Jump to content

ianhaney50

Members
 View Profile  See their activity

  • Posts

    261

  • Joined

  • Last visited

  • Days Won

    1

 Content Type 

Everything posted by ianhaney50

  1. ianhaney50
    I done the small line change and I uploaded a doc file and that was added into the folder on the server but no info was added to the database and outputs the following error on the page MySQL error no 1064 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's CV word.doc', 'Candidate')' at line 2 if I select another word doc, I get the following show Sorry, only PDF, DOC & DOCX files are allowed.
  2. ianhaney50
    I did the var dump and it outputted the following string(34) "application/msword; charset=binary" I'll make the small change now and see what happens then
  3. ianhaney50
    Sorry just testing the coding and keeps saying Sorry, only PDF, DOC & DOCX files are allowed. even when I upload PDF or DOC file? The coding is in the post just above
  4. ianhaney50
    Ahh yeah sorry didn't see it in there I got it like this now Is that right? <?php // this should be in its own file, and then include() it $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); # check connection if ($mysqli->connect_errno) { echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>"; exit(); } // check if a form was submitted if (!empty($_POST)) { // check if there are any upload errors if ($_FILES['cvfile']['error'] === UPLOAD_ERR_OK) { // make sure the file is not too large if ($_FILES["cvfile"]["size"] <= 500000) { $target = "/home/sites/broadwaymediadesigns.co.uk/public_html/sites/recruitment-site/candidatecvs/"; $target = $target . basename($_FILES['cvfile']['name']); // make sure the file doesn't already exist if (!file_exists($target)) { $allowedMimes = array('application/pdf', 'application/msword'); $finfo = new finfo(FILEINFO_MIME); $mimetype = $finfo->file($_FILES['cvfile']['tmp_name']); // make sure we have an allowed MIME type if (in_array($mimetype, $allowedMimes)) { // make sure the file was moved to the destination if (move_uploaded_file($_FILES['cvfile']['tmp_name'], $target) !== false) { // do database stuff here ## query database # prepare data for insertion $username = mysqli_real_escape_string($mysqli, $_POST['username']); $password = md5($_POST['password']); /*$password = $_POST['password'];*/ $name = mysqli_real_escape_string($mysqli, $_POST['name']); $dob = date('Y-m-d', strtotime($_POST['dob'])); $email = mysqli_real_escape_string($mysqli, $_POST['email']); $address1 = mysqli_real_escape_string($mysqli, $_POST['address1']); $address2 = mysqli_real_escape_string($mysqli, $_POST['address2']); $town = mysqli_real_escape_string($mysqli, $_POST['town']); $county = mysqli_real_escape_string($mysqli, $_POST['county']); $postcode = mysqli_real_escape_string($mysqli, $_POST['postcode']); $telnumber = mysqli_real_escape_string($mysqli, $_POST['telnumber']); $mobnumber = mysqli_real_escape_string($mysqli, $_POST['mobnumber']); $worklocation = mysqli_real_escape_string($mysqli, $_POST['worklocation']); $desiredsalary = mysqli_real_escape_string($mysqli, $_POST['desiredsalary']); $currentempstatus = mysqli_real_escape_string($mysqli, $_POST['currentempstatus']); $educationlevel = mysqli_real_escape_string($mysqli, $_POST['educationlevel']); $availableforwork = mysqli_real_escape_string($mysqli, $_POST['availableforwork']); $jobtype = mysqli_real_escape_string($mysqli, $_POST['jobtype']); $cv = ($_FILES['cvfile']['name']); $role = mysqli_real_escape_string($mysqli, $_POST['role']); # check if username and email exist else insert // u = username, e = emai, ue = both username and email already exists $exists = ""; $result = $mysqli->query("SELECT username from candidates WHERE username = '{$username}' LIMIT 1"); if ($result->num_rows == 1) { $exists .= "u"; } $result = $mysqli->query("SELECT email from candidates WHERE email = '{$email}' LIMIT 1"); if ($result->num_rows == 1) { $exists .= "e"; } if ($exists == "u") echo "<p><b>Error:</b> Username already exists!</p>"; else if ($exists == "e") echo "<p><b>Error:</b> Email already exists!</p>"; else if ($exists == "ue") echo "<p><b>Error:</b> Username and Email already exists!</p>"; else { # insert data into mysql database $sql = "INSERT INTO `candidates` (`id`, `username`, `password`, `name`, `dob`, `email`, `address1`, `address2`, `town`, `county`, `postcode`, `telnumber`, `mobnumber`, `worklocation`, `desiredsalary`, `currentempstatus`, `educationlevel`, `availableforwork`, `jobtype`, `cvfile`, `role`) VALUES (NULL, '{$username}', '{$password}', '{$name}', '{$dob}', '{$email}', '{$address1}', '{$address2}', '{$town}', '{$county}', '{$postcode}', '{$telnumber}', '{$mobnumber}', '{$worklocation}', '{$desiredsalary}', '{$currentempstatus}', '{$educationlevel}', '{$availableforwork}', '{$jobtype}', '{$cv}', 'Candidate')"; if ($mysqli->query($sql)) { $to = $_POST['email']; $subject = "Login Credentials"; $message = "Thank you for signing up, your login information is below \r\n Username: {$_POST['username']} \r\n Password: {$_POST['password']}"; $header = "From:noreply@domain.co.uk \r\n"; $retval = mail ($to,$subject,$message,$header); if( $retval == true ) { echo "Message sent successfully..."; } else { echo "Message could not be sent..."; } redirect_to("candidates-login.php?msg=Registered successfully"); } else { echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>"; exit(); } } // finally, show success message echo "<p class='success'>Form has been submitted successfully.