suppose I have two users in the SQL database. In the table column authority one is the Administrator and the other is user.
My issue is if I log in as the Administrator, before the form refreshes, the $_SESSION['Authentication'] echoes 'Administrator', but after the form refreshes $_SESSION['Authentication']` echoes as 'user'.
Where have I gone wrong in my code which result the $_SESSION['Authentication'] = 'user' whereas it should be $_SESSION['Authentication'] = 'Administrator' after the form refreshes?
Code :
Session started at the beginning....
then this follows.
<?php
include ("connect_db/index.php");
if(isset($_SESSION['loggedUser']))
{
echo "<form action='signoff/index.php'><div id='four'>Welcome ". $_SESSION['loggedUser']." !
<input type='submit' name='soff' id='soff' class='sout' value='Sign off'></div></form>";
echo "You are the : ".$_SESSION['Authentication']." of the site.";
}
else
{
?><div id='one'><?php
echo "
<div id='u2'>
<form name='form1' method='post' action='''>
<table border='1' style='width:520px; bordercolor:#FFFFFF;'>
<tr>
<td style='width:30px;'>User Name: </td>
<td style='width:80px;'><label for='textfield'></label>
<input type='text' maxlength='12' name='UnameZoom' id='UnameZoom' class='txss'></td>
<td style='width:30px;'> Password: </td>
<td style='width:80px;'><label for='txss'></label>
<input type='password' maxlength='12' name='PwordZoom' id='PwordZoom' class='txss'></td>
<td> <input type='submit' name='loggedUser' id='loggedUser' class='mylog' value='Login'></td>
</tr>
</table>
</form>
<p> </p>
<p> </p>
</div>";
?></div><?php
if(isset($_POST['loggedUser']))
{
?><div id='two'><?php
$un = $_POST['UnameZoom'];
$pw = $_POST['PwordZoom'];
if($un=='' || $pw == '')
{echo "<div id='three'>Empty Fields</div>";}
else {
$SQL = "SELECT pword FROM users WHERE username='$un'";
$resultA = mysqli_query($db,$SQL) or die ("SQL Error!!!");
$row = mysqli_fetch_array($resultA);
if($pw == $row['pword'])
{
$resultB = mysqli_query($db,"SELECT fname AS Lna FROM users WHERE username='$un'");
$rowB = mysqli_fetch_assoc($resultB);
//$sum = $rowB['Lna'];
$_SESSION['loggedUser'] = $rowB['Lna'];
$resultC = mysqli_query($db,"SELECT authority AS Auth FROM users WHERE username='$un'");
$rowC = mysqli_fetch_assoc($resultC);
unset($_SESSION['Authentication']);
$_SESSION['Authentication'] = $rowC['Auth'];
header("refresh:3;");
//echo "<div id='four'>Welcome ". $_SESSION['loggedUser']." !</div>";
}
else
{
echo "<div id='three'>No user found</div>";
}
}
?></div><?php
}
}
?>
// this is where I'm trying to echo
<div id="contentLog">
<?php
if(isset($_SESSION['Authentication']))
{echo $_SESSION['Authentication'];}
?>
Your header("refresh:3;"); makes me suspicious. This might be relevant. Add session_write_close() before you call header()? Echo session_id() to see if the refresh creates a new blank session or if you have a logic error.
please use this condition
if($_POST['loggedUser'] != "")
{
}
Related
I am doing project for my university. I create a page where user can send friend request. Here I fetch data from another table and put button for each row data.
My problem is that when one button click other row button also was change to friend request. I need a solution for it.
How to make one add friend request button is equal to one row id and how to avoid other button affected whenever click particular row.
My code is included below. I hope you guys will help me. Thanks in advance.
