I have a working registration and login system. I am trying to create a form where a user can add product registration info (via mysql update). I can't seem to get the db to actually update the fields. What am I missing here?!?
<?php
define('INCLUDE_CHECK',true);
require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined
session_name('tzLogin');
// Starting the session
session_set_cookie_params(2*7*24*60*60);
// Making the cookie live for 2 weeks
session_start();
if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])
{
// If you are logged in, but you don't have the tzRemember cookie (browser restart)
// and you have not checked the rememberMe checkbox:
$_SESSION = array();
session_destroy();
// Destroy the session
}
if(isset($_GET['logoff']))
{
$_SESSION = array();
session_destroy();
header("Location: index_login3.php");
exit;
}
if($_POST['submit']=='Login')
{
// Checking whether the Login form has been submitted
$err = array();
// Will hold our errors
if(!$_POST['username'] || !$_POST['password'])
$err[] = 'All the fields must be filled in!';
if(!count($err))
{
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$_POST['rememberMe'] = (int)$_POST['rememberMe'];
// Escaping all input data
$row = mysql_fetch_assoc(mysql_query("SELECT * FROM electrix_users WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));
if($row['usr'])
{
// If everything is OK login
$_SESSION['usr']=$row['usr'];
$_SESSION['id'] = $row['id'];
$_SESSION['email'] = $row['email'];
$_SESSION['first'] = $row['first'];
$_SESSION['last'] = $row['last'];
$_SESSION['address1'] = $row['address1'];
$_SESSION['address2'] = $row['address2'];
$_SESSION['city'] = $row['city'];
$_SESSION['state'] = $row['state'];
$_SESSION['zip'] = $row['zip'];
$_SESSION['country'] = $row['country'];
$_SESSION['product1'] = $row['product1'];
$_SESSION['serial1'] = $row['serial1'];
$_SESSION['product2'] = $row['product2'];
$_SESSION['serial2'] = $row['serial2'];
$_SESSION['product3'] = $row['product3'];
$_SESSION['serial3'] = $row['serial3'];
$_SESSION['rememberMe'] = $_POST['rememberMe'];
// Store some data in the session
setcookie('tzRemember',$_POST['rememberMe']);
}
else $err[]='Wrong username and/or password!';
}
if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
// Save the error messages in the session
header("Location: index_login3.php");
exit;
}
else if($_POST['submit']=='Register')
{
// If the Register form has been submitted
$err = array();
if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32)
{
$err[]='Your username must be between 3 and 32 characters!';
}
if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username']))
{
$err[]='Your username contains invalid characters!';
}
if(!checkEmail($_POST['email']))
{
$err[]='Your email is not valid!';
}
if(!count($err))
{
// If there are no errors
$pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);
// Generate a random password
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['first'] = mysql_real_escape_string($_POST['first']);
$_POST['last'] = mysql_real_escape_string($_POST['last']);
$_POST['address1'] = mysql_real_escape_string($_POST['address1']);
$_POST['address2'] = mysql_real_escape_string($_POST['address2']);
$_POST['city'] = mysql_real_escape_string($_POST['city']);
$_POST['state'] = mysql_real_escape_string($_POST['state']);
$_POST['zip'] = mysql_real_escape_string($_POST['zip']);
$_POST['country'] = mysql_real_escape_string($_POST['country']);
// Escape the input data
mysql_query(" INSERT INTO electrix_users(usr,pass,email,first,last,address1,address2,city,state,zip,country,regIP,dt)
VALUES(
'".$_POST['username']."',
'".md5($pass)."',
'".$_POST['email']."',
'".$_POST['first']."',
'".$_POST['last']."',
'".$_POST['address1']."',
'".$_POST['address2']."',
'".$_POST['city']."',
'".$_POST['state']."',
'".$_POST['zip']."',
'".$_POST['country']."',
'".$_SERVER['REMOTE_ADDR']."',
NOW()
)");
if(mysql_affected_rows($link)==1)
