Paul_Withers
-
Posts
72 -
Joined
-
Last visited
Everything posted by Paul_Withers
-
Hi I have changed the function to the following but get the following errors here is the code function loginUser($con) { $username = mysqli_real_escape_string($con, $_POST['username']); //echo "$username - $password"; $query = "SELECT password, salt_password FROM users WHERE username = $username"; $result = mysqli_query($con, $query); $row = mysqli_fetch_assoc($result); } if($row['password'] == md5($_POST['password'].$row['salt_password'])) { if ($row) { //echo "Reached Matching Row<br/>"; $_SESSION['loggedin'] = 1; $_SESSION['loggedinuser'] = $row['username']; if($row['level'] == '1'){ //level 1 user (Normal User) //echo "Reached level 1 check<br/>"; $_SESSION['adminuser'] = 0; //not an admin set value to false/0 header ('location: main.php'); } elseif ($row['level'] == '9'){ //level 9 user (Admin User) //echo "Reached level 9 check<br/>"; $_SESSION['adminuser'] = 1; //yes is an admin set value to true/1 header ('location: main.php'); } } mysqli_free_result($result); } // decide what to do if the login is unsuccessful else{ include('includes/overall/header.php'); echo "There was a problem with your login. It Could be the Wrong Username or Password"; include('includes/overall/footer.php'); } // end function /* close connection */ mysqli_close($con); ?> any help is much appreciated
-
Hi Jazzman, I have successfully registered the user with the encrypted password and the user can also change their password which is also encrypted. However when the user logs in, I get the following errors I have tried to decrypt it using the method you demonstrated, but I think my coding is wrong. Here is what I have <?php session_start(); //this will start the session for the user error_reporting(E_ALL); ini_set('display_errors', '1'); require( 'database.php' ); if ( isset( $_POST['login']) ) { loginUser($con); } else { include('includes/overall/header.php'); ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> <ul> <li>Username:<br> <input type="text" name="username"> </li> <li>Password:<br> <input type="password" name="password"> </li> <li><input type="submit" name="login" value="Login"> </form> <?php include('includes/overall/footer.php'); } function loginUser($con) { $username = mysqli_real_escape_string($con, $_POST['username']); $salt = md5(uniqid(rand(), true),false); $pass = md5($_POST['password'].$salt,false); //echo "$username - $password"; $query = "SELECT password, salt_password FROM users WHERE username = $username"; $result = mysqli_query($con, $query); $row = mysqli_fetch_assoc($result); } if($row['password'] == md5($_POST['password'].$row['salt_password'])) { if ($row) { //echo "Reached Matching Row<br/>"; $_SESSION['loggedin'] = 1; $_SESSION['loggedinuser'] = $row['username']; if($row['level'] == '1'){ //level 1 user (Normal User) //echo "Reached level 1 check<br/>"; $_SESSION['adminuser'] = 0; //not an admin set value to false/0 header ('location: main.php'); } elseif ($row['level'] == '9'){ //level 9 user (Admin User) //echo "Reached level 9 check<br/>"; $_SESSION['adminuser'] = 1; //yes is an admin set value to true/1 header ('location: main.php'); } } mysqli_free_result($result); } // decide what to do if the login is unsuccessful else{ include('includes/overall/header.php'); echo "There was a problem with your login. It Could be the Wrong Username or Password"; include('includes/overall/footer.php'); } // end function /* close connection */ mysqli_close($con); ?> Can you tell me where I have gone wrong please? Many Thanks
-
Thank you Jazzman1, sorry for the late reply, I had just had enough yesterday lol. What you have provided has been very helpful and is much appreciated. I have now updated all the relevant files and it all works great. Many thanks for your help
-
Jacques1, for your information, although I am not a complete rocket science at PHP, I understood enough of it to have a successfully working site in MySQL. I am just having a bit of trouble making it work in MySQLi. The first lot of "crap" works fine to register a user, its just the "crap" doesn't work on the changepasswordcheck.php. I thought it would be easier to use the registercheck.php as a template, but it hasn't quite worked out. So I thought I would copy a supposedly working script from the internet, but then again thats "crap" too. Help is much appreciated, but being told everything I write is crap, is rude, insulting and of absolutely no help to anyone. If you can't leave a comment without being helpful, then please politely refrain
-
This is the original code <?php session_start(); $user_id = $_SESSION['user_id']; $password1 = $_POST['password1']; $password2 = $_REQUEST['password2']; include('database.php'); $sql = mysqli_query($con, "SELECT password, salt FROM user WHERE id ='".$user_id."'"); while($row = mysqli_fetch_array($sql)){ $salt = $row['salt']; $password = $password1; $hash = md5($salt . $password); mysqli_query($con, "UPDATE user SET password = '".$hash."' WHERE id='".$user_id."'"); } ?> The errors given are if i change user_id to id as it is in my database, I get the same error. I think its because the mysqli_result does not contain a number. If I leave it as $username = $_SESSION['loggedinuser']; then the variable passed to the query is a word and not a number. How can I get $_SESSION['id']; to exist?
