since PHP can't be used in Spotify apps directly I am using it on my server only, but I am having problems getting the sessions to work, is it possible to use sessions even?
I want to use it to see if a user is registered in my database or not so I am doing it like this:
session_start();
$query="SELECT * FROM user WHERE facebookID = {$fbid}";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
$num_results = mysql_num_rows($result);
if ($num_results > 0)
{
echo"THERE IS A USER!";
$row['facebookID'] = $_SESSION[fid];
}
else
{
echo"THERE IS NO USER!";
}
the authentication to the server works fine but the session does not seem to be working, on another PHP page witch is being called after the above code has been called with some ajax code I simply wanted to try this:
session_start();
if(isset($_SESSION['fid']))
{
echo"SESSION EXIST";
}
else
{
echo"NO SESSION";
}
anyways is there a special way to do this in Spotify apps or do I have to do this in some other way?
Where do you set $_SESSION[fid] to be the FacebookID?
Maybe you should do this:
session_start();
$query="SELECT * FROM user WHERE facebookID = {$fbid}";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
if ($row)
{
echo "THERE IS A USER!";
$_SESSION['fid'] = $row['facebookID']; // SET THE FACEBOOK ID IN THE SESSION
} else {
echo"THERE IS NO USER!";
}
BTW always put quotes around the key names when you access arrays in PHP, like this: $_SESSION['fid'] not $_SESSION[fid], otherwise PHP will first check for constant named "fid" then cast to string - its slower and more important - uglier and bad practice.
Related
After getting the user-info from my sql database I would like to check if some of the fields are empty and continue the script based on that. A simplified piece of code would look like this:
$userData = mysql_query("SELECT * FROM user WHERE user='".$user."' LIMIT 1");
if(mysql_num_rows($data) == 1){
$u_info = mysql_fetch_assoc($data);
if(empty($u_info['u_mobile'])){
echo 2;
exit();
} else {
echo 1;
exit();
}
} else {
echo 3;
exit();
}
The problem is the empty statement checking the recieved field. I've tried using empty(), isset(), not_null() and array_key_exists() with no luck and can't get around to what I'm doing wrong.
I also tried if($u_info['u_mobile']) == '' || $u_info['u_mobile']) == NULL) but that doesnæt work either.
Why is this, or how can I go about getting this information?
I need to collect the user-information and send them to fill out the information I don't have...
You're setting the query result to $userData but then you're using mysql_fetch_assoc($data); -- doh. You need to pass the variable that you set the query result to:
$u_info = mysql_fetch_assoc($userData);
It's OK, it is still 10AM EST so this can happen in the morning =)
I suggest that you turn on PHP error reporting. PHP would have alerted you that the array values were trying to access do not exist, saving you a lot of wasted frustration.
$userData = mysql_query("SELECT * FROM user WHERE user='".$user."' LIMIT 1");
if(mysql_num_rows($userData ) == 1){
$u_info = mysql_fetch_assoc($userData );
if(empty($u_info['u_mobile'])){
echo 2;
exit();
} else {
echo 1;
exit();
}
} else {
echo 3;
exit();
}
Please Run code..I think it will be compile better it was minor mistake
This is my first topic so far in this great webpage
The problem is this:
I'm scripting an UCP (PHP & MySQL based). I want it to show the user's status like score, money, etc. (Yeah, it's for a game) but when I click on the login button nothing happens it just erases the content of the requested fields.