</p>"; } else { // file could not be moved to destination echo "Sorry, there was an error uploading your file."; } } else { // disallowed MIME type echo "Sorry, only PDF, DOC & DOCX files are allowed."; } } else { // file already exists echo "Sorry, file already exists."; } } else { // file is too large echo "Sorry, your file is too large."; } } else { // upload error echo "Sorry, there was an error uploading your file."; } } ?>
  5. ianhaney50
    I been looking through and sort of understand it but am confused as to where the rest of the coding fits in such as the query etc <?php ## query database # prepare data for insertion $username = mysqli_real_escape_string($mysqli, $_POST['username']); $password = md5($_POST['password']); /*$password = $_POST['password'];*/ $name = mysqli_real_escape_string($mysqli, $_POST['name']); $dob = date('Y-m-d', strtotime($_POST['dob'])); $email = mysqli_real_escape_string($mysqli, $_POST['email']); $address1 = mysqli_real_escape_string($mysqli, $_POST['address1']); $address2 = mysqli_real_escape_string($mysqli, $_POST['address2']); $town = mysqli_real_escape_string($mysqli, $_POST['town']); $county = mysqli_real_escape_string($mysqli, $_POST['county']); $postcode = mysqli_real_escape_string($mysqli, $_POST['postcode']); $telnumber = mysqli_real_escape_string($mysqli, $_POST['telnumber']); $mobnumber = mysqli_real_escape_string($mysqli, $_POST['mobnumber']); $worklocation = mysqli_real_escape_string($mysqli, $_POST['worklocation']); $desiredsalary = mysqli_real_escape_string($mysqli, $_POST['desiredsalary']); $currentempstatus = mysqli_real_escape_string($mysqli, $_POST['currentempstatus']); $educationlevel = mysqli_real_escape_string($mysqli, $_POST['educationlevel']); $availableforwork = mysqli_real_escape_string($mysqli, $_POST['availableforwork']); $jobtype = mysqli_real_escape_string($mysqli, $_POST['jobtype']); $cv = ($_FILES['cvfile']['name']); $role = mysqli_real_escape_string($mysqli, $_POST['role']); # check if username and email exist else insert // u = username, e = emai, ue = both username and email already exists $exists = ""; $result = $mysqli->query("SELECT username from candidates WHERE username = '{$username}' LIMIT 1"); if ($result->num_rows == 1) { $exists .= "u"; } $result = $mysqli->query("SELECT email from candidates WHERE email = '{$email}' LIMIT 1"); if ($result->num_rows == 1) { $exists .= "e"; } if ($exists == "u") echo "<p><b>Error:</b> Username already exists!</p>"; else if ($exists == "e") echo "<p><b>Error:</b> Email already exists!</p>"; else if ($exists == "ue") echo "<p><b>Error:</b> Username and Email already exists!</p>"; else { # insert data into mysql database $sql = "INSERT INTO `candidates` (`id`, `username`, `password`, `name`, `dob`, `email`, `address1`, `address2`, `town`, `county`, `postcode`, `telnumber`, `mobnumber`, `worklocation`, `desiredsalary`, `currentempstatus`, `educationlevel`, `availableforwork`, `jobtype`, `cvfile`, `role`) VALUES (NULL, '{$username}', '{$password}', '{$name}', '{$dob}', '{$email}', '{$address1}', '{$address2}', '{$town}', '{$county}', '{$postcode}', '{$telnumber}', '{$mobnumber}', '{$worklocation}', '{$desiredsalary}', '{$currentempstatus}', '{$educationlevel}', '{$availableforwork}', '{$jobtype}', '{$cv}', 'Candidate')"; if ($mysqli->query($sql)) { $to = $_POST['email']; $subject = "Login Credentials"; $message = "Thank you for signing up, your login information is below \r\n Username: {$_POST['username']} \r\n Password: {$_POST['password']}"; $header = "From:noreply@domain.co.uk \r\n"; $retval = mail ($to,$subject,$message,$header); if( $retval == true ) { echo "Message sent successfully..."; } else { echo "Message could not be sent..."; } redirect_to("candidates-login.php?msg=Registered successfully"); } else { echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>"; exit(); } } ?> Would that go below or above the rewritten code?
  6. ianhaney50
    I found the coding you provided for checking the mimetype $finfo = new finfo(FILEINFO_MIME); $mimetype = $finfo->file($_FILES['cvfile']['tmp_name']); if (!in_array($mimetype, $types)) { $ok = 0; } so do I need to put that in place of the current coding I have as getting bit lost with it now I put in exit(); as per the following coding // Allow certain file formats if($FileType != "application/pdf" && $FileType != "application/msword" ) { echo "Sorry, only PDF, DOC & DOCX files are allowed."; $uploadOk = FALSE; exit(); } I thought it was working as the query is not being executed?