<?php
session_start();
$_SESSION['myid'];
$mysqli=new MySQLi('127.0.0.1','root','','learning_malaysia');
$sql = "SELECT * FROM tutor_register INNER JOIN tutorskill ON tutor_register.register_ID = tutorskill.register_ID ORDER BY
tutor_register.register_ID='".$_SESSION['myid']."'desc";
$result= mysqli_query($mysqli,$sql);
if(mysqli_num_rows($result)>0)
{
while($row = mysqli_fetch_array($result))
{
$register_ID=$row["register_ID"];
$username = $row['username'];
$profile = $row['profile'];
$email = $row['email'];
$address=$row['address'];
$gender=$row['gender'];
$main_subject=$row["main_subject"];
$subject_add=$row["subject_add"];
$rate_main=$row["rate_main"];
$rate_add=$row["rate_add"];
$qualification=$row["qualification"];
?>
<table><form method="post">
<tr class="border_bottom">
<td height="230"><img src='<?php echo $profile;?>'width="200" height="200"/> </td><td><td></td></td>
<?php
if($register_ID == $_SESSION['myid']){
?>
<td><label>Your Profile</label></td>
<?php
} else {
?>
<form method="post">
<td><button class='friendBtn unfriend' name="" data-type="unfriend">Unfriend</button>
<input type="hidden" name="id" value="<?php echo $row['register_ID'];?>" />
<input type="submit" name="addfriend" data-type='addfriend' id="addfriend" value="<?php
if($_SESSION['status'] == 'yes'){
echo 'Request Sent';
}
else {
echo 'Addfriend';}
?>" data-uid=<?php echo $row['register_ID'];?>/></td> </form>
<?php
}
}
?>
</tr>
</div>
</table>
</form>
<?php
if(isset($_POST['id']) ) {
$user_id = $_SESSION['myid'];
$friend_id = $_POST['id'];
$sql="INSERT INTO friends(user_id,status,friend_id)" ."VALUES('$user_id','yes','$friend_id') ";
if($mysqli->query($sql)=== true) {
$_SESSION['status']="yes";
$_SESSION['id']=$row['id'];
} else {}
}
}
?>
</body>
</html>
You need to replace the following block in your code:
<input type="submit" name="addfriend" data-type='addfriend' id="addfriend" value="<?php
if($_SESSION['status'] == 'yes'){
echo 'Request Sent';
}
else {
echo 'Addfriend';}
?>" data-uid=<?php echo $row['register_ID'];?>/>
With the one mentioned below. This will solve your problem.
<input type="submit" name="addfriend" data-type='addfriend' id="addfriend" value="<?php
if($_SESSION['status'] == 'yes' && $row['register_ID']==$_SESSION['id']){
echo 'Request Sent';
}
else {
echo 'Addfriend';}
?>" data-uid=<?php echo $row['register_ID'];?>/>
Good morning guys, I have a problem. I created one login page and connected it with another page. That page is like a sending friend request system. I want the sender to be able to view their own profile but not be able to send friend requests to their own id. How can I hide the details of the logged in user? How can I get the logged in user's id? I hope someone will help me. Thanks a lot.
Login page:
<?php
session_start();
$mysqli=new MySQLi('127.0.0.1','root','','accounts');
if(isset($_POST['login'])) {
$username =$mysqli->real_escape_string($_POST['username']);
$pass = md5($_POST['pass']);
$sql="SELECT * id FROM users WHERE username='$username' AND pass='$pass' LIMIT 1;";
$result = mysqli_query($mysqli,$sql);
if(mysqli_num_rows($result)>0)
$row = mysqli_fetch_array($result);{
$_SESSION['loggedIn'] = true;
$_SESSION['uid'] = $result['id'];
$result['id']= trim($row["id"]);
header ("Location:Home.php");
exit;
}
}
?>
Home page:
<?php
session_start();
$_SESSION['uid'];
$db = new PDO('mysql:host=127.0.0.1;dbname=accounts','root','');
require 'class/friends.php';
$query = $db->prepare("SELECT * FROM users");
$query->execute();
if($query->rowCount()>0)
{
while($fetch = $query->fetch(PDO::FETCH_ASSOC)) {
$id = $fetch['id'];
$username = $fetch['username'];
$profile = $fetch['profile'];
$email = $fetch['email'];
?>
<form method="post"><table>
<tr class="border_bottom">
<td height="230">
<img src='<?php echo $profile;?>'width="200" height="200"/>
</td>
<td><td></td></td>
<td><?php echo $username;?><br />
<?php echo $email;?>
</td>
<?php
if($id != $_SESSION['uid']) {
if(Friends::renderfriendship($_SESSION['uid'],$id,'isThereRequestPending')== 1){
?>
<td><button class="request_pending" disabled>Request Pending</button></td>
<?php
} else {
if(Friends::renderfriendship($_SESSION['uid'],$id,'isThereFriendShip')== 0) {
?>
<td><button class='friendBtn_add' data-uid='<?php echo $id;?>' data-type='addfriend'>Ad as friend</button></td>
<td> <button class="request_pending hidden" disabled>Request Pending</button></td>
<?php
}else{
?>
<td> <button class='friendBtn unfriend' data-uid='<?php echo $id;?>' data-type="unfriend">Unfriend</button></td>
<td> <button class='friendBtn_add hidden' data-uid=<?php echo $id;?> data-type='addfriend'>Ad as friend</button></td>
<td> <button class="request_pending hidden" disabled>Request Pending</button></td>
</td >
</tr>
</table>
</form>
<?php
}
}
}else{
}
?>
</div>
</div>
<?php
}
}
?>
</div>
</table>
Your login file seems a little big jumbled, but I will try to decipher your errors. From Progrock, the MySQLi query is wrong. You want it to look like: SELECT * FROM users WHERE username='$username' AND pass='$pass' LIMIT 1
RiggsFolly helped me notice a little error with a if statement as well. It should look like this:
if(mysqli_num_rows($result)>0) {
$row = mysqli_fetch_array($result);
$_SESSION['loggedIn'] = true;
$_SESSION['uid'] = $row['id'];
$result['id']= trim($row["id"]);
header ("Location:Home.php");
exit;
}
You had the curly bracket in the wrong column and you used the $result variable instead of the $row variable.