-
Ok, lets simplify things, here is a script i found - I have edited my form fields to match the values sent <?php session_start(); $username = $_SESSION['loggedinuser']; $password1 = $_POST['password1']; $password2 = $_REQUEST['password2']; include('database.php'); $sql = mysqli_query($con, "SELECT password, salt FROM user WHERE username ='".$username."'"); while($row = mysqli_fetch_array($sql)){ $salt = $row['salt']; $password = $password1; $hash = md5($salt . $password); mysqli_query($con, "UPDATE user SET password = '".$hash."' WHERE username ='".$username."'"); } ?> The only prob is I get the following error Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in /Applications/XAMPP/xamppfiles/htdocs/changepasswordcheck.php on line 9 I have pasted this into php checker and it says the syntax is correct. Any ideas? This would solve so many problems
-
Ok, this is the result ozzie2004 AND ozzie2004 Error: Password and password again do not match string(9) "ozzie2004" string(9) "ozzie2004" AND Password and password again do not match ​It doesn't seem to be getting the data from the form at all. Even if I change the password it still displays ozzie2004 The form posts to this script with the method set to post I dont understand what is wrong. ​The first thing I want to do is remove the first elseif ($current_password !== $current_stored_password) { include 'includes/overall/header.php'; echo $current_password . ' AND ' . $_POST['current_password'] . ' Error: Password and password again do not match<br>'; echo var_dump($current_password) . ' AND ' . var_dump($_POST['current_password']) . ' Password and password again do not match'; include 'includes/overall/footer.php'; } else { $query = "SELECT password FROM `user` WHERE `username`='username'"; $result = $mysqli->query($query) or die($mysqli->error.__LINE__); // GOING THROUGH THE DATA if($result->num_rows > 0) { while($row = $result->fetch_assoc()) { $current_stored_password = $row['password']; } if(md5($current_password) != ($current_stored_password)) { include 'includes/overall/header.php'; echo $current_password . ' AND ' . $current_stored_password . ' Password and currently stored password do not match'; include 'includes/overall/footer.php'; } } else { // Define a query to run $query = "UPDATE `user` SET `password` = '$password' WHERE `username` = '$username'"; // Query the database $result = mysqli_query($con,$query); // Check if the query failed if( !$result ) { die('There was a problem executing the query ('.$query.'):<br>('.mysqli_errno($con).') '.mysqli_error($con)); } else { include 'includes/overall/header.php'; echo 'Password has been changed'; include 'includes/overall/footer.php'; } } } } // Close the connection mysqli_close($con); ?> I need to remove the first elseif ($current_password !== $current_stored_password) { part of the script and go straight to running the rest of the script correctly
-
Search me lol
-
mikosiko, yes I have just seen that, from here down } /* elseif ($current_password !== $current_stored_password) { include 'includes/overall/header.php'; echo $current_password . ' AND ' . $_POST['current_password'] . ' Error: Password and password again do not match'; include 'includes/overall/header.php'; */ } else { $query = "SELECT password FROM `user` WHERE `username`='username'"; $result = $mysqli->query($query) or die($mysqli->error.__LINE__); // GOING THROUGH THE DATA if($result->num_rows > 0) { while($row = $result->fetch_assoc()) { $current_stored_password = $row['password']; } if(md5($current_password) != ($current_stored_password)) { include 'includes/overall/header.php'; echo $current_password . ' AND ' . $current_stored_password . ' Password and currently stored password do not match'; include 'includes/overall/header.php'; } } else { // Define a query to run $query = "UPDATE `user` SET `password` = '$password' WHERE `username` = '$username'"; // Query the database $result = mysqli_query($con,$query); // Check if the query failed if( !$result ) { die('There was a problem executing the query ('.$query.'):<br>('.mysqli_errno($con).') '.mysqli_error($con)); } else { include 'includes/overall/header.php'; echo 'Password has been changed'; include 'includes/overall/footer.php'; } } } } // Close the connection mysqli_close($con); ?> It is the first check that is throwing out the error. The only thing is, whenever I try to remove one of those checks and error messages, the script doesn't run. What is the correct way to write this? Everything I try results in error messages or blank pages
