I trying create a simple profile edit page. Don't care syntax, I've refined
<?php
$resultMember = mysql_query("SELECT * FROM member WHERE email='".$_SESSION['memberEmail']."'");
..
$oldProfilePhoto = $resultMember['pp'];
..
{ //post controll
$W = " WHERE email='".$_SESSION['memberEmail']."' AND pasw='".$_SESSION['memberPsw']."'";
if(!isset($_FILES['profilePhoto']['value'])){
mysql_query("UPDATE member SET pp='".$oldProfilePhoto."'".$W) or die(mysql_error());
}
$profilePhoto = "inc/img/".$_SESSION['memberSkype']."/".$_FILES['profilePhoto']['name'];
move_uploaded_file($_FILES['profilePhoto']['tmp_name'],$profilePhoto);
mysql_query("UPDATE uye SET pp='".$profilePhoto."'".$W) or die(mysql_error());
}
..
?>
So, Image upload (OK), oldPhotoName get (OK), user select photo sent by post (OK), in short everthing (OK) but first changed profile photo after try change profile photos is return to empty. Not added oldphoto,
If the user chooses photos, old photo is not changed.
Thank you for your interest.
Good works..
Related
My code wont work unless I add this specific line of code, the one that has the comment next to it (Line 3). Does anyone have any open suggestions on what I should do? Because I don't wont $_SESSION['username'] = "nameofuser";
:
Here is the link to the code: sweettune.info/code.txt
Using "$_SESSION['username'] = "nameofuser";" and deleting it, but if I delete it my image won't upload.
<?php
session_start();
$_SESSION['username'] = "nameofuser"; // Won't work unless this line of code is added
if(isset($_POST['submit'])){
move_uploaded_file($_FILES['file']['tmp_name'],"uploads/".$_FILES['file']['name']);
$conn = mysqli_connect("localhost","newkit","frtysk489","configurenow");
$q = mysqli_query($conn,"UPDATE users SET image = '".$_FILES['file']['name']."' WHERE username = '".$_SESSION['username']."'");
}
?>
If you don't want to use $_SESSION['username'] = 'nameofuser'; then you will need to choose another unique column from your table (such as the record id) to identify the row to be updated.
The reason the database is not updated is because your query specifically asks WHERE username = '".$_SESSION['username']."'"
"UPDATE users SET image = '".$_FILES['file']['name']."' WHERE username = '".$_SESSION['username']."'"
Without a unique identifier, the table row cannot be updated, your update will fail.
Admin can see two menu.
Manage - Retrieve query depends on User location. This menu provide for all users.
Admin Menu - No restrict on query. This menu provide only for Admin.
Above two menu using same Page, but query dynamically choose depends on User.
I tried passing value through URL like url.com?admin=1 . If Admin parameter is set query will not have any restriction. Otherwise Restrict by Location.
But my problem is while I click and navigate from one to another page and perform some form action , In these case, URL parameter automatically unset even Admin. So query will be restrict by location even Admin.
So any one help me to solve this problem.
<?php
$LoginEmpID = $_SESSION["EmployeeLoggedIN"];
//find out location for display room id and discription (Ex.Salem Employee only can give salem's rooms)
$employeeLocation = sprintf("SELECT Location FROM Employee where Emp_ID = %s", GetSQLValueString($LoginEmpID, "int"));
$Recordset_employeeLocation = mysql_query($employeeLocation) or die(mysql_error());
$row_Recordset_employeeLocation = mysql_fetch_array($Recordset_employeeLocation);
$str_Emp_location = $row_Recordset_employeeLocation['Location'];
//DropDown For Room Information
$query_Recordset1_room_number = sprintf("SELECT room_id, role_description,location_id FROM hrms_m_rooms where location_id = %s",GetSQLValueString($str_Emp_location, "text"));
if(isset($_GET['admin']))
{
//DropDown For Room Information
$query_Recordset1_room_number = sprintf("SELECT room_id, role_description,location_id FROM hrms_m_rooms where location_id = %s",GetSQLValueString($str_Emp_location, "text"));
}
$Recordset1_room_number = mysql_query($query_Recordset1_room_number) or die(mysql_error());
$row_Recordset1_room_number = mysql_fetch_array($Recordset1_room_number);
$totalRows_Recordset1_room_number = mysql_num_rows($Recordset1_room_number);
$current_loaction = $row_Recordset1_room_number['location_id'];
//Dropdown lookupid
$query_Recordset1_resource_type = "SELECT lookup_id, lookup_description FROM hrms_general_master WHERE lookup_type = 'RESOURCE_TYPE'";
$Recordset1_resource_type = mysql_query($query_Recordset1_resource_type) or die(mysql_error());
$row_Recordset1_resource_type = mysql_fetch_assoc($Recordset1_resource_type);
$totalRows_Recordset1_resource_type = mysql_num_rows($Recordset1_resource_type);
?>
The first thing I would suggest is switching from mysql to mysqli or even better using mysql-pdo.
