SitePoint Sponsor

User Tag List

Page 2 of 6 FirstFirst 123456 LastLast
Results 26 to 50 of 126
  1. #26
    SitePoint Enthusiast
    Join Date
    Feb 2014
    Posts
    67
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Drummin View Post
    So you've fixed all errors...
    usename = username
    channel_name = channel_username
    Duplicate empty($v_title)
    Changed OR to ||

    Established the $db is resource
    Escaped all data before insert into database
    Checked that all database field names match.

    Then I would suggest adding mysqli_error($db) to your query.
    PHP Code:
    $db->query("INSERT INTO submitted_forms (`username`,`rank`,`channel_username`,`video_link`,`video_title`,`video_description`,`video_tags`,`music_sources`,`special_requests`) VALUES ('$username','$rank','$c_name','$v_link','$v_title','$v_desc','$v_tags','$m_sources','$s_requests')") or die(mysqli_error($db)); 
    I still have this error "Call to a member function query() on a non-object on line 37" And its this
    Code:
    $getRank = $db->query("SELECT * FROM users WHERE username = '".$_SESSION['username']."'");
            while ($row = $getRank->fetch_assoc())

  2. #27
    SitePoint Guru bronze trophy
    Join Date
    Feb 2013
    Posts
    772
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    And how about with this.
    PHP Code:
    $username mysqli_real_escape_string ($db$_SESSION['username']);
    $query "SELECT rank FROM users WHERE username = '$username'";
    $getRank $db->query($query) or die(mysqli_error($db));
    while (
    $row $getRank->fetch_assoc())
    {    
        
    $rank $row['rank'];

    And you shouldn't need a WHILE loop here.
    PHP Code:
    $username mysqli_real_escape_string ($db$_SESSION['username']);
    $query "SELECT rank FROM users WHERE username = '$username'";
    $getRank $db->query($query) or die(mysqli_error($db));
    $row $getRank->fetch_assoc();
        
    $rank $row['rank']; 

  3. #28
    SitePoint Guru bronze trophy
    Join Date
    Feb 2013
    Posts
    772
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Looking back on POST #18 I'm not sure I like the format of the top section.
    PHP Code:
    <?php 
    session_start
    ();

    if(isset(
    $_SESSION['rank']) && $_SESSION['rank'] == "partner"){}else{
        
    header("location: ../index.php");
        exit;
    }
    include 
    "menu.php";
    include 
    "header.php";
    ?>
    Can I assume your connection is in menu.php or header.php?

    Anyway, I don't like how you've got $_SESSION['username']; just sitting there, using header("location:") without exit; and using "AND" instead of &&.

    Also, it does seems a bit odd that you are saying here that $_SESSION['rank'] MUST be set and that the value must be partner and then you go and query the DB to get the username and rank, when both these values must already be set to session.

  4. #29
    SitePoint Enthusiast
    Join Date
    Feb 2014
    Posts
    67
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Drummin View Post
    Looking back on POST #18 I'm not sure I like the format of the top section.
    PHP Code:
    <?php 
    session_start
    ();

    if(isset(
    $_SESSION['rank']) && $_SESSION['rank'] == "partner"){}else{
        
    header("location: ../index.php");
        exit;
    }
    include 
    "menu.php";
    include 
    "header.php";
    ?>
    Can I assume your connection is in menu.php or header.php?

    Anyway, I don't like how you've got $_SESSION['username']; just sitting there, using header("location:") without exit; and using "AND" instead of &&.

    Also, it does seems a bit odd that you are saying here that $_SESSION['rank'] MUST be set and that the value must be partner and then you go and query the DB to get the username and rank, when both these values must already be set to session.
    Ok, to be honest. I didn't really do to much of this code and don't know much about it. Someone did most of it so i'm trying to fix the errors they've done and finish everything else I need. I really appreciate your help and i'll see if your codes in the above posts work because this is really stressful haha, but thank you for all the help you've been giving me.

  5. #30
    SitePoint Enthusiast
    Join Date
    Feb 2014
    Posts
    67
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Drummin View Post
    Looking back on POST #18 I'm not sure I like the format of the top section.
    PHP Code:
    <?php 
    session_start
    ();

    if(isset(
    $_SESSION['rank']) && $_SESSION['rank'] == "partner"){}else{
        
    header("location: ../index.php");
        exit;
    }
    include 
    "menu.php";
    include 
    "header.php";
    ?>
    Can I assume your connection is in menu.php or header.php?

    Anyway, I don't like how you've got $_SESSION['username']; just sitting there, using header("location:") without exit; and using "AND" instead of &&.

    Also, it does seems a bit odd that you are saying here that $_SESSION['rank'] MUST be set and that the value must be partner and then you go and query the DB to get the username and rank, when both these values must already be set to session.
    Also, the connection is in the config file, but I took it out by accident when I pasted it, don't know why.

  6. #31
    SitePoint Guru bronze trophy
    Join Date
    Feb 2013
    Posts
    772
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    I will try one more time with this version. I'm still questioning that $db is set and your session values. I've tested this with both types of connections below.
    PHP Code:
    <?php
    $host 
    "localhost";  
    //Database user name.    
    $login "";
    //Database Password.
    $dbpass "";
    //Database name.
    $dbname "";
    $db mysqli_connect("$host""$login""$dbpass""$dbname");
    ?>
    AND
    PHP Code:
    <?php
    $host 
    "localhost";  
    //Database user name.    
    $login "";
    //Database Password.
    $dbpass "";
    //Database name.
    $dbname "";
    $db = new mysqli("$host""$login""$dbpass""$dbname");
    ?>
    And the page with an extra check for $_SESSION['username'] before query as I've still not heard from you that you are sure these session values are set. I've left the query for rank in the script as the top condition is now looking for a rank of partner or admin.
    PHP Code:
    <?php 
    session_start
    ();
    include (
    "config.php");

    if(isset(
    $_SESSION['rank']) && ($_SESSION['rank'] == "partner" || $_SESSION['rank'] == "admin")){}else{
        
    header("location: ../index.php");
        exit;
    }
    include (
    "menu.php");
    include (
    "header.php");

        if(isset(
    $_POST['submit']))
        {
            
    $c_name     trim($_POST['channel_name']);
            
    $v_link     trim($_POST['video_link']);
            
    $v_title    trim($_POST['video_title']);
            
    $v_desc     trim($_POST['video_description']);
            
    $v_tags     trim($_POST['video_tags']);
            
    $m_sources  trim($_POST['music_sources']);
            
    $s_requests trim($_POST['special_requests']);
            
            if(empty(
    $c_name) || empty($v_link) || empty($v_title) || empty($v_desc) || empty($v_tags))
            {
                echo 
    'You must fill in the first 5 fields.';
            }
            else
            {
                if(!isset(
    $_SESSION['username'])){
                    echo 
    'Session is not set';
                }else{            
                    
    $username mysqli_real_escape_string ($db$_SESSION['username']);
                    
    $query "SELECT rank FROM users WHERE username = '$username'";
                    
    $getRank $db->query($query) or die(mysqli_error($db));
                    
    $row $getRank->fetch_assoc();
                    
    $rank $row['rank'];
        
                    
                    
    $rank mysqli_real_escape_string ($db$rank);
                    
    $c_name mysqli_real_escape_string ($db$c_name);
                    
    $v_link mysqli_real_escape_string ($db$v_link);
                    
    $v_title mysqli_real_escape_string ($db$v_title);
                    
    $v_desc mysqli_real_escape_string ($db$v_desc);
                    
    $v_tags mysqli_real_escape_string ($db$v_tags);
                    
    $m_sources mysqli_real_escape_string ($db$m_sources);
                    
    $s_requests mysqli_real_escape_string ($db$s_requests);
                    
                    
    $sql ="INSERT INTO submitted_forms (`username`,`rank`,`channel_username`,`video_link`,`video_title`,`video_description`,`video_tags`,`music_sources`,`special_requests`) VALUES ('$username','$rank','$c_name','$v_link','$v_title','$v_desc','$v_tags','$m_sources','$s_requests')";
                    
    //echo $sql;
                    
    $db->query($sql) or die(mysqli_error($db));
                    echo 
    'Form submitted successfully.';
                }
            }
        }
    ?>

    <form action="" method="post">
          <p>Channel name <input type="text" name="channel_name" required>*</p>
          <p>Video Link   <input type="text" name="video_link" required>*</p>
          <p>Video Title  <input type="text" name="video_title" required>*</p>
          <p>Video Description <input type="text" name="video_description" required>*</p>
          <p>Video Tags   <input type="text" name="video_tags" required>*</p>
          <p>Music Sources <input type="text" name="music_sources"></p>
          <p>Special Requests <input type="text" name="special_requests"></p>
          <br></br>
          <p><input type="submit" name="submit" value="Submit"></p>
        </form>
    </body>
    </html>

  7. #32
    SitePoint Enthusiast
    Join Date
    Feb 2014
    Posts
    67
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Drummin View Post
    I will try one more time with this version. I'm still questioning that $db is set and your session values. I've tested this with both types of connections below.
    PHP Code:
    <?php
    $host 
    "localhost";  
    //Database user name.    
    $login "";
    //Database Password.
    $dbpass "";
    //Database name.
    $dbname "";
    $db mysqli_connect("$host""$login""$dbpass""$dbname");
    ?>
    AND
    PHP Code:
    <?php
    $host 
    "localhost";  
    //Database user name.    
    $login "";
    //Database Password.
    $dbpass "";
    //Database name.
    $dbname "";
    $db = new mysqli("$host""$login""$dbpass""$dbname");
    ?>
    And the page with an extra check for $_SESSION['username'] before query as I've still not heard from you that you are sure these session values are set. I've left the query for rank in the script as the top condition is now looking for a rank of partner or admin.
    PHP Code:
    <?php 
    session_start
    ();
    include (
    "config.php");

    if(isset(
    $_SESSION['rank']) && ($_SESSION['rank'] == "partner" || $_SESSION['rank'] == "admin")){}else{
        
    header("location: ../index.php");
        exit;
    }
    include (
    "menu.php");
    include (
    "header.php");

        if(isset(
    $_POST['submit']))
        {
            
    $c_name     trim($_POST['channel_name']);
            