-
Aarrrggghhh! Nope still doesn't work lol, same error
-
$query = "SELECT password FROM `user` WHERE `username`='username'"; $result = $mysqli->query($query) or die($mysqli->error.__LINE__); // GOING THROUGH THE DATA if($result->num_rows > 0) { while($row = $result->fetch_assoc()) { $current_stored_password = $row['password']; } if(md5($current_password) !== $current_stored_password) { include 'includes/overall/header.php'; echo $_POST['current_password'] . ' AND ' . $current_stored_password . ' Password and password again do not match'; include 'includes/overall/header.php'; } } else { // Define a query to run $query = "UPDATE `user` SET `password` = '$password' WHERE `username` = '$username'"; // Query the database $result = mysqli_query($con,$query); // Check if the query failed if( !$result ) { die('There was a problem executing the query ('.$query.'):<br>('.mysqli_errno($con).') '.mysqli_error($con)); } else { include 'includes/overall/header.php'; echo 'Password has been changed'; include 'includes/overall/footer.php'; } } } } // Close the connection mysqli_close($con); ?> This is the correct code, but with the same problem
-
Ok I don't that, the page now reads <?php session_start(); error_reporting(0); //ini_set('display_errors', '1'); require( 'database.php' ); $username = $_SESSION['loggedinuser']; $current_stored_password = $_SESSION['password']; $current_password = $_POST['current_password']; $password = mysqli_real_escape_string($con, md5( $_POST['password'])); $password_again = mysqli_real_escape_string($con, md5( $_POST['password_again'])); // Run checks if (isset($_POST['current_password'], $_POST['password'], $_POST['password_again'])) { if( strlen( $_POST['current_password'] ) < 8 ) { include('includes/overall/header.php'); echo "Password Must Be 8 or More Characters."; include('includes/overall/footer.php'); } elseif( strlen( $_POST['password'] ) < 8 ) { include('includes/overall/header.php'); echo "Password Must Be 8 or More Characters."; include('includes/overall/footer.php'); } elseif ( strlen( $_POST['password_again'] ) < 8 ) { include('includes/overall/header.php'); echo "Password Must Be 8 or More Characters."; include('includes/overall/footer.php'); } elseif ($password !== $password_again) { include 'includes/overall/header.php'; echo ' Password and password again do not match'; include 'includes/overall/header.php'; } elseif ($current_password !== $current_stored_password) { include 'includes/overall/header.php'; echo $current_password . ' AND ' . $_POST['current_password'] . ' Password and password again do not match'; include 'includes/overall/header.php'; } else { $query = "SELECT password FROM `user` WHERE `username`='username'"; $result = $mysqli->query($query) or die($mysqli->error.__LINE__); // GOING THROUGH THE DATA if($result->num_rows > 0) { while($row = $result->fetch_assoc()) { $current_stored_password = $row['password']; } if($current_password !== $current_stored_password) { include 'includes/overall/header.php'; echo $_SESSION['pass'] . ' AND ' . $_POST['current_password'] . ' Password and password again do not match'; include 'includes/overall/header.php'; } } else { // Define a query to run $query = "UPDATE `user` SET `password` = '$password' WHERE `username` = '$username'"; // Query the database $result = mysqli_query($con,$query); // Check if the query failed if( !$result ) { die('There was a problem executing the query ('.$query.'):<br>('.mysqli_errno($con).') '.mysqli_error($con)); } else { include 'includes/overall/header.php'; echo 'Password has been changed'; include 'includes/overall/footer.php'; } } } } // Close the connection mysqli_close($con); ?> now I get the error ozzie2004 AND ozzie2004 Password and password again do not match But they do match. Whats going on?
-
Please ignore above, I forgot I had removed a field. Braindead lol
-
Hi, I done that and get this message Errormessage: Column count doesn't match value at row 1 The first column in the db is id which is auto increment. The rest of the columns match with the values ??? Im confused lol
-
Im gonna cry, the last version I posted worked yesterday, and now Im getting the message You Could Not Register Because Of An Unexpected Error. From reading through the checks this seems to be because of if( !mysqli_query($con, $sqlRegUser ) ) { include('includes/overall/header.php'); echo "You Could Not Register Because Of An Unexpected Error."; include('includes/overall/footer.php'); } But I can't figure out what the unexpected error is Any ideas?