  7. ianhaney50
    Think I am getting bit closer, I took on board what you been saying and altered the coding as below, the form now is not adding any data to the database which is good as am testing it by uploading a php file which is not a allowed file, so when I click submit the output on the page is below Form has been submitted successfully. File is an image - /.Sorry, only PDF, DOC & DOCX files are allowed. I just now need the Form has been submitted successfully. to not display as users will think they have been registered, can you quickly check over the coding to see if is right or see if I am doing anything wrong still in relation to the file types etc. I think I have done it by MIME type and not the extension? <?php if (isset($_POST['submit']) && isset($error) == '') { // if there is no error, then process further echo "<p class='success'>Form has been submitted successfully.</p>"; // showing success message ## connect mysql server $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); # check connection if ($mysqli->connect_errno) { echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>"; exit(); } //This is the directory where images will be saved $target = "/home/sites/broadwaymediadesigns.co.uk/public_html/sites/recruitment-site/candidatecvs/"; $target = $target . basename( $_FILES['cvfile']['name']); $uploadOk = TRUE; $FileType = pathinfo($target,PATHINFO_EXTENSION); // Check if image file is a actual image or fake image if(isset($_POST["submit"])) { $check = ($_FILES["cvfile"]["tmp_name"]); if($check !== false) { echo "File is an image - " . $check["mime"] . "."; $uploadOk = TRUE; } else { echo "File is not an image."; $uploadOk = FALSE; } } // Check if file already exists if (file_exists($target)) { echo "Sorry, file already exists."; $uploadOk = FALSE; } // Check file size if ($_FILES["cvfile"]["size"] > 500000) { echo "Sorry, your file is too large."; $uploadOk = FALSE; } // Allow certain file formats if($FileType != "application/pdf" && $FileType != "application/msword" ) { echo "Sorry, only PDF, DOC & DOCX files are allowed."; $uploadOk = FALSE; exit(); } // Check if $uploadOk is set to 0 by an error if ($uploadOk == FALSE) { echo "Sorry, your file was not uploaded."; // if everything is ok, try to upload file } else { if (move_uploaded_file($_FILES["cvfile"]["tmp_name"], $target)) { echo "The file ". basename( $_FILES["cvfile"]["name"]). " has been uploaded."; } else { echo "Sorry, there was an error uploading your file."; } } ## query database # prepare data for insertion $username = mysqli_real_escape_string($mysqli, $_POST['username']); $password = md5($_POST['password']); /*$password = $_POST['password'];*/ $name = mysqli_real_escape_string($mysqli, $_POST['name']); $dob = date('Y-m-d', strtotime($_POST['dob'])); $email = mysqli_real_escape_string($mysqli, $_POST['email']); $address1 = mysqli_real_escape_string($mysqli, $_POST['address1']); $address2 = mysqli_real_escape_string($mysqli, $_POST['address2']); $town = mysqli_real_escape_string($mysqli, $_POST['town']); $county = mysqli_real_escape_string($mysqli, $_POST['county']); $postcode = mysqli_real_escape_string($mysqli, $_POST['postcode']); $telnumber = mysqli_real_escape_string($mysqli, $_POST['telnumber']); $mobnumber = mysqli_real_escape_string($mysqli, $_POST['mobnumber']); $worklocation = mysqli_real_escape_string($mysqli, $_POST['worklocation']); $desiredsalary = mysqli_real_escape_string($mysqli, $_POST['desiredsalary']); $currentempstatus = mysqli_real_escape_string($mysqli, $_POST['currentempstatus']); $educationlevel = mysqli_real_escape_string($mysqli, $_POST['educationlevel']); $availableforwork = mysqli_real_escape_string($mysqli, $_POST['availableforwork']); $jobtype = mysqli_real_escape_string($mysqli, $_POST['jobtype']); $cv = ($_FILES['cvfile']['name']); $role = mysqli_real_escape_string($mysqli, $_POST['role']); # check if username and email exist else insert // u = username, e = emai, ue = both username and email already exists $exists = ""; $result = $mysqli->query("SELECT username from candidates WHERE username = '{$username}' LIMIT 1"); if ($result->num_rows == 1) { $exists .= "u"; } $result = $mysqli->query("SELECT email from candidates WHERE email = '{$email}' LIMIT 1"); if ($result->num_rows == 1) { $exists .= "e"; } if ($exists == "u") echo "<p><b>Error:</b> Username already exists!</p>"; else if ($exists == "e") echo "<p><b>Error:</b> Email already exists!</p>"; else if ($exists == "ue") echo "<p><b>Error:</b> Username and Email already exists!</p>"; else { # insert data into mysql database $sql = "INSERT INTO `candidates` (`id`, `username`, `password`, `name`, `dob`, `email`, `address1`, `address2`, `town`, `county`, `postcode`, `telnumber`, `mobnumber`, `worklocation`, `desiredsalary`, `currentempstatus`, `educationlevel`, `availableforwork`, `jobtype`, `cvfile`, `role`) VALUES (NULL, '{$username}', '{$password}', '{$name}', '{$dob}', '{$email}', '{$address1}', '{$address2}', '{$town}', '{$county}', '{$postcode}', '{$telnumber}', '{$mobnumber}', '{$worklocation}', '{$desiredsalary}', '{$currentempstatus}', '{$educationlevel}', '{$availableforwork}', '{$jobtype}', '{$cv}', 'Candidate')"; if ($mysqli->query($sql)) { $to = $_POST['email']; $subject = "Login Credentials"; $message = "Thank you for signing up, your login information is below \r\n Username: {$_POST['username']} \r\n Password: {$_POST['password']}"; $header = "From:noreply@domain.co.uk \r\n"; $retval = mail ($to,$subject,$message,$header); if( $retval == true ) { echo "Message sent successfully..."; } else { echo "Message could not be sent..."; } redirect_to("candidates-login.php?msg=Registered successfully"); } else { echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>"; exit(); } } } ?>