Apart from that, I would strongly recommend RiggsFolly's advice, as your code is very susceptible to lots of attacks and is not written very securely.
I am trying to transfer data between php pages using session. My code is as below:
check_code.php:
<?php
session_start();
echo "<form action=\"check_code.php\" method=\"post\">";
echo "<h2>Your Name. *</h2><input type='text' name='user_name'>";
echo "<br><br>";
echo "<h2>Your age. *</h2><input type='text' name='age'>";
echo "<br><br>";
echo "<br><br><br>";
echo "<div><input type='submit' value='Review'></div>";
echo "</form>";
?>
<?php
if((empty($_POST['user_name'])) || (empty($_POST['age'])) ) {
echo "<h2>Please enter your user name and age</h2>";
} else {
echo "<form action=\"page2.php\" method=\"post\">";
$user_name = $_POST['user_name'];
$age = $_POST['age'];
echo "Below are the details entered:<br>";
echo "Name: $user_name";
echo "Age: $age";
echo "Select any one: ";
echo '<td bgcolor="#EAEAEA" style="color:#003399"><input type="checkbox"
name="subject[]" value="Science">Science</td>';
echo '<td bgcolor="#EAEAEA" style="color:#003399"><input type="checkbox"
name="subject[]" value="Math">Math</td>';
echo "<br>";
$_SESSION['user'] = $_POST['user_name'];
$_SESSION['age'] = $_POST['age'];
$_SESSION['subject'] = $_POST['subject'];
echo "<input type=\"submit\" value='Add to DB' >";
echo "</form>";
}
?>
page2.php:
<?php
session_start();
$user_name = $_SESSION['user'];
$age = $_SESSION['age'];
$subject = $_SESSION['subject'];
echo "<h2>Below are the details entered:</h2><br>";
echo "<h2>Name: </h2>$user_name";
echo "<h2>Age: </h2>$age";
echo "<h2>Subject selected: </h2>";
for ($i=0;$i<sizeof($subject);$i++) {
echo " $subject[$i] ";
}
?>
The name and age get displayed in the final page (page2.php). The subject does not get passed to the next page. What mistake am I making here?
Any help would be appreciated!!!
The code you gave had some issues, so I rewrote your code and you might try the one below:
check_code.php file:
<?php session_start(); ?>
<form method="POST" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
<label>Your name</label>
<input type="text" name="name" />
<br>
<label>Your age</label>
<input type="number" name="age" />
<hr>
<button type="submit" name="review">Review</button>
<?php if(isset($_SESSION['details'])) { ?>
<button type="submit" name="unset">Unset</button>
<?php } ?>
</form>
<?php
if(isset($_SESSION['details'])) {
if(isset($_POST['unset'])) { // If pressed "unset", remove the session and the values and restart
unset($_SESSION);
session_destroy();
}
}
if(isset($_POST['review'])) {
if(!empty($_POST['name']) && !empty($_POST['age'])) { // If fields are not empty
?>
<p>Your Details:</p>
<table>
<tr>
<td>Name<td>
<td><?php echo $_POST['name']; ?></td>
</tr>
<tr>
<td>Age<td>
<td><?php echo $_POST['age']; ?></td>
</tr>
</table>
<?php
$_SESSION['details'] = array(
'name' => $_POST['name'],
'age' => $_POST['age']
// Storing them in array as $_SESSION['details'][name/age/whatever]
);
}
else {
echo 'Please fill in the fields.';
}
}
if(isset($_SESSION['details'])) {
?>
<p><?php echo $_SESSION['details']['name']; /* Stored name in session */ ?>, Please Select Subject:</p>
<form method="POST" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
<label>Science</label>
<input type="checkbox" name="subject[]" value="science" />
<br>
<label>Math</label>
<input type="checkbox" name="subject[]" value="math" />
<hr>
<button type="submit" name="send">Remember My Choice</button>
</form>
<?php
if(isset($_POST['send'])) { // If you send the second form, then...