{
send_mail( 'noreply#electrixpro.com',
$_POST['email'],
'Your New Electrix User Password',
'Thank you for registering at www.electrixpro.com. Your password is: '.$pass);
$_SESSION['msg']['reg-success']='We sent you an email with your new password!';
}
else $err[]='This username is already taken!';
}
if(count($err))
{
$_SESSION['msg']['reg-err'] = implode('<br />',$err);
}
header("Location: index_login3.php");
exit;
}
if($_POST['submit']=='Update')
{
{
mysql_query(" UPDATE electrix_users(product1,serial1,product2,serial2,product3,serial3) WHERE usr='{$_POST['username']}'
VALUES(
'".$_POST['product1']."',
'".$_POST['serial1']."',
'".$_POST['product2']."',
'".$_POST['serial2']."',
'".$_POST['product3']."',
'".$_POST['serial3']."',
)");
if(mysql_affected_rows($link)==1)
{
$_SESSION['msg']['upd-success']='Thank you for registering your Electrix product';
}
else $err[]='So Sad!';
}
if(count($err))
{
$_SESSION['msg']['upd-err'] = implode('<br />',$err);
}
header("Location: index_login3.php");
exit;
}
if($_SESSION['msg'])
{
// The script below shows the sliding panel on page load
$script = '
<script type="text/javascript">
$(function(){
$("div#panel").show();
$("#toggle a").toggle();
});
</script>';
}
?>
Here are the forms:
<!-- Panel -->
<div id="toppanel">
<div id="panel">
<div class="content clearfix">
<div class="left">
<h1>My Electrix Account </h1>
<p class="grey">View and edit your contact information and product registrations</p>
</div>
<?php
if(!$_SESSION['id']):
?>
<div class="left">
<!-- Login Form -->
<form class="clearfix" action="" method="post">
<h1>Member Login</h1>
<?php
if($_SESSION['msg']['login-err'])
{
echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>';
unset($_SESSION['msg']['login-err']);
}
?>
<label class="grey" for="username">Username:</label>
<input class="field" type="text" name="username" id="username" value="" size="23" />
<label class="grey" for="password">Password:</label>
<input class="field" type="password" name="password" id="password" size="23" />
<label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> Remember me</label>
<div class="clear"></div>
<input type="submit" name="submit" value="Login" class="bt_login" />
</form>
</div>
<div class="left right">
<!-- Register Form -->
<form action="" method="post">
<h1>Not a member yet? Sign Up!</h1>
<?php
if($_SESSION['msg']['reg-err'])
{
echo '<div class="err">'.$_SESSION['msg']['reg-err'].'</div>';
unset($_SESSION['msg']['reg-err']);
}
if($_SESSION['msg']['reg-success'])
{
echo '<div class="success">'.$_SESSION['msg']['reg-success'].'</div>';
unset($_SESSION['msg']['reg-success']);
}
?>
<label class="grey" for="username">Username*:</label>
<input class="field" type="text" name="username" id="username" value="" size="23" />
<label class="grey" for="email">Email*:</label>
<input class="field" type="text" name="email" id="email" size="23" />
<label class="grey" for="first">First Name:</label>
<input class="field" type="text" name="first" id="first" size="23" />
<label class="grey" for="last">Last Name:</label>
<input class="field" type="text" name="last" id="last" size="23" />
<label class="grey" for="address1">Address line 1:</label>
<input class="field" type="text" name="address1" id="address1" size="23" />
<label class="grey" for="address2">Address line 2:</label>
<input class="field" type="text" name="address2" id="address2" size="23" />
<label class="grey" for="city">City:</label>
<input class="field" type="text" name="city" id="city" size="23" />
<label class="grey" for="state">State/Province:</label>
<input class="field" type="text" name="state" id="state" size="23" />
<label class="grey" for="zip">Zip/Postal Code:</label>
<input class="field" type="text" name="zip" id="zip" size="23" />
<label class="grey" for="country">Country:</label>
<input class="field" type="text" name="country" id="country" size="23" />
<p>