  8. ianhaney50
    Hi I have changed the coding so is now the following but the script is still executing if I attempt to upload a disallowed php file as I have only allowed pdf and doc files to be uploaded, the script is sort of working as it is not letting the php file to be uploaded into the folder but the code is still inserting data to the database but I need the script to stop executing if a disallowed file type is uploaded and a error message displayed saying only pdf or doc files only <?php if (isset($_POST['submit']) && isset($error) == '') { // if there is no error, then process further echo "<p class='success'>Form has been submitted successfully.</p>"; // showing success message ## connect mysql server $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); # check connection if ($mysqli->connect_errno) { echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>"; exit(); } //This is the directory where images will be saved $target = "/home/sites/broadwaymediadesigns.co.uk/public_html/sites/recruitment-site/candidatecvs/"; $target = $target . basename( $_FILES['cvfile']['name']); $uploadOk = 1; $imageFileType = pathinfo($target,PATHINFO_EXTENSION); // Check if image file is a actual image or fake image if(isset($_POST["submit"])) { $check = getimagesize($_FILES["cvfile"]["tmp_name"]); if($check !== false) { echo "File is an image - " . $check["mime"] . "."; $uploadOk = 1; } else { echo "File is not an image."; $uploadOk = 0; } } // Check if file already exists if (file_exists($target)) { echo "Sorry, file already exists."; $uploadOk = 0; } // Check file size if ($_FILES["cvfile"]["size"] > 500000) { echo "Sorry, your file is too large."; $uploadOk = 0; } // Allow certain file formats if($imageFileType != "pdf" && $imageFileType != "doc" && $imageFileType != "docx" ) { echo "Sorry, only PDF, DOC & DOCX files are allowed."; $uploadOk = 0; } // Check if $uploadOk is set to 0 by an error if ($uploadOk == 0) { echo "Sorry, your file was not uploaded."; // if everything is ok, try to upload file } else { if (move_uploaded_file($_FILES["cvfile"]["tmp_name"], $target)) { echo "The file ". basename( $_FILES["cvfile"]["name"]). " has been uploaded."; } else { echo "Sorry, there was an error uploading your file."; } } ## query database # prepare data for insertion $username = mysqli_real_escape_string($mysqli, $_POST['username']); $password = md5($_POST['password']); /*$password = $_POST['password'];*/ $name = mysqli_real_escape_string($mysqli, $_POST['name']); $dob = date('Y-m-d', strtotime($_POST['dob'])); $email = mysqli_real_escape_string($mysqli, $_POST['email']); $address1 = mysqli_real_escape_string($mysqli, $_POST['address1']); $address2 = mysqli_real_escape_string($mysqli, $_POST['address2']); $town = mysqli_real_escape_string($mysqli, $_POST['town']); $county = mysqli_real_escape_string($mysqli, $_POST['county']); $postcode = mysqli_real_escape_string($mysqli, $_POST['postcode']); $telnumber = mysqli_real_escape_string($mysqli, $_POST['telnumber']); $mobnumber = mysqli_real_escape_string($mysqli, $_POST['mobnumber']); $worklocation = mysqli_real_escape_string($mysqli, $_POST['worklocation']); $desiredsalary = mysqli_real_escape_string($mysqli, $_POST['desiredsalary']); $currentempstatus = mysqli_real_escape_string($mysqli, $_POST['currentempstatus']); $educationlevel = mysqli_real_escape_string($mysqli, $_POST['educationlevel']); $availableforwork = mysqli_real_escape_string($mysqli, $_POST['availableforwork']); $jobtype = mysqli_real_escape_string($mysqli, $_POST['jobtype']); $cv = ($_FILES['cvfile']['name']); $role = mysqli_real_escape_string($mysqli, $_POST['role']); # check if username and email exist else insert // u = username, e = emai, ue = both username and email already exists $exists = ""; $result = $mysqli->query("SELECT username from candidates WHERE username = '{$username}' LIMIT 1"); if ($result->num_rows == 1) { $exists .= "u"; } $result = $mysqli->query("SELECT email from candidates WHERE email = '{$email}' LIMIT 1"); if ($result->num_rows == 1) { $exists .= "e"; } if ($exists == "u") echo "<p><b>Error:</b> Username already exists!</p>"; else if ($exists == "e") echo "<p><b>Error:</b> Email already exists!</p>"; else if ($exists == "ue") echo "<p><b>Error:</b> Username and Email already exists!</p>"; else { # insert data into mysql database $sql = "INSERT INTO `candidates` (`id`, `username`, `password`, `name`, `dob`, `email`, `address1`, `address2`, `town`, `county`, `postcode`, `telnumber`, `mobnumber`, `worklocation`, `desiredsalary`, `currentempstatus`, `educationlevel`, `availableforwork`, `jobtype`, `cvfile`, `role`) VALUES (NULL, '{$username}', '{$password}', '{$name}', '{$dob}', '{$email}', '{$address1}', '{$address2}', '{$town}', '{$county}', '{$postcode}', '{$telnumber}', '{$mobnumber}', '{$worklocation}', '{$desiredsalary}', '{$currentempstatus}', '{$educationlevel}', '{$availableforwork}', '{$jobtype}', '{$cv}', 'Candidate')"; if ($mysqli->query($sql)) { $to = $_POST['email']; $subject = "Login Credentials"; $message = "Thank you for signing up, your login information is below \r\n Username: {$_POST['username']} \r\n Password: {$_POST['password']}"; $header = "From:noreply@domain.co.uk \r\n"; $retval = mail ($to,$subject,$message,$header); if( $retval == true ) { echo "Message sent successfully..."; } else { echo "Message could not be sent..."; } redirect_to("candidates-login.php?msg=Registered successfully"); } else { echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>"; exit(); } } } ?>