    $v_link     trim($_POST['video_link']);
            
    $v_title    trim($_POST['video_title']);
            
    $v_desc     trim($_POST['video_description']);
            
    $v_tags     trim($_POST['video_tags']);
            
    $m_sources  trim($_POST['music_sources']);
            
    $s_requests trim($_POST['special_requests']);
            
            if(empty(
    $c_name) || empty($v_link) || empty($v_title) || empty($v_desc) || empty($v_tags))
            {
                echo 
    'You must fill in the first 5 fields.';
            }
            else
            {
                if(!isset(
    $_SESSION['username'])){
                    echo 
    'Session is not set';
                }else{            
                    
    $username mysqli_real_escape_string ($db$_SESSION['username']);
                    
    $query "SELECT rank FROM users WHERE username = '$username'";
                    
    $getRank $db->query($query) or die(mysqli_error($db));
                    
    $row $getRank->fetch_assoc();
                    
    $rank $row['rank'];
        
                    
                    
    $rank mysqli_real_escape_string ($db$rank);
                    
    $c_name mysqli_real_escape_string ($db$c_name);
                    
    $v_link mysqli_real_escape_string ($db$v_link);
                    
    $v_title mysqli_real_escape_string ($db$v_title);
                    
    $v_desc mysqli_real_escape_string ($db$v_desc);
                    
    $v_tags mysqli_real_escape_string ($db$v_tags);
                    
    $m_sources mysqli_real_escape_string ($db$m_sources);
                    
    $s_requests mysqli_real_escape_string ($db$s_requests);
                    
                    
    $sql ="INSERT INTO submitted_forms (`username`,`rank`,`channel_username`,`video_link`,`video_title`,`video_description`,`video_tags`,`music_sources`,`special_requests`) VALUES ('$username','$rank','$c_name','$v_link','$v_title','$v_desc','$v_tags','$m_sources','$s_requests')";
                    
    //echo $sql;
                    
    $db->query($sql) or die(mysqli_error($db));
                    echo 
    'Form submitted successfully.';
                }
            }
        }
    ?>

    <form action="" method="post">
          <p>Channel name <input type="text" name="channel_name" required>*</p>
          <p>Video Link   <input type="text" name="video_link" required>*</p>
          <p>Video Title  <input type="text" name="video_title" required>*</p>
          <p>Video Description <input type="text" name="video_description" required>*</p>
          <p>Video Tags   <input type="text" name="video_tags" required>*</p>
          <p>Music Sources <input type="text" name="music_sources"></p>
          <p>Special Requests <input type="text" name="special_requests"></p>
          <br></br>
          <p><input type="submit" name="submit" value="Submit"></p>
        </form>
    </body>
    </html>
    Finally!!! Thank you so much, it finally worked! Now, do you know how I would do the table I was talking about in the OP?

  8. #33
    SitePoint Guru bronze trophy
    Join Date
    Feb 2013
    Posts
    772
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Are you referring to Status as in video online or offline? If that's the case, you can just add a field to submitted_forms named `status` (int) and update the record as needed e.g. (0,1) where online would be 1.

  9. #34
    SitePoint Enthusiast
    Join Date
    Feb 2014
    Posts
    67
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Drummin View Post
    Are you referring to Status as in video online or offline? If that's the case, you can just add a field to submitted_forms named `status` (int) and update the record as needed e.g. (0,1) where online would be 1.
    No like, I know what to do for the status and everything, but how would I do the table? Like how would I just pull that users submissions and no one elses? I want there own submissions to be displayed in a table for them to see.

  10. #35
    SitePoint Guru bronze trophy
    Join Date
    Feb 2013
    Posts
    772
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Very rough...

    Admin
    PHP Code:
    <?php
    session_start
    ();
    include (
    "config.php");

    if(isset(
    $_SESSION['rank']) && ($_SESSION['rank'] == "partner" || $_SESSION['rank'] == "admin")){}else{
        
    header("location: ../index.php");
        exit;
    }
    //Show all or single id
    if(isset($_GET['id'])){
        
    $id mysqli_real_escape_string ($db$_GET['id']);
        
    $condition "WHERE u.user_id = '$id'";
    }else{ 
        
    $condition "ORDER BY u.name ASC";
    }
    $sql "SELECT 
    `sf`.`id`,
    `u`.`name`,
    `sf`.`rank`,
    `sf`.`channel_username`,
    `sf`.`video_link`,
    `sf`.`video_title`,
    `sf`.`video_description`,
    `sf`.`video_tags`,
    `sf`.`music_sources`,
    `sf`.`special_requests`
    FROM `users` AS u 
    LEFT JOIN `submitted_forms` AS sf
    ON sf.username = u.username 
    $condition";
    $result $db->query($sql) or die(mysqli_error($db));
    ?>
    <?xml version
    ="1.0" encoding="windows-1252"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
        "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title></title>
    <style type="text/css">
    .display {
      width:100%;
      background-color:#E5E5E5;
      color:#000000;  
      font-family: Arial;
      font-size: 13px;
    }
    .display th{
      background-color:#84848E;
      color:#FFF;
      font-size: 12px;
      font-weight:bold;
      text-align:center;
    }
    .display td{
      background-color:#FFF;
      color:#00000;
      font-weight:normal;
    }
    .display .head td{
      background-color:#B1B1BE;
      color:#00000;
      font-weight:bold;
    }
    </style>
    </head>
    <body>
    <table border=0 summary="" cellspacing="1" cellpadding="1" class="display">
    <?php
    $headrows 
    = array();
    while (
    $row $result->fetch_assoc()){
        if(!
    in_array($row['name'],$headrows)){
            echo 
    '<tr>
                    <th colspan="6">'
    .$row['name'].' (Rank: '.$row['rank'].')</th>
                </tr>
                <tr class="head">
                    <td>Channel Name</td>
                    <td>Title</td>
                    <td>Description</td>
                    <td>Video Tags</td>
                    <td>Music Sources</td>
                    <td>Special Requests</td>
                </tr>'
    ;         
            
    $headrows[] = $row['name'];
        }
            
        echo 
    '<tr>
                <td>'
    .$row['channel_username'].'</td>
                <td><a href="'
    .$row['video_link'].'">'.$row['video_title'].'</a></td>
                <td>'
    .$row['video_description'].'</td>
                <td>'
    .$row['video_tags'].'</td>
                <td>'
    .$row['music_sources'].'</td>
                <td>'
    .$row['special_requests'].'</td>
            </tr>'
    ;
    }
    ?>
    </table>
    </body>
    </html>
    Logged in user
    PHP Code:
    <?php
    session_start
    ();
    include (
    "config.php");

    if(isset(
    $_SESSION['username'])){}else{
        
    header("location: ../index.php");
        exit;
    }

    $username mysqli_real_escape_string ($db$_SESSION['username']); 
    $sql "SELECT 
    `sf`.`id`,
    `u`.`name`,
    `sf`.`rank`,
    `sf`.`channel_username`,
    `sf`.`video_link`,
    `sf`.`video_title`,
    `sf`.`video_description`,
    `sf`.`video_tags`,
    `sf`.`music_sources`,
    `sf`.`special_requests`
    FROM `users` AS u 
    LEFT JOIN `submitted_forms` AS sf
    ON sf.username = u.username 
    WHERE u.username = '
    $username'";
    $result $db->query($sql) or die(mysqli_error($db));
    ?>
    <?xml version
    ="1.0" encoding="windows-1252"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
        "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title></title>
    <style type="text/css">
    .display {
      width:100%;
      background-color:#E5E5E5;
      color:#000000;  
      font-family: Arial;
      font-size: 13px;
    }
    .display th{
      background-color:#84848E;
      color:#FFF;
      font-size: 12px;
      font-weight:bold;
      text-align:center;
    }
    .display td{
      background-color:#FFF;
      color:#00000;
      font-weight:normal;
    }  
    .display .head td{
      background-color:#B1B1BE;
      color:#00000;
      font-weight:bold;
    }
    </style>
    </head>
    <body>
    <table border=0 summary="" cellspacing="1" cellpadding="1" class="display">
    <?php
    $headrows 
    = array();
    while (
    $row $result->fetch_assoc()){
        if(!
    in_array($row['name'],$headrows)){
            echo 
    '<tr>
                    <th colspan="6">'
    .$row['name'].' (Rank: '.$row['rank'].')</th>
                </tr>
                <tr class="head">
                    <td>Channel Name</td>
                    <td>Title</td>
                    <td>Description</td>
                    <td>Video Tags</td>
                    <td>Music Sources</td>
                    <td>Special Requests</td>
                </tr>'
    ;         
            
    $headrows[] = $row['name'];
        }
            
        echo 
    '<tr>
                <td>'
    .$row['channel_username'].'</td>
                <td><a href="'
    .$row['video_link'].'">'.$row['video_title'].'</a></td>
                <td>'
    .$row['video_description'].'</td>
                <td>'
    .$row['video_tags'].'</td>
                <td>'
    .$row['music_sources'].'</td>
                <td>'
    .$row['special_requests'].'</td>
            </tr>'
    ;
    }
    ?>
    </table>
    </body>
    </html>

