So i have this api script and people are going to have the HWID and it has to add their information to their account when they open a program, but when there is multiple user with the same HWID it screws up and doesn't add their info to the account, here's the code I'm using:
$cpukey = mysql_escape_string($_GET['cpukey']);
$ip = mysql_escape_string($_GET['ip']);
$pcname = mysql_escape_string($_GET['pcname']);
$con = mysql_connect($host,$username,$password);
mysql_select_db("$db_name", $con);
$sql="SELECT * FROM $table WHERE cpukey = '$cpukey'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count == 1){
$result = mysql_query("SELECT * FROM $table") or die(mysql_error());
while($row = mysql_fetch_array( $result )) {
$time = time();
if ($row['ip'] = '-' and $row['pcname'] = '-'){
mysql_query("UPDATE $table SET pcname = '$pcname'
WHERE cpukey = '$cpukey' AND pcname = '-'");
mysql_query("UPDATE $table SET ip = '$ip'
WHERE cpukey = '$cpukey' AND pcname = '$pcname'");
if ( $row['expire'] > $time) {
$str1 = "NOT EXPIRED";
}else{
$str1 = "EXPIRED";
mysql_query("UPDATE $table SET expired = 'Yes'
WHERE cpukey = '$cpukey' AND pcname = '$pcname'");
mysql_query("UPDATE $table SET banned = '1'
WHERE cpukey = '$cpukey' AND pcname = '$pcname'");
}
echo $str1;
} else {
mysql_query("UPDATE $table SET pcname = '$pcname'
WHERE cpukey = '$cpukey' AND pcname = '$pcname'");
mysql_query("UPDATE $table SET ip = '$ip'
WHERE cpukey = '$cpukey' AND pcname = '$pcname'");
if ( $row['expire'] > $time) {
$str1 = "NOT EXPIRED";
}else{
$str1 = "EXPIRED";
mysql_query("UPDATE $table SET expired = 'Yes'
WHERE cpukey = '$cpukey' AND pcname = '$pcname'");
mysql_query("UPDATE $table SET banned = '1'
WHERE cpukey = '$cpukey' AND pcname = '$pcname'");
}
echo $str1;
}
}
}
mysql_close($con);
mysql_connect($host, $username, $password) or die(mysql_error());
mysql_select_db($db_name) or die(mysql_error());
$result = mysql_query("SELECT * FROM $table") or die(mysql_error());
while($row = mysql_fetch_array( $result )) {
if ( $cpukey == $row['cpukey'] ) {
if ( $row['banned'] == 0) {
$str = "Not Banned";
break;
}else{
$str = "Banned";}
break;
} else {
$str = "Don't Exist";}
}
echo $str;
Now I want the code to add the users' info if their info hasn't been entered yet, witch their info would be "-" and then when they open the program it will change their info to something else... In other words make it where people can have the same HWID and it won't give any errors...
Here is your problem:
if ($row['ip'] = '-' and $row['pcname'] = '-'){
It should be
if ($row['ip'] == '-' and $row['pcname'] == '-'){
Related
I'm trying to update one record and then delete another in one go, however it's only allowing me to do one or the other;
$update = "UPDATE user SET felcredits = '$value' WHERE username = '$user'";
$update2 = "DELETE FROM playeritems WHERE id = '$realid'";
How do I get it to do both?
I have tried the following;
$update = "UPDATE user SET felcredits = '$value' WHERE username = '$user'";
$update = "DELETE FROM playeritems WHERE id = '$realid'";
__
$update = "UPDATE user SET felcredits = '$value' WHERE username = '$user' DELETE FROM playeritems WHERE id = '$realid'";
__
FULL CODE:
if ($_SERVER['REQUEST_METHOD'] = $_POST AND isset($_POST['sell'])) {
$sql = "SELECT felcredits FROM user WHERE username = '$user'";
$result = $db_conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
$felcredits = $row['felcredits'];
}
}
$value = $felcredits + $value;
$update = "UPDATE user SET felcredits = '$value' WHERE username = '$user'";
$update2 = "DELETE FROM playeritems WHERE id = '$realid'";
if ($db_conn->query($update) === TRUE) {
echo "<br />Details Updated";
} else {
echo "Error: " . $insert . "<br>" . $db_conn->error;
}
}
The problem is here:
$update = "UPDATE user SET felcredits = '$value' WHERE username = '$user'";
$update = "DELETE FROM playeritems WHERE id = '$realid'";
your second sql query will override the first one, so make separate query like:
$update = "UPDATE user SET felcredits = '$value' WHERE username = '$user'";
mysqli_query($conn, $update);
$delete = "DELETE FROM playeritems WHERE id = '$realid'";
mysqli_query($conn, $delete);
where $conn is the connection handle
