if(isset($_POST['uname']))
{
$query = "SELECT * FROM user_info";
$res = $mysqli->query($query);
$num = $res->num_rows;
$i = 0;
$cpwd = $_POST["pswd"];
$hpwd = SHA1($cpwd);
$tmp = $_POST["uname"];
while($i < $num)
{
$row = $res->fetch_object();
$name = $row->Username;
$pwd = $row->Password;
if($name == $tmp)
{
//check if user is blocked
}
//hashed pwd
if($pwd == $hpwd)
{
//success
exit();
}
//request for pwd change
else if($pwd == $cpwd)
{
//change
exit();
}
else if($pwd != $hpwd)
{
//incorrect pwd
}
}
$i++;
}
if($i == $num)
{
//new user
}
}
I'd guess that you're somehow looping past the end of the array and $row is actually NULL.
So $res->fetch_object() did not return an object. Take a look at the documentation of this function. What does it return when it finds nothing?
some times num_rows return 1, even if no rows effected. Try to use
while($row = $res->fetch_object())
or
you forget to increment $i :)
get rid of that junk and make it like this
$query = "SELECT * FROM user_info WHERE Username = ? AND Password = ?";
$stmt = $mysqli->prepare($query);
$stmt->bind_param('ss', $_POST["uname"], SHA1($_POST["pswd"]));
$stmt->execute() or trigger_error($mysqli->error());
if (!$mysqli->affected_rows) {
//no such user
}
I've never used mysqli myself, so, there may be typos.
But I hope you'll be able to get the idea.
Related
I have a login function, but there is one problem, before redirecting to the next page I have to check if $user_data['isikukood'] is in $tootaja_data Maybe i'm doing something wrong? It doesen't works.
PhP
db_connect();
if (isset($_POST['login']) ) {
$kasutajanimi = $_POST['kasutajanimi'];
$password = $_POST['pass'];
$query = mysql_query("SELECT * FROM isik WHERE nimi='$kasutajanimi'");
$query_tootaja = mysql_query("SELECT isikukood FROM tootaja");
$user_data = mysql_fetch_array($query);
$count = 0;
$tootaja_data = array();
while($row = mysql_fetch_assoc($query_tootaja))
{
$tootaja_data[$count] = $row;
$count++;
}
if($user_data['parool'] == $password){
foreach($tootaja_data as $value){
if($user_data['isikukood'] == $value){
header('Location: ../main.php/?view=tootaja');
}else{
header('Location: ../main.php/?view=klient');
}
}
// print_arr($tootaja_data);
}else{
header('Location: ../index.php');
}
}
In you code, you are comparing an entire array to a string.
the $value in your loop looks most likely something like:
$value = array('isikukood ' => 'string');
What you should do is use in_array
if(in_array($user_data['isikukood'], $value)){ ...
or compare the exact elements:
if ($user_data['isikukood'] == $value['isikukood']){ ...
<?php
if ($username = $_GET['username'])
{
$sql = "SELECT * FROM posts WHERE username='$username'";
$q = $db->prepare($sql);
$q->execute();
while($q->fetch(PDO::FETCH_ASSOC))
{
echo "$username<br/>";
}
}
?>
Hello everybody. I wanna if username for ex Baran just fetch baran's posts. I have these code and I am getting usernames but when I try the get post date from posts table it does not work. What am I suppose to do.
i think its a typo
if ($username = $_GET['username']) {// assingment
change to:
if ($username == $_GET['username']) {//equal
use preparedStatement to avoid sql injection:
<?php
if ($username == $_GET['username']) {
$sql = "SELECT * FROM posts WHERE username = :user ";
$q = $db->prepare($sql);
$q->bindValue(':user', $username);
$q->execute();
while($row = $q->fetch(PDO::FETCH_ASSOC)) {
echo $row['username'] .'<br/>';
}
}
Are you looking something similar? change if ($username == $_GET['username']) {
while($row = $q->fetchAll(PDO::FETCH_ASSOC))
{
echo $row['username'];
}
You have to assign the result of $q->fetch to some variable. See fetch() documentation.
In your example you just echo the value used as input.
inside if you should always be using ==
eg:if($i ==1)
{
something here
}
else
{
something else
}
I'm a fairly new programmer, especially in PHP as i have come from a VB environment.
Below is the function I am having troubles with, as you can see i have had quite a few attempts (in comments). I thought id leave the comments there in case i'm closer with my other attempts.
I have never used PDO before and as you can see this function pretty much allows the user to log in.
The line if($temp == $_POST['password']) is where the problem is. Apparently $temp is undefined, but i cannot see why, i have even declared it at the top of the function to be sure. Anyone have any ideas?