-
Hi jazzman1, that bit is not the problem, I am having trouble getting the password from the database and assigning it to the $current_stored_password variable. Once this is done I am comfortable with carrying out the check. Just the MySqli I'm having trouble with
-
elseif $query = "SELECT password FROM `user` WHERE `username`='username'"; $result = $mysqli->query($query) or die($mysqli->error.__LINE__); // GOING THROUGH THE DATA if($result->num_rows > 0) { while($row = $result->fetch_assoc()) { $current_stored_password = $row['password']; } ($current_password !== $current_stored_password) { include 'includes/overall/header.php'; echo $_SESSION['pass'] . ' AND ' . $_POST['current_password'] . ' Password and password again do not match'; include 'includes/overall/header.php'; } } else { // Define a query to run $query = "UPDATE `user` SET `password` = '$password' WHERE `username` = '$username'"; // Query the database $result = mysqli_query($con,$query); // Check if the query failed if( !$result ) { die('There was a problem executing the query ('.$query.'):<br>('.mysqli_errno($con).') '.mysqli_error($con)); } else { include 'includes/overall/header.php'; echo 'Password has been changed'; include 'includes/overall/footer.php'; } } } // Close the connection mysqli_close($con); ?> Hi, thanks for your reply. Sorry if I am being thick, but I got the following, but it doesn't work. I can't seem to work out how to assign the result to a variable I can check against. Any help is much appreciated. All of the google results seem to be more complicated than what I need
-
Hi, after following lots of advice and changing to MySqli I am running into a few probs. This is me just probably missing something stupid, I know what I want, but can't figure out what query I should use and where I should place it. All the queries I have tried have failed. I just need a query that gets the $current_stored_password from the password field on the database, to confirm the last check elseif ($current_password !== $current_stored_password) { include 'includes/overall/header.php'; echo $current_password . ' AND ' . $_POST['current_password'] . ' Password and password again do not match'; include 'includes/overall/header.php'; } Here is the whole script. <?php session_start(); error_reporting(0); //ini_set('display_errors', '1'); require( 'database.php' ); $username = $_SESSION['loggedinuser']; $current_stored_password = $_SESSION['password']; $current_password = $_POST['current_password']; $password = mysqli_real_escape_string($con, md5( $_POST['password'])); $password_again = mysqli_real_escape_string($con, md5( $_POST['password_again'])); // Run checks if (isset($_POST['current_password'], $_POST['password'], $_POST['password_again'])) { if( strlen( $_POST['current_password'] ) < 8 ) { include('includes/overall/header.php'); echo "Password Must Be 8 or More Characters."; include('includes/overall/footer.php'); } elseif( strlen( $_POST['password'] ) < 8 ) { include('includes/overall/header.php'); echo "Password Must Be 8 or More Characters."; include('includes/overall/footer.php'); } elseif ( strlen( $_POST['password_again'] ) < 8 ) { include('includes/overall/header.php'); echo "Password Must Be 8 or More Characters."; include('includes/overall/footer.php'); } elseif ($password !== $password_again) { include 'includes/overall/header.php'; echo ' Password and password again do not match'; include 'includes/overall/header.php'; } elseif ($current_password !== $current_stored_password) { include 'includes/overall/header.php'; echo $current_password . ' AND ' . $_POST['current_password'] . ' Password and password again do not match'; include 'includes/overall/header.php'; } else { // Define a query to run $query = "UPDATE `user` SET `password` = '$password' WHERE `username` = '$username'"; // Query the database $result = mysqli_query($con,$query); // Check if the query failed if( !$result ) { die('There was a problem executing the query ('.$query.'):<br>('.mysqli_errno($con).') '.mysqli_error($con)); } else { include 'includes/overall/header.php'; echo 'Password has been changed'; include 'includes/overall/footer.php'; } } } // Close the connection mysqli_close($con); ?> At the moment the message displayed when the form is submitted is echo $current_password . ' AND ' . $_POST['current_password'] . ' Password and password again do not match'; How do I retrieve the password from the database to compare against the current password entered by the user? Any help is much appreciated. PS. Yes I know I have repeated code and that md5 is not secure, but I am just building onto a template I got and will be making changes to shorten the code and secure the password soon
-