You Try change in Your full code Like this
in your Execute code
if ($_SERVER['REQUEST_METHOD'] = $_POST AND isset($_POST['sell'])) {
$sql = "SELECT felcredits FROM user WHERE username = '$user'";
$result = $db_conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
$felcredits = $row['felcredits'];
}
}
$value = $felcredits + $value;
$update = "UPDATE user SET felcredits = '$value' WHERE username = '$user'";
$update2 = "DELETE FROM playeritems WHERE id = '$realid'";
if (($db_conn->query($update) === TRUE) && ($db_conn->query($update2) === TRUE)) {
echo "<br />Details Updated";
} else {
echo "Error: " . $insert . "<br>" . $db_conn->error;
}
}
I think I have an error uon the usertype 3 cause it always go to the notification and if I change both notification and plsvote.php it will just refresh so please help me what to do
if (isset($_POST['login'])){
$idno = $_POST['idno'];
$password = $_POST['password'];
$position = $_POST['user_type'];
$sql1 = "SELECT * FROM users WHERE idno = '$idno' AND password = '$password'";
$result = mysql_query($sql1) or die();
$row = mysql_fetch_array($result);
$num_row = mysql_num_rows($result);
//if the user is admin
if ($row['user_type'] == "1"){
mysql_query("insert into user_log (idno,login_date) values('$username',NOW())")or die(mysql_error());
$YearNow=Date('Y');
header('location:admin/index.php');
}
//if the user is student
else if ($row['user_type'] == "3") {
$sql_c = "SELECT * FROM users,studentvotes,school_year = users.idno = studentvotes.idno AND studentvotes.syearid =school_year.syearid AND school_year.from_year like $YearNow ";
$result1 = mysql_query($sql_c) or die(mysql_error());
while($row2=mysql_fetch_array($result1)){
$_SESSION['SESS_COURSE'] = $row2['progid'];
$_SESSION['SESS_MEMBER_ID'] = $idno;
//$query = mysql_query ("INSERT INTO user_log VALUES('$idno',NOW(), 'Login') ") or die(mysql_error());
header('location:plsvote.php');
}
}
else{
header('location:notification.php');
exit();
}
}
<?php
session_start();
$hostname="localhost"; //local server name default localhost
$username="root"; //mysql username default is root.
$password=""; //blank if no password is set for mysql.
$database="bus-ticket-reservation"; //database name which you created
$con=mysqli_connect($hostname,$username,$password,$database);
if(isset($_SESSION['id']))
{
include("config.php");
$uid = $_SESSION['id'];
$bus = $_GET['bus'];
$seat = $_GET['seat'];
$choice = $_GET['choice'];
$bust = $bus.'bus';
$date = date("Y-m-d");
$query = mysqli_query($con,"Select * from bus where id ='$bus'");
if($query){
$re1 = mysqli_fetch_array($query);
$bus_name = $re1['bus_name'];
$from = $re1['from_stop'];
$to = $re1['to_stop'];
$dept_time = $re1['dept_time'];
$arrival_time = $re1['arrival_time'];
$distance = $re1['distance'];
$fare = $re1['fare'];
}
if($choice !='')
{
if($choice=='W' && $seat==1)
{
$query2 = "Select * from $bust where status='Available' AND state='$choice' limit 0,$seat";
$p = mysqli_query($con,$query2);
$re = mysqli_num_rows($p);
}
else
{
$query2 = "Select * from $bust where status='Available' limit 0,$seat";
$p = mysqli_query($con,$query2);
$re = mysqli_num_rows($p);
}
if($re>=$seat)
{
while($r = mysqli_fetch_array($p))
{
$id = $r['id'];
$q3 = mysqli_query($con,"update $bust set status ='Booked' where id='$id'");
$q4 = mysqli_query($con,"insert into user_history(user_id, bus_id,bus_name, from_stop ,
to_stop, booking_date, seat_no_booked, dept_time, distance, fare)
values('".$uid."','".$bus."','".$bus_name."', '".$from."', '".$to."', '".$date."', '".$id."',
'".$dept_time."', '".$distance."', '".$fare."')");
}
?>
<script>
Hello I have this code and I have a problem at function evalLoggedUser I think...as it is now the function shows me wrong output(returning false instead true) and when I change the if statement inside the function and do it like this:
if($numrows == 0) {
return true;
}
It work like as I wish...but I want to work like this and the if statement to be like if($numrows > 0). I am one whole day searching and trying to figure this out but nothing... I have tried to echo the $numrows var and does not echo nothing...also I echoed db errors and is all good. Any help would be appreciated. Thanks in advance.