I hope placing a url parameter of ?Admin=1 is only for testing/debugging purposes. This is a HUGE security leak since anyone can log in then manually set their ?Admin=25 to ?Admin=1 and access your admin area.
I would suggest creating a field for permission levels in your DB if you haven't done so already.
Then using session_start(); as #Saty commented at the top of your page and creating a session for admin on your login page like this...
$loginStrGroup = $row['permission'];
$_SESSION['UserGroup'] = $loginStrGroup;
Then remove your url parameter ?Admin=1
Finally change if(isset($_GET['admin'])) to if(isset($_SESSION['UserGroup']) && ($_SESSION['UserGroup'] == 'Admin'))
Make sure to put that on every page you need the "Admin" to be able to see the admin menu.
ADDED CODE:
If the Manage menu and Admin menu both point to the same page, but what is displayed to the user depends on which menu they used, then I would only show one menu depending upon whether they were Admin or not.
if(isset($_SESSION['UserGroup']) && ($_SESSION['UserGroup'] == 'Admin')) {
--- show admin menu ---
} else {
--- show manager menu ---
}
can someone help i have users on my site and when a user clicks on their profile it takes the user to profile.php?id=(whatever id number)
I am trying to make it so that if a user tries to go to profile id= '1' then this will include noprofile.php basically telling the user that profile doesnt exist.
I have been doing this which seemed to work but now for whatever reson after a couple of days its stopped working and im not sure why?
Can someone show me where im going wrong thanks.
code in profile.php:
<?php
$admin_account = admin_account();
while ($admin = mysql_fetch_array($admin_account)) {
include ('includes/mod_profile/mod_noprofile.php');
}
?>
function:
function admin_account() {
global $connection;
global $profile_id;
$query = "SELECT user_id
FROM ptb_profiles
WHERE user_id =\"$profile_id\"
AND ptb_profiles.user_id='1'";
$admin_account = mysql_query($query, $connection);
confirm_query($query, $connection);
return $admin_account;
}
Do a test before you execute the query to see if the id==1
if isset($_GET["id"]==1){
include ('includes/mod_profile/mod_noprofile.php');
}
else {
//do query and get user profile information
}
my question is on adding the file paths to images to a user's slot in a database. here is a sample, this is the page where the photos are to be chosen:
require_once("script.php");
<form method="post" action='golf.php'>
<?php
require_once("golf_phot.php");
?>
</div>
<input id="butt" type="submit" value="add"/>
</form>
here are the contents of golf_phot.php:
$query="SELECT category_id FROM categories WHERE category_name='golf'";
$resultt=mysql_query($query);
$row=mysql_fetch_array($resultt);
$do=$row['category_id'];
$query2="SELECT photo FROM all_photos WHERE all_photos.category_id='$do'";
$result=mysql_query($query2);
while ($row=mysql_fetch_array($result))
{
$photo=$row['photo'];
echo "<input type=\"checkbox\" name=\"addlist[]\" value=\"".$photo."\">"."<img src=\"".$photo."\">";
echo "<br>";
echo "<br>";
echo "<br>";
}
i already did the mysql connection and database selection, i won't post that but it has no issues. here are the contents of "script.php":
if(isset($_POST['addlist']))
{
$pics=$_POST['addlist'];
$n=count($pics);
//now, to open the database user_info, using the stored session
//make the session variable legit
if(isset($_SESSION['user']))
{
$user=$_SESSION['user'];
}
//get the user's id from the user_info table
$querya="SELECT * FROM user_info WHERE user_info.fb_id='$user'";
$result1=mysql_query($querya);
//now that we have the id, we can add the photos to
//user_photos, using their id as a foreign key
if(mysql_num_rows($result1)>0){
$rowa=mysql_fetch_array($result1);}
$user_id=$rowa['USER_INFO_ID'];
//before we add them, we'll need to see whether they exist or not.
//adding time:
for($i=0;$i<$n;$i++){
$data=$pics[$i];
$queryb="SELECT * FROM user_photos";
$result3=mysql_query($queryb);
if(mysql_num_rows($result3)>0){
while($rowa=mysql_fetch_array($result3))
{
$data2=$rowa['USER_PHOTOS'];
if($data==$data2)
{ $var='exists'; }
else{
$queryb="INSERT INTO user_photos(USER_PHOTOS_ID,USER_INFO_ID,USER_PHOTOS) VALUES('NULL','".$user_id."','".$data."')";
$result2=mysql_query($queryb);
}
}
}
}
// selected photos added to user's gallery!