Its ok I found a solution, it seems it didn't like too many && isset I changed it to this and it works great <?php error_reporting(E_ALL); ini_set('display_errors', '1'); // some error checking /* if($_POST['reg']){ echo "form submitted"; }else{ echo "form not submitted"; } */ if (isset($_POST['user'], $_POST['pass'], $_POST['pass_again'], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['email_again'], $_POST['address_1'], $_POST['address_2'], $_POST['town'], $_POST['county'], $_POST['postcode'], $_POST['business'], $_POST['vat_registered'], $_POST['vat_number'] ) ) { // echo $_POST['user']." - ".$_POST['pass']." - ".$_POST['email']; if( strlen( $_POST['user'] ) < 5 ) { include('includes/overall/header.php'); echo "Username Must Be 5 or More Characters."; include('includes/overall/footer.php'); } elseif( strlen( $_POST['pass'] ) < 5 ) { include('includes/overall/header.php'); echo "Password Must Be 5 or More Characters."; include('includes/overall/footer.php'); } elseif( $_POST['pass'] == $_POST['user'] ) { include('includes/overall/header.php'); echo "Username And Password Can Not Be The Same."; include('includes/overall/footer.php'); } elseif( $_POST['pass_again'] == "" ) { include('includes/overall/header.php'); echo "Passwords must match"; include('includes/overall/footer.php'); } // CREATE BETTER EMAIL CHECK elseif( $_POST['email'] == "" ) { include('includes/overall/header.php'); echo "Email must be valid."; include('includes/overall/footer.php'); } elseif( $_POST['email_again'] == "" ) { include('includes/overall/header.php'); echo "Emails must match."; include('includes/overall/footer.php'); } elseif( $_POST['address_1'] == "" ) { include('includes/overall/header.php'); echo "Address cannot be empty"; include('includes/overall/footer.php'); } elseif( $_POST['address_2'] == "" ) { include('includes/overall/header.php'); echo "Address cannot be empty"; include('includes/overall/footer.php'); } elseif( $_POST['town'] == "" ) { include('includes/overall/header.php'); echo "Town cannot be empty"; include('includes/overall/footer.php'); } elseif( $_POST['county'] == "" ) { include('includes/overall/header.php'); echo "County cannot be empty"; include('includes/overall/footer.php'); } elseif( $_POST['postcode'] == "" ) { include('includes/overall/header.php'); echo "Postcode cannot be empty"; include('includes/overall/footer.php'); } elseif( $_POST['business'] == "" ) { include('includes/overall/header.php'); echo "Business cannot be empty"; include('includes/overall/footer.php'); } elseif( $_POST['vat_registered'] == "" ) { include('includes/overall/header.php'); echo "VAT Registered cannot be empty"; include('includes/overall/footer.php'); } elseif( $_POST['vat_number'] == "" ) { include('includes/overall/header.php'); echo "VAT number cannot be empty, please enter N/A if not VAT registered."; include('includes/overall/footer.php'); } else { require( 'database.php' ); $username = mysqli_real_escape_string($con, $_POST['user']); //Remove md5() function if not using encryption i.e. $password = $_POST['pass']; $password = mysqli_real_escape_string($con, md5( $_POST['pass'])); $password_again = mysqli_real_escape_string($con, md5( $_POST['pass_again'])); $firstname = mysqli_real_escape_string($con, $_POST['firstname']); $lastname = mysqli_real_escape_string($con, $_POST['lastname']); $email = mysqli_real_escape_string($con, $_POST['email'] ); $email_again = mysqli_real_escape_string($con, $_POST['email_again']); $address_1 = mysqli_real_escape_string($con, $_POST['address_1']); $address_2 = mysqli_real_escape_string($con, $_POST['address_2']); $town = mysqli_real_escape_string($con, $_POST['town']); $county = mysqli_real_escape_string($con, $_POST['county']); $postcode = mysqli_real_escape_string($con, $_POST['postcode']); $business = mysqli_real_escape_string($con, $_POST['business']); $vat_registered = mysqli_real_escape_string($con, $_POST['vat_registered']); $vat_number = mysqli_real_escape_string($con, $_POST['vat_number']); $sqlCheckForDuplicate = "SELECT username FROM user WHERE username = '". $username ."'"; //echo "$sqlCheckForDuplicate<br/>"; $result = mysqli_query($con, $sqlCheckForDuplicate); if(mysqli_num_rows($result) == 0){ //echo "No Duplicates<br/>"; $sqlRegUser = "INSERT INTO user( username, password, password_again, firstname, lastname, email, email_again, address_1, address_2, town, county, postcode, business, vat_registered, vat_number ) VALUES ( '". $username ."', '". $password ."', '". $password_again ."', '". $firstname ."', '". $lastname ."', '". $email ."', '". $email_again ."', '". $address_1 ."', '". $address_2 ."', '". $town ."', '". $county ."', '". $postcode ."', '". $business ."', '". $vat_registered ."', '". $vat_number."' )"; //echo "$sqlRegUser<br/>"; if( !mysqli_query($con, $sqlRegUser ) ) { include('includes/overall/header.php'); echo "You Could Not Register Because Of An Unexpected Error."; include('includes/overall/footer.php'); } else { /* Note: When using the header function, you cannot send output to the browser * before the header function is called. IF you want to echo a message to the * user before going back to your login page then you should use the HTML * Meta Refresh tag. */ //echo "You Are Registered And Can Now Login"; //echo " $username"; //this is for error checking header ('location: login.php'); // if using echo then use meta refresh /* *?