<label>A password will be e-mailed to you.</label>
<input type="submit" name="submit" value="Register" class="bt_register" />
</p>
</form>
</div>
<?php
else:
?>
<div class="left">
<h1>User Information</h1>
<p>
<?php echo $_SESSION['first']; ?>
<?php echo $_SESSION['last']; ?><br />
<?php echo $_SESSION['address1']; ?>
<?php echo $_SESSION['address2']; ?><br />
<?php echo $_SESSION['city']; ?>,
<?php echo $_SESSION['state']; ?>
<?php echo $_SESSION['zip']; ?><br />
<?php echo $_SESSION['country']; ?>
</p>
<p>Email: <?php echo $_SESSION['email']; ?></p>
<p>Downloads</p>
Log off
</div>
<div class="left right">
<!-- Product Registration Form -->
<form class="clearfix" action="" method="post">
<h1>Product Registration</h1>
<?php
if($_SESSION['msg']['upd-err'])
{
echo '<div class="err">'.$_SESSION['msg']['upd-err'].'</div>';
unset($_SESSION['msg']['upd-err']);
}
if($_SESSION['msg']['upd-success'])
{
echo '<div class="success">'.$_SESSION['msg']['upd-success'].'</div>';
unset($_SESSION['msg']['upd-success']);
}
?>
<label class="grey" for="product1">Product 1:</label>
<input class="field" type="text" name="product1" id="product1" value="<?php echo $_SESSION['product1']; ?>" size="23" />
<label class="grey" for="serial1">Serial 1:</label>
<input class="field" type="text" name="serial1" id="serial1" value="<?php echo $_SESSION['serial1']; ?>" size="23" />
<label class="grey" for="product2">Product 2:</label>
<input class="field" type="text" name="product2" id="product2" value="<?php echo $_SESSION['product2']; ?>" size="23" />
<label class="grey" for="serial2">Serial 2:</label>
<input class="field" type="text" name="serial2" id="serial2" value="<?php echo $_SESSION['serial2']; ?>" size="23" />
<label class="grey" for="product3">Product 3:</label>
<input class="field" type="text" name="product3" id="product3" value="<?php echo $_SESSION['product3']; ?>" size="23" />
<label class="grey" for="serial3">Serial 3:</label>
<input class="field" type="text" name="serial3" id="serial3" value="<?php echo $_SESSION['serial3']; ?>" size="23" />
<div class="clear"></div>
<input type="submit" name="submit" value="Update" class="bt_login" />
</form>
</div>
<?php
endif;
?>
</div>
</div> <!-- /login -->
<!-- The tab on top -->
<div class="tab">
<ul class="login">
<li class="left"> </li>
<li>Hello <?php echo $_SESSION['usr'] ? $_SESSION['usr'] : 'Guest';?>!</li>
<li class="sep">|</li>
<li id="toggle">
<a id="open" class="open" href="#"><?php echo $_SESSION['id']?'Open Panel':'Log In | Register';?></a>
<a id="close" style="display: none;" class="close" href="#">Close Panel</a>
</li>
<li class="right"> </li>
</ul>
</div> <!-- / top -->
</div> <!--panel -->
Your update query is way off. You need to do it in the form of
UPDATE `tablename`
SET col1=`value`,col2=`val2`
WHERE wherecol=`whereval`
change your query and see if that helps.
your query should be
UPDATE electrix_users
SET
product1= $_POST['product1'],
serial1 = $_POST['serial1'],
product2 = $_POST['product2'],
serial2 = $_POST['serial2'],
product3 = $_POST['product3'],
serial3 = $_POST['serial3']
WHERE usr=$_POST['username']
However you should always clean for sql injection on any user entered data. I did not do this in the example as this is something you should do in your own way. This example is given to you as an example and does not prevent any kind of sql injection as it stands now.
ALWAYS DO WHAT YOU CAN TO PREVENT SQL INJECTION!
Related
Basically i want to keep the values that weren't wrong and were not password or repeat password. For that i followed this question:
PHP Keep entered values after validation error.
Though, only last name is kept the way I tried. The way i am trying to do that for all fields in my form is currently: "<?php echo isset($_GET["email"]) ? $_GET["email"] : ''; ?>". I also have errors message that reads from the URL using $_GET and sends an error message accordingly, which works fine. This is my actual code.
<form method="post" action="includes/signup.inc.php" id="create_customer" accept-charset="UTF-8"><input type="hidden" name="form_type" value="create_customer" /><input type="hidden" name="utf8" value="✓" />
<div id="first_name" class="clearfix large_form"> <label for="fname" class="login">Nome</label>
<input type="text" value="<?php if(isset($_GET["fname"])){echo($_GET["fname"]);}?>" name="fname" id="fname" class="large" size="30" />
</div>
<div id="last_name" class="clearfix large_form"> <label for="lname" class="login">Sobrenome</label>
<input type="text" value="<?php if(isset($_GET["fname"])){echo($_GET["fname"]);}?>" name="lname" id="lname" class="large" size="30" /></div>
<div id="email" class="clearfix large_form"> <label for="email" class="login">E-mail</label> <input type="email" value="<?php echo isset($_POST["email"]) ? $POST["email"] : ''; ?>" name="email" id="email" class="large" size="30" /></div>
<div id="password" class="clearfix large_form"> <label for="password" class="login">Senha</label> <input type="password" value="" name="pwd" id="password" class="large password" size="30" />
<div id="password" class="clearfix large_form"> <label for="password" class="login">Repetir Senha</label> <input type="password" value="" name="pwd-repeat" id="password" class="large password" size="30" />
</div>
<div class="acceptsMarketing"> <input type="checkbox" id="customer[accepts_marketing]" name="customer[accepts_marketing]"> <label for="customer[accepts_marketing]">Assine a nossa
newsletter?</label></div>
<div class="action_bottom"> <input class="btn action_button" name="signup-submit" type="submit" value="Inscrever-se" />
<p class="right" style="padding-top: 8px;">
<input class="btn action_button" type="submit" value="Recuperar Senha" />
<p class="right" style="padding-top: 8px;">
Já é cliente? Entrar →</p>
</div>
</form>
</div><!-- /#create-customer -->
</div>
</div>
</div>
</div>
</div>
Originally not known to me, here goes to validation codes for errors display:
if (isset($_POST['signup-submit'])) {
require 'dbh.inc.php';
$email = $_POST['email'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$pwd = $_POST['pwd'];
$pwdrepeat = $_POST['pwd-repeat'];
if (empty($fname) || empty($lname) || empty($email) || empty($pwd) || empty($pwdrepeat)) {
header("Location: ../register.php?error=emptyfields&fname=" . $fname . "&lname" . $lname . "&email" . $email);
exit();
} else if (!filter_var($fname, FILTER_VALIDATE_REGEXP) && !preg_match("/^[a-zA-Z -]+$/", $fname)) {
header("Location: ../register.php?error=nomeinvalido&fname=" . $fname);
exit();
} else if (!filter_var($lname, FILTER_VALIDATE_REGEXP) && !preg_match("/^[a-zA-Z -]+$/", $lname)) {
header("Location: ../register.php?error=sobrenomeinvalido&lname=" . $lname. "&lname");
exit();
} else if (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match('/^[a-zA-Z0-9]*$/', $email)) {
header("Location: ../register.php?error=invalidmail&email=" . $email);
exit();
} else if ($pwd !== $pwdrepeat) {
header("Location: ../register.php?error=passwordcheck&fname=");
exit();
To retain the value of the various form elements you could us e a very simple little function and simply supply the form element name as a parameter, like so:
<?php
function getvalue( $name=false ){
echo isset( $_POST[ $name ] ) ? $_POST[ $name ] : '';
}
?>
<!DOCTYPE html>
<html lang='en'>
<head>
<meta charset='utf-8' />
<title>Form value retention</title>
</head>
<body>
<!--
for demonstration, the action has been
removed so it POSTs to the same page.
-->
<?php
if( $_SERVER['REQUEST_METHOD']=='POST' ){
printf('<pre>%s</pre>',print_r( $_POST, true ) );
}
?>
<form method='post' accept-charset='UTF-8'>
<input type='hidden' name='form_type' value='create_customer' />
<input type='hidden' name='utf8' value='✓' />
<div id='first_name' class='clearfix large_form'>
<label for='fname' class='login'>Nome</label>
<input type='text' value='<?php getvalue('fname'); ?>' name='fname' class='large' size='30' />
</div>
<div id='last_name' class='clearfix large_form'>
<label for='lname' class='login'>Sobrenome</label>
<input type='text' value='<?php getvalue('lname'); ?>' name='lname' class='large' size='30' />
</div>
<div id='email' class='clearfix large_form'>
<label for='email' class='login'>E-mail</label>
<input type='email' value='<?php getvalue('email'); ?>' name='email' class='large' size='30' />
</div>
<div class='clearfix large_form'>
<label for='password' class='login'>Senha</label>
<input type='password' value='<?php getvalue('pwd');?>' name='pwd' class='large password' size='30' />
<div id='password' class='clearfix large_form'>
<label for='password' class='login'>Repetir Senha</label>
<input type='password' value='<?php getvalue('pwd-repeat');?>' name='pwd-repeat' class='large password' size='30' />
</div>
</div>
<div class='acceptsMarketing'>
<input type='checkbox' name='customer[accepts_marketing]'>
<label for='customer[accepts_marketing]'>Assine a nossa newsletter?</label>
</div>
<div class='action_bottom'>
<input class='btn action_button' name='signup-submit' type='submit' value='Inscrever-se' />
<p class='right' style='padding-top: 8px;'>
<input class='btn action_button' type='submit' value='Recuperar Senha' />
</p>
<p class='right' style='padding-top: 8px;'>
Já é cliente? <a href='login.php' id='customer_login_link'>Entrar →</a>
</p>
</div>
</form>
</body>
</html>
The HTML in the form has been corrected in, what I believe is, the most logical way though I removed the ID attributes as many were duplicated. That said the form values are maintained upon form submission - because it is the same page. To accomplish this after submitting to a-n-other script you would use a session variable to keep track of the POST array.
When using another script for the form action ( to perform validation etc ) the form values would not be retained when that other script redirects back if it finds an error. To solve that a session variable would work well.
So, in the above - at the beginning of the form action page:
session_start();
$svar='formdata';
/* the session variable is populated when the form is submitted */
if( !isset( $_SESSION[ $svar ] ) && $_SERVER['REQUEST_METHOD']=='POST' ){
$_SESSION[ $svar ]=$_POST;
}
/* other processing... if(error)->redirect etc */
And the alternative function to getvalue in the above page:
session_start();
$svar='formdata';
function getsessionvalue( $name=false ){
global $svar;
echo isset( $_SESSION[ $svar ][ $name ] ) ? $_SESSION[ $svar ][ $name ] : '';
}
You send data via POST method (form method="post") but try to set it from $_GET array. Use $_POST instead. Also do not forget escape inputted data to avoid XSS vulnerability
Try to use $_REQUEST, this gets the results from all $_GET and $_POST data.
See http://www.shodor.org/~kevink/phpTutorial/nileshc_getreqpost.php for more info
I made a page for user info containing a button for updating their info. When I change the fields and push the button, the info changed in the database and the web page shows everything is ok and changed, but when I refresh the page (after pushing the button), there the fields aren't changed and contain still the same info (but changed in data base). So how can I solve this?
Here is html codes:
<div class="custom-container">
<div class="row">
<div class="col-10">
<div class="user_content custom-container">
<div class="row">
<div class="col-11 fields">
<form method="post" action="user_updates.php">
<fieldset id="right">
<label>نام کاربری</label>
<br>
<input type="text" name="username" value="<?php echo $_SESSION["member_username"] ?>" disabled style="direction: ltr;">
<br><br>
<label>رمز عبور</label>
<br>
<input type="text" name="password" value="<?php echo $_SESSION["member_password"] ?>" style="direction: ltr;">
<br><br>
<label>نام</label>
<br>
<input type="text" name="first-name" value="<?php echo $_SESSION["member_name"] ?>">
<br><br>
<label>نام خانوادگی</label>
<br>
<input type="text" name="last-name" value="<?php echo $_SESSION["member_last_name"] ?>">
</fieldset>
<fieldset id="left">
<label>نام پدر</label>
<br>
<input type="text" name="father-name" value="<?php echo $_SESSION["member_father_name"] ?>">
<br><br>
<label>کد ملی</label>
<br>
<input type="text" name="melli-code" value="<?php echo $_SESSION["member_melli_code"] ?>" style="direction: ltr; font-family: Iran_Sans_M;">
<br><br>
<label>شماره موبایل</label>
<br>
<input type="text" name="mobile-number" value="<?php echo $_SESSION["member_mobile_number"] ?>" style="direction: ltr; font-family: Iran_Sans_M;">
<br><br>
<label>ایمیل</label>
<br>
<input type="email" name="email" value="<?php echo $_SESSION["member_email"] ?>" style="direction: ltr;">
</fieldset>
<input type="hidden" name="user-id" value="<?php echo $_SESSION["member_id"] ?>">
<input type="submit" name="change" value="ثبت تغییرات">
</form>
<?php
if (isset($_GET["empty"]))
{
echo '<div class="php_texts"> <p>لطفاً تمامی قسمت ها رو پر نمایید.</p> </div>';
}
if (isset($_GET["changes"]))
{
echo '<div class="php_texts"> <p>اطلاعات با موفقیت ویرایش شد.</p> </div>';
}
if (isset($_GET["error"]))
{
echo '<div class="php_texts"> <p>عدم ارتباط با سرور.</p> </div>';
}
?>
</div>
</div>
</div> <!-- User Content-->
</div> <!-- User Content-->
and here is php codes:
<!-- General Codes-->
include("connect_to_sql.php");
session_start();
if(isset($_POST["change"]))
{
$password = $_POST["password"];
$first_name = $_POST["first-name"];
$last_name = $_POST["last-name"];
$father_name = $_POST["father-name"];
$melli_code = $_POST["melli-code"];
$mobile_number = $_POST["mobile-number"];
$email = $_POST["email"];
$id = $_POST["user-id"];
if (empty($username) && empty($password) && empty($first_name) && empty($last_name) && empty($father_name) && empty($melli_code) && empty($mobile_number) && empty($email))
{
header("location:user_changes.php?empty=fill+all+fields");
exit;
}
if (isset($_SESSION["member_username"]))
{
$member_update= "UPDATE `member_info` SET `password` = '".$password."', `first_name` = '".$first_name."', `last_name` = '".$last_name."', `father_name` = '".$father_name."', `melli_code` = '".$melli_code."', `mobile_number` = '".$mobile_number."', `email` = '".$email."' WHERE `member_info`.`id` = '".$id."';";
$member_query = mysqli_query($connect_to_mysql,$member_update);
#$member_fetch = mysqli_fetch_assoc($member_query);
if($member_query)
{
header("location:user_changes.php?changes=ok");
exit;
}
else
{
header("location:user_changes.php?error=data+base");
exit;
}
}
}
The main problem is that you read the information for the user from the session, but never write the updated data into the session.
So either rewrite the values to the session in the if($member_query) block or fetch and map the actual values from the database on each page load to the session.
Another huge issue of your code is that it's vulnerable for SQL Injection attacks.
I have a member page that lands after user signs in. From there I need to populate that page with all their data in a form format (same as the one they filled out initially) so they can edit and update/save.
<form>
<fieldset>
<legend>Edit My Account
</legend>
<div>
<label class="label" for="username">Username</label>
<input class="user" type="text" name="username" id="username" value="<?php if(isset($error)){ echo $_POST['username']; } ?>" tabindex="2" required />
</div>
<div>
<label class="label" for="email">Email</label>
<input class="email" type="email" name="email" id="email" value="<?php if(isset($error)){ echo $_POST['email']; } ?>" tabindex="3" required />
</div>
<div>
<label class="label" for="password">Password</label>
<input class="password" type="password" name="password" id="password" tabindex="4" required />
</div>
<div>
<label class="label" for="passwordConfirm">Confirm Password</label>
<input class="password" type="password" name="passwordConfirm" id="passwordConfirm" tabindex="5" required />
</div>
<div>
<input class="showbox" type="checkbox" name="terms" id="terms" tabindex="6" onFocus="this.tabIndex=1;"onBlur="this.tabIndex=6;"required />
<label for="terms">I agree to the Terms</label>
</div>
</fieldset>
<fieldset>
<div>
<input name="submit" type="submit" value="Update" />
</div>
</fieldset>
</form>
Secondly I want them to be able to delete their entire account with a "Delete My Account" button via a input type 'submit' that would appear on same member page.
<fieldset>
<form action="delete.php?" method="post">
<input type="hidden" name="id" value="<?php echo $members['memberID']; ?>">
<input type="submit" name="submit" value="Delete My Account">
</form>
</filedset>
I've been searching for days now... mostly this platform and have not found any sound solution(s).
I'm using MySQL db using PDO $stmt = $db->prepare('INSERT INTO... to create insert for new users and that all works fine.
I include a separate connection config file for db connection as well.
I created a delete.php file for the statement.
<?php require('config.php');
$id=$_SESSION['memberID'];
$stmt = $db->prepare('DELETE FROM members where memberID = $id');
?>
I'm not able to find a solution to populate the member page with logged in user data then edit and update it and/or capture the users logged in memberID to submit the delete account request using that memberID.
Some guidance would be appreciated, Thanks!
Here is my login.php code
<?php
//include config
require_once('config.php');
//check if already logged in move to home page
if( $user->is_logged_in() ){ header('Location: memberpage.php'); }
//process login form if submitted
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($user->login($username,$password)){
$_SESSION['username'] = $username;
header('Location: memberpage.php');
exit;
} else {
$error[] = '<h2 class="red ctr thanks">Wrong username or password or your account has not been activated.</h2>';
}
}//end if submit
?>
At first you must set id user.after login user in admin page
and next you can use of that
<?php
$userId= $_GET['id'];//get user id you can use session also
if (isset($_POST['submit'])){
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$passwordConfirm = $_POST['passwordConfirm'];
$terms = $_POST['terms'];
if (($password===$passwordConfirm) and ($terms===1)){
$query = "UPDATE members SET username = :username ,email = :email,"
."password = :password WHERE id = :id";
$stmt = $db->prepare($query);
$stmt->bindParam(':username',$username, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->bindParam(':password', $password, PDO::PARAM_STR);
$stmt->bindParam(':id',$userId, PDO::PARAM_INT);
}
}
$query = "SELECT * FROM `members` WHERE id = `$userId`"; //Get user info
$sth = $db->prepare($query);
$sth ->execute();
$result = $sth->fetchAll(PDO::FETCH_ASSOC);
if ($result) {
// output data of each row
foreach($result as $row){
$username = $row['username'];
$email = $row['email'];
$password = $row['password'];
}
}
?>
<form method="post" class="form-horizontal" action="<?php filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?>">
<fieldset>
<legend>Edit My Account
</legend>
<div>
<label class="label" for="username">Username</label>
<input class="user" type="text" name="username" id="username" value="<?php echo $username ?>" tabindex="2" required />
</div>
<div>
<label class="label" for="email">Email</label>
<input class="email" type="email" name="email" id="email" value="<?php echo $email?>" tabindex="3" required />
</div>
<div>
<label class="label" for="password">Password</label>
<input class="password" type="password" name="password" value="<?php echo $password ?>" id="password" tabindex="4" required />
</div>
<div>
<label class="label" for="passwordConfirm">Confirm Password</label>
<input class="password" type="password" name="passwordConfirm" id="passwordConfirm" tabindex="5" required />
</div>
<div>
<input class="showbox" type="checkbox" name="terms" id="terms" tabindex="6" onFocus="this.tabIndex=1;"onBlur="this.tabIndex=6;"required />
<label for="terms">I agree to the Terms</label>
</div>
</fieldset>
<fieldset>
<div>
<input name="submit" type="submit" value="Update" />
</div>
</fieldset>
</form>
In my custom Wordpress theme, I have custom login form:
<form method="post" action="<?php bloginfo('url') ?>/wp-login.php" name="login">
<div class="login-form-container resp-hidden">
<div class="login-form-container-inner">
<h3 class="form-title"><?php echo __('Login', 'louise'); ?></h3>
<label for="user_login">
<?php echo __('User name or e-mail', 'louise'); ?>: </label>
<input class="para-content" type="text" name="log" placeholder="" value="<?php echo esc_attr(stripslashes($user_login, $user_email)); ?>" size="20" id="user_login" tabindex="11" required>
<label for="user_pass">
<?php echo __('Password', 'louise'); ?>: </label>
<input class="para-content" type="password" name="pwd" value="" size="20" id="user_pass" tabindex="12" required/>
<label for="rememberme"> </label>
<div class="buttons">
<?php do_action('login_form'); ?>
<input type="submit" name="user-submit" value="<?php echo __('Log in', 'louise'); ?>" tabindex="14" class="signupbtn" />
<input type="hidden" name="redirect_to" value="<?php echo icl_get_home_url() ; ?>" />
<input type="hidden" name="user-cookie" value="1" />
</div>
</div>
</div>
</form>
It gets the job done, but problem appears when I am trying to log in from different than default language. Login redirects to the front-page leaving with inactive URL: http://test.com/?lang=en/wp-login.php I am using WPML plugin for two languages, default one is lt_LT and en_US as additional.
I was digging threw all the weekend, but found no valid solution. To make it clear, I don't get if I have to translate core WP wp-login.php page, o is there a shortcut to bypass wp-login.php and redirect user straight to home page?
Many thanks for all possible help and suggestions.
Looking forward,
First change the form action to
<?php echo $_SERVER['REQUEST_URI']; ?>
and use this PHP after the form
if (isset($_POST['user-submit'])) {
login_auth($_POST['log'], $_POST['pwd']);
}
and add this function to functions.php
function login_auth( $username, $password ) {
global $user;
$current_cookie = esc_attr( $_COOKIE['_icl_current_language'] );
$url = '/'.$current_cookie;
$login_page = site_url($url);
$creds = array();
$creds['user_login'] = $username;
$creds['user_password'] = $password;
$creds['remember'] = true;
$user = wp_signon( $creds, false );
if ( is_wp_error($user) ) {
echo $user->get_error_message();
}
if ( !is_wp_error($user) ) {
wp_redirect($login_page);
}
}
After all, here is my solution that worked in my case. Seems, that the problem was language parameter set by WPML plugin. It is possible to check if current link has ?lang=en/ and change it with default wp-login url.
<?php
if($login = strstr($_SERVER['REQUEST_URI'], "?lang=en")) {
$login = wp_login_url();
} else {
$login = wp_login_url();
}?>
<form method="post" action="<?php echo $login?>"
<div class="login-form-container resp-hidden">
<div class="login-form-container-inner">
<h3 class="form-title"><?php echo __('Login', 'louise'); ?></h3>
<label for="user_login">
<?php echo __('User name or e-mail', 'louise'); ?>: </label>
<input class="para-content" type="text" name="log" placeholder="" value="<?php echo esc_attr(stripslashes($user_login || $user_email)); ?>" size="20" id="user_login" tabindex="11" required>
<label for="user_pass">
<?php echo __('Password', 'louise'); ?>: </label>
<input class="para-content" type="password" name="pwd" value="" size="20" id="user_pass" tabindex="12" required/>
<label for="rememberme"> </label>
<div class="buttons">
<?php do_action('login_form'); ?>
<input type="submit" name="user-submit" value="<?php echo __('Log in', 'louise'); ?>" tabindex="14" class="signupbtn" />
<input type="hidden" name="redirect_to" value="<?php echo $_SERVER['REQUEST_URI']; ?>" />
<input type="hidden" name="user-cookie" value="1" />
</div>
</div>
</div>
</form>
This is my setting.php code:
<?php session_start();
include 'conn.php';
include '../includes/layouts/header.php';
if(!isset($_SESSION['user']))
{
header("location:signin.php");
}
if(isset($_SESSION['update']))
{
echo $_SESSION['update'];
unset($_SESSION['update']);
}
$sql="SELECT * FROM signup";
$qry=mysql_query($sql);
$rows=mysql_fetch_array($qry);
?>
<div id="main">
<div id="navigation">
<div class="">
Welcome to LMS
<ul>
<li><?php echo $_SESSION['user']; ?>
<ul>
<li>Send Leave Application</li>
<li>Setting</li>
<li>Logout</li>
</ul>
</div>
</div>
<div id="page">
<form method="post" action="update.php">
<div class="reg_section">
<h3>Your Personal Information</h3>
<input type="text" name="fname" value="<?php echo $rows[1];?>" placeholder="First Name"><br>
<input type="text" name="lname" value="<?php echo $rows[2];?>" placeholder="Last Name"><br>
<input type="text" name="uname" value="<?php echo $rows[3];?>" placeholder="Desired Username"><br>
<input type="text" name="email" value="<?php echo $rows[4];?>" placeholder="Email"><br>
<input type="text" name="department" value="<?php echo $rows[5];?>" placeholder="Department"><br>
<input type="text" name="id" value="<?php echo $rows[6];?>" placeholder="Id #"/><br>
<input type="text" name="phone" value="<?php echo $rows[7];?>" placeholder="Phone #"/><br>
</div>
<div class="reg_section">
<h3>Your Password</h3>
<input type="password" name="pass" value="<?php echo $rows[8];?>" placeholder="Your Password"><br>
<input type="password" name="cpass" value="<?php echo $rows[8];?>" placeholder="Confirm Password">
</div>
<div class="reg_section">
<h3>Your Address</h3>
<input type="text" name="address" value="<?php echo $rows[9];?>" placeholder="Address">
</div>
<p class="submit"><input type="submit" name="submit" value="Update Info"></p>
</form>
</div>
</div>
<?php include '../includes/layouts/footer.php' ?>
and this is the Update.php code:
<?php session_start();
include 'conn.php';
if(isset($_POST['submit']))
{
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$user=$_POST['uname'];
$email=$_POST['email'];
$depart=$_POST['department'];
$id=$_POST['id'];
$phone=$_POST['phone'];
$pass=$_POST['pass'];
$address=$_POST['address'];
$msg="Record Update Successfuly";
$qry="UPDATE signup SET First_Name='$fname',Last_Name='$lname',Username='$user',Email='$email',Department='$depart',Employe_Id='$id',Phone='$phone',Password='$pass',Address='$address' WHERE Username='$user'";
if(mysql_query($qry))
{
header('location:setting.php');
echo $_SESSION['update']=$msg;
}
else
{
echo mysql_error();
}
}
?>
now, I want that only logged-in users can change their record and the form should contain their own data, but I can't.
When I log into the page then it will only show the first record of the database, but I want it to show only the logged-in user record.
How can I do it?
......
I won't go into the discussion of using mysql when you should consider adoptiing mysqli or pdo.
You are selecting all records within you query. You only need to select the desired one. Assuming that you are setting the user is within the session you could call it like so.
Eg: $sql="SELECT * FROM signup WHERE userId = '$_SESSION['userId']'";