Im trying to update records in my table with the followin, my problem is however that my browser outputs an empty white page with no source, Can anybody see what I'm doing wrong?
<?php
require 'dbconfig.php';
//Always place this code at the top of the Page
session_start();
if (!isset($_SESSION['id'])) {
// Redirection to login page twitter or facebook
header("location: index.php");
}
function safe($value){
return mysql_real_escape_string($value);
}
// Variables
$_SESSION['username'];
$_SESSION['oauth_provider'];
$uid = $_SESSION['id'];
$email = safe($_POST["email"]);
$credits = safe($_POST["credits"]);
$query = mysql_query("UPDATE users SET email= '$email' WHERE id='$uid'") or die(mysql_error());
?>
You have assigned a variable to your query, but you are not running it.
$query = mysql_query("UPDATE users SET email= '$email' WHERE id='$uid'") or die(mysql_error());
So, the above is just a redundant code. to run it, you should call $query, like this
if($query){
echo 'Updated performed';
}else{
echo 'Update failed';
}
Note I'm not encouraging you to use mysql_ functions as they are weak, vulnerable and deprecated. Intead you should learn more about PDO
You are not displaying anything after DB operation. So nothing will be printed.
you can do like this:
$query = mysql_query("UPDATE users SET email= '$email' WHERE id='$uid'") or die(mysql_error());
$sql_query = mysql_query($query);
if(mysql_affected_rows()) {
$msg = "something has changed!";
} else {
$msg = "nothing has changed!";
}
Related
I`m trying to set the login.php page to divert the user after successful login to different landing page. For instace, if type = model, location:model-dashboard.php or if type=photographer, location:photographer-dashboard.php. At the moment, all users goes to dashboard.php
here is my current php code, for which i`m happy to take any suggestions
if(loggedIn()){
header("Location:dashboard.php");
exit();
}
if(isset($_POST['login'])){
$email = mysqli_real_escape_string($db , $_POST['email']);
$password = mysqli_real_escape_string($db , $_POST['password']);
$query = "select * from users where email='$email' and password='$password'";
$result = $db->query($query);
if($row = $result->fetch_assoc()){
if($row['status'] == 1){
$_SESSION['user_email'] = $email;
if(isset($_POST['remember_me'])){
setcookie("user_email" , $email , time()+60*5);
}
header("Location:dashboard.php");
exit();
}else {
header("Location:login.php?err=" . urlencode("Contul nu este activat"));
exit();
}
}else {
header("Location:login.php?err=" . urlencode("E-mail sau parola gresita"));
exit();
}
}
i already tried:
$query = "select * from users where email='$email' and password='$password' and type='$type'";
and then
if($type =='model'){
$link = 'model-dashboard.php';
}
elseif($type =='photographer'){
$link ='photographer-dashboard.php';
}
and use Location:$link bot no joy
Edited: $type = $row['type']; already defined this, just forgot to mention it
the current code is the one that works with single page, so just need to know what should i remove and add instead.
thank you in advance!
You say you tried adding an AND condition to your query. However, you don't want to constrain the users, you want to get the type from the user. Instead of adding an AND, get the type from the row:
$type = $row['type'];
// Determine $link using $type
Also, note that your current approach of redirecting users to login.php with an error is vulnerable to reflective XSS.
I have designed a admin login page. The if condition is working but else condition is not. After putting wrong username or password it shows blank on the same page.
if(isset($_POST['submit']))
{
$userid = $_POST['userid'];
$pass= $_POST['pass'];
$sql = mysqli_query($DBCONNECT, "SELECT * FROM admin WHERE userid='$userid' and pass='$pass'") or die(mysql_error());
//$count=mysql_fetch_array($sql);
$count = mysqli_num_rows($sql) or die(mysql_error());
if($count == 1)
{
$_SESSION['userid'] = $userid;//$_POST['userid'];
echo "hiii";
//header("Location:add_menu.php");
}
else
{
echo "Wrong Username or Password";
}
}
You used mysql_error(); which is causing the error of blank page.
Use the below code will fix your problem.
$sql = mysqli_query($DBCONNECT,$query);
$count = mysqli_num_rows($sql);
Remove or die(mysqli_error($link)) from your code that will work fine for you.
Note: mysqli_num_rows can be used for Procedural style only not for object oriented style.