> *<meta http-equiv="refresh" content="2;url= login.php/"> *<? */ } mysqli_free_result($result); } else { include('includes/overall/header.php'); echo "The Username You Have Chosen Is Already Being Used By Another User. Please Try Another One."; //echo " $username;" //this is for error checking include('includes/overall/footer.php'); } /* close connection */ mysqli_close($con); } } else { include('includes/overall/header.php'); echo "You Could Not Be Registered Because Of Missing Data."; include('includes/overall/footer.php'); } ?>
-
address1 has been corrected to address_1 and the same with address_2 but error still occurs
-
Hi, I have taken the step of writing my site in MySQLi instead of MYSQL as advised. However, I had a script that I got off the internet, the original file works great and registers the user to the database. However the edited version of the script, where I have added more information such as the users address etc, no longer works. I have compared the two files and can't seem to find the problem. When the script is run, it skips all the registration part and jumps to the last error in the script saying 'You Could Not Be Registered Because Of Missing Data.'. All the variables match the column names in the database. Here is the original working script <?php error_reporting(E_ALL); ini_set('display_errors', '1'); // some error checking /* if($_POST['reg']){ echo "form submitted"; }else{ echo "form not submitted"; } */ if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['email'] ) ){ // echo $_POST['user']." - ".$_POST['pass']." - ".$_POST['email']; if( strlen( $_POST['user'] ) < 5 ) { include('header.inc'); echo "Username Must Be 5 or More Characters."; include('footer.inc'); } elseif( strlen( $_POST['pass'] ) < 5 ) { include('header.inc'); echo "Password Must Be 5 or More Characters."; include('footer.inc'); } elseif( $_POST['pass'] == $_POST['user'] ) { include('header.inc'); echo "Username And Password Can Not Be The Same."; include('footer.inc'); } elseif( $_POST['email'] == "" ) { //More secure to use a regular expression to check that the user is entering a valid email // versus just checking to see if the field is empty include('header.inc'); echo "Email must be valid."; include('footer.inc'); } else { require( 'database.php' ); $username = mysqli_real_escape_string($con, $_POST['user']); //Remove md5() function if not using encryption i.e. $password = $_POST['pass']; $password = mysqli_real_escape_string($con, md5( $_POST['pass'])); $email = mysqli_real_escape_string($con, $_POST['email'] ); $sqlCheckForDuplicate = "SELECT username FROM user WHERE username = '". $username ."'"; //echo "$sqlCheckForDuplicate<br/>"; $result = mysqli_query($con, $sqlCheckForDuplicate); if(mysqli_num_rows($result) == 0){ //echo "No Duplicates<br/>"; $sqlRegUser = "INSERT INTO user( username, password, email ) VALUES ( '". $username ."', '". $password ."', '". $email."' )"; //echo "$sqlRegUser<br/>"; if( !mysqli_query($con, $sqlRegUser ) ) { include('header.inc'); echo "You Could Not Register Because Of An Unexpected Error."; include('footer.inc'); } else { /* Note: When using the header function, you cannot send output to the browser * before the header function is called. IF you want to echo a message to the * user before going back to your login page then you should use the HTML * Meta Refresh tag. */ //echo "You Are Registered And Can Now Login"; //echo " $username"; //this is for error checking header ('location: login.php'); // if using echo then use meta refresh /* *?> *<meta http-equiv="refresh" content="2;url= login.php/"> *<? */ } mysqli_free_result($result); } else { include('header.inc'); echo "The Username You Have Chosen Is Already Being Used By Another User. Please Try Another One."; //echo " $username;" //this is for error checking include('footer.inc'); } /* close connection */ mysqli_close($con); } } else { include('header.inc'); echo "You Could Not Be Registered Because Of Missing Data."; include('footer.inc'); } ?