}
the user data variables are all set as i use them elsewhere and they are successfuly added to the database, above, i include a way to see if the photo already exists, i don't add it if it does(maybe there's an issue with that?) so basically, the page with photos is loaded, the user checks on the photos they want and then they send it to the same page, where "script.php" is supposed to process the data and add it to the database. no photos are added to the database, i really can't tell what's the issue here. i kindly ask for help, even though this is probably an easy question, if you need me to clarify something, kindly ask so, meanwhile, can anybody help? thanks in advance.
One solution for check the picture is same or not is, using a hash algorithm on the pictures to determined the same pics.
i.e: (pseudo code)
$hash=sha1_file('pic-filename');
$sql='select * from image_table where hash_col ='.$hash;
if(num_rows($sql)>0)
//don't save pic.
else
// save the pic and it's hash value.
hash_col is a column in your image table that get the hash value of the particular image.
Please Try this code in your script.php. hoping this may work for you.
I Have removed the condition if(mysql_num_rows($result3)>0){
Code:
if(isset($_POST['addlist']))
{
$pics=$_POST['addlist'];
$n=count($pics);
//now, to open the database user_info, using the stored session
//make the session variable legit
if(isset($_SESSION['user']))
{
$user=$_SESSION['user'];
}
//get the user's id from the user_info table
$querya="SELECT * FROM user_info WHERE user_info.fb_id='$user'";
$result1=mysql_query($querya);
//now that we have the id, we can add the photos to
//user_photos, using their id as a foreign key
if(mysql_num_rows($result1)>0){
$rowa=mysql_fetch_array($result1);}
$user_id=$rowa['USER_INFO_ID'];
//before we add them, we'll need to see whether they exist or not.
//adding time:
for($i=0;$i<$n;$i++){
$data=$pics[$i];
$queryb="SELECT * FROM user_photos";
$result3=mysql_query($queryb);
while($rowa=mysql_fetch_array($result3))
{
$data2=$rowa['USER_PHOTOS'];
if($data==$data2)
{ $var='exists'; }
else{
$queryb="INSERT INTO user_photos(USER_PHOTOS_ID,USER_INFO_ID,USER_PHOTOS) VALUES('NULL','".$user_id."','".$data."')";
$result2=mysql_query($queryb);
}
}
}
Hi I am newish to php and I have created an update page for Content Management System. I have a file upload in this case a picture. I have other inputs that contain text and I can get them to populate my form and thats fine and works great because the user can see what has already been entered. But the file name for the photo can not have a value so if the user doesn't pick the picture from the directory again it will update minus the picture. What I think I need is a isset function that says if the file (picture) input is left blank don't update this field and use whatever what already in the database for it, that way if it was left blank when created it will still be, and if the user has changed it this time it will change; or if they want to leave it the same it won't leave their picture blank. Hope that makes sence.
Here is my coding currently for the Form:
<p>
Photo:
</p>
<input type="hidden" name="MAX_FILE_SIZE" value="350000">
<input type="file" name="photo"/>
Below is my php code for my update if the update button is pressed:
$con = mysql_connect("localhost","******","********");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("*******", $con);
// run this only, once the user has hit the "Update" button
if (isset($_POST['update'])) {
// assign form inputs
$name = $_POST['nameMember'];
$position = $_POST['bandMember'];
$pic = $_POST['photo'];
$about = $_POST['aboutMember'];
$bands = $_POST['otherBands'];
// add member to database
$result = mysql_query("UPDATE dbProfile SET nameMember='".$name."',bandMember='".$position."',photo='".$pic."',aboutMember='".$about."',otherBands='".$bands."' WHERE id='".$id."'");
mysql_close($con);
Header("Location: listMember.php");
exit;
}
else { // read member data from database
$result = mysql_query ("SELECT * FROM dbProfile WHERE id='".$id."'");
while($row = mysql_fetch_array($result))
{
$name = $row['nameMember'];
$position = $row['bandMember'];
$pic = $row['photo'];
$about = $row['aboutMember'];
$bands = $row['otherBands'];
}
}
mysql_close($con);
?>
If you could help I would be very please and greatful.
You have to use the $_FILES variable for uploaded files. For further information, see Handling file uploads in the PHP manual.
Try:
if(is_uploaded_file($_FILES['photo']['tmp_name']))
From the manual:
Returns TRUE if the file named by filename was uploaded via HTTP POST. This is useful to help ensure that a malicious user hasn't tried to trick the script into working on files upon which it should not be working--for instance, /etc/passwd.