if(isset($_POST['subject'])) { // If selected subject
$_SESSION['subject'] = array();
for($i = 0; $i < count($_POST['subject']); $i++) {
$_SESSION['subject'][] = $_POST['subject'][$i]; // store all values of "subject" in the session
}
}
header('location: page2.php');
}
}
Explanation:
You wanted the user to choose a subject after submitting the form, and defined it when the user can not check subject - line 33. when the user can not define the variable, you can continue - but with errors - and that's what I got when I tried your code.
So what I did was the following steps:
Send the first form with the name and the age
Define $_SESSION variable named "details" (as array that held the required information)
If this variable exists - then allow the user to select a subject.
Then, when you choose one (or more) subjects, they're saved too in the session:
page2.php file:
<?php
session_start();
if(isset($_SESSION['details'])) {
?>
<p>Your name is <?php echo $_SESSION['details']['name']; ?> and your age is <?php echo $_SESSION['details']['age']; ?></p>
<?php if(isset($_SESSION['subject'])) { ?>
<p>And your subject(s) are <?php echo implode(', ', $_SESSION['subject']); ?></p>
<?php } else { ?>
<p>You don't have any subject</p>
<?php
}
}
else {
die('An Error Occurred');
}
On page2.php I checked if the details are set. if they are, then we can proceed and check if the subject(s) are set too. In case details are not set, the connection will die and print an error message. If you don't set the subject, you'll get a message about it, too.
Important note:
Your code, and this one too are vulnerable. Do not use these in a server, unless you take care about XSS protection. You may escape characters and use Regular expressions to "Sanitize" the input.
You can replace your current code with this one.
I hope it will be helpful
Hi I have the following as my login script. (The script is not yet sanitized.) But I have an issue here. Once a successful log in attempt is made I need to echo the loggedUser but the information doen't get printed once echoed. Can someone pls help me understand where I have gone wrong?
Code as follows;
<?php
SESSION_start();
?>
<!doctype html>
<html>
<head></head>
<body>
<div>
<?php
include ("connect_db/index.php");
if(isset($_SESSION['loggedUser']))
{
echo '<div>User :'.$_SESSION['loggedUser'].'</div>';
}
else
{
echo "
<div id='u2'>
<form name='form1' method='post' action='''>
<table border='1'>
<tr>
<td>User Name: </td>
<td><label for='textfield'></label>
<input type='text' name='UnameZoom' id='UnameZoom' class='txss'></td>
<td> Password: </td>
<td><label for='txss'></label>
<input type='password' name='PwordZoom' id='PwordZoom' class='txss'></td>
<td> <input type='submit' name='loggedUser' id='loggedUser' class='mylog' value='Login'></td>
</tr>
</table>
</form>
<p> </p>
<p> </p>
</div>";
if(isset($_POST['loggedUser']))
{
$un = $_POST['UnameZoom'];
$pw = $_POST['PwordZoom'];
if($un=='' || $pw == '')
{echo "Empty fields"; return;}
$SQLSz = "SELECT pword FROM users WHERE username='$un'";
$rVz = mysqli_query($db,$SQLSz) or die ("SQL Error!!!");
$roVz = mysqli_fetch_array($rVz);
if($pw == $roVz['pword'])
{
$result = mysqli_query($db,"SELECT Lname AS Lna FROM users WHERE username='$un'");
$row11 = mysqli_fetch_assoc($result);
$sum = $row11['Lna'];
$_SESSION['loggedUser'] = $sum;
echo $_SESSION['loggedUser'];
}
else
{
echo "No user found";
}
}
}
?>
<div></body></html>
I think problem is in your variable. It can be array but u cant echo array. try dump your variable with var_dump.
