I have an issue that I made a php code and I made a registration system, now, I have successfully made a user page which is like ( ?id=1 )
But if I view ?id=2 it still shows data for user id=1 (me)
How can i solve that?
And how can i hide the Edit profile button for userid2 if I am not userid2 ?
PHP:
<?
session_start();
include 'db.php';
$iDD = $_SESSION['id'];
?>
edit user Login<br><br>
<?php
$DOO = $_GET['id'];
$SEL= $con->prepare("SELECT * FROM users WHERE id=:id");
$SEL->execute(array(
'id' => $iDD
));
$data = $SEL->fetchall();
foreach ($data as $row){
echo "your username:".$row['user']."<br>";
echo "your user password:".$row['pass']."<br>";
echo "your user id:".$row['id']."<br>";
}
?>
Change as follows;
$SEL->execute(array(
'id' => $DOO
));
You can use an if statement like this:
<?php if ($iDD == 1): ?>
edit user Login<br><br>
<?php endif ?>
Related
I need help. I crated a MySQL database and I connected database with login and registration form. All it´s working. I tried to create page that show all data about user from database. I created tried this code:
<p>Username: <?php echo $_SESSION['username']; ?></p>
<p>Email: <?php echo $_SESSION['email']; ?></p>
<p>Create profile date and time: <?php echo $_SESSION['create_datetime']; ?></p>
But that showed me only username.
I created this from this page.
Can you help me with this? Very much thanks for response!
Inside login.php page you need to assign email and create_datetime to $_SESSION. It should be like
if ($rows == 1) {
while($row = $result->fetch_assoc()) {
$_SESSION['username'] = $row["username"];
$_SESSION['email'] = $row["email"];
$_SESSION['create_datetime'] = $row["create_datetime"];
}
// Redirect to user dashboard page
header("Location: dashboard.php");
}
I want to show JavaScript alert after successful or not data deletion in MSSQL. How to do this? I have written this code but it shows only the message=success part alert everytime, even when the deletion dont work becasue of errors like "conflict with reference(foreign_key)" So when i click on this link.
echo "<a class='activater' href='ma_QualiOverviewloeschen.php?TestaufstellungID=".$row['TestaufstellungID'] ."&QualiID=".$row['QualiID'] ."' title='Qualitest löschen' data-toggle='tooltip' onclick='confirm_delete()'> <span class='glyphicon glyphicon-trash'></span></a>";
It calls the following php Page, which handle the SQL Part:
$QualiDelete =("DELETE FROM MyDB.dbo.Testaufstellung WHERE MyDB.dbo.Testaufstellung.TestaufstellungID = :TestaufstellungID");
$QualiDelete .=("DELETE FROM MyDB.dbo.AllgemeineAngaben WHERE MyDB.dbo.AllgemeineAngaben.QualiID = :QualiID");
$sth = $connection->prepare($QualiDelete);
$sth->execute(array(':TestaufstellungID' => $TestaufstellungID, ':QualiID:' => $QualiID));
if($sth)
{
header("location: ma_QualiOverview.php?message=success");
}
else
{
echo sqlsrv_errors();
header("location: ma_QualiOverview.php?message=failed");
}
$connection = null;
Back to the main page where the link is clicked the following ifelseconsider on messageshould Show me the right alert.
<?php
if($_GET['message']=='success'){
echo '<script language="javascript">';
echo 'alert("Erfolgreich gelöscht.");';
echo '</script>';
} elseif($_GET['message']=='failed'){
echo '<script language="javascript">';
echo 'alert("Nicht gelöscht, da Quali "ongoing" ist.");';
echo '</script>';
}
?>
What do i miss?
$sth will never be falsy, you have to check the return value of $sth->execute
Also, you should echo the errors after sending out the header.
Since $sth is always defined, you always get the success result
See the modified code here
$QualiDelete =("DELETE FROM MyDB.dbo.Testaufstellung WHERE MyDB.dbo.Testaufstellung.TestaufstellungID = :TestaufstellungID");
$QualiDelete .=("DELETE FROM MyDB.dbo.AllgemeineAngaben WHERE MyDB.dbo.AllgemeineAngaben.QualiID = :QualiID");
$sth = $connection->prepare($QualiDelete);//Check the value returned instead of $sth
$result = $sth->execute(array(':TestaufstellungID' => $TestaufstellungID, ':QualiID:' => $QualiID));
if($result )
{
header("location: ma_QualiOverview.php?message=success");
}
else
{
header("location: ma_QualiOverview.php?message=failed");
echo sqlsrv_errors();//Echo must be after header
}
$connection = null;
for account verification process when user click on verfication link . He /She instantly redirects to dashboard . But I want to give a confirmation message that his/her account has been verified for some seconds.