  9. ianhaney50
    Sorry I am struck again, I am trying to restrict file types being uploaded on signup, I put coding in in what I thought would restrict the file types but I have just managed to upload a php file where as pdf and doc file types should only being allowed to upload, below is the whole coding I have //This is the directory where images will be saved $target = "/home/sites/broadwaymediadesigns.co.uk/public_html/sites/recruitment-site/candidatecvs/"; $target = $target . basename( $_FILES['cvfile']['name']); $ok=1; $types = array('application/msword', 'application/pdf'); if (in_array($_FILES['cvfile']['type'], $types)) { // file is okay continue } else { $ok=0; } //Here we check that $ok was not set to 0 by an error if ($ok==0){ Echo "Sorry your file was not uploaded. It may be the wrong filetype. We only allow DOC and PDF filetypes."; } else{ //Writes the photo to the server if(move_uploaded_file($_FILES['cvfile']['tmp_name'], $target)) { //Tells you if its all ok echo "The file ". basename( $_FILES['cvfile']['name']). " has been uploaded, and your information has been added to the directory"; } else { //Gives and error if its not echo "Sorry, there was a problem uploading your file."; } } I am not sure what I have missed out
  10. ianhaney50
    Ahh cool got it, thank you so much is working perfect Thank you so much
  11. ianhaney50
    or do I add the role to session on the candidate-profile.php page as they are redirected to that page when they log in?
  12. ianhaney50
    Hi Guru Thank you for the reply, appreciate it I get the bit about the menu coding but am confused on where to put the session coding in on the candidate login page below is the current coding on the candidate-login.php page <?php require_once("functions.php"); require_once("db-const.php"); session_start(); if (logged_in() == true) { redirect_to("candidates-profile.php"); } $title = "Candidates Login - Recruitment Site"; $pgDesc=""; $pgKeywords=""; include ( 'includes/header.php' ); if (isset($_POST['submit'])) { $username = $_POST['username']; /*$password = $_POST['password'];*/ $password = md5($_POST['password']); // processing remember me option and setting cookie with long expiry date if (isset($_POST['remember'])) { session_set_cookie_params('604800'); //one week (value in seconds) session_regenerate_id(true); } $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); # check connection if ($mysqli->connect_errno) { echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>"; exit(); } $sql = "SELECT * from candidates WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1"; $result = $mysqli->query($sql); if ($result->num_rows != 1) { echo "<p><b>Error:</b> Invalid username/password combination</p>"; } else { // Authenticated, set session variables $user = $result->fetch_array(); $_SESSION['user_id'] = $user['id']; $_SESSION['username'] = $user['username']; // update status to online $timestamp = time(); $sql = "UPDATE candidates SET status={$timestamp} WHERE id={$_SESSION['user_id']}"; $result = $mysqli->query($sql); redirect_to("candidates-profile.php?id={$_SESSION['user_id']}"); // do stuffs } } if(isset($_GET['msg'])) { echo "<p class='msg'>".$_GET['msg']."</p>"; } ?> <!--CONTENT--> <div id="column-whole"> <div class="features"> <!-- The HTML login form --> <form action="<?=$_SERVER['PHP_SELF']?>" method="post"> <label>Username:</label> <input type="text" name="username" /><br /> <label>Password:</label> <input type="password" name="password" /><br /> Remember me: <input type="checkbox" name="remember" /><br /> <br /><br /> <a class="button" href="forgot.php">Forgot Password?</a> <br /> <input type="submit" name="submit" value="Login" /> </form> </div> </div> <!--CONTENT--> <?php include( 'includes/footer.php' ); ?>
  13. ianhaney50
    Hi I have came across a hopefully small issue I have noticed on my project I am working on, if I sign in as either a candidate, agency or employer, the link changes from login to logout under each dropdown within my menu which I can understand as is cause of the session in the coding etc. what I would like to do is for example is under the candidate menu to show logout only if I am logged in as the candidate but the other two under agency and employer stay as login until I log in as either agency or employer A way I have thought of is in each db table is create a role column and on signup, it automatically inserts the value so if a candidate signs up, the role column has a value of Candidate added in the db and then the same for agency and employer so was seeing if was a way to use that role value to only show logout if that role value is logged in Hope that makes sense Below is my menu coding so far, if need to see any other coding like the signup coding, let me know and will paste it in on here <div id="menu"> <ul> <a href="index.php"><li>Home</li></a> <a href="#"><li>About</li></a> <li>Candidates <ul> <?php if (logged_in() == true) { echo '<a href="candidates-logout.php"><li>Log Out</li></a>'; } else { echo '<a href="candidates-login.php"><li>Login</li></a>'; } ?> <a href="candidates-signup.php"><li>Sign Up</li></a> </ul> </li> <li>Agency <ul> <?php if (logged_in() == true) { echo '<a href="agency-logout.php"><li>Log Out</li></a>'; } else { echo '<a href="agency-login.php"><li>Login</li></a>'; } ?> <a href="agency-signup.php"><li>Sign Up</li></a> </ul> </li> <li>Employers <ul> <?php if (logged_in() == true) { echo '<a href="employers-logout.php"><li>Log Out</li></a>'; } else { echo '<a href="employers-login.php"><li>Login</li></a>'; } ?> <a href="employers-signup.php"><li>Sign Up</li></a> </ul> </li> <a href="#"><li>Contact</li></a> </ul> </div>