> and here is my version <?php error_reporting(E_ALL); ini_set('display_errors', '1'); if( isset( $_POST['user'] ) && isset( $_POST['pass'] ) && isset( $_POST['pass_again'] ) && isset( $_POST['firstname'] ) && isset( $_POST['lastname'] ) && isset( $_POST['email'] ) && isset( $_POST['email_again'] ) && isset( $_POST['address1'] ) && isset( $_POST['address2'] ) && isset( $_POST['town'] ) && isset( $_POST['county'] ) && isset( $_POST['postcode'] ) && isset( $_POST['business'] ) && isset( $_POST['vat_registered'] ) && isset( $_POST['vat_number'] )) { if( strlen( $_POST['user'] ) < 5 ) { include('includes/overall/header.php'); echo "Username Must Be 5 or More Characters."; include('includes/overall/footer.php'); } elseif( strlen( $_POST['pass'] ) < 5 ) { include('includes/overall/header.php'); echo "Password Must Be 5 or More Characters."; include('includes/overall/footer.php'); } elseif( $_POST['pass'] == $_POST['user'] ) { include('includes/overall/header.php'); echo "Username And Password Can Not Be The Same."; include('includes/overall/footer.php'); } elseif( $_POST['pass_again'] == "" ) { include('includes/overall/header.php'); echo "Passwords must match"; include('includes/overall/footer.php'); } // CREATE BETTER EMAIL CHECK elseif( $_POST['email'] == "" ) { include('includes/overall/header.php'); echo "Email must be valid."; include('includes/overall/footer.php'); } elseif( $_POST['email_again'] == "" ) { include('includes/overall/header.php'); echo "Emails must match."; include('includes/overall/footer.php'); } elseif( $_POST['address_1'] == "" ) { include('includes/overall/header.php'); echo "Address cannot be empty"; include('includes/overall/footer.php'); } elseif( $_POST['address_2'] == "" ) { include('includes/overall/header.php'); echo "Address cannot be empty"; include('includes/overall/footer.php'); } elseif( $_POST['town'] == "" ) { include('includes/overall/header.php'); echo "Town cannot be empty"; include('includes/overall/footer.php'); } elseif( $_POST['county'] == "" ) { include('includes/overall/header.php'); echo "County cannot be empty"; include('includes/overall/footer.php'); } elseif( $_POST['postcode'] == "" ) { include('includes/overall/header.php'); echo "Postcode cannot be empty"; include('includes/overall/footer.php'); } elseif( $_POST['business'] == "" ) { include('includes/overall/header.php'); echo "Business cannot be empty"; include('includes/overall/footer.php'); } elseif( $_POST['vat_registered'] == "" ) { include('includes/overall/header.php'); echo "VAT Registered cannot be empty"; include('includes/overall/footer.php'); } elseif( $_POST['vat_number'] == "" ) { include('includes/overall/header.php'); echo "VAT number cannot be empty, please enter N/A if not VAT registered."; include('includes/overall/footer.php'); } else { require( 'database.php' ); $username = mysqli_real_escape_string($con, $_POST['user']); //Remove md5() function if not using encryption i.e. $password = $_POST['pass']; $password = mysqli_real_escape_string($con, md5( $_POST['pass'])); $password_again = mysqli_real_escape_string($con, md5( $_POST['pass_again'])); $firstname = mysqli_real_escape_string($con, $_POST['firstname']); $lastname = mysqli_real_escape_string($con, $_POST['lastname']); $email = mysqli_real_escape_string($con, $_POST['email'] ); $email_again = mysqli_real_escape_string($con, $_POST['email_again']); $address_1 = mysqli_real_escape_string($con, $_POST['address_1']); $address_2 = mysqli_real_escape_string($con, $_POST['address_2']); $town = mysqli_real_escape_string($con, $_POST['town']); $county = mysqli_real_escape_string($con, $_POST['county']); $postcode = mysqli_real_escape_string($con, $_POST['postcode']); $business = mysqli_real_escape_string($con, $_POST['business']); $vat_registered = mysqli_real_escape_string($con, $_POST['vat_registered']); $vat_number = mysqli_real_escape_string($con, $_POST['vat_number']); $sqlCheckForDuplicate = "SELECT username FROM user WHERE username = '". $username ."'"; //echo "$sqlCheckForDuplicate<br/>"; $result = mysqli_query($con, $sqlCheckForDuplicate); if(mysqli_num_rows($result) == 0){ //echo "No Duplicates<br/>"; $sqlRegUser = "INSERT INTO user( username, password, password_again, firstname, lastname, email, email_again, address_1, address_2, town, county, postcode, business, vat_registered, vat_number ) VALUES ( '". $username ."', '". $password ."', '". $password_again ."', '". $firstname ."', '". $lastname ."', '". $email ."', '". $email_again ."', '". $address_1 ."', '". $address_2 ."', '". $town ."', '". $county ."', '". $postcode ."', '". $business ."', '". $vat_registered ."', '". $vat_number."' )"; //echo "$sqlRegUser<br/>"; if( !mysqli_query($con, $sqlRegUser ) ) { include('includes/overall/header.php'); echo "You Could Not Register Because Of An Unexpected Error."; include('includes/overall/footer.php'); } else { header ('location: login.php'); } mysqli_free_result($result); } else { include('includes/overall/header.php'); echo "The Username You Have Chosen Is Already Being Used By Another User. Please Try Another One."; //echo " $username;" //this is for error checking include('includes/overall/footer.php'); } /* close connection */ mysqli_close($con); } } else { include('includes/overall/header.php'); echo "You Could Not Be Registered Because Of Missing Data."; include('includes/overall/footer.php'); } ?> Error reporting is switched on, I just cant see the problem. Any help is much appreciated