<?php
session_start();
include_once("../db_includes/db_conx.php");
$user_ok = false;
$log_id = "";
$log_username = "";
$log_password = "";
// User Verify function
function evalLoggedUser($db_conx,$id,$u,$p){
$sql = "SELECT ip FROM users WHERE id='$id' AND username='$u' AND password='$p' AND activated='1' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$numrows = mysqli_num_rows($query);
if($numrows > 0){
return true;
}
}
if(isset($_SESSION["userid"]) && isset($_SESSION["username"]) && isset($_SESSION["password"])) {
$log_id = preg_replace('#[^0-9]#', '', $_SESSION['userid']);
$log_username = preg_replace('#[^a-z0-9]#i', '', $_SESSION['username']);
$log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']);
// Verify the user
$user_ok = evalLoggedUser($db_conx,$log_id,$log_username,$log_password);
} else if(isset($_COOKIE["id"]) && isset($_COOKIE["user"]) && isset($_COOKIE["pass"])){
$_SESSION['userid'] = preg_replace('#[^0-9]#', '', $_COOKIE['id']);
$_SESSION['username'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['user']);
$_SESSION['password'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['pass']);
$log_id = $_SESSION['userid'];
$log_username = $_SESSION['username'];
$log_password = $_SESSION['password'];
// Verify the user
$user_ok = evalLoggedUser($db_conx,$log_id,$log_username,$log_password);
if($user_ok == true){
// Update their lastlogin datetime field
$sql = "UPDATE users SET lastlogin=now() WHERE id='$log_id' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
}
}
?>
I found the solution...it seems that has not recognized the var $db_conx when I include the db_conx.php... So instead of include this file, I wrote the connection in the same folder that I showed you above and it works perfectly now:
<?php
session_start();
include_once("../db_includes/db_conx.php");
$user_ok = false;
$log_id = "";
$log_username = "";
$log_password = "";
// User Verify function
function evalLoggedUser($db_conx,$id,$u,$p){
$sql = "SELECT ip FROM users WHERE id='$id' AND username='$u' AND password='$p' AND activated='1' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$numrows = mysqli_num_rows($query);
if($numrows > 0){
return true;
}
}
to
<?php
session_start();
$db_conx = mysqli_connect("xxxxxxxx","xxxxxxxx","xxxxxxxx","xxxxxxxx");
// Evaluate the connection
if (mysqli_connect_errno()) {
echo mysqli_connect_error();
exit();
}
$user_ok = false;
$log_id = "";
$log_username = "";
$log_password = "";
// User Verify function
function evalLoggedUser($db_conx,$id,$u,$p){
$sql = "SELECT ip FROM users WHERE id='$id' AND username='$u' AND password='$p' AND activated='1' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$numrows = mysqli_num_rows($query);
if($numrows > 0){
return true;
}
}
too many unknowns to answer for certain, so try this. Replace the code in your function following the SQL statement with:
if (($result = $db_conx->query($sql)) === false) {
$errmsg .= '<p><b>User Eval:</b> ' . $db_conx->error . '</p><p>' . $sql . '</p>';
echo $errmsg;
} elseif (!$result->num_rows) {
//no records, so user cannot log in
} else {
//return a true value in here
}
Once you run it one time, you should be able to see exactly what is wrong
I'm getting a blank page with this code:
session_start();
include "config.php";
$af = $_GET['id'];
database_connect();
$query2 = "SELECT * FROM friends WHERE usr1 = '".$id."' AND usr2 = '".$af."'";
$result2 = mysql_query($query2) or die(mysql_error());
while ($row2 = mysql_fetch_assoc($result2)) {
if($row2['id']){
echo "<script type='javascript'>alert('You are already friends with this person.');</script>";
header('Location: profile.php?id="'.$af.'"');
}else{
mysql_query("INSERT INTO friends (usr1, usr2)
VALUES ('".$id."', '".$af."')") or die(mysql_error());
echo "<script type='javascript'>alert('You two are friends now!');</script>";
header('Location: profile.php?id="'.$af.'"');
};
};
This is the config.php (i changed the variables here though)
$h = "localhost";
$u = "user";
$p = "pass";
$d = "datab";
$sql = 'SELECT id FROM craffyposts limit '.($page*$eachPage).','.$eachPage;
$sql_count = 'SELECT id FROM craffyposts';
function database_connect(){
global $h, $d, $u, $p;
$link = #mysql_connect("$h","$u","$p");
$sql_error = mysql_error();
if (!$link) {
echo "Connection with the database couldn't be made.<br>";
echo "$sql_error";
exit;
}
if (!#mysql_select_db("$d")) {;
echo "The database couldn't be selected.";
exit;
}
return $link;
}
if($_SESSION['usrid']){
database_connect();
$query = mysql_query("SELECT * FROM craffyusers WHERE id='" .$_SESSION['usrid']. "' ") or die (mysql_error());
while ($obj = mysql_fetch_object($query)) {
$id = htmlspecialchars($obj->id);
$username = htmlspecialchars($obj->username);
$email = htmlspecialchars($obj->email);
$realname = htmlspecialchars($obj->name);
$srvrid = htmlspecialchars($obj->serverid);
$propic = htmlspecialchars($obj->profilepic);
};
};
What's the issue here?
because there will 0 or 1 result, you can remove the while clause:
$row2 = mysql_fetch_assoc($result2);
if($row2 && $row2['id']){
echo "<script type='javascript'>alert('You are already friends with this person.');</script>";
header('Location: profile.php?id="'.$af.'"');
}else{
mysql_query("INSERT INTO friends (usr1, usr2)
VALUES ('".$id."', '".$af."')") or die(mysql_error());
echo "<script type='javascript'>alert('You two are friends now!');</script>";
header('Location: profile.php?id="'.$af.'"');
};
Add this lines at the beginning of the script
error_reporting(E_ALL);
ini_set("display_errors", 1);
The error will appear.