here is my code
<?PHP
require_once 'include/Functions.php';
$db = new DB_Functions();
if(isset($_GET['username'])&&isset($_GET['q']))
{
$username= $_GET['username'];
$hash= $_GET['q'];
$salt = "498#2D83B631%3800EBD!801600D*7E3CC13";
$resetkey = hash('sha512', $salt.$username);
if($hash==$resetkey){
$user = $db->activateAccount($username);
if ($user != false) {
// user is found
echo '<script>';
echo 'document.getElementById("result_status").innerHTML = "<strong>Congratulations! Your Account has been verified .</strong>"';
echo '</script>';
$passwords=$db->getPasswordFromUsername($username);
$users = $db->loginUserWithMdfPassword($username, $passwords);
if ($users != false) {
// password is found
$properlyLogged=true;
if($properlyLogged) {
// season for storing data start here
session_start();
$_SESSION['username']=$username;
header('Location: http://localhost/mywebsite/dashboard.php');
exit();
// season for storing data end here
}}
}
}else {
echo '<script>';
echo 'document.getElementById("result_status").innerHTML = "<strong>Session has been expired.</strong>"';
echo '</script>';
}}
?>
sleep wont work for what you want.
you're redirecting your user using header('location:...'); and you cannot modify header information after you've outputted data (ie - showed message to user).
you'll have to preform the redirect using javascript with a setTimeout
<?PHP
require_once 'include/Functions.php';
$db = new DB_Functions();
if(isset($_GET['username'])&&isset($_GET['q']))
{
$username= $_GET['username'];
$hash= $_GET['q'];
$salt = "498#2D83B631%3800EBD!801600D*7E3CC13";
$resetkey = hash('sha512', $salt.$username);
if($hash==$resetkey){
$user = $db->activateAccount($username);
if ($user != false) {
// user is found
echo '<script>';
echo 'document.getElementById("result_status").innerHTML = "<strong>Congratulations! Your Account has been verified .</strong>";';
// set timeout for 3 seconds - then redirect
echo "setTimout(function(){window.location.href = 'http://localhost/mywebsite/dashboard.php';},3000)"
echo '</script>';
$passwords=$db->getPasswordFromUsername($username);
$users = $db->loginUserWithMdfPassword($username, $passwords);
if ($users != false) {
// password is found
$properlyLogged=true;
if($properlyLogged) {
// season for storing data start here
session_start();
$_SESSION['username']=$username;
//comment out header redirect
//header('Location: http://localhost/mywebsite/dashboard.php');
exit();
// season for storing data end here
}}
This would probably be easier with a JavaScript approach.
instead of header('Location: http://localhost/mywebsite/dashboard.php');
put
echo '<script>setTimeout(function(){window.location.href = "http://localhost/mywebsite/dashboard.php"}, 5 * 1000);</script>'
This will wait for X * 1000 milliseconds (in my example, 5 seconds) and then redirect to the destination.
I have a Index page in Php and a login link. When user login to the site then i want to redirect to the same page (index.php). At the place of login link I want to show the username of the user or client. I have a php login code like this
$error = '';
if (isset($_POST['login']) && !empty($_POST['email'])
&& !empty($_POST['password'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$sel_user = "select * from customer where email='$email' AND password='$password'";
$run_user = mysql_query($sel_user);
$check_user = mysql_num_rows($run_user);
if($check_user == 1){
$_SESSION['email']=$email;
echo "<script>window.open('userinfo.php','_self')</script>";
}
else {
$error = 'Invalid username or password';
}
}
in this code page is redirecting to another page after login but i want to redirect it to same page as index.php. And add links like my account and logout links instead of login link in index.php. I have a Php sessions page code like this
if(!isset($_SESSION))
{
session_start();
}
$login_session=$_SESSION['email'];
if(!isset($_SESSION['email']))
{
// not logged in
header('Location: login.php');
exit();
}
How can i make this for example like flipkart.com. Please help me.