  11. #36
    SitePoint Guru bronze trophy
    Join Date
    Feb 2013
    Posts
    772
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    This version of "Admin" turns username into a link to show just records by this user. Be sure to edit the page name variable line 5.
    PHP Code:
    <?php
    session_start
    ();
    include (
    "config.php");
    // page name
    $pagename "mypage.php";

    if(isset(
    $_SESSION['rank']) && ($_SESSION['rank'] == "partner" || $_SESSION['rank'] == "admin")){}else{
        
    header("location: ../index.php");
        exit;
    }
    //Show all or single id
    if(isset($_GET['id'])){
        
    $id mysqli_real_escape_string ($db$_GET['id']);
        
    $condition "WHERE u.user_id = '$id'";
    }else{ 
        
    $condition "ORDER BY u.name ASC";
    }
    $sql "SELECT 
    `sf`.`id`,
    `u`.`user_id`,
    `u`.`name`,
    `sf`.`rank`,
    `sf`.`channel_username`,
    `sf`.`video_link`,
    `sf`.`video_title`,
    `sf`.`video_description`,
    `sf`.`video_tags`,
    `sf`.`music_sources`,
    `sf`.`special_requests`
    FROM `users` AS u 
    LEFT JOIN `submitted_forms` AS sf
    ON sf.username = u.username 
    $condition";
    $result $db->query($sql) or die(mysqli_error($db));
    ?>
    <?xml version
    ="1.0" encoding="windows-1252"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
        "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title></title>
    <style type="text/css">
    .display {
      width:100%;
      background-color:#E5E5E5;
      color:#000000;  
      font-family: Arial;
      font-size: 13px;
    }
    .display th{
      background-color:#84848E;
      color:#FFF;
      font-size: 12px;
      font-weight:bold;
      text-align:center;
    }
    .display th i{
      font-weight:normal;
      font-style:normal;
    }
    .display td{
      background-color:#FFF;
      color:#000000;
      font-weight:normal;
    }
    .display .head td{
      background-color:#B1B1BE;
      color:#00000;
      font-weight:bold;
    }
    .display th a:link{
      padding: 0 8px;
      color:#FFF;
      text-decoration:none;
    }
    .display th a:hover{
      text-decoration:underline;
    }
    </style>
    </head>
    <body>
    <table border=0 summary="" cellspacing="1" cellpadding="1" class="display">
    <?php
    $headrows 
    = array();
    while (
    $row $result->fetch_assoc()){
        if(!
    in_array($row['name'],$headrows)){
            echo 
    '<tr>
                    <th colspan="6"><a href="'
    .$pagename.'?id='.$row['user_id'].'">'.$row['name'].'</a><i>(Rank: '.$row['rank'].')</i><a href="'.$pagename.'">Show All</a></th>
                </tr>
                <tr class="head">
                    <td>Channel Name</td>
                    <td>Title</td>
                    <td>Description</td>
                    <td>Video Tags</td>
                    <td>Music Sources</td>
                    <td>Special Requests</td>
                </tr>'
    ;         
            
    $headrows[] = $row['name'];
        }
            
        echo 
    '<tr>
                <td>'
    .$row['channel_username'].'</td>
                <td><a href="'
    .$row['video_link'].'">'.$row['video_title'].'</a></td>
                <td>'
    .$row['video_description'].'</td>
                <td>'
    .$row['video_tags'].'</td>
                <td>'
    .$row['music_sources'].'</td>
                <td>'
    .$row['special_requests'].'</td>
            </tr>'
    ;
    }
    ?>
    </table>
    </body>
    </html>

  12. #37
    SitePoint Enthusiast
    Join Date
    Feb 2014
    Posts
    67
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Drummin View Post
    This version of "Admin" turns username into a link to show just records by this user. Be sure to edit the page name variable line 5.
    PHP Code:
    <?php
    session_start
    ();
    include (
    "config.php");
    // page name
    $pagename "mypage.php";

    if(isset(
    $_SESSION['rank']) && ($_SESSION['rank'] == "partner" || $_SESSION['rank'] == "admin")){}else{
        
    header("location: ../index.php");
        exit;
    }
    //Show all or single id
    if(isset($_GET['id'])){
        
    $id mysqli_real_escape_string ($db$_GET['id']);
        
    $condition "WHERE u.user_id = '$id'";
    }else{ 
        
    $condition "ORDER BY u.name ASC";
    }
    $sql "SELECT 
    `sf`.`id`,
    `u`.`user_id`,
    `u`.`name`,
    `sf`.`rank`,
    `sf`.`channel_username`,
    `sf`.`video_link`,
    `sf`.`video_title`,
    `sf`.`video_description`,
    `sf`.`video_tags`,
    `sf`.`music_sources`,
    `sf`.`special_requests`
    FROM `users` AS u 
    LEFT JOIN `submitted_forms` AS sf
    ON sf.username = u.username 
    $condition";
    $result $db->query($sql) or die(mysqli_error($db));
    ?>
    <?xml version
    ="1.0" encoding="windows-1252"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
        "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title></title>
    <style type="text/css">
    .display {
      width:100%;
      background-color:#E5E5E5;
      color:#000000;  
      font-family: Arial;
      font-size: 13px;
    }
    .display th{
      background-color:#84848E;
      color:#FFF;
      font-size: 12px;
      font-weight:bold;
      text-align:center;
    }
    .display th i{
      font-weight:normal;
      font-style:normal;
    }
    .display td{
      background-color:#FFF;
      color:#000000;
      font-weight:normal;
    }
    .display .head td{
      background-color:#B1B1BE;
      color:#00000;
      font-weight:bold;
    }
    .display th a:link{
      padding: 0 8px;
      color:#FFF;
      text-decoration:none;
    }
    .display th a:hover{
      text-decoration:underline;
    }
    </style>
    </head>
    <body>
    <table border=0 summary="" cellspacing="1" cellpadding="1" class="display">
    <?php
    $headrows 
    = array();
    while (
    $row $result->fetch_assoc()){
        if(!
    in_array($row['name'],$headrows)){
            echo 
    '<tr>
                    <th colspan="6"><a href="'
    .$pagename.'?id='.$row['user_id'].'">'.$row['name'].'</a><i>(Rank: '.$row['rank'].')</i><a href="'.$pagename.'">Show All</a></th>
                </tr>
                <tr class="head">
                    <td>Channel Name</td>
                    <td>Title</td>
                    <td>Description</td>
                    <td>Video Tags</td>
                    <td>Music Sources</td>
                    <td>Special Requests</td>
                </tr>'
    ;         
            
    $headrows[] = $row['name'];
        }
            
        echo 
    '<tr>
                <td>'
    .$row['channel_username'].'</td>
                <td><a href="'
    .$row['video_link'].'">'.$row['video_title'].'</a></td>
                <td>'
    .$row['video_description'].'</td>
                <td>'
    .$row['video_tags'].'</td>
                <td>'
    .$row['music_sources'].'</td>
                <td>'
    .$row['special_requests'].'</td>
            </tr>'
    ;
    }
    ?>
    </table>
    </body>
    </html>
    Hmm thank you! Does this show like for that specific user. Like so in the partner dashboard I want it to display there submissions, but anyway you get it. Thank you for all your help, I really appreciate it! I'll post back and tell you if it worked!

  13. #38
    SitePoint Guru bronze trophy
    Join Date
    Feb 2013
    Posts
    772
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    You would use the "Logged in user" style code from above to only show records based $_SESSION['username'].

  14. #39
    SitePoint Enthusiast
    Join Date
    Feb 2014
    Posts
    67
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Drummin View Post
    You would use the "Logged in user" style code from above to only show records based $_SESSION['username'].
    It works thank you! Do you know how to do pagination? I cannot get it to work and I don't want all there submissions on the same page.

  15. #40
    SitePoint Guru bronze trophy
    Join Date
    Feb 2013
    Posts
    772
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    There are many ways to paginate. I prefer to query one time building a data set then show the part being requested. Something like this.
    PHP Code:
    <?php
    session_start
    ();
    include (
    "config.php");

    if(isset(
    $_SESSION['username'])){}else{
        
    header("location: ../index.php");
        exit;
    }

    $username mysqli_real_escape_string ($db$_SESSION['username']);

    /////////////////////////////////////////
    //////// Define records per page ////////
    $records_per_page=5;

    /////////////////////////////////////////
    // Query and build record set as $rows //
    $rows = array();
    $sql "SELECT 
    `sf`.`id`,
    `u`.`name`,
    `sf`.`rank`,
    `sf`.`channel_username`,
    `sf`.`video_link`,
    `sf`.`video_title`,
    `sf`.`video_description`,
    `sf`.`video_tags`,
    `sf`.`music_sources`,
    `sf`.`special_requests`
    FROM `users` AS u 
    LEFT JOIN `submitted_forms` AS sf
    ON sf.username = u.username 
    WHERE u.username = '
    $username'";
    $result $db->query($sql) or die(mysqli_error($db));
    while (
    $row $result->fetch_assoc()){
        
    $rows[] = $row;
    }
                                           
    //////////////////////////////////////////
    // $page defined as $_GET['page'] or 1 //
    $page = (isset($_GET['page']) ? (int)$_GET['page'] : 1);
                
    /////////////////////////////////////////
    //////////// Total Records //////////////
    $total count($rows);
                    
    /////////////////////////////////////////
    //////////////Total Pages ///////////////
    $pages ceil($total $records_per_page);
                    
    /*/////////////////////////////////////// 
    Our $rows array starts with KEY 0, so adjust 
    offset of $page - 1    times records per page 
    *////////////////////////////////////////
    $offset = ($page 1)  * $records_per_page;
                                