public function load_user_data() {
$temp;
$sql;
try{
// $STH = dbHandler::$DBH->prepare("SELECT * FROM tblCustomer WHERE email = :email");
// $STH->bindValue(':email', $this->email);
// $STH->execute();
// $posts = $STH->fetch(PDO::FETCH_ASSOC); //If only fetch 1 line use just "fetch" instead of "fetchAll"
// echo '<pre>';
// print_r($posts);
// echo '</pre>';
//--------
$STH = dbHandler::$DBH->prepare("SELECT password FROM tblCustomer WHERE email = :email");
$STH->bindValue(':email', $_POST['usermail']);
$STH->setFetchMode(PDO::FETCH_ASSOC);
while($row = $STH->fetch()) {
$temp = $row;
}
//$temp = $STH->fetch(['password']);
// while($row = $STH->fetch()) {
// $temp = $row['password'];
// }
//--------
// $sql = "SELECT password FROM tblCustomer WHERE email = :email";
// $stmt = $PDO->query($sql);
// $row = $stmt->fetchObject();
// $temp = $row->password;
if($temp == $_POST['password']) {
$STH = dbHandler::$DBH->prepare("SELECT * FROM tblCustomer WHERE email = :email");
$STH->bindValue(':email', $this->email);
$STH->setFetchMode(PDO::FETCH_ASSOC);
echo("we have reached here");
while($row = $STH->fetch()) {
$firstname = $row['firstName'];
$lastname = $row['secondName'];
$title = $row['title'];
$companyname = $row['companyName'];
$email = $row['email'];
$phone = $row['phone'];
$email = $row['mobile'];
$startdate = $row['startDate'];
$isauthorised = $row['isAuthorised'];
$accstop = $row['accStop'];
$stopdate = $row['stopdate'];
}
}
}
catch (PDOException $e) {
print $e->getMessage();
}
}
The problem is here:
$STH = dbHandler::$DBH->prepare("SELECT password FROM tblCustomer WHERE email = :email");
$STH->bindValue(':email', $_POST['usermail']);
$STH->setFetchMode(PDO::FETCH_ASSOC);
while($row = $STH->fetch()) {
$temp = $row;
}
First, you need to do:
$STH->execute();
before you try to fetch rows.
Second, if the query doesn't match any rows, your while loop will never go into the body, so $temp will not be set. Since you apparently only expect to get one row from the query, you don't need to use while. Instead, do:
if ($temp = $STH->execute()) {
// all the code that depends on finding a row goes here
...
}
Inside that block, you'll need to do:
if ($temp['password'] == $_POST['password'])
I have a site where users can join groups and post topics related to that group, I am having an issue where regardless of the user result, it just shows "member" even on a test account that has no records in the database, can someone please explain what I am doing wrong, thank you.
<?php
$id = $_GET['gid'];
$user = $_SESSION['user_id'];
$iropen = "SELECT * FROM `group_users` WHERE user_id='$user' AND group_id='$id'";
$resultg = mysql_query($iropen);
$rows = mysql_fetch_array($resultg);
if ($rows['accepted'] = 1) {
echo 'member';
} else {
echo 'pending';
}
if ($resultg < 1) {
echo 'join';
}
?>
if ($rows['accepted'] = 1) {
You need two == here.
if ($rows['accepted'] == 1) {
PHP's operator reference, if you need it: http://www.php.net/manual/en/language.operators.php
What #vinodadhikary is saying is that you have single equal-sign instead of the double-equal-sign in your first IF clause. It should be:
if ($rows['accepted'] == 1)...
<?php
$id = $_GET['gid'];
$user = $_SESSION['user_id'];
$iropen = "SELECT * FROM `group_users` WHERE user_id='$user' AND group_id='$id'";
$resultg = mysql_query($iropen);
$rows = mysql_fetch_array($resultg);
$num_results = mysql_num_rows($resultg);
if ($num_results < 1) {
echo "join";
} else if ($rows['accepted'] == 1) {
echo "member";
} else {
echo "pending";
}
?>
Try this
<?php
$id = $_GET['gid'];
$user = $_SESSION['user_id'];
$iropen = "SELECT * FROM `group_users` WHERE user_id='".$user."' AND group_id='".$id."'";
if($resultg = mysql_query($iropen)){
$rows = mysql_fetch_array($resultg)
}
if (mysql_num_rows($resultg) < 1) {
echo 'join';
}else if ($rows['accepted'] == 1) {
echo 'member';
} else {
echo 'pending';
}
?>
In following code I have upgraded function from MYSQL into MYSQLI, I got some help in my previous posts and they said what should be done.. but now comes the question how to do it..
The thing is to set id before return, otherwise I still will be receiving user ID = 1 no matter on which account I login.
function user_id_from_username($username) {
$username = sanitize($username);
global $db_connect;
$result = $db_connect->query("SELECT(id) FROM members WHERE username = '$username'");
if (false === $result) {
return false;
}
return ($result->num_rows == 1) ? id : false;
I tried to do as in my old MYSQL code, but then it gives error.
My old code:
function user_id_from_username($username){
$username = sanitize ($username);
return mysql_result(mysql_query("SELECT(id) FROM members WHERE username = '$username'"), 0, 'id');
}
I would be grateful for any help!
I didn't try it out but this should work right?
I also put $db_connect as parameter because its safer but it's up to you.
function user_id_from_username($username) {
$username = sanitize($username);
global $db_connect;
$result = $db_connect->query("SELECT id FROM members WHERE username = '".$db_connect->real_escape_string($username)."'");
if (!$result) {
return false;
}
if($result->num_rows == 1){
$row = $result->fetch_assoc();
$output = $row['id'];
}
else{
$output = "Username does not exist in table or is a duplicate.";
}
return $output;
}
Did you try fetch_array or mysqli_fetch_array?
$row = $result->fetch_array(MYSQLI_ASSOC);
// or
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
// and returning
return $row['id'] ? $row['id'] : false;
return ($result->num_rows == 1) ? id : false;
should be
if(mysqli_num_rows($result) ===1 ){
$row = mysqli_fetch_assoc($result);
return intval($row['id']);
}
return false;