']
);
addpoints($addpoints);
header('Location: addthepoints352346.php?success');
exit();
} else if (empty($errors) === false) {
echo output_errors($errors);
}
?>
<h1>Admin Access Only</h1>
<p>Add points to a user</p>
<form action="" method="post">
<ul>
<li>
Username*:<br>
<input type="text" name="username">
</li>
<li>
How many points to add*:<br>
<input type="text" name="add">
</li>
<li>
<input type="submit" value="Add">
</li>
</ul>
</form>
<?php
}
include 'includes/overall/footer.php';
?>
And also another page with the function where it actually sends it to the mysql database:
function addpoints($addpoints) {
mysql_query("UPDATE `users` SET `points` = `points` + '$add' WHERE `username` = '$username'");
}
I literally have no idea what it is, to help I have added a couple of photos
update your function as follows.
function addpoints($addpoints) {
mysql_query("UPDATE users SET points = points +".$addpoints['add']." WHERE username = ".$addpoints['$username'].")";
}
I am trying to set the joeauty / RememberMe-CodeIgniter-Spark. I added the rememberme.php inside the config forler, the Rememberme.php inside system/libraries/ made the changes inside autoload.php and config.php and created 2 tables( ci_cookies and ci_sessions) into the database.
If don't click the checkbox I can login, but if I select the checkbox nothing happens.
This is my controller:
function __construct()
{
parent::__construct();
$this->load->model('registerclient_model','',TRUE);
}
function index()
{
if($this->session->userdata('logged_in') || $this->session->userdata('user_id'))
{ redirect('client_private_area', 'refresh');}
else{
$this->load->library('form_validation');
$this->form_validation->set_rules('email_address', 'Email', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|callback_check_database');
if($this->form_validation->run() == FALSE)
{
$data['error'] = 'Invalid email address and/or password.';
$this->load->view('templates/header');
$this->load->view('pages/login/client_login', $data);
$this->load->view('templates/footer');
}
else
{
//Go to private area
redirect('client_private_area', 'refresh');
}
}
}
function check_database($password)
{
$email = $this->input->post('email_address');
$result = $this->registerclient_model->login($email, $password);
if($result){
if($this->input->post('netid') == "on"){
$this->rememberme->setCookie($this->input->post('netid'));
if ($this->rememberme->verifyCookie()) {
// find user id of cookie_user stored in application database
$user = User::findUser($cookie_user);
// set session if necessary
if (!$this->session->userdata('user_id')) {
$this->session->set_userdata('user_id', $user);
}
$this->user = $user;
}
else if ($this->session->userdata('user_id')) {
$this->user = $this->session->userdata('user_id');
}
}
else
{
$sess_array = array();
foreach($result as $row)
{
$sess_array = array(
'id' => $row->id,
'first_name' => $row->first_name,
'email_address' => $row->email_address
);
$this->session->set_userdata('logged_in', $sess_array);
}
return TRUE;
}
}
else
{
$this->form_validation->set_message('check_database', 'Invalid email address and/or password.');
return false;
}
}
this is my model:
function login($email, $password) {
//create query to connect user login database
$this->db->select('id, first_name, email_address, password');
$this->db->from('client_register');
$this->db->where('email_address', $email);
$this->db->where('password', $this->registerclient_model->hash($password));
$this->db->limit(1);
//get query and processing
$query = $this->db->get();
if($query->num_rows() == 1)
{
return $query->result(); //if data is true
}
else
{
return false; //if data is wrong
}
}
this is my view:
<div class="client_login_content_form">
<h1>CLIENT LOGIN FORM</h1>
<p class="loginform_error"><?php echo validation_errors(''); ?></p>
<?php echo form_open('verifylogin'); ?>
<ul>
<li><input type="text" size="20" id="email" name="email_address" value="<?php echo set_value('email_address'); ?>" required placeholder="Email Address"/></li>
<li><input type="password" size="20" id="passowrd" name="password" value="<?php echo set_value('password'); ?>" required placeholder="Password"/></li>
<li><p><input type="checkbox" name="netid" id="netid" checked>Remember me</p></li>
<li><input type="submit" class="login_content_form_button" value="LOG IN"/></li>
</ul>
<p class="forgot_login">Forgot your password?</p>
</form>
</div>
<form action="<?php echo site_url('admin'); ?>"><input type="submit" value="Admin" class="admin_button" /></form>
This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 9 years ago.
I'm struggling to get to grasps with PDO from mysql, here is my registration form.
The error I'm receiving isn't quite making sense to me, can anyone help me complete my registration form?