    /////////////////////////////////////////
    // Add 1 to offset for showing to user // 
    $start $offset 1;
                                            
    /////////////////////////////////////////
    ////// Get last record being shown //////
    $end min(($offset $records_per_page), $total);
                    
    /////////////////////////////////////////
    /////////// Previous link ///////////////
    $prevlink = ($page 1) ? "<a href=\"?page=1\" title=\"First page\">&laquo;</a> <a href=\"?page=" . ($page 1) . "\" title=\"Previous page\">&lsaquo;</a>" "<span class=\"disabled\">&laquo;</span> <span class=\"disabled\">&lsaquo;</span>";
                
    /////////////////////////////////////////
    ///////////// Next link ///////////////// 
    $nextlink = ($page $pages) ? "<a href=\"?page=" . ($page 1) . "\" title=\"Next page\">&rsaquo;</a> <a href=\"?page=" $pages "\" title=\"Last page\">&raquo;</a>" "<span class=\"disabled\">&rsaquo;</span> <span class=\"disabled\">&raquo;</span>";
                        
    /////////////////////////////////////////
    //////// Paging information /////////////
    $paginate "<div class=\"paging\">" $prevlink " Page " $page " of " $pages " pages, displaying " $start "-" $end " of " $total " results " $nextlink " </div>";

    ?>
    <?xml version
    ="1.0" encoding="windows-1252"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
        "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title></title>
    <style type="text/css">
    .display {
      width:100%;
      background-color:#E5E5E5;
      color:#000000;  
      font-family: Arial;
      font-size: 13px;
    }
    .display th{
      background-color:#84848E;
      color:#FFF;
      font-size: 12px;
      font-weight:bold;
      text-align:center;
    }
    .display td{
      background-color:#FFF;
      color:#00000;
      font-weight:normal;
    }  
    .display .head td{
      background-color:#B1B1BE;
      color:#00000;
      font-weight:bold;
    }
    .paging {
      width:500px;
      text-align:center;
      margin: 2px auto;
      font-size:14px;
    }
    .paging a:link{
      text-decoration:none;
      color:#0033CC;
      font-weight:bold;
      font-size:24px;
      cursor:pointer;
    }
    .paging .disabled{
      color:#000;
      font-weight:bold;
      font-size:24px;
    }
    </style>
    </head>
    <body>
    <table border=0 summary="" cellspacing="1" cellpadding="1" class="display">
    <?php
    $headrows 
    = array();
    if ((
    $page 0) && ($page <= $pages)){       
        
    $start = ($page-1) * $records_per_page;          
        for(
    $i=$start;$i<=($records_per_page+$start-1) && $i<$total;$i++){
        
            if(!
    in_array($rows[$i]['name'],$headrows)){
                echo 
    '<tr>
                        <th colspan="6">'
    .$rows[$i]['name'].' (Rank: '.$rows[$i]['rank'].')</th>
                    </tr>
                    <tr class="head">
                        <td>Channel Name</td>
                        <td>Title</td>
                        <td>Description</td>
                        <td>Video Tags</td>
                        <td>Music Sources</td>
                        <td>Special Requests</td>
                    </tr>'
    ;         
                
    $headrows[] = $rows[$i]['name'];
            }
        
            echo 
    '<tr>
                <td>'
    .$rows[$i]['channel_username'].'</td>
                <td><a href="'
    .$rows[$i]['video_link'].'">'.$rows[$i]['video_title'].'</a></td>
                <td>'
    .$rows[$i]['video_description'].'</td>
                <td>'
    .$rows[$i]['video_tags'].'</td>
                <td>'
    .$rows[$i]['music_sources'].'</td>
                <td>'
    .$rows[$i]['special_requests'].'</td>
            </tr>'
    ;
        }
    }
    ?>
    </table>
    <?php echo $paginate;?>
    </body>
    </html>

  16. #41
    SitePoint Enthusiast
    Join Date
    Feb 2014
    Posts
    67
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Drummin View Post
    There are many ways to paginate. I prefer to query one time building a data set then show the part being requested. Something like this.
    PHP Code:
    <?php
    session_start
    ();
    include (
    "config.php");

    if(isset(
    $_SESSION['username'])){}else{
        
    header("location: ../index.php");
        exit;
    }

    $username mysqli_real_escape_string ($db$_SESSION['username']);

    /////////////////////////////////////////
    //////// Define records per page ////////
    $records_per_page=5;

    /////////////////////////////////////////
    // Query and build record set as $rows //
    $rows = array();
    $sql "SELECT 
    `sf`.`id`,
    `u`.`name`,
    `sf`.`rank`,
    `sf`.`channel_username`,
    `sf`.`video_link`,
    `sf`.`video_title`,
    `sf`.`video_description`,
    `sf`.`video_tags`,
    `sf`.`music_sources`,
    `sf`.`special_requests`
    FROM `users` AS u 
    LEFT JOIN `submitted_forms` AS sf
    ON sf.username = u.username 
    WHERE u.username = '
    $username'";
    $result $db->query($sql) or die(mysqli_error($db));
    while (
    $row $result->fetch_assoc()){
        
    $rows[] = $row;
    }
                                           
    //////////////////////////////////////////
    // $page defined as $_GET['page'] or 1 //
    $page = (isset($_GET['page']) ? (int)$_GET['page'] : 1);
                
    /////////////////////////////////////////
    //////////// Total Records //////////////
    $total count($rows);
                    
    /////////////////////////////////////////
    //////////////Total Pages ///////////////
    $pages ceil($total $records_per_page);
                    
    /*/////////////////////////////////////// 
    Our $rows array starts with KEY 0, so adjust 
    offset of $page - 1    times records per page 
    *////////////////////////////////////////
    $offset = ($page 1)  * $records_per_page;
                                
    /////////////////////////////////////////
    // Add 1 to offset for showing to user // 
    $start $offset 1;
                                            
    /////////////////////////////////////////
    ////// Get last record being shown //////
    $end min(($offset $records_per_page), $total);
                    
    /////////////////////////////////////////
    /////////// Previous link ///////////////
    $prevlink = ($page 1) ? "<a href=\"?page=1\" title=\"First page\"></a> <a href=\"?page=" . ($page 1) . "\" title=\"Previous page\">‹</a>" "<span class=\"disabled\"></span> <span class=\"disabled\">‹</span>";
                
    /////////////////////////////////////////
    ///////////// Next link ///////////////// 
    $nextlink = ($page $pages) ? "<a href=\"?page=" . ($page 1) . "\" title=\"Next page\">›</a> <a href=\"?page=" $pages "\" title=\"Last page\"></a>" "<span class=\"disabled\">›</span> <span class=\"disabled\"></span>";
                        
    /////////////////////////////////////////
    //////// Paging information /////////////
    $paginate "<div class=\"paging\">" $prevlink " Page " $page " of " $pages " pages, displaying " $start "-" $end " of " $total " results " $nextlink " </div>";

    ?>
    <?xml version
    ="1.0" encoding="windows-1252"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
        "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title></title>
    <style type="text/css">
    .display {
      width:100%;
      background-color:#E5E5E5;
      color:#000000;  
      font-family: Arial;
      font-size: 13px;
    }
    .display th{
      background-color:#84848E;
      color:#FFF;
      font-size: 12px;
      font-weight:bold;
      text-align:center;
    }
    .display td{
      background-color:#FFF;
      color:#00000;
      font-weight:normal;
    }  
    .display .head td{
      background-color:#B1B1BE;
      color:#00000;
      font-weight:bold;
    }
    .paging {
      width:500px;
      text-align:center;
      margin: 2px auto;
      font-size:14px;
    }
    .paging a:link{
      text-decoration:none;
      color:#0033CC;
      font-weight:bold;
      font-size:24px;
      cursor:pointer;
    }
    .paging .disabled{
      color:#000;
      font-weight:bold;
      font-size:24px;
    }
    </style>
    </head>
    <body>
    <table border=0 summary="" cellspacing="1" cellpadding="1" class="display">
    <?php
    $headrows 
    = array();
    if ((
    $page 0) && ($page <= $pages)){       
        
    $start = ($page-1) * $records_per_page;          
        for(
    $i=$start;$i<=($records_per_page+$start-1) && $i<$total;$i++){
        
            if(!
    in_array($rows[$i]['name'],$headrows)){
                echo 
    '<tr>
                        <th colspan="6">'
    .$rows[$i]['name'].' (Rank: '.$rows[$i]['rank'].')</th>
                    </tr>
                    <tr class="head">
                        <td>Channel Name</td>
                        <td>Title</td>
                        <td>Description</td>
                        <td>Video Tags</td>
                        <td>Music Sources</td>
                        <td>Special Requests</td>
                    </tr>'
    ;         
                
    $headrows[] = $rows[$i]['name'];
            }
        
            echo 
    '<tr>
                <td>'
    .$rows[$i]['channel_username'].'</td>
                <td><a href="'
    .$rows[$i]['video_link'].'">'.$rows[$i]['video_title'].'</a></td>
                <td>'
    .$rows[$i]['video_description'].'</td>
                <td>'
    .$rows[$i]['video_tags'].'</td>
                <td>'
    .$rows[$i]['music_sources'].'</td>
                <td>'
    .$rows[$i]['special_requests'].'</td>
            </tr>'
    ;
        }
    }
    ?>
    </table>
    <?php echo $paginate;?>
    </body>
    </html>

    Thank you! I'll try that now. I also have another problem with another code for my site. Its registration, but before they register, I add the account and email to the database and if it finds the email and username, it sends them an email with a link to activate there account and set there password. Well, the second half with the password isn't working. Its not submitting, it just refreshes.