Can you try with this code? Difference is putting if($count) instead of if($count==1)
if(isset($_POST['submit']))
{
$userid = $_POST['userid'];
$pass= $_POST['pass'];
$sql = mysqli_query($DBCONNECT, "SELECT * FROM admin WHERE userid='$userid' and pass='$pass'") or die(mysql_error());
//$count=mysql_fetch_array($sql);
$count = mysqli_num_rows($sql) or die(mysql_error());
if($count)
{
$_SESSION['userid'] = $userid;//$_POST['userid'];
echo "hiii";
//header("Location:add_menu.php");
}
else
{
echo "Wrong Username or Password";
}
}
Mysqli Also make result as object so you can do this :
$sql = mysqli_query($con, "SELECT * FROM users WHERE userid='$userid' and pass='$pass'") or die(mysqli_error());
your mysqli_error only will show if statement wrong and i don't think you will put wrong statement but good in development.
then you can check if statement works by if and put this :
echo $sql->num_rows;
can put in variable :
$count = mysqli_num_rows($sql) to $count = $sql->num_rows
or
if($sql->num_rows == 0) {
// here your blank result for error
} else {
// show result here.
}
Link : Check PHP Site Mysqli Num Rows Result
Im trying to do a login system for my website and I changed around how it is implemented and it broke, whenever I try to login with a correct login it fails to take me to the next page, here is my php:
<?php
//finds the correct database
$sql_link = mysqli_connect("localhost", "root" , "12buckle", "GameData");
if (mysqli_connect_errno())
{
echo "Failed to connect to databse: " . mysqli_connect_error();
}
if (isset($_POST['Username']))
{
$username = mysql_real_escape_string($_POST['Username']);
$password = mysql_real_escape_string($_POST['Password']);
//checking to see if password and username can be found in student database
//loading in correct data
$login = mysqli_query($sql_link,"SELECT * FROM tblStudents WHERE UserName='$username' AND Password='$password'");
if ($login['Password'])
{
$_SESSION['name'] = $login['StudentFirstName'];
$_SESSION['ClassID'] = $login['ClassID'];
$_SESSION['ID'] = $login['StudentID'];
header ("Location: index.php");
}
else
{
$login = mysqli_query($sql_link,"SELECT * FROM tblTeacher WHERE Username='$username' AND Password='$password'");
if ($login['Password'])
{
$_SESSION['name'] = $login['TeacherSurname'];
$_SESSION['title'] = $login['Title'];
$_SESSION['ID'] = $login['TeacherID'];
header ("Location: TeacherSide.php");
}
else
{
echo 'Login details incorrect';
}
}
}
Also if it helps when I ran it last night im sure it worked, but I was half awake so I may have been testing the old version
Your logic is faulty. mysql_query returns a result HANDLE. it does not return any actual data. You need to fetch a row first, before checking for actual data:
$result = mysqli_query($sql_link, "SELECT * FROM tblStduents ....");
if (mysqli_num_rows($result) > 0) {
... got a student record
$row = mysqli_fetch_assoc($result);
echo $row['StudentFirstName'];
} else {
... no student rows, repeat with teachers
}
I've had issues in the past where variables aren't read properly the way you have them in your SQL statements.
Try Username='" . $username . "' AND instead and see what happens.
i have a problem with $_GET to authenticfiate an owner of his site.
im using this code to check, if the users id is registrated or not:
<?php
session_start();
include('scripts/db_connect.php');
if(isset($_SESSION['id'])){
$url_auth = $_GET['id'];
}else{
echo "no user found";
exit();
}
$sql = "SELECT * FROM table WHERE id='".$url_auth."'";
$query = $db->query($sql);
if($query->num_rows !=1){
header("Location: index.php");
exit();
i having problems with reading out that $_GET id. it seems that something is going wrong and i dont know why. is there maybe another way to check for users registration when someone is calling any id in the browser? thanks.
Try this way.
<?php
session_start();
include('scripts/db_connect.php');
$id=mysql_escape_string($_GET['id']); //Sanitized the variable to avoid SQL Injection attacks
$sql = "SELECT * FROM table WHERE id='".$id."'";
$query = $db->query($sql);
if($query->num_rows !=1){
header("Location: index.php");
exit();
}
else
{
$_SESSION["loggedIn"]="Success";
header("authenticationSuccess.php");
}
?>
Now check this $_SESSION["loggedIn"]="Success" on all your other pages to check whether the user is genuine.