  14. ianhaney50
    I just sorted it using the following in my SELECT query, also sorry yeah am storing date as date type in the database , DATE_FORMAT(dob, '%e %M %Y') as dob
  15. ianhaney50
    I am getting the data storing as yyyy-mm-dd in the database now which is good but can't work out how to echo the data as dd-mm-yyyy format on the candidates profile php page I currently have the following echo "Date of Birth: " . $row ['dob']; I have tried a few ways but can't remember what they were now as few diff ways
  16. ianhaney50
    sorted it doing it with the full path
  17. ianhaney50
    I am getting somewhere now, I realised I had username and email in the indexes in the phpmyadmin so removed them and tested again but just had candidatecvs/ in the target folder path and got no errors and says registered successfully so is working but the file is not being uploaded on to the server still
  18. ianhaney50
    I just entered the folder location on the server as the following $target = "http://www.broadwaymediadesigns.co.uk/sites/recruitment-site/candidatescvs/"; when tested again, I get the following error Warning: move_uploaded_file(http://www.broadwaymediadesigns.co.uk/sites/recruitment-site/candidatescvs/testimonials.png): failed to open stream: HTTP wrapper does not support writeable connections in /home/sites/broadwaymediadesigns.co.uk/public_html/sites/recruitment-site/candidates-signup.php on line 88 Warning: move_uploaded_file(): Unable to move '/tmp/phpaIPzdh' to 'http://www.broadwaymediadesigns.co.uk/sites/recruitment-site/candidatescvs/testimonials.png' in /home/sites/broadwaymediadesigns.co.uk/public_html/sites/recruitment-site/candidates-signup.php on line 88 Sorry, there was a problem uploading your file. MySQL error no 1062 : Duplicate entry 'ianhaney' for key 'username'
  19. ianhaney50
    Yeah the folder is the on the server, wonder if I should the enter full folder path in the $target line and see if that works but have the exact same script on another site and that works, yeah I have got the permissions set to 755 on the folder
  20. ianhaney50
    Hi I am trying to get a file uploaded onto the ftp server and get the filepath stored in the mysql database, I have got the location stored in the database but the file is not uploading onto the server, I have tried a .doc file and a .png file and keeps saying the same error Form has been submitted successfully. Warning: move_uploaded_file(candidatescvs/testimonials.png): failed to open stream: No such file or directory in /home/sites/broadwaymediadesigns.co.uk/public_html/sites/recruitment-site/candidates-signup.php on line 88 Warning: move_uploaded_file(): Unable to move '/tmp/phpQgIPaN' to 'candidatescvs/testimonials.png' in /home/sites/broadwaymediadesigns.co.uk/public_html/sites/recruitment-site/candidates-signup.php on line 88 Sorry, there was a problem uploading your file. MySQL error no 1062 : Duplicate entry 'ianhaney' for key 'username' All the data is being saved correctly apart from the dob gets stored as 0000-00-00 in the database but will sort that issue after I can't work out why the file is being uploaded onto the ftp server, the coding is below <?php ini_set('display_startup_errors',1); ini_set('display_errors',1); error_reporting(-1); ?> <?php require_once("functions.php"); require_once("db-const.php"); ?> <?php $title = "Candidates Signup - Recruitment Site"; $pgDesc=""; $pgKeywords=""; include ( 'includes/header.php' ); ?> <!--CONTENT--> <?php if (isset($_POST['submit']) && isset($error) == '') { // if there is no error, then process further echo "<p class='success'>Form has been submitted successfully.</p>"; // showing success message ## connect mysql server $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); # check connection if ($mysqli->connect_errno) { echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>"; exit(); } //This is the directory where images will be saved $target = "candidatescvs/"; $target = $target . basename( $_FILES['cvfile']['name']); ## query database # prepare data for insertion $username = mysqli_real_escape_string($mysqli, $_POST['username']); $password = md5($_POST['password']); /*$password = $_POST['password'];*/ $name = mysqli_real_escape_string($mysqli, $_POST['name']); $dob = ($_POST['dob']); $email = mysqli_real_escape_string($mysqli, $_POST['email']); $address1 = mysqli_real_escape_string($mysqli, $_POST['address1']); $address2 = mysqli_real_escape_string($mysqli, $_POST['address2']); $town = mysqli_real_escape_string($mysqli, $_POST['town']); $county = mysqli_real_escape_string($mysqli, $_POST['county']); $postcode = mysqli_real_escape_string($mysqli, $_POST['postcode']); $telnumber = mysqli_real_escape_string($mysqli, $_POST['telnumber']); $mobnumber = mysqli_real_escape_string($mysqli, $_POST['mobnumber']); $worklocation = mysqli_real_escape_string($mysqli, $_POST['worklocation']); $desiredsalary = mysqli_real_escape_string($mysqli, $_POST['desiredsalary']); $currentempstatus = mysqli_real_escape_string($mysqli, $_POST['currentempstatus']); $educationlevel = mysqli_real_escape_string($mysqli, $_POST['educationlevel']); $availableforwork = mysqli_real_escape_string($mysqli, $_POST['availableforwork']); $jobtype = mysqli_real_escape_string($mysqli, $_POST['jobtype']); $cv = ($_FILES['cvfile']['name']); # check if username and email exist else insert // u = username, e = emai, ue = both username and email already exists $exists = ""; $result = $mysqli->query("SELECT username from candidates WHERE username = '{$username}' LIMIT 1"); if ($result->num_rows == 1) { $exists .= "u"; } $result = $mysqli->query("SELECT email from candidates WHERE email = '{$email}' LIMIT 1"); if ($result->num_rows == 1) { $exists .= "e"; } if ($exists == "u") echo "<p><b>Error:</b> Username already exists!</p>"; else if ($exists == "e") echo "<p><b>Error:</b> Email already exists!</p>"; else if ($exists == "ue") echo "<p><b>Error:</b> Username and Email already exists!</p>"; else { # insert data into mysql database $sql = "INSERT INTO `candidates` (`id`, `username`, `password`, `name`, `dob`, `email`, `address1`, `address2`, `town`, `county`, `postcode`, `telnumber`, `mobnumber`, `worklocation`, `desiredsalary`, `currentempstatus`, `educationlevel`, `availableforwork`, `jobtype`, `cvfile`) VALUES (NULL, '{$username}', '{$password}', '{$name}', '{$dob}', '{$email}', '{$address1}', '{$address2}', '{$town}', '{$county}', '{$postcode}', '{$telnumber}', '{$mobnumber}', '{$worklocation}', '{$desiredsalary}', '{$currentempstatus}', '{$educationlevel}', '{$availableforwork}', '{$jobtype}', '{$cv}')"; $result = $mysqli->query($sql); $id = $mysqli->insert_id; //Writes the photo to the server if(move_uploaded_file($_FILES['cvfile']['tmp_name'], $target)) { //Tells you if its all ok echo "The file ". basename( $_FILES['cvfile']['name']). " has been uploaded, and your information has been added to the directory"; } else { //Gives and error if its not echo "Sorry, there was a problem uploading your file."; } $dob = date('Y-m-d', strtotime($_POST['dob'])); if ($mysqli->query($sql)) { $to = $_POST['email']; $subject = "Login Credentials"; $message = "Thank you for signing up, your login information is below \r\n Username: {$_POST['username']} \r\n Password: {$_POST['password']}"; $header = "From:noreply@domain.co.uk \r\n"; $retval = mail ($to,$subject,$message,$header); if( $retval == true ) { echo "Message sent successfully..."; } else { echo "Message could not be sent..."; } redirect_to("candidates-login.php?msg=Registered successfully"); } else { echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>"; exit(); } } } ?> <!-- The HTML registration form --> <form method="post" action="<?=$_SERVER['PHP_SELF']?>" enctype="multipart/form-data"> <br /> <label>Upload CV: </label> <input type="hidden" name="size" value="350000"> <input type="file" name="cvfile"> <br /><br /> <input type="submit" name="submit" value="Register" disabled="disabled" id="submitBtn" /> </form> <!--CONTENT--> I took out all the other fields in the form and just left the upload cv coding in the form
  21. ianhaney50
    Sorry sorted it
  22. ianhaney50
    Hi On my signup form is mobile number field and it needs to entered in international format so like 447538503276 but users are still entering it as 07538503276 even though I have a hint/tooltip on there explaining that when they click and hover on the mobile number field so was just seeing if there was a way to convert the number automatically when entered as 07538503276 to 447538503276 as at the mo I am having to change them manually via phpmyadmin Kind regards Ian
  23. ianhaney50
    sussed it, I got it all working perfect now
  24. ianhaney50
    Hi Now am stuck on editing the profile, hopefully the updating of the other fields work but for now am testing the updating of the image as thought that would be most difficult to do, the errors I ma getting is below Notice: Undefined index: photo in /home/sites/broadwaymediadesigns.co.uk/public_html/sites/directory-site/edit-data.php on line 32 Notice: Undefined index: companyname in /home/sites/broadwaymediadesigns.co.uk/public_html/sites/directory-site/edit-data.php on line 37 Notice: Undefined index: photo in /home/sites/broadwaymediadesigns.co.uk/public_html/sites/directory-site/edit-data.php on line 46 Notice: Undefined index: photo in /home/sites/broadwaymediadesigns.co.uk/public_html/sites/directory-site/edit-data.php on line 51 Sorry, there was a problem uploading your file.You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id=65' at line 1 The coding I have is below is from edit-data.php <?php ini_set('display_startup_errors',1); ini_set('display_errors',1); error_reporting(-1); require_once("functions.php"); require_once("db-const.php"); include 'includes/header.php'; if (logged_in() == false) { redirect_to("login.php"); exit; } else { if (isset($_GET['id']) && $_GET['id'] != "") { $id = $_GET['id']; } else { $id = $_SESSION['user_id']; } $db = mysqli_connect("" , "", "") or die("Check connection parameters!"); // Optionally skip select_db and use: mysqli_connect(host,user,pass,dbname) mysqli_select_db($db,"") or die(mysqli_error($db)); if (mysqli_connect_error()) { die ('Failed to connect to MySQL'); } //This is the directory where images will be saved $target = "uploads/"; $target = $target . basename( $_FILES['photo']['name']); // Prepared statements are better, but at least escape things before tossing them into a query $id = mysqli_real_escape_string($db, $id); $companyname = mysqli_real_escape_string($db, $_POST['companyname']); $email = mysqli_real_escape_string($db, $_POST['email']); $address1 = mysqli_real_escape_string($db, $_POST['address1']); $address2 = mysqli_real_escape_string($db, $_POST['address2']); $town = mysqli_real_escape_string($db, $_POST['town']); $county = mysqli_real_escape_string($db, $_POST['county']); $postcode = mysqli_real_escape_string($db, $_POST['postcode']); $telnumber = mysqli_real_escape_string($db, $_POST['telnumber']); $category = mysqli_real_escape_string($db, $_POST['category']); $pic = ($_FILES['photo']['name']); $sql1 = "UPDATE users SET companyname='$companyname', email='$email', address1='$address1', address2='$address2', town='$town', county='$county', postcode='$postcode', telnumber='$telnumber', photo='$pic', WHERE id=$id;"; //Writes the photo to the server if(move_uploaded_file($_FILES['photo']['tmp_name'], $target)) { //Tells you if its all ok echo "The file ". basename( $_FILES['photo']['name']). " has been uploaded, and your information has been added to the directory"; } else { //Gives and error if its not echo "Sorry, there was a problem uploading your file."; } } $query1 = mysqli_query($db, $sql1) or die (mysqli_error($db)); header("location:profile.php?id={$_SESSION['user_id']}"); ?> <?php include 'includes/footer.php'; ?> Below is the coding from the edit-profile.php file <?php ini_set('display_startup_errors', 1); ini_set('display_errors', 1); error_reporting(-1); require_once "functions.php"; require_once "db-const.php"; $title = "Edit My Account Profile - Directory Site"; $pgDesc = ""; $pgKeywords = ""; include 'includes/header.php'; if (logged_in() == false) { redirect_to("login.php"); exit; } else { if (isset($_GET['id']) && $_GET['id'] != "") { $id = $_GET['id']; } else { $id = $_SESSION['user_id']; } $db = mysqli_connect("" , "", "") or die("Check connection parameters!"); // Optionally skip select_db and use: mysqli_connect(host,user,pass,dbname) mysqli_select_db($db,"") or die(mysqli_error($db)); if (mysqli_connect_error()) { die ('Failed to connect to MySQL'); } } // Prepared statements are better, but at least escape things before tossing them into a query $id = mysqli_real_escape_string($db, $id); $sql = "SELECT u.id, u.companyname, u.email, u.address1, u.address2, u.town, u.county, u.postcode, u.telnumber, u.category, u.photo FROM users AS u WHERE u.id= {$id}"; $query = mysqli_query($db, $sql) or die (mysqli_error($db)); $rows = array(); while ($row = mysqli_fetch_assoc($query)) { $rows[] = $row; } // We'll just use the first row for the form since most of the data will be the same $row = $rows[0]; ?> <!--CONTENT--> <div id="column-whole"> <form method="post" action="edit-data.php"> <input type="hidden" name="id" value="<?php echo $row['id']; ?>"> <label>Company Name :</label> <input type="text" name="name" required="required" placeholder="Please Enter Company Name" value="<?php echo $row['companyname']; ?>" /> <br /><br /> <label>Email :</label> <input type="email" name="email" required="required" placeholder="Please Enter Email" value="<?php echo $row['email']; ?>" /> <br /><br /> <label>Address Line 1 :</label> <input type="text" name="address1" required="required" placeholder="Please Enter Address Line 1" value="<?php echo $row['address1'];?>" /> <br /><br /> <label>Address Line 2 :</label> <input type="text" name="address2" required="required" placeholder="Please Enter Address Line 2" value="<?php echo $row['address2'];?>" /> <br /><br /> <label>Town :</label> <input type="text" name="town" required="required" placeholder="Please Enter Town" value="<?php echo $row['town'];?>" /> <br /><br /> <label>County :</label> <input type="text" name="county" required="required" placeholder="Please Enter County" value="<?php echo $row['county'];?>" /> <br /><br /> <label>Postcode :</label> <input type="text" name="postcode" required="required" placeholder="Please Enter Postcode" value="<?php echo $row['postcode'];?>" /> <br /><br /> <label>Telephone Number :</label> <input type="text" name="telnumber" required="required" placeholder="Please Enter Telephone Number" value="<?php echo $row['telnumber'];?>" /> <br /><br /> <label>Category :</label> <input type="text" name="category" required="required" placeholder="Please Enter Chosen Category" value="<?php echo $row['category'];?>" /> <br /><br /> <label>Upload Image :</label> <input type="hidden" name="size" value="350000"> <input type="file" name="photo" /> <br /><br /> <input type="submit" name="submit value" value="Update"> </form> </div> <!--CONTENT--> <?php include 'includes/footer.php'; ?>
  25. ianhaney50
    sorry sussed it, I had the querie being executed twice within the coding so took one out and is working perfect now and is not duplicating anymore in the database
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.