    Code:
    <?php
        session_start();
        require '../core/config.php';
        $url = "http://elitegamerforums.com/db/";
        if(isset($_SESSION['confirmer']))
        {
            $email = $_GET['email'];
            $username = $_GET['username'];
            $code = $_GET['code'];
            $codedef = "nrgjbrwighbroweryhbgeprgbeirhgbirgr";
            $active = $_GET['active'];
            $activeno = "no";
            if($email == $_SESSION['confirmer']&&$code == $codedef&&$active == $activeno)
            {
                if(isset($_POST['submit']))
                {
                    $password = $_POST['Password'];
                    $passwordcon = $_POST['Password-con'];
                    $newstatus = "active";
                    if($passwordcon == $password)
                    {
                        $send = mysqli_query($db,"INSERT INTO users (Password,status) VALUES('$password','$newstatus') WHERE Email = '$email'") or die(mysql_error());
                       
                        if($send) {
                       
                        echo "<div alert alert-success>Your account has been activated, you may now".'<a link href = "">Login</a>'.".</div>";
                     }              
               
                    else if($passwordcon != $password)
                    {
                        echo "Passwords do not match.";
                    }
                 }
              }
            else if($email != $_SESSION['email'])
            {
                header ("Location: $url");
            }
            else if($code != $codedef)
            {
                header ("Location: $url");
            }
            else if($active != $activeno)
            {
          }     header ("Location: $url");
        }
      }
    ?>
    <!DOCTYPE html>
    <html lang="en">
    <head>
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <meta charset="utf-8">
      <!-- Title and other stuffs -->
      <title>Account Activation</title>
      <meta name="viewport" content="width=device-width, initial-scale=1.0">
      <meta name="description" content="">
      <meta name="keywords" content="">
      <meta name="author" content="">
     
      <!-- Stylesheets -->
      <link href="../management/style/bootstrap.css" rel="stylesheet">
      <link rel="stylesheet" href="../management/style/font-awesome.css">
      <link href="../management/style/style.css" rel="stylesheet">
     
     
      <!-- HTML5 Support for IE -->
      <!--[if lt IE 9]>
      <script src="js/html5shim.js"></script>
      <![endif]-->
     
      <!-- Favicon -->
      <link rel="shortcut icon" href="">
    </head>
     
    <body>
     
      <style>
    #css {
    width:250px;
    height:28px;
    float: right;
    }
    </style>
     
    <!-- Form area -->
    <div class="admin-form">
      <div class="container">
     
        <div class="row">
          <div class="col-md-12">
            <!-- Widget starts -->
                <div class="widget wblue">
                  <!-- Widget head -->
                  <div class="widget-head">
                    <i class="icon-lock"></i> EliteGamingNetwork Account Registration
                  </div>
     
                  <div class="widget-content">
                    <div class="padd">
                      <!-- Login form -->
                <form method="POST" class="form-horizontal">
                       
                            <form method="POST">
                        <!-- Password -->
     
                        <div class="form-group">
                         
                          <div class="col-lg-9">
                         
                        <label>Password </label><input type="password" class="form-control" name="Password" id="css">
                          </div>
                        </div>
     
                         <!-- Password confirm -->
     
                        <div class="form-group">
                         
                          <div class="col-lg-9">
                         
                        <label>Confirm Password </label><input type="password" class="form-control" name="Password-con" id="css">
                          </div>
                        </div>
                        <!-- Remember me checkbox and sign in button -->
                        <div class="form-group">
                          <div class="col-lg-9 col-lg-offset-3">
                  <button type="submit" name="submit" class="btn btn-danger">Submit</button>
                  <button type="reset" class="btn btn-default">Reset</button>
                </div>
                           
          </div>
         </div>
         </div>
                           
                        <br />
                      </form>
         
        </div>
                    </div>
                 
                   
                </div>  
          </div>
        </div>
      </div>
    </div>
    </div>
     
     
     
    <!-- JS -->
    <script src="../management/js/jquery.js"></script>
    <script src="../management/js/bootstrap.js"></script>
    </body>
    </html>

  17. #42
    SitePoint Guru bronze trophy
    Join Date
    Feb 2013
    Posts
    772
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Hi fredrock,

    First, do not save passwords as plain text. Add salt and encrypt.

    There was also issues with your elseif nesting. Don't run && together. You were trying to INSERT into users WHERE... Anytime you need to use WHERE, you're talking about an existing record so you would use UPDATE instead of INSERT. Note the formatting for updating is a little different. Also note that you had WHERE Email = ... and I believe you said you were using lower case, i.e. email. html issues had <style> in the body and because you use id="css" twice, I changed it to class as id's need to be unique. I believe you had an extra </div> as well.


    I added a basic salt and encrypt to your script (be sure to add the field `salt` to your DB table).

    PHP Code:
    <?php
    session_start
    ();
        require 
    '../core/config.php';
        
    $url "http://elitegamerforums.com/db/";
       
        if(isset(
    $_SESSION['confirmer']))
        {
            
    $email $_GET['email'];
            
    $username $_GET['username'];
            
    $code $_GET['code'];
            
    $codedef "nrgjbrwighbroweryhbgeprgbeirhgbirgr";
            
    $active $_GET['active'];
            
    $activeno "no";
            if(
    $email == $_SESSION['confirmer'] && $code == $codedef && $active == $activeno){
                if(isset(
    $_POST['submit'])){
                
                    
    $password trim($_POST['Password']);
                    
    $passwordcon trim($_POST['Password-con']);
                    
    $newstatus "active";
                    
                    if(
    $passwordcon == $password){    
                    
                        
    ///Create Salt
                        
    function createSalt() {
                            
    $string md5(uniqid(rand(), true));
                            return 
    substr($string013);
                        }
                        
                        
    $salt createsalt();
                        
    $hashedpassword hash('sha256'$salt.$password);
                        
                        
    $send mysqli_query($db,"UPDATE users SET Password='$hashedpassword',salt='$salt',status='$newstatus' WHERE email = '$email'") or die(mysqli_error($db));
                        
                        if(
    $send){                    
                            
    $message "<div alert alert-success>Your account has been activated, you may now".'<a link href = "">Login</a>'.".</div>";
                        }            
                    }
                }    
            }elseif(
    $passwordcon != $password){
                
    $message "Passwords do not match.";
            }elseif(
    $email != $_SESSION['email']){
                
    header ("Location: $url");
            }elseif(
    $code != $codedef){
                
    header ("Location: $url");
            }elseif(
    $active != $activeno){ 
                
    header ("Location: $url");
            }
        }
    ?>
    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <meta charset="utf-8">
        <!-- Title and other stuffs -->
        <title>Account Activation</title>
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <meta name="description" content="">
        <meta name="keywords" content="">
        <meta name="author" content="">
        
        <!-- Stylesheets -->
        <link href="../management/style/bootstrap.css" rel="stylesheet">
        <link rel="stylesheet" href="../management/style/font-awesome.css">
        <link href="../management/style/style.css" rel="stylesheet">
        
        
        <!-- HTML5 Support for IE -->
        <!--[if lt IE 9]>
        <script src="js/html5shim.js"></script>
        <![endif]-->
        
        <!-- Favicon -->
        <link rel="shortcut icon" href="">
       
        <style type="text/css">
        .css {
        width:250px;
        height:28px;
        float: right;
        }
        </style>

    </head>
     
    <body>    
        
        <!-- Form area -->
        <div class="admin-form">
            <div class="container">
                <?php
                
    if(isset($message)){ echo $message;}
                
    ?> 
                <div class="row">
                    <div class="col-md-12">
                        <!-- Widget starts -->
                        <div class="widget wblue">
                            <!-- Widget head -->
                            <div class="widget-head">
                                <i class="icon-lock"></i> EliteGamingNetwork Account Registration
                            </div>
                            
                            <div class="widget-content">
                                <div class="padd">
                                    <!-- Login form -->
                                    <form method="post" action="" class="form-horizontal">
                                        
                                        <!-- Password -->
                                        
                                        <div class="form-group">
                                            <div class="col-lg-9">
                                                <label>Password </label><input type="password" class="form-control css" name="Password">
                                            </div>
                                        </div>
                                        
                                        <!-- Password confirm -->
                                        
                                        <div class="form-group">
                                            <div class="col-lg-9">
                                                <label>Confirm Password </label><input type="password" class="form-control css" name="Password-con">
                                            </div>
                                        </div>
                                        
                                        <!-- Remember me checkbox and sign in button -->
                                        <div class="form-group">
                                            <div class="col-lg-9 col-lg-offset-3">
                                                <button type="submit" name="submit" class="btn btn-danger">Submit</button>
                                                <button type="reset" class="btn btn-default">Reset</button>
                                            </div>
                                        </div>
                                    </form>    
                                </div>
                            </div>    
                        </div>  
                    </div>
                </div>
            </div>
        </div>     
         
        <!-- JS -->
        <script src="../management/js/jquery.js"></script>
        <script src="../management/js/bootstrap.js"></script>
    </body>
    </html>
    Now when you verify user log in, you would NOT use WHERE Password = $password etc, you would instead query for Password and salt WHERE username = $username so can rebuild that hashed password using the posted password. So this part would go roughly
    PHP Code:
    <?php
                
        $username 
    $_POST['username'];
        
    $password $_POST['password'];
        
        
    //Query table for salt and password plus any other needed values WHERE username = '$username'
        
            
            
    $salt $row['salt'];
            
    $pass $row['password']; 
            
            
    //make hashed password with $salt and $_POST['password']
            
    $hashedpass hash('sha256'$salt.$password);
            
            
    //Then compare $hashedpass with $pass from database
            
    if ($hashedpass==$pass){
            
    //PASSED
            
    }else{
            
    //FAILED
            
    }
    ?>

  18. #43
    SitePoint Enthusiast
    Join Date
    Feb 2014
    Posts
    67
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Drummin View Post
    Hi fredrock,

    First, do not save passwords as plain text. Add salt and encrypt.