<? include 'includes/overall/head.php';
include 'core/init.php';?>
<div id="page" class="container">
<div id="box1">
<h2 class="title"><? echo $welcome; ?></h2>
<div style="clear: both;"> </div>
<div class="entry">
<form method="POST" action="process_user.php">
Username*: <br/>
<input type="text" name="username" /><br/>
Password*: <br/>
<input type="password" name="password" /><br/>
Confirm Password*: <br/>
<input type="password" name="password_confirm" /><br/>
Email*: <br/>
<input type="text" name="email" /><br/>
Confirm Email*: <br/>
<input type="text" name="email_confirm" /><br/>
<?require_once('recaptchalib.php');
$publickey = "*****";
echo recaptcha_get_html($publickey);?>
<input type="submit" name="submit" value="Register">
</form>
</div>
</div>
<? include 'includes/overall/footer.php'; ?>
This is the prcess_user.php
<? include 'includes/overall/head.php';
include 'core/init.php';?>
<div id="page" class="container">
<div id="box1">
<h2 class="title"><? echo $welcome; ?></h2>
<div style="clear: both;"> </div>
<div class="entry">
<?
require_once('recaptchalib.php');
$privatekey = "*****";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
die ("The reCAPTCHA wasn't entered correctly. Go back and try it again.");
} else {
if (empty($_POST) === false) {
$required_fields = array('username', 'password', 'password_confirm', 'email', 'email_confirm');
foreach($_POST as $key=>$value) {
if (empty($value) && in_array($key, $required_fields) === true) {
$errors[] = 'Fields marked with an asterisk are required.';
break 1;
}
}
}
if (empty($errors) === true) {
if(user_exists($_POST['username'] === true)) {
$errors[] = 'Sorry, the username \''.$_POST['username'].'\' is already taken.';
}
if (preg_match("/\\s/", $_POST['username'] == true)) {
$errors[] = 'Your username cannot contain any spaces';
}
if (strlen($_POST['password']) < 6 || strlen($_POST['password'] > 32)) {
$errors[] = 'Your password must be between 6 and 32 characters';
}
if ($_POST['password'] !== $_POST['password_confirm']) {
$errors[] = 'Your passwords did not match';
}
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
$errors[] = 'Please enter a valid email address.';
}
if (email_exists($_POST['email']) === true) {
$errors[] = 'The email address \''.$_POST['email'].'\' is arealdy registered.';
}
}
}
if (isset($_GET['success']) && empty($_GET['success'])) {
echo 'You\'ve been successfully registered, please check your email inbox to activate your account';
} else {
if (empty($_POST) === false && empty($errors) === true) {
$register_data = array(
'username' => $_POST['username'],
'password' => $_POST['password'],
'email' => $_POST['email'],
'email_code' => md5($_POST['username'] + microtime())
);
register_user($register_data);
header('location: register.php?success');
exit();
} else if(empty($errors) === false) {
echo output_errors($errors);
}
//LINK TO GO BACK AND TRY AGAIN
}
?>
</div>
</div>
<? include 'includes/overall/footer.php'; ?>
And finally, the functions to go with them
<?php
function user_exists($username) {
$username = sanitize($username);
$query = "SELECT COUNT(`user_id`) FROM `users` WHERE `username` = `$username`";
$stmt = $dbh->prepare($query);
$stmt->execute();
return ($stmt->rowCount() == 1) ? true : false;
}
function email_exists($email) {
$email = sanitize($email);
$query = "SELECT COUNT (`user_id`) FROM `users` WHERE `email` = $email";
$stmt = $dbh->prepare($query);
$stmt->execute();
return ($stmt->rowCount() == 1) ? true : false;
}
function register_user($register_data) {
array_walk($register_data, 'array_sanitize');
$register_datapw = $register_data['password'];
require ('../../includes/blowfish.class.php');
$bcrypt = new Bcrypt(4);
$register_data['password'] = $bcrypt->hash($_POST['password']);
$fields = '`' . implode('`, `', array_keys($register_data)) . '`';
$data = '\'' . implode('\', \'', $register_data) . '\'';
$query = "INSERT INTO `USERS` ($fields) VALUES ($data)";
$stmt->prepare($query);
$stmt->execute();
}
?>
This is the error I receive
[08-May-2013 09:44:52 America/Denver] PHP Parse error: syntax error, unexpected '$' in .../process_user.php on line 50 Which is
if (isset($_GET['success']) && empty($_GET['success'])) {
The empty() function in PHP has some really weird semantics. Per the fine manual:
Prior to PHP 5.5, empty() only supports variables; anything else will result in a parse error. In other words, the following will not work: empty(trim($name)). Instead, use trim($name) == false.
Similarly, you will need to use $_GET['success'] == false instead of empty($_GET['success']).
As an aside: You are using PDO, which is good, but you are still interpolating user input into your SQL queries, which is very, very, very bad. Learn how to use PDO correctly with bound variables before you proceed.