Changes for Comment:
If you really think $_GET is the problem , try this.
<?php
session_start();
#extract($_GET);
include('scripts/db_connect.php');
$sql = "SELECT * FROM table WHERE id='".mysql_escape_string($id)."'";
$query = $db->query($sql);
if($query->num_rows !=1){
header("Location: index.php");
exit();
}
else
{
$_SESSION["loggedIn"]="Success";
header("authenticationSuccess.php");
}
?>
I am trying to do a simple login with PHP and mysql, and using Sessions as well. I have the code, which should work in theory, however it keeps redirecting me to the login page (refreshing it) instead of taking me to the profile.
$username = $_POST['username'];
$query = "SELECT `confirmcode` FROM `fb_network` WHERE `username` = '$username' AND `status`='Confirmed' ";
$result = mysql_query($query);
if (mysql_num_rows($result) == 1){
$result2 = mysql_query($query);
$row = mysql_fetch_row($result2);
$_SESSION['conf_code'] = $row[0];
$uid = $row[0];
session_register($uid);
header('location:profile.php?conf='.$row[0]);
}
else{
echo 'Wrong username';
}
no it shouldn't work in theory
try this
<?php
$username = mysql_real_escape_string($_POST['username']);
$query = "SELECT `confirmcode` FROM `fb_network`
WHERE `username` = '$username' AND `status`='Confirmed' ";
$result = mysql_query($query) or trigger_error(mysql_error().$query);
if ($row = mysql_fetch_row($result)){
session_start();
$_SESSION['conf_code'] = $row[0];
header('Location: profile.php');
exit;
} else {
echo 'Wrong username';
}
but there can be other issues, from code you didn't post here r other reasons.
as a matter of fact, only debugging can tell you what's the problem for sure
I would use a user defined function and make it to check the login credentials and return true or false from the function.
you can use something like this.
function check_login ($username, $password) {
$query = "SELECT `confirmcode` FROM `fb_network` WHERE `username` = '$username' AND `status`='Confirmed' ";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
if( mysql_num_rows($result) == 0) {
return false;
}
if( mysql_num_rows($result) == 1) {
$_SESSION['loggedin'] = "true";
header('location:profile.php?conf='.$row[0]);
return true;
}
}
and then call the function easily and display the appropriate message.
check the following code..
<?php
session_start();
/** If the User is already Logged in then redirect to login.php **/
if(isset($_SESSION['loggedin'])){
header("Location: login.php");
}
else {
if( check_login($_POST['username'], $_POST['password'])) {
header('location:profile.php?conf='.$row[0]);
}
}
althoough the code is not exact but this might be enough to get you going.
I see that your code has only two options - display "wrong code" or redirect to the other page. no place where you are redirecting to the login page?
You need to initiate the session by sessions_start() before the rest of the code.
If you have any sort of 'test' script on the profile page that re-directs you if you're not logged in, it may be that the above code logs you in, but does not carry the session variable correctly to the profile page...and subsequently sends the user back to log in again.
Make sure the session is properly initiated on each page using the variable and make sure they match on both ends.
You have two main problems:
You are not using session_start to tell PHP to start tracking sessions
You are using session_register. session_register requires register_globals to be on, which it hopefully is not in your environment. It also expects its argument to be a string which is the name of the variable you wish to store. You should instead use $_SESSION['uid'] = $row[0];
You should also read about SQL injection, a very serious and common security flaw that your code exhibits.
Here is a corrected version of your code:
<?php
session_start(); //it's fine to just do this by habit at the top of every page
$username = $_POST['username'];
//I added mysql_real_escape_string - please read about "sql injection", as it is a very serious and common problem!
$query = "SELECT `confirmcode` FROM `fb_network` WHERE `username` = '".mysql_real_escape_string($username)."' AND `status`='Confirmed' ";
$result = mysql_query($query);
if (mysql_num_rows($result) == 1) {
$result2 = mysql_query($query);
$row = mysql_fetch_row($result2);
$_SESSION['conf_code'] = $row[0];
//not sure if this is what you weree going for or not
$_SESSION['uid'] = $row[0];
header('location:profile.php?conf='.$row[0]);
}
else {
echo 'Wrong username';
}
Then in profile.php, to check if someone is logged in:
<?php
session_start();
if( ! isset($_SESSION['uid']))
//Not logged in!
if( $_SESSION['uid'] != $_GET['conf'])
//trying to access someone else's page!