    There was also issues with your elseif nesting. Don't run && together. You were trying to INSERT into users WHERE... Anytime you need to use WHERE, you're talking about an existing record so you would use UPDATE instead of INSERT. Note the formatting for updating is a little different. Also note that you had WHERE Email = ... and I believe you said you were using lower case, i.e. email. html issues had <style> in the body and because you use id="css" twice, I changed it to class as id's need to be unique. I believe you had an extra </div> as well.


    I added a basic salt and encrypt to your script (be sure to add the field `salt` to your DB table).

    PHP Code:
    <?php
    session_start
    ();
        require 
    '../core/config.php';
        
    $url "http://elitegamerforums.com/db/";
       
        if(isset(
    $_SESSION['confirmer']))
        {
            
    $email $_GET['email'];
            
    $username $_GET['username'];
            
    $code $_GET['code'];
            
    $codedef "nrgjbrwighbroweryhbgeprgbeirhgbirgr";
            
    $active $_GET['active'];
            
    $activeno "no";
            if(
    $email == $_SESSION['confirmer'] && $code == $codedef && $active == $activeno){
                if(isset(
    $_POST['submit'])){
                
                    
    $password trim($_POST['Password']);
                    
    $passwordcon trim($_POST['Password-con']);
                    
    $newstatus "active";
                    
                    if(
    $passwordcon == $password){    
                    
                        
    ///Create Salt
                        
    function createSalt() {
                            
    $string md5(uniqid(rand(), true));
                            return 
    substr($string013);
                        }
                        
                        
    $salt createsalt();
                        
    $hashedpassword hash('sha256'$salt.$password);
                        
                        
    $send mysqli_query($db,"UPDATE users SET Password='$hashedpassword',salt='$salt',status='$newstatus' WHERE email = '$email'") or die(mysqli_error($db));
                        
                        if(
    $send){                    
                            
    $message "<div alert alert-success>Your account has been activated, you may now".'<a link href = "">Login</a>'.".</div>";
                        }            
                    }
                }    
            }elseif(
    $passwordcon != $password){
                
    $message "Passwords do not match.";
            }elseif(
    $email != $_SESSION['email']){
                
    header ("Location: $url");
            }elseif(
    $code != $codedef){
                
    header ("Location: $url");
            }elseif(
    $active != $activeno){ 
                
    header ("Location: $url");
            }
        }
    ?>
    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <meta charset="utf-8">
        <!-- Title and other stuffs -->
        <title>Account Activation</title>
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <meta name="description" content="">
        <meta name="keywords" content="">
        <meta name="author" content="">
        
        <!-- Stylesheets -->
        <link href="../management/style/bootstrap.css" rel="stylesheet">
        <link rel="stylesheet" href="../management/style/font-awesome.css">
        <link href="../management/style/style.css" rel="stylesheet">
        
        
        <!-- HTML5 Support for IE -->
        <!--[if lt IE 9]>
        <script src="js/html5shim.js"></script>
        <![endif]-->
        
        <!-- Favicon -->
        <link rel="shortcut icon" href="">
       
        <style type="text/css">
        .css {
        width:250px;
        height:28px;
        float: right;
        }
        </style>

    </head>
     
    <body>    
        
        <!-- Form area -->
        <div class="admin-form">
            <div class="container">
                <?php
                
    if(isset($message)){ echo $message;}
                
    ?> 
                <div class="row">
                    <div class="col-md-12">
                        <!-- Widget starts -->
                        <div class="widget wblue">
                            <!-- Widget head -->
                            <div class="widget-head">
                                <i class="icon-lock"></i> EliteGamingNetwork Account Registration
                            </div>
                            
                            <div class="widget-content">
                                <div class="padd">
                                    <!-- Login form -->
                                    <form method="post" action="" class="form-horizontal">
                                        
                                        <!-- Password -->
                                        
                                        <div class="form-group">
                                            <div class="col-lg-9">
                                                <label>Password </label><input type="password" class="form-control css" name="Password">
                                            </div>
                                        </div>
                                        
                                        <!-- Password confirm -->
                                        
                                        <div class="form-group">
                                            <div class="col-lg-9">
                                                <label>Confirm Password </label><input type="password" class="form-control css" name="Password-con">
                                            </div>
                                        </div>
                                        
                                        <!-- Remember me checkbox and sign in button -->
                                        <div class="form-group">
                                            <div class="col-lg-9 col-lg-offset-3">
                                                <button type="submit" name="submit" class="btn btn-danger">Submit</button>
                                                <button type="reset" class="btn btn-default">Reset</button>
                                            </div>
                                        </div>
                                    </form>    
                                </div>
                            </div>    
                        </div>  
                    </div>
                </div>
            </div>
        </div>     
         
        <!-- JS -->
        <script src="../management/js/jquery.js"></script>
        <script src="../management/js/bootstrap.js"></script>
    </body>
    </html>
    Now when you verify user log in, you would NOT use WHERE Password = $password etc, you would instead query for Password and salt WHERE username = $username so can rebuild that hashed password using the posted password. So this part would go roughly
    PHP Code:
    <?php
                
        $username 
    $_POST['username'];
        
    $password $_POST['password'];
        
        
    //Query table for salt and password plus any other needed values WHERE username = '$username'
        
            
            
    $salt $row['salt'];
            
    $pass $row['password']; 
            
            
    //make hashed password with $salt and $_POST['password']
            
    $hashedpass hash('sha256'$salt.$password);
            
            
    //Then compare $hashedpass with $pass from database
            
    if ($hashedpass==$pass){
            
    //PASSED
            
    }else{
            
    //FAILED
            
    }
    ?>

    Thank you so much! I really appreciate your help, you've been a big help! I'm going to try this soon, if I have anything else i'll post back here, thank you!

  19. #44
    SitePoint Enthusiast
    Join Date
    Feb 2014
    Posts
    67
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Drummin View Post
    Hi fredrock,

    First, do not save passwords as plain text. Add salt and encrypt.

    There was also issues with your elseif nesting. Don't run && together. You were trying to INSERT into users WHERE... Anytime you need to use WHERE, you're talking about an existing record so you would use UPDATE instead of INSERT. Note the formatting for updating is a little different. Also note that you had WHERE Email = ... and I believe you said you were using lower case, i.e. email. html issues had <style> in the body and because you use id="css" twice, I changed it to class as id's need to be unique. I believe you had an extra </div> as well.


    I added a basic salt and encrypt to your script (be sure to add the field `salt` to your DB table).

    PHP Code:
    <?php
    session_start
    ();
        require 
    '../core/config.php';
        
    $url "http://elitegamerforums.com/db/";
       
        if(isset(
    $_SESSION['confirmer']))
        {
            
    $email $_GET['email'];
            
    $username $_GET['username'];
            
    $code $_GET['code'];
            
    $codedef "nrgjbrwighbroweryhbgeprgbeirhgbirgr";
            
    $active $_GET['active'];
            
    $activeno "no";
            if(
    $email == $_SESSION['confirmer'] && $code == $codedef && $active == $activeno){
                if(isset(
    $_POST['submit'])){
                
                    
    $password trim($_POST['Password']);
                    
    $passwordcon trim($_POST['Password-con']);
                    
    $newstatus "active";
                    
                    if(
    $passwordcon == $password){    
                    
                        
    ///Create Salt
                        
    function createSalt() {
                            
    $string md5(uniqid(rand(), true));
                            return 
    substr($string013);
                        }
                        
                        
    $salt createsalt();
                        
    $hashedpassword hash('sha256'$salt.$password);
                        
                        
    $send mysqli_query($db,"UPDATE users SET Password='$hashedpassword',salt='$salt',status='$newstatus' WHERE email = '$email'") or die(mysqli_error($db));
                        
                        if(
    $send){                    
                            
    $message "<div alert alert-success>Your account has been activated, you may now".'<a link href = "">Login</a>'.".</div>";
                        }            
                    }
                }    
            }elseif(
    $passwordcon != $password){
                
    $message "Passwords do not match.";
            }elseif(
    $email != $_SESSION['email']){
                
    header ("Location: $url");
            }elseif(
    $code != $codedef){
                
    header ("Location: $url");
            }elseif(
    $active != $activeno){ 
                
    header ("Location: $url");
            }
        }
    ?>
    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <meta charset="utf-8">
        <!-- Title and other stuffs -->
        <title>Account Activation</title>
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <meta name="description" content="">
        <meta name="keywords" content="">
        <meta name="author" content="">
        
        <!-- Stylesheets -->
        <link href="../management/style/bootstrap.css" rel="stylesheet">
        <link rel="stylesheet" href="../management/style/font-awesome.css">
        <link href="../management/style/style.css" rel="stylesheet">
        
        
        <!-- HTML5 Support for IE -->
        <!--[if lt IE 9]>
        <script src="js/html5shim.js"></script>
        <![endif]-->
        
        <!-- Favicon -->
        <link rel="shortcut icon" href="">
       
        <style type="text/css">
        .css {
        width:250px;
        height:28px;
        float: right;
        }
        </style>

    </head>
     
    <body>    
        
        <!-- Form area -->
        <div class="admin-form">
            <div class="container">
                <?php
                
    if(isset($message)){ echo $message;}
                
    ?> 
                <div class="row">
                    <div class="col-md-12">
                        <!-- Widget starts -->
                        <div class="widget wblue">
                            <!-- Widget head -->
                            <div class="widget-head">
                                <i class="icon-lock"></i> EliteGamingNetwork Account Registration
                            </div>
                            