-
Hi, I am trying to convert the register & login script from mysql to mysqli. I have converted the easy parts and have the connection to the database, but the following functions all need changing and I can't work out the correct solution mainly due to the deprecation of mysql_result() The code that needs updating is <?php function user_count() { return mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `active` = 1"), 0); } function users_online() { return mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `logged_in` = 1"), 0); } function change_profile_image($user_id, $file_temp, $file_extn) { $file_path = 'images/profile/' . substr(md5(time()), 0, 10) . '.' . $file_extn; move_uploaded_file($file_temp, $file_path); mysql_query("UPDATE `users` SET `profile` = '" . mysql_real_escape_string($file_path) . "' WHERE `user_id` = " . (int)$user_id); } function has_access($user_id, $type) { $user_id = (int)$user_id; $type = (int)$type; return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_id` = $user_id AND `type` = $type"), 0) == 1) ? true : false; } function activate($email, $email_code) { $email = mysql_real_escape_string($email); $email_code = mysql_real_escape_string($email_code); if (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) == 1) { mysql_query("UPDATE `users` SET `active` = 1 WHERE `email` = '$email'"); return true; } else { return false; } } function user_exists($username) { $username = sanitize($username); $query = mysql_query("SELECT COUNT('user_id') FROM `users` WHERE `username` = '$username'"); return (mysql_result($query, 0) == 1) ? true : false; } function email_exists($email) { $email = sanitize($email); return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email'"), 0) == 1) ? true : false; } function user_id_from_username($username) { $username = sanitize($username); return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id'); } function user_id_from_email($email) { $email = sanitize($email); return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `email` = '$email'"), 0, 'user_id'); } function login($username, $password) { $user_id = user_id_from_username($username); mysql_query("UPDATE `users` SET `logged_in` = 1 WHERE `user_id` = $user_id"); $username = sanitize($username); $password = md5($password); return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false; } ?> And here is what the converter gave me: function user_count() { return mysql_result(mysqli_query($GLOBALS["___mysqli_ston"], "SELECT COUNT(`user_id`) FROM `users` WHERE `active` = 1"), 0); } function users_online() { return mysql_result(mysqli_query($GLOBALS["___mysqli_ston"], "SELECT COUNT(`user_id`) FROM `users` WHERE `logged_in` = 1"), 0); } function change_profile_image($user_id, $file_temp, $file_extn) { $file_path = 'images/profile/' . substr(md5(time()), 0, 10) . '.' . $file_extn; move_uploaded_file($file_temp, $file_path); mysql_query("UPDATE `users` SET `profile` = '" . mysql_real_escape_string($file_path) . "' WHERE `user_id` = " . (int)$user_id); } function has_access($user_id, $type) { $user_id = (int)$user_id; $type = (int)$type; return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_id` = $user_id AND `type` = $type"), 0) == 1) ? true : false; } function activate($email, $email_code) { $email = mysql_real_escape_string($email); $email_code = mysql_real_escape_string($email_code); if (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND `active` = 0"), 0) == 1) { mysql_query("UPDATE `users` SET `active` = 1 WHERE `email` = '$email'"); return true; } else { return false; } } function user_exists($username) { $username = sanitize($username); $query = mysql_query("SELECT COUNT('user_id') FROM `users` WHERE `username` = '$username'"); return (mysql_result($query, 0) == 1) ? true : false; } function email_exists($email) { $email = sanitize($email); return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email'"), 0) == 1) ? true : false; } function user_id_from_username($username) { $username = sanitize($username); return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id'); } function user_id_from_email($email) { $email = sanitize($email); return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `email` = '$email'"), 0, 'user_id'); } function login($username, $password) { $user_id = user_id_from_username($username); mysql_query("UPDATE `users` SET `logged_in` = 1 WHERE `user_id` = $user_id"); $username = sanitize($username); $password = md5($password); return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false; } ?> Please could someone point me in the right direction here? Also my site works perfectly well with MySQL, do I have to convert it to MySQLi? Many Thanks Paul If anyone knows how to solve this, it would be much appreciated. I already have a website template and would prefer to continue with mysqli instead of PDO. Many Thanks Paul