You can do one thing:
Go for the code that you have already written for the login, i.e.,
$error = '';
if (isset($_POST['login']) && !empty($_POST['email'])
&& !empty($_POST['password'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$sel_user = "select * from customer where email='$email' AND password='$password'";
$run_user = mysql_query($sel_user);
$check_user = mysql_num_rows($run_user);
if($check_user == 1){
$_SESSION['email']=$email;
echo "<script>window.open('userinfo.php','_self')</script>";
}
else {
$error = 'Invalid username or password';
}
}
After this you do a check of the session variable
if(!isset($_SESSION))
{
session_start();
}
$login_session=$_SESSION['email'];
if(!isset($_SESSION['email']))
{
// not logged in
header('Location: index.php'); //change the redirect page to index.php
//now customize the menu accoringly
echo "<nav class='your-class'>";
echo "<li>";
echo "<ul>Login</ul>";
//Some more menus
echo "</nav>";
exit();
}
else
{
header('Location: index.php'); //now configure the menu accordingly
//now customize the menu accoringly on login
echo "<nav class='your-class'>";
echo "<li>";
echo "<ul>My Account</ul>";
//Some more menus
echo "<ul>Logout</ul>";
echo "</nav>";
}
But as far as I know this is somewhat tiresome and please try to avoid the queries like this. Use PDO instead. Thanks.
Try this
header('location:'.$_SERVER['PHP_SELF']);
instead of
echo "<script>window.open('userinfo.php','_self')</script>";
and for manage links
<ul>
<?php if(isset($_SESSION['email'])){ ?>
<li><a href="logout.php" >Logout</a></li>
<?php }else{ ?>
<li><a href="index.php" >Home</a></li>
<?php }?>
</ul>
i am trying to modify a session variable in each ajax call (so as to later retreive only the new content from db ) but one session variable $_SESSION['s'] is getting unset in every alt. ajax call ! however the unmodified session variable $_SESSION["iuser"] is working fine . I am testing this on localhost / wamp and coding in npp .
<?php
session_start();
//if(isset($_SESSION["s"]))
$in=$_SESSION["s"];
//echo $_SESSION['sid'];
$link=mysql_connect("localhost","root","");
mysql_select_db("secure_scrapbook") or die("Sorry :( Connection Error");
$query="Select data,user,id from public where public=1 && id>'$in' ORDER BY id DESC";
$result=mysql_query($query);
$i=mysql_fetch_array($result);
$_SESSION["s"]=$i["id"];
//echo $_SESSION['sid'];
if(!($_SESSION["s"]==$in))
{echo 0;
echo $in;
echo $_SESSION["iuser"];
echo $_SESSION["s"];
echo "check<br>";
}
?>
--jquery /ajax -----
<script>
setInterval(function() {
$.ajax({
url: "gets.php",
type : "get" ,
dataType : 'html',
success : function(data){
//$("#public").html(data);}
$("#public").html(data+$("#public").html()+'-');}
});}, 5000); //5 seconds
</script>
May I suggest you debug your calls like this:
<?php
session_start();
if (empty($_SESSION["s"])){
echo 'EMPTY SESSION ';
die;
}
$in = $_SESSION["s"];
$link=mysql_connect("localhost","root","");
mysql_select_db("secure_scrapbook") or die("Sorry :( Connection Error");
$query="Select data,user,id from public where public=1 && id>'$in' ORDER BY id DESC";
$result=mysql_query($query);
$i=mysql_fetch_array($result);
if (empty($i["id"])){
echo 'EMPTY $i';
die;
}
$_SESSION["s"]=$i["id"];
//echo $_SESSION['sid'];
if(!($_SESSION["s"]==$in))
{echo 0;
echo $in;
echo $_SESSION["iuser"];
echo $_SESSION["s"];
echo "check<br>";
}
?>
Each time you get the message EMPTY SESSION or EMPTY $i check:
the ajax headers and try to step-by-step track your problem.
the element in the database does have an ID
the $in is within the boundries of possible ID's
the $in is a number
<?php
session_start();
//if(isset($_SESSION["s"]))
$in=$_SESSION["s"];
//echo $_SESSION['sid'];
$link=mysql_connect("localhost","root","");
mysql_select_db("secure_scrapbook") or die("Sorry :( Connection Error");
$query="Select data,user,id from public where public=1 && id>'$in' ORDER BY id DESC";
$result=mysql_query($query);
if($i=mysql_fetch_array($result))
{
$_SESSION["s"]=$i["id"];
//echo $_SESSION['sid'];
if(!($_SESSION["s"]==$in))
{
echo 0;
echo $in;
echo $_SESSION["iuser"];
echo $_SESSION["s"];
echo "check<br>";
}
}
else
echo "No more Data in table";
?>
Try this and if "No more Data in table" is echoed, it means that your db doesn't have any data satisfying the conditions you set.
One more thing, seeing your code it looks like $_SESSION["s"] will never be equal to $in so i guess you don't need to use the if condition.