It was working properly before I made some changes (Checking if the username exists)
Here's the code:
if (isset($_POST['login']))
{
$hashedpass = hash('whirlpool', $password);
$query = "SELECT * FROM users WHERE Username = '$playername' AND Password = '$hashedpass'";
$result = mysql_query($query);
$num = mysql_num_rows($result);
mysql_close();
if($num != 0)
{
echo"Account doesn't exist!";
header("Location: ucp.html");
}
else
{
$name=mysql_result($result,$i,"UserName");
$money=mysql_result($result,$i,"Money");
$score=mysql_result($result,$i,"Score");
$wantedlevel=mysql_result($result,$i,"WantedLevel");
$adminlevel=mysql_result($result,$i,"AdminLevel");
echo "<b>$name</b><br>Money: $money<br>Score: $score<br>Wanted Level: $wantedlevel<br>Admin Level: $adminlevel<br><br>";
}
}
else if (isset($_POST['register']))
{
header("Location: register.html");
}
else
{
header("Location: index.html");
}
if($num != 0)
change to:
if($num == 0)
This simply won't work here nor does it make much logical sense:
$num = mysql_num_rows($result);
mysql_close();
if($num != 0)
{
echo"Account doesn't exist!";
header("Location: ucp.html");
}
First the logic is wrong, if $num is NOT equal to 0 then your query MUST have found at least one account. So you need to change your if statement to:
if($num == 0){ //if 0 rows were found - the account was not found thus it doesn't exist
echo "Account doesn't exist!";
}
Notice also i did not add header("location: ucp.html");. You cannot display output + relocate the user to another page. You either do one or the other, or you will get an error/warning.
Finally check your MYSQL is not causing an error by adding a check at the end with :
$result = mysql_query($query) or die(mysql_error());
Final tip, you should avoid using mysql_* and look into mysqli_* or PDO best explained here:
Why shouldn't I use mysql_* functions in PHP?
So I am having problems with my login script. I have a salted MD5 hash stored in my database, and well... When I use this statement followed by this code, it logs in whatever the password is.
I'm not sure if it's the syntax, or it's just the way I use it, but it logs in if the user exists even if the password is 'lalala' and the person types in 'chicken'.
$sql = ("select * from website where `Email`='$user' and `Password`='$pass'");
$query = mysql_query($sql);
if ($query) {
$data = mysql_fetch_array($query, MYSQL_ASSOC);
if (sizeof($data) > 0) {
$_SESSION['vuser'] = $_POST['vuser'];
header('Location: /');
die;
}
}
This is how it is run:
index.php --> Presses login (Sends POST data) --> login.php (This script) --> (If it logs in, it returns to /index.php, but if not, it will go to /login.php.
I have a test account on there called 'blah' with the salted MD5 hashed as 'lolcatz'. If I were to type in 'blah' in the username part, with the password as 'stackoverflow', it will go to 'index.php'
Any ideas?
try to print_r($data) to see what the mysql_fetch_array function returns. It could be that it returns FALSE, which will overpass your condition if (sizeof($data) > 0)
Your logic is incorrect. mysql_fetch_array() will return an array representing one SINGLE row of data from the query results, or a boolean FALSE in case of failure (query has no rows, or you're fetching from something OTHER than a query result).
You should be doing:
$result = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($result) > 0) {
... user exists ...
} else {
... user does not exist ...
}
Don't use this:
if ($query) {
$data = mysql_fetch_array($query, MYSQL_ASSOC);
if (sizeof($data) > 0) {
$_SESSION['vuser'] = $_POST['vuser'];
header('Location: /');
die;
}
}
What is the reason behind measuring the size of data? That is a poor way to validate.
Do this instead :
if ($query) {
if(mysql_num_rows($query)>0){
// In the above line, we check a user with that username and password exists
$_SESSION['vuser'] == $_POST['vuser'];
header('Location: /');
} else echo "Bad password";
} else echo "Connection error";
As a side note, please stop using mysql_* functions now or real soon. They are going to be removed in the next version of PHP, and are less secure. You can use the PHP PDO Class.
I am also assuming you are not storing the $username and $pass directly in the database. If you are, stop it now, and use hash functions to store the password. You can use md5 and/or sha1 hash methods.
As it is said, you can also use mysqli similar down below
$dbq=("SELECT * FROM users where username='$uname'");
$dbresult=mysqli_query($con,$dbq);
where $con is the connection query which you've to write in mysqli.
Now you can fetch the data similar down below.
$obj=$dbresult->fetch_object();
$dbmail=$obj->Email;
$dbuname=$obj->Password;
$sql = ("select * from website where `Email`='$user' and `Password`='$pass'");
$query = mysql_query($sql);
$row = mysql_fetch_array($query, MYSQL_ASSOC);
if ($row) {
$_SESSION['vuser'] = $_POST['vuser'];
header('Location:"go where ever you want to i dont care"');
}
else{ //some error message}
if(isset($_SESSION['admin'])) {
echo "<li><b>Admin</b></li>";
}
<?php
session_name('MYSESSION');
session_set_cookie_params(0, '/~cgreenheld/');
session_start();
$conn = blah blah
$query2 = 'Select Type from User WHERE Username = "'.$_SESSION['user'].'" AND Type =\'Admin\'';
$result2 = $conn->query($query2);
if($result2->num_rows==1) {
$_SESSION['admin'] = $result2;
}
?>
Hi, I'm trying to set this session variable but it doesn't seem to be setting, and i'm wondering if anyone can help. If session['admin'] isset it should echo the admin button.
But i'm not quite sure why? (I do have session start and everything on everypage, it's not a problem with that or any of the "You don't have php tags" I have checked the mysql query, and it does return something from my table. Any ideas please?
Your session_start(); should be at the top of the page before anything to do with the session variables.
From the docs:
When session_start() is called or when a session auto starts, PHP will call the open and read session save handlers.
Edit from comments:
<?php
session_name('MYSESSION');
session_set_cookie_params(0, '/~cgreenheld/');
session_start();
// Moved to start after answer was accepted for better readability
// You had the <?php after this if statement? Was that by mistake?
if(isset($_SESSION['admin']))
{
echo "<li><b>Admin</b></li>";
}
// If you have already started the session in a file above, why do it again here?
$conn = blah blah;
$query2 = 'Select Type from User WHERE Username = "'.$_SESSION['user'].'" AND Type =\'Admin\'';
// Could you echo out the above statement for me, just to
// make sure there aren't any problems with your sessions at this point?
$result2 = $conn->query($query2);
if($result2->num_rows==1)
{
$_SESSION['admin'] = $result2;
// It seems you are trying to assign the database connection object to it here.
// perhaps try simply doing this:
$_SESSION['admin'] = true;
}
?>
Edit 2 from further comments:
You have to actually fetch the fetch the data like this - snipped from this tutorial which might help you out some more:
$query = "SELECT name, subject, message FROM contact";
$result = mysql_query($query);
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
echo "Name :{$row['name']} <br>" .
"Subject : {$row['subject']} <br>" .
"Message : {$row['message']} <br><br>";
}
But having said that, while we are talking about it, you would be better off moving away from the old mysql_* functions and move to PDO which is much better.
Move session_start(); to the top of the page. You are trying to retrieve sessions, where it's not loaded.
EDIT: Try echoing $_SESSION['admin'], if it even contains something. Also try debugging your if($result2->num_rows==1) code by adding echo('its working'); or die('its working'); inside it, to check if $result2 contains exactly 1 row, since currently it seems $result2 contains either more than 1 row or no rows at all.
Hello I facing a strange problem; I am using this code to check the login data with my db
include("includes/config.php");
include("includes/database.php");
$name = $_POST['username'];
$pass = $_POST['password'];
$sql = "SELECT * FROM info_user WHERE user_name = '$name' AND password = '$pass'";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($result) or die(mysql_error());
echo $row['user_name']. " - ". $row['password'];
if (mysql_num_rows($sql)) {
echo "success";
}
else
{
echo "failed";
}
here, when i succeed it shows success but any blank input or wrong input is not showing the failed message why? and how can I solve it? is there any better way to check the login? please help
Thanks in advance
First off:
$row = mysql_fetch_array($result) or die(mysql_error());
If you pass along a wrong username or password, mysql_fetch_array() will return FALSE, because there is no rows to take from. This results in your or die(mysql_error()) part being executed, which means your script dies and outputs nothing since mysql didn't fail - which again means that mysql_error() has nothing to return to you.
Secondly, you are using mysql_num_rows() on the $sql string, not on the $result variable which actually contains a mysql resource that you should be using.
You should also check the mysql_num_rows() before using mysql_fetch_array() so that you don't try to pull out some data you don't have available.
Lastly, your solution is full of security flaws. You are passing along raw post data to your mysql database which makes you vulnerable to sql injection and you are storing your passwords as plain text values in your database (not plain text files, just plain text values).
You should google sql injection and password hashing to improve your security.
Try this:
$num_rows = mysql_num_rows($result);
if ($num_rows > 0) {
echo "success";
} else {
echo "failed";
}