As already mentioned - SESSION_start() shall be session_start()
Try another statement for displaying your SESSION array - for example:
echo '<pre>';
print_r($_SESSION);
echo '</pre'>;
This will show you all session keys in a nice and readable way
Hi there's a live version of the code below (taken from a tutorial) at my website below http://www.prupt.com/edit_subject.php
The page has a form that allows you to edit the subjects in the navigation bar down the left hand side. For example, you could click on "About Widget Corp" and the name "About Widget Corp" will appear in the subject text field, at which point your supposed to be able to edit it (i.e. change its name if you like) then click "edit subject" and it will update the new name in the navigation down the left hand side.
That's what it's supposed to do, according to the tutorial. However, if I try to edit one of the names, and then click "edit subject" it doesn't change anything. I'm guessing it's not updating the database and thereafter not outputting the correct/new data to the navigation bar
Do you see anything in the code below which would explain why it's not updating the navigation bar once I click "edit subject"?
<?php
//1.Create a database connection
$connection = mysql_connect("98.130.0.87", "username", "password");
if (!$connection) {
die("Database connection failed: " . mysql_error());
}
$db_select = mysql_select_db("C263430_testorwallo" ,$connection);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}
?>
<?php require_once("includes/functions.php"); ?>
<?php
if (intval($_GET['subj']) == 0) {
redirect_to("content.php");
}
if (isset($_POST['submit'])) {
$errors = array();
$required_fields = array('menu_name', 'position', 'visible');
foreach($required_fields as $fieldname) {
if (!isset($_POST[$fieldname]) || (empty($_POST[$fieldname]) && $_POST[$fieldname] !=0)) {
$errors[] = $fieldname;
}
}
$fields_with_lengths = array('menu_name' => 30);
foreach($fields_with_lengths as $fieldname => $maxlength ) {
if (strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength) {
$errors[] = $fieldname; }
}
if (empty($errors)){
//Perform Update
$id = mysql_prep($_GET['subj']);
$menu_name = mysql_prep($_POST['menu_name']);
$position = mysql_prep($_POST['position']);
$visible = mysql_prep($_POST['visible']);
$query = "UPDATE subjects SET
menu_name = '{$menu_name}',
position = {$position},
visible = {$visible}
WHERE id = {$id}";
$result = mysql_query($query, $connection);
if (mysql_affected_rows() == 1) {
//Success
} else {
//Failed
}
} else {
// Errors occurred
}
} //end: (isset($_POST['submit']))
?>
<?php find_selected_page();?>
<?php include("includes/header.php"); ?>
<table id="structure">
<tr>
<td id="navigation">
<?php echo navigation($sel_subject, $sel_page); ?>
</td>
<td id="page">
<h2>Edit Subject <?php echo $sel_subject ['menu_name'];?></h2>
<form action="edit_subject.php?subj=<?php echo urlencode($sel_subject['id']);?>" method="post">
<p>Subject name: <input type="text" name="menu_name" value="<?php echo $sel_subject['menu_name']; ?>" id="menu_name" /></p>
<p>Position:
<select name="position">
<?php
$subject_set = get_all_subjects();
$subject_count = mysql_num_rows($subject_set);
//$subject_count +1 because we are adding a subject
for($count=1; $count <= $subject_count+1; $count++) {
echo "<option value=\"{$count}\"";
if ($sel_subject['position'] == $count) {
echo " selected";
}
echo ">{$count}</option>";
}
?>
</select>
</p>
<p>Visible:
<input type="radio" name="visible" value="0"<?php
if ($sel_subject['visible'] == 0) { echo " checked";}
?>/>No
<input type="radio" name="visible" value="1"<?php
if ($sel_subject['visible'] == 1) { echo " checked"; }
?>/> Yes
</p>
<input type="submit" name"submit" value="Edit Subject"/>
</form>
<br/>
Cancel
</td>
</tr>
</table>
<?php include("includes/footer.php"); ?>
<?php
//5. Close connection
mysql_close($connection);
?>
Ok, saw the page code and it's likely that (see comment above).
<input type="submit" name"submit" value="Edit Subject"/>
You forgot the = sign, correct it to name="submit". That's why it doesn't see the form as submitted (if $_POST['submit']...)