                            <div class="widget-content">
                                <div class="padd">
                                    <!-- Login form -->
                                    <form method="post" action="" class="form-horizontal">
                                        
                                        <!-- Password -->
                                        
                                        <div class="form-group">
                                            <div class="col-lg-9">
                                                <label>Password </label><input type="password" class="form-control css" name="Password">
                                            </div>
                                        </div>
                                        
                                        <!-- Password confirm -->
                                        
                                        <div class="form-group">
                                            <div class="col-lg-9">
                                                <label>Confirm Password </label><input type="password" class="form-control css" name="Password-con">
                                            </div>
                                        </div>
                                        
                                        <!-- Remember me checkbox and sign in button -->
                                        <div class="form-group">
                                            <div class="col-lg-9 col-lg-offset-3">
                                                <button type="submit" name="submit" class="btn btn-danger">Submit</button>
                                                <button type="reset" class="btn btn-default">Reset</button>
                                            </div>
                                        </div>
                                    </form>    
                                </div>
                            </div>    
                        </div>  
                    </div>
                </div>
            </div>
        </div>     
         
        <!-- JS -->
        <script src="../management/js/jquery.js"></script>
        <script src="../management/js/bootstrap.js"></script>
    </body>
    </html>
    Now when you verify user log in, you would NOT use WHERE Password = $password etc, you would instead query for Password and salt WHERE username = $username so can rebuild that hashed password using the posted password. So this part would go roughly
    PHP Code:
    <?php
                
        $username 
    $_POST['username'];
        
    $password $_POST['password'];
        
        
    //Query table for salt and password plus any other needed values WHERE username = '$username'
        
            
            
    $salt $row['salt'];
            
    $pass $row['password']; 
            
            
    //make hashed password with $salt and $_POST['password']
            
    $hashedpass hash('sha256'$salt.$password);
            
            
    //Then compare $hashedpass with $pass from database
            
    if ($hashedpass==$pass){
            
    //PASSED
            
    }else{
            
    //FAILED
            
    }
    ?>
    Hey, I need help on my information update page. The query is successful, but it doesn't update the information. I also want to make them enter there current password before they can update the information. I want to put the update password on a different page as well if you could help me out with that too.


    PHP:

    Code:
    <?php session_start();
    require '../core/config.php'; 
    
    if(isset($_SESSION['rank']) and $_SESSION['rank'] == "admin")
      {
         $_SESSION['username'];
      } else {
         header("location: ../index.php");
      } ?>
    
      <?php
        
        if(isset($_SESSION['username']))
        {
            if(isset($_POST['submit']))
            {
                $firstname = $_POST['FName'];
                $lastname = $_POST['LName'];
                $username = $_POST['Username'];
                $email = $_POST['Email'];
                $password = $_POST['Password'];
                $skype = $_POST['SkypeID'];
                $defusername = $_SESSION['username'];
                
                $update = mysqli_query($db,"UPDATE users SET Email = '$email', FName = '$firstname', LName = '$lastname', SkypeID = '$skype' WHERE Username = '$defuser'");  
    
               if($update)
               {
                       
                   echo "updated";
    
               } else if(!$update) {
    
                   echo "Update Unsuccessful";
    
               }
         }
    }
    ?>
    
    <?php
    $result = mysqli_query($db,"SELECT * FROM users WHERE Username = '$defusername'");
    while($row = mysqli_fetch_assoc($result)) {
     $email1 = $row['Email'];
     $username1 = $row['Username'];
     $skype1 = $row['SkypeID'];
     $fname1 = $row['FName'];
     $lname1 = $row['LName'];
    }
    ?>

    Form:

    Code:
    <div class="container">
    
              <div class="row">
    
                <div class="col-md-12">
    
                  <div class="widget wred">
                    <div class="widget-head">
                      <div class="pull-left">Update Information</div>
                      <div class="widget-icons pull-right">
                        <a href="#" class="wminimize"><i class="icon-chevron-up"></i></a> 
                        <a href="#" class="wclose"><i class="icon-remove"></i></a>
                      </div>
                      <div class="clearfix"></div>
                    </div>
    
                    <div class="widget-content">
                      <div class="padd">
                        
                        <!-- Profile form -->
                       
                                        <div class="form profile">
                                          <!-- Edit profile form (not working)-->
                                          <form method="POST" class="form-horizontal">
    
                                                <!-- Username -->
                                              <div class="form-group">
                                                <label class="control-label col-lg-3" for="Username">Username</label>
                                                <div class="col-lg-6">
                                                  <input type="text" class="form-control" name="Username" id="Username" placeholder="<?php echo $username1;?>">
                                                </div>
                                              </div> 
    
                                              <!-- Name -->
                                              <div class="form-group">
                                                <label class="control-label col-lg-3" for="FName">First Name</label>
                                                <div class="col-lg-6">
                                                  <input type="text" class="form-control" name= "FName" id="FName" placeholder="<?php echo $fname1;?>">
                                                </div>
                                              </div> 
    
                                                <!-- Name -->
                                              <div class="form-group">
                                                <label class="control-label col-lg-3" for="LName">Last Name</label>
                                                <div class="col-lg-6">
                                                  <input type="text" class="form-control" name= "LName" id="LName" placeholder="<?php echo $lname1;?>">
                                                </div>
                                              </div>
    
                                              <!-- Email -->
                                              <div class="form-group">
                                                <label class="control-label col-lg-3" for="Email">Email</label>
                                                <div class="col-lg-6">
                                                  <input type="text" class="form-control" name="Email" id="Email" placeholder="<?php echo $email1;?>">
                                                </div>
                                              </div>   
    
                                              <!-- Skype-->
                                              <div class="form-group">
                                                <label class="control-label col-lg-3" for="SkypeID">Skype ID</label>
                                                <div class="col-lg-6">
                                                  <input type="text" class="form-control" name="SkypeID" id="SkypeID" placeholder="<?php echo $skype1;?>">
                                                </div>
                                              </div>                                                                                                                             
                
                                              <!-- Buttons -->
                                              <div class="form-group">
                                                 <!-- Buttons -->
                           <div class="col-lg-6 col-lg-offset-1">
                            <button name="submit" type="submit" class="btn btn-success">Update</button>
                            <button type="reset" class="btn btn-default">Reset</button>
                          </div>
                                              </div>
                                          </form>
                                        </div>
    
                      </div>
                    </div>
                  </div>  
                  
                </div>
    
              </div>
    
            </div>
          </div>

  20. #45
    SitePoint Guru bronze trophy
    Join Date
    Feb 2013
    Posts
    772
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Hey there.
    Just a quick look. Got to watch those spelling issues.

    I see $defusername = $_SESSION['username'];

    ..and in the query
    WHERE Username = '$defuser'

  21. #46
    SitePoint Enthusiast
    Join Date
    Feb 2014
    Posts
    67
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Drummin View Post
    Hey there.
    Just a quick look. Got to watch those spelling issues.

    I see $defusername = $_SESSION['username'];

    ..and in the query
    WHERE Username = '$defuser'
    Hi, thats weird in my code it's fine, hmm I don't know why it copied like that. Heres the php code I have. It still doesn't work with the correct spelling so


    Code:
    <?php session_start();
    require '../core/config.php'; 
    
    if(isset($_SESSION['rank']) and $_SESSION['rank'] == "admin")
      {
         $_SESSION['username'];
      } else {
         header("location: ../index.php");
      } ?>
    
      <?php
      $result = $db->query("SELECT * FROM users WHERE Username = '".$defusername."'");
        
        if(isset($_SESSION['username']))
        {
            if(isset($_POST['submit']))
            {
                $firstname = $_POST['FName'];
                $lastname = $_POST['LName'];
                $username = $_POST['Username'];
                $email = $_POST['Email'];
                $password = $_POST['Password'];
                $skype = $_POST['SkypeID'];
                $defusername = $_SESSION['username'];
                
                $update = $db->query("UPDATE users SET Email= '$email' , Username= '$username' , FName= '$firstname' , LName= '$lastname', SkypeID= '$skype' WHERE Username = ".$defusername."");  
    
               if($update)
               {
                       
                   echo "updated";
    
               } else if(!$update) {
    
                   echo "**** didn't update";
    
               }
         }
    }
    ?>
    
    <?php
    $result = $db->query("SELECT * FROM users WHERE Username = '$defusername'");
    while($row = $result->fetch_array()) {
     $email1 = $row['Email'];
     $username1 = $row['Username'];
     $skype1 = $row['SkypeID'];
     $fname1 = $row['FName'];
     $lname1 = $row['LName'];
    }
    ?>

  22. #47
    SitePoint Guru bronze trophy
    Join Date
    Feb 2013
    Posts
    772
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Assuming a table fields are NOW a mix of upper and lower case (Changed from "working code" above, where at least email was lowercase.) Removed extra </div> not used in this scope.

