I have a problem with the online users list.
The code works fine, all the online users are displayed on the screen but when I click on refresh, the same user's email is displayed again and when I click on refresh for the second time the user's email is displayed three times and so on.
Here is my code:
<?php
require_once("db.php");
db_connect();
session_start();
$player_timeout = time() - 5 * 60;
$time = time();
if (isset($_SESSION['email'])) {
$login=mysql_query("insert into activePlayer(player_email,time_visited,status) values('".$_SESSION['email']."','".$time."', 'true')");
}
else
{echo "You are not logged in";}
$tmout = mysql_query("DELETE FROM activePlayer WHERE time_visited < ".$player_timeout);
$online_member = mysql_query("SELECT player_email FROM activePlayer");
$row=mysql_num_rows($online_member);
$member_row=mysql_fetch_array($online_member);
echo "Welcome '".$_SESSION['email']."'";
?>
<body>
<select > <?php
if ($row<1)
{
echo " ";
}
else
{?> <p><p>Online Players:<option><?php echo $member_row['player_email'];?>
</option>}
<?php for ($i=1;$i<$row;$i++)
{
$member_row=mysql_fetch_array($online_member);?>
<p><p>Online Players:<option><?php echo $member_row['player_email']; }}?>
</option></select>
</body>
please how can I solve this problem
Every time you refresh you insert a row into the db if the user is logged in. You have to check if the user already exists in the db and update his record instead. If he has no record then just create a new as you do.
$hasRow = mysql_query("SELECT * FROM activePlayer WHERE player_email='".$_SESSION['email']."' LIMIT 1");
if(mysql_num_rows($hasRow) > 0) {
$login = mysql_query("UPDATE activePlayer SET visited=".time()." WHERE player_email='".$_SESSION['email']."'");
} else {
$login=mysql_query("insert into activePlayer(player_email,time_visited,status) values('".$_SESSION['email']."','".$time."', 'true')");
}
What you need to do is a redirect:
if (isset($_SESSION['email'])) {
mysql_query("INSERT INTO activePlayer (player_email,time_visited,status)
VALUES ('".$_SESSION['email']."','".$time."', 'true')");
unset($_SESSION['email']);
header("Location: otherpage.php"); // or it can be the same page
}
Related
Currently my php login form will only carry acrocss the username on the session, I want this to carry across the user id (automatically created when the user registers).
As shown below I have included the user_id but it is not displaying on my webpage, the username is however.
Just wondering if anyone can help me with this? (I'm new to PHP)
Login process:
require_once('connection.php');
session_start();
if(isset($_POST['login']))
{
if(empty($_POST['username']) || empty($_POST['PWORD']))
{
header("location:login.php?Empty= Please Fill in the Blanks");
}
else
{
$query="select * from users where username='".$_POST['username']."' and PWORD='".$_POST['PWORD']."'";
$result=mysqli_query($con,$query);
if(mysqli_fetch_assoc($result))
{
$_SESSION['User']=$_POST['username'];
$_SESSION['user_id'] = $row['user_id'];
header("location:../manage_event.php");
}
else
{
header("location:login.php?Invalid= Please Enter Correct User Name and Password ");
}
}
}
else
{
echo 'Not Working Now Guys';
}
Session on next page:
session_start();
if(isset($_SESSION['User']) || isset($_SESSION['user_id']))
{
echo ' Welcome ' . $_SESSION['User'].'<br/>';
echo ' User ID ' . $_SESSION['user_id'].'<br/>';
}
else
{
header("location:login/login.php");
}
Though your security is questionable, i’ll answer your question anyway. As stated in another response you aren’t assigning your variables the right way. See an example here
The following code will fix your problems contrary to the other solution:
$query="select * from users where username='".$_POST['username']."' and PWORD='".$_POST['PWORD']."'";
if ($result = mysqli_query($con, $query)) {
/* fetch associative array */
while ($row = mysqli_fetch_assoc($result)) {
$_SESSION['User']=$_POST['username'];
$_SESSION['user_id']=$row['user_id'];
header("location:../manage_event.php");
}
}else {
header("location:login.php?Invalid= Please Enter Correct User Name and Password ");
}
}
Make sure to replace this code with your old fetching code block. Thus in the first ‘else’ clause.
How about assigning the fetched result to $row:
$query="select * from users where username='".$_POST['username']."' and PWORD='".$_POST['PWORD']."'";
$result=mysqli_query($con,$query);
if( $row = mysqli_fetch_assoc($result))
{
$_SESSION['User']=$_POST['username'];
$_SESSION['user_id'] = $row['user_id'];
I have a very simple login system working against a MySql database with 3 columns:
-Username
-Password
-LinkToSite
If the login succeeds, the related LinkToSite (a hyperlink) should open in the browser after hitting the Submit button. How can I achieve this?
<?php
$uname=$_POST['uname'];//username
$password=$_POST['password'];//password
session_start();
$con=mysqli_connect("localhost","root","","login");//mysqli("localhost","username of database","password of database","database name")
$result=mysqli_query($con,"SELECT * FROM `login_info` WHERE `uname`='$uname' && `password`='$password'");
$count=mysqli_num_rows($result);
if($count==1)
{
echo "Login success";
$_SESSION['log']=1;
}
else
{
echo "please fill proper details";
header("refresh:2;url=index.php");// it takes 2 sec to go index page
}
?>
You do not need any JS here , if you use you can get the result without page refresh . But your query and code is not proper due to which you are not getting the result . The following code will give you the result you want .
<?php
$uname=$_POST['uname'];//username
$password=$_POST['password'];//password
//session_start(); //Don't need it here
$con=mysqli_connect("localhost","root","","login");
$result=mysqli_query($con,"SELECT * FROM login_info WHERE uname='".$uname."'"); //Assuming the username to be unique in your database
$count=mysqli_num_rows($result);
if($count==1){
$row=mysqli_fetch_assoc($result);
if ($password == $row['password']){
echo "Login success";
$_SESSION['log']=1;
echo "<script>setTimeout(function(){window.location = '".$row['LinkToSite']."' ;}, 3000) ; </script>" ; //It takes 2 seconds to get re-directed to URL saved in database
}
}
else{
echo "please fill proper details";
echo "<script>setTimeout(function(){window.location = 'index.php' ;}, 2000) ; </script>" ; //It takes 2 seconds to get re-directed to index page
}
?>
It's gonna be some javascript you have to write. something like
if($count==1)
{
echo "Login success";
$_SESSION['log']=1;
echo "<body onpageload=\"dothis();\"></body>
<script>function dothis(){
window.location.replace(\"http://stackoverflow.com\");
}</script>"
}
Please i want logged in user to be able to view and edit their previous details in a mysql database..here is my code so far
<?php session_start(); include 'dpconfig.php';
if (isset($_SESSION['uid']))
{
echo $_SESSION['uid'];
}
else
{
echo "You are not Logged In!"; header("Location: header.php");
}
$n = mysqli_query($conn,"Select * from user");
$run = mysqli_query($conn,"Select * from user");
$row = mysqli_fetch_array($run, MYSQLI_BOTH);
{
$showid = $row[0];
$showfirst = $row[1];
$showlast = $row[2];
$showuid = $row[3];
echo $showid;
echo $showfirst;
}
?>
Thanks
What you need to do when your user have log in you then need to have links in the dashboard to profile page then you need to have a query string in your link
eg
<?php
session_start();
include 'dpconfig.php';
if (isset($_SESSION['uid']))
{
echo $_SESSION['uid'];
echo "<a href=\"profile.php?id=".$_SESSION['uid']."&action=view\">View Profile<a/>";
echo "Edit Profile";
}else{
// not allowed redirect
}
?>
The above code is just a basic dashboard after the user have loggedin, we display to links to profile.php with two query string parameters, namely id we will use this to identify the current user, and action, this one will help us to know what action the user is doing(viewing/editing) their profile
Then once they on any of the link, it will go to the profile.php page with url params. then we use GET method to do our proccessing
Read about Get method here
profile.php
<?php
session_start();
include 'dpconfig.php';
if(isset($_GET['id']) && isset($_GET['action'])){
if($_GET['action'] === "view"){
// show user profile
}
if(isset($_GET['action']) ==="edit"):?>
show html form with profile info to edit then process
<?php
endif;
}else{
// not allowed do something
}
?>
Hope this will atleast point you to the correct direction.
The following is the email verification code for my site.
The verification url sent to the user's email is as follows:
http://www.mywebsite.com/valid.php?confr=2774405&userid=2
Extra notes :
1) key is a column in my database which gets a random value on registration.
2) if $verify == 1 and password_in_db=== user_entered_password, then login takes place in the login page.
<?php
include 'connect.php';
$query = mysql_query("SELECT verify,key FROM users WHERE id = '$_GET['userid']'");
$details = mysql_fetch_assoc($query);
$verify = $details['verify'];
$confirm2 = $details['key'];
if($verify == "1") {
echo "Link Expired . Go to our login page :";
} else {
if (isset($_GET["confr"]) && isset($_GET["userid"])) {
$confirm1 =$_GET["confr"];
if($confirm1 == $confirm2) {
mysql_query("INSERT INTO users (`verify`) VALUES ('1') WHERE id = '$_GET["userid"]' ;");
echo "Thank You For Registering with us . Go to your LOGIN PAGE Here ";
} else {
echo "Invalid link ";
echo "Go to your LOGIN PAGE Here ";
}
} // of if isset
} // of else part
?>
Code for connect.php
<?php
mysql_connect("host", "username", "pass"); //connects to the server
mysql_select_db("database_name"); //selects the database
?>
The problem is that it is giving me a blank screen .
i believe the error lies in the sql
when ever i use a "WHERE" statement i always define as a variable, try this
<?php
include 'connect.php';
$user_id = $_GET["userid"];
$query = mysql_query("SELECT verify,key FROM users WHERE id = '$user_id'");
$details = mysql_fetch_assoc($query);
$verify = $details['verify'];
$confirm2 = $details['key'];
if($verify == "1"){
echo "Link Expired . Go to our login page :";
}
else{
if (isset($_GET["confr"]) && isset($_GET["userid"]))
{
$confirm1 =$_GET["confr"];
if($confirm1 == $confirm2){
mysql_query("INSERT INTO users (`verify`) VALUES ('1') WHERE id = '$user_id'");
echo "Thank You For Registering with us . Go to your LOGIN PAGE Here ";
}
else {
echo "Invalid link ";
echo "Go to your LOGIN PAGE Here ";
}
} // of if isset
} // of else part
?>
also, you have a semi colon in the insert sql
Try this.......
<?php
include 'connect.php';
$user_id = $_GET["userid"];
$query = mysql_query("SELECT verify,key FROM users WHERE id = '$user_id'");
while ($details = mysql_fetch_assoc($query)){
$verify = $details['verify'];
$confirm2 = $details['key'];
}
if($verify == "1"){
echo "Link Expired . Go to our login page :";
}
else{
if (isset($_GET["confr"]) && isset($_GET["userid"]))
{
$confirm1 =$_GET["confr"];
if($confirm1 == $confirm2){
mysql_query("INSERT INTO users (`verify`) VALUES ('1') WHERE id = '$user_id'");
echo "Thank You For Registering with us . Go to your LOGIN PAGE Here ";
}
else {
echo "Invalid link ";
echo "Go to your LOGIN PAGE Here ";
}
} // of if isset
} // of else part
?>
Note: insert statement has no where - as long as you dont use "insert into select..."
http://dev.mysql.com/doc/refman/5.1/de/insert.html
I'm really struggling with this now for a while and can't seem to get it working. In members.php (where I show all the registered users) I have a list printed out with a link "ADD TO FRIENDS" next to each user.
I managed, for testing purposes to display each members id well (so it gets the ID) but when I click the link it directs to the friends.php where it seems the fault is in. I don't know how to get that friend's id I clicked on IN THE friends.php file. Please have a look!
members.php
<?php
include 'connect.php';
include 'header.php';
if(isset($_SESSION['signed_in']) == false || isset($_SESSION['user_level']) != 1 )
{
//the user is not an admin
echo '<br/>';
echo 'Sorry! You have to be <b>logged in</b> to view all the <b>registered</b> members.';
echo '<br/><br/>';
}
else
{
echo '<h2>Registered users:</h2>';
$sql = "SELECT * FROM users ORDER BY user_name ASC";
$result = mysql_query($sql);
$num=mysql_numrows($result);
$i=0;
while ($i < $num)
{
//$name = mysql_result($result,$i,"user_name");
//$id = mysql_result($result,$i,"user_id");
//$picture = mysql_result($result,$i,"pic_location");
//?friend_id="'. $id .'
while($user = mysql_fetch_array($result)){
echo $user['user_name'].'<br/><br/>ADD TO FRIENDS<br/>';
echo $user['user_id'];
echo '<br/><br/>';
}
$i++;
}
///////////////////////////////
/// adding users as friends ///
///////////////////////////////
//while($user = mysql_fetch_array($result))
//echo $user['user_name'].'
//ADD TO FRIENDS<br/>';
//NOW I WANT TO MAKE A SPECIFIC "ADD AS FRIEND" LINK NEXT TO EACH USER
}
include 'footer.php';
?>
As I said I'm not sure how to get this so please have a look! Thanks!
J
friends.php
<?php
include "connect.php";
include "header.php";
if(isset($_SESSION['signed_in']) == false || isset($_SESSION['user_level']) != 1 )
{
//the user is not an admin
echo '<br/>';
echo 'Sorry! You have to be <b>logged in</b> if you want to add the person as a friend!';
echo '<br/><br/>';
}
else
{
$sql = "SELECT * FROM users";
$result = mysql_query($sql);
//friend_id is the ID of the friend that is clicked on...
//HOW DO I GET THAT ID THAT IS CLICKED ON IN THE WHILE "loop" in members.php?
$friends = ("INSERT INTO friends SET user_id='" . $_SESSION['user_id'] . "', friend_id='".$id."', status='0'");
$result_friends = mysql_query($friends);
if(!$friends)
{
//When you can't add this person as a friend this error will show!
echo 'You cannot add this user at this time. Please try again later!';
}
else
{
//When the friend is now added to the system!
echo 'Great! Now the user needs to approve before you can be friends!';
}
}
?>
On your friends.php use
$_GET['user_id']
Instead of $id, $id is undefined, to get the value of id from the query string you call it using an $_GET variable like,
$_GET['name_of_query_string_value']