    PHP Code:
    <?php 
    session_start
    ();
    require 
    '../core/config.php'

        
    // These session username and rank values are required, SO check for ALL here.
        
    if(isset($_SESSION['rank']) && $_SESSION['rank'] == "admin" && isset($_SESSION['username'])){
            
    $defusername $_SESSION['username'];
        }else{
            
    header("location: ../index.php");
            exit;
        }

        
    // Update profile
        
    if(isset($_POST['submit']))
        {
            
    //Not used in this version
            //$password = $_POST['Password'];
            
    $firstname mysqli_real_escape_string($db$_POST['FName']);
            
    $lastname mysqli_real_escape_string($db$_POST['LName']);
            
    $username mysqli_real_escape_string($db$_POST['Username']);
            
    $email mysqli_real_escape_string($db$_POST['Email']);
            
    $skype mysqli_real_escape_string($db$_POST['SkypeID']);
            
            
    $update $db->query("UPDATE users SET Email= '$email' , Username= '$username' , FName= '$firstname' , LName= '$lastname', SkypeID= '$skype' WHERE Username = '$defusername'") or die(mysqli_error($db));  
            
            if(
    $update)
            {
              
                
    $message "updated";
            
            } else if(!
    $update) {
            
                
    $message "**** didn't update";
            
            }
        }
        
    //Query for latest data
        
    $result $db->query("SELECT * FROM users WHERE Username = '$defusername'");
        while(
    $row $result->fetch_array()) {
            
    $email1 $row['Email'];
            
    $username1 $row['Username'];
            
    $skype1 $row['SkypeID'];
            
    $fname1 $row['FName'];
            
    $lname1 $row['LName'];
        }
    ?>

    <html>
    <body>
    <div class="container">
                  <?php
                
    if(isset($message)){ echo $message;}
                
    ?> 
              <div class="row">

                <div class="col-md-12">

                  <div class="widget wred">
                    <div class="widget-head">
                      <div class="pull-left">Update Information</div>
                      <div class="widget-icons pull-right">
                        <a href="#" class="wminimize"><i class="icon-chevron-up"></i></a> 
                        <a href="#" class="wclose"><i class="icon-remove"></i></a>
                      </div>
                      <div class="clearfix"></div>
                    </div>

                    <div class="widget-content">
                      <div class="padd">
                        
                        <!-- Profile form -->
                       
                                        <div class="form profile">
                                          <!-- Edit profile form (not working)-->
                                          <form method="POST" class="form-horizontal">

                                                <!-- Username -->
                                              <div class="form-group">
                                                <label class="control-label col-lg-3" for="Username">Username</label>
                                                <div class="col-lg-6">
                                                  <input type="text" class="form-control" name="Username" id="Username" placeholder="<?php echo $username1;?>">
                                                </div>
                                              </div> 

                                              <!-- Name -->
                                              <div class="form-group">
                                                <label class="control-label col-lg-3" for="FName">First Name</label>
                                                <div class="col-lg-6">
                                                  <input type="text" class="form-control" name= "FName" id="FName" placeholder="<?php echo $fname1;?>">
                                                </div>
                                              </div> 

                                                <!-- Name -->
                                              <div class="form-group">
                                                <label class="control-label col-lg-3" for="LName">Last Name</label>
                                                <div class="col-lg-6">
                                                  <input type="text" class="form-control" name= "LName" id="LName" placeholder="<?php echo $lname1;?>">
                                                </div>
                                              </div>

                                              <!-- Email -->
                                              <div class="form-group">
                                                <label class="control-label col-lg-3" for="Email">Email</label>
                                                <div class="col-lg-6">
                                                  <input type="text" class="form-control" name="Email" id="Email" placeholder="<?php echo $email1;?>">
                                                </div>
                                              </div>   

                                              <!-- Skype-->
                                              <div class="form-group">
                                                <label class="control-label col-lg-3" for="SkypeID">Skype ID</label>
                                                <div class="col-lg-6">
                                                  <input type="text" class="form-control" name="SkypeID" id="SkypeID" placeholder="<?php echo $skype1;?>">
                                                </div>
                                              </div>                                                                                                                             
                
                                              <!-- Buttons -->
                                              <div class="form-group">
                                                 <!-- Buttons -->
                           <div class="col-lg-6 col-lg-offset-1">
                            <button name="submit" type="submit" class="btn btn-success">Update</button>
                            <button type="reset" class="btn btn-default">Reset</button>
                          </div>
                                              </div>
                                          </form>
                                        </div>

                      </div>
                    </div>
                  </div>  
                  
                </div>

              </div>

            </div>
    </body>
    </html>

  23. #48
    SitePoint Enthusiast
    Join Date
    Feb 2014
    Posts
    67
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Drummin View Post
    Assuming a table fields are NOW a mix of upper and lower case (Changed from "working code" above, where at least email was lowercase.) Removed extra </div> not used in this scope.

    PHP Code:
    <?php 
    session_start
    ();
    require 
    '../core/config.php'

        
    // These session username and rank values are required, SO check for ALL here.
        
    if(isset($_SESSION['rank']) && $_SESSION['rank'] == "admin" && isset($_SESSION['username'])){
            
    $defusername $_SESSION['username'];
        }else{
            
    header("location: ../index.php");
            exit;
        }

        
    // Update profile
        
    if(isset($_POST['submit']))
        {
            
    //Not used in this version
            //$password = $_POST['Password'];
            
    $firstname mysqli_real_escape_string($db$_POST['FName']);
            
    $lastname mysqli_real_escape_string($db$_POST['LName']);
            
    $username mysqli_real_escape_string($db$_POST['Username']);
            
    $email mysqli_real_escape_string($db$_POST['Email']);
            
    $skype mysqli_real_escape_string($db$_POST['SkypeID']);
            
            
    $update $db->query("UPDATE users SET Email= '$email' , Username= '$username' , FName= '$firstname' , LName= '$lastname', SkypeID= '$skype' WHERE Username = '$defusername'") or die(mysqli_error($db));  
            
            if(
    $update)
            {
              
                
    $message "updated";
            
            } else if(!
    $update) {
            
                
    $message "**** didn't update";
            
            }
        }
        
    //Query for latest data
        
    $result $db->query("SELECT * FROM users WHERE Username = '$defusername'");
        while(
    $row $result->fetch_array()) {
            
    $email1 $row['Email'];
            
    $username1 $row['Username'];
            
    $skype1 $row['SkypeID'];
            
    $fname1 $row['FName'];
            
    $lname1 $row['LName'];
        }
    ?>

    <html>
    <body>
    <div class="container">
                  <?php
                
    if(isset($message)){ echo $message;}
                
    ?> 
              <div class="row">

                <div class="col-md-12">

                  <div class="widget wred">
                    <div class="widget-head">
                      <div class="pull-left">Update Information</div>
                      <div class="widget-icons pull-right">
                        <a href="#" class="wminimize"><i class="icon-chevron-up"></i></a> 
                        <a href="#" class="wclose"><i class="icon-remove"></i></a>
                      </div>
                      <div class="clearfix"></div>
                    </div>

                    <div class="widget-content">
                      <div class="padd">
                        
                        <!-- Profile form -->
                       
                                        <div class="form profile">
                                          <!-- Edit profile form (not working)-->
                                          <form method="POST" class="form-horizontal">

                                                <!-- Username -->
                                              <div class="form-group">
                                                <label class="control-label col-lg-3" for="Username">Username</label>
                                                <div class="col-lg-6">
                                                  <input type="text" class="form-control" name="Username" id="Username" placeholder="<?php echo $username1;?>">
                                                </div>
                                              </div> 

                                              <!-- Name -->
                                              <div class="form-group">
                                                <label class="control-label col-lg-3" for="FName">First Name</label>
                                                <div class="col-lg-6">
                                                  <input type="text" class="form-control" name= "FName" id="FName" placeholder="<?php echo $fname1;?>">
                                                </div>
                                              </div> 

                                                <!-- Name -->
                                              <div class="form-group">
                                                <label class="control-label col-lg-3" for="LName">Last Name</label>
                                                <div class="col-lg-6">
                                                  <input type="text" class="form-control" name= "LName" id="LName" placeholder="<?php echo $lname1;?>">
                                                </div>
                                              </div>

                                              <!-- Email -->
                                              <div class="form-group">
                                                <label class="control-label col-lg-3" for="Email">Email</label>
                                                <div class="col-lg-6">
                                                  <input type="text" class="form-control" name="Email" id="Email" placeholder="<?php echo $email1;?>">
                                                </div>
                                              </div>   

                                              <!-- Skype-->
                                              <div class="form-group">
                                                <label class="control-label col-lg-3" for="SkypeID">Skype ID</label>
                                                <div class="col-lg-6">
                                                  <input type="text" class="form-control" name="SkypeID" id="SkypeID" placeholder="<?php echo $skype1;?>">
                                                </div>
                                              </div>                                                                                                                             
                
                                              <!-- Buttons -->
                                              <div class="form-group">
                                                 <!-- Buttons -->
                           <div class="col-lg-6 col-lg-offset-1">
                            <button name="submit" type="submit" class="btn btn-success">Update</button>
                            <button type="reset" class="btn btn-default">Reset</button>
                          </div>
                                              </div>
                                          </form>
                                        </div>

                      </div>
                    </div>
                  </div>  
                  
                </div>

              </div>

            </div>
    </body>
    </html>
    Thats working sort of. Its updating. Its just when you don't enter anything in the fields, its blank so it erases the fields in the database that was there. It also doesn't echo the fields well. Like only after you update them some times. Thats a very weird problem I can't explain.

    *UPDATE*

    After you update the information then the data doesn't show in the boxes unless you log out and log back in. You also need to log out and log back in to see any changes.

  24. #49
    SitePoint Guru bronze trophy
    Join Date
    Feb 2013
    Posts
    772
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Well that's correct that there is no validation for empty POST fields so empty values are entered. As far as, not showing until you log back in sounds like a session issue.

  25. #50
    SitePoint Enthusiast
    Join Date
    Feb 2014
    Posts
    67
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Drummin View Post
    Well that's correct that there is no validation for empty POST fields so empty values are entered. As far as, not showing until you log back in sounds like a session issue.
    Hmm, how would I do the validation for the empty posts?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •