lolclol Posted April 17, 2013 Share Posted April 17, 2013 <?php $conn = mysql_connect("localhost", "root", "pass!"); mysql_select_db("login1", $conn) or die ('Database not found ' . mysql_error() ); $cust = $_GET["username"]; $sql = "select * from weight"; $rs = mysql_query($sql, $conn) or die ('Database not found ' . mysql_error() ); ?> <?php if (mysql_num_rows($rs)>0){ ?> <table width="700" border="1" cellpadding="10"> <tr><td>Username</td><td>date</td><td>weight in lbs</td><td>weight in kg</td></tr> <?php while ($row = mysql_fetch_array($rs)) { ?> <tr> <td><?php echo $row["username"]?></td> <td><?php echo $row["date"]?></td> <td><?php echo $row["weight_lb"]?></td> <td><?php echo $row["weight_kg"]?></td></tr> <?php } ?></table> <?php } else {?> <p>No weight with username<?php echo $username ?> in database.</p> <?php } ?> this is not my code. but everything works but it is showing all users data from the database. I just want it to show the user logged in data and not ever one else. but cant figure it out why its not doing it right. Quote Link to comment https://forums.phpfreaks.com/topic/277045-showing-other-peoples-data/ Share on other sites More sharing options...
gristoi Posted April 17, 2013 Share Posted April 17, 2013 $cust = $_GET["username"]; $sql = "select * from weight where `username` = '{$cust}'"; Quote Link to comment https://forums.phpfreaks.com/topic/277045-showing-other-peoples-data/#findComment-1425314 Share on other sites More sharing options...
lolclol Posted April 17, 2013 Author Share Posted April 17, 2013 it keeps coming up with the else {?> <p>No weight with username<?php echo $username ?> in database. now. Quote Link to comment https://forums.phpfreaks.com/topic/277045-showing-other-peoples-data/#findComment-1425325 Share on other sites More sharing options...
Jessica Posted April 17, 2013 Share Posted April 17, 2013 So, echo the query and try running it in mysql or phpmyadmin and see the result. Â Also, your code is horrible to try to read. Quote Link to comment https://forums.phpfreaks.com/topic/277045-showing-other-peoples-data/#findComment-1425328 Share on other sites More sharing options...
Jessica Posted April 17, 2013 Share Posted April 17, 2013 (edited) <?php $conn = mysql_connect("localhost", "root", "pass!"); mysql_select_db("login1", $conn) or die ('Database not found ' . mysql_error() ); $cust = $_GET["username"]; $sql = "select * from weight"; $rs = mysql_query($sql, $conn) or die ('Database not found ' . mysql_error() ); if (mysql_num_rows($rs)>0){ echo '<table width="700" border="1" cellpadding="10"> <tr> <td>Username</td> <td>date</td> <td>weight in lbs</td> <td>weight in kg</td> </tr>'; while ($row = mysql_fetch_array($rs)) { echo "<tr> <td>{$row['username']}</td> <td>{$row['date']}</td> <td>{$row['weight_lb']}</td> <td>{$row['weight_kg']}</td> </tr>"; } echo '</table>'; }else{ echo "<p>No weight with username: {$username} in database.</p>"; }See how much easier to read that is? Don't go in and out of PHP all the time. Edited April 17, 2013 by Jessica Quote Link to comment https://forums.phpfreaks.com/topic/277045-showing-other-peoples-data/#findComment-1425329 Share on other sites More sharing options...
lolclol Posted April 17, 2013 Author Share Posted April 17, 2013 thank you Jessica it does look easier to read.  No idea where I am going wrong though. just keep showing all data not just the user logged in data Quote Link to comment https://forums.phpfreaks.com/topic/277045-showing-other-peoples-data/#findComment-1425378 Share on other sites More sharing options...
lolclol Posted April 17, 2013 Author Share Posted April 17, 2013 <?php /** * track_weight * @package Membership Manager Pro * @author wojoscripts.com * @copyright 2011 * @version Id: track_weight.php, v2.00 2013-04-16 11:42:41 gewa Exp $ */ define("_VALID_PHP", true); require_once("init.php"); ?> <?php include("header.php");?> <?php if($user->checkMembership('1,6')): ?> <!-- ============= CONTENT AREA STARTS HERE ============== --> <div id="content"> <!-- SLIDER STARTS HERE --> <div id="slider" class="slider2"> <div > </div> <h2 class="slider-head">Track your Weight</h2><br /><br /> <div id="whats-hot" > <p> The best time to weigh yourself is within the first hour as you wake up. </p> </div> <br /><br /><br /> <!-- end of news div --><!-- end of container div --> <div class="w-pet-border"> <?php $conn = mysql_connect("localhost", "root", "pass!"); mysql_select_db("login1", $conn) or die ('Database not found ' . mysql_error() ); $cust = $_GET["username"]; $sql = "select * from weight"; $rs = mysql_query($sql, $conn) or die ('Database not found ' . mysql_error() ); if (mysql_num_rows($rs)>0){ echo '<table width="700" border="1" cellpadding="10"> <tr> <td>Username</td> <td>date</td> <td>weight in lbs</td> <td>weight in kg</td> </tr>'; while ($row = mysql_fetch_array($rs)) { echo "<tr> <td>{$row['username']}</td> <td>{$row['date']}</td> <td>{$row['weight_lb']}</td> <td>{$row['weight_kg']}</td> </tr>"; } echo '</table>'; }else{ echo "<p>No weight with username: {$username} in database.</p>"; } ?> </table> </div><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /> <?php else: ?> <h2>Please <a href="index.php">Login</a> to view this page. or if you are logged in please weight 24 hour or less so Admin can change your Membership </h2> <?php endif; ?> <?php include("footer.php");?> so sorry. but really need help. the user is already logged in and it shows the table if the user was not logged in then it would show the login to view bit. Â this has been racking my brain all day. surly if the user is already logged in then if I run the fetch script then it should just show the user logged in data. could it be something todo with my database? Quote Link to comment https://forums.phpfreaks.com/topic/277045-showing-other-peoples-data/#findComment-1425389 Share on other sites More sharing options...
lemmin Posted April 17, 2013 Share Posted April 17, 2013 (edited) As gristoi hinted at in the first response, you have no conditions set on your query. Â If it says there are no rows with that username, maybe there aren't. Â As Jessica said, did you check the data in your database to see if that username is in the database? Â Also, the code doesn't check for any "logged in" user at all. It just takes the "username" out of the URL. Â Edit: I see the checkMembership part in your newest posted code now. I think the main problem is that you are getting the username from the URL. It should be stored in a session. Can you post the checkMembership function code? Edited April 17, 2013 by lemmin Quote Link to comment https://forums.phpfreaks.com/topic/277045-showing-other-peoples-data/#findComment-1425391 Share on other sites More sharing options...
lolclol Posted April 17, 2013 Author Share Posted April 17, 2013 (edited) hi, lemmin.  http://cffoodtoday.com/testing2/index.php  username testing1 password lolclol go in in nav bar to account - member area - then click on weight.... add a weight then click submit and you will see what I mean.  i got a  Membership Manager code then editing in the weight code Edited April 17, 2013 by lolclol Quote Link to comment https://forums.phpfreaks.com/topic/277045-showing-other-peoples-data/#findComment-1425405 Share on other sites More sharing options...
lemmin Posted April 17, 2013 Share Posted April 17, 2013 That happens because you have no condition on the query. The user data is likely stored in the session. Â I'm assuming you're using some kind of PHP framework that is handling the user system. If you could tell us what that is or post more information about the user object, it would be easier to help you fix the query. Quote Link to comment https://forums.phpfreaks.com/topic/277045-showing-other-peoples-data/#findComment-1425407 Share on other sites More sharing options...
lolclol Posted April 17, 2013 Author Share Posted April 17, 2013 (edited) hum all i know it Membership Manager Pro author wojoscripts.com   here is the class_user.php , if it helps <?php /** * User Class * * @package Membership Manager Pro * @author wojoscripts.com * @copyright 2010 * @version $Id: class_user.php, v2.00 2011-07-10 10:12:05 gewa Exp $ */ if (!defined("_VALID_PHP")) die('Direct access to this location is not allowed.'); class Users { private $uTable = "users"; public $logged_in = null; public $uid = 0; public $userid = 0; public $username; public $email; public $name; public $membership_id = 0; public $userlevel; public $cookie_id = 0; private $lastlogin = "NOW()"; /** * Users::__construct() * * @return */ function __construct() { $this->getUserId(); $this->startSession(); } /** * Users::getUserId() * * @return */ private function getUserId() { global $core; if (isset($_GET['userid'])) { $userid = (is_numeric($_GET['userid']) && $_GET['userid'] > -1) ? intval($_GET['userid']) : false; $userid = sanitize($userid); if ($userid == false) { $core->error("You have selected an Invalid Userid","Users::getUserId()"); } else return $this->userid = $userid; } } /** * Users::startSession() * * @return */ private function startSession() { session_start(); $this->logged_in = $this->loginCheck(); if (!$this->logged_in) { $this->username = $_SESSION['username'] = "Guest"; $this->userlevel = 0; } } /** * Users::loginCheck() * * @return */ private function loginCheck() { if (isset($_COOKIE['MSM_SITECOOKIE']) && isset($_COOKIE['MSM_SITECOOKIE_ID'])) { $this->username = $_SESSION['username'] = $_COOKIE['MSM_SITECOOKIE']; $this->cookie_id = $_SESSION['cookie_id'] = $_COOKIE['MSM_SITECOOKIE_ID']; } if (isset($_SESSION['username']) && isset($_SESSION['cookie_id']) && $_SESSION['username'] != "Guest") { if ($this->confirmUserID($_SESSION['username'], $_SESSION['cookie_id']) != 0) { unset($_SESSION['username']); unset($_SESSION['cookie_id']); return false; } $row = $this->getUserInfo($_SESSION['username']); $this->uid = $row['id']; $this->username = $row['username']; $this->email = $row['email']; $this->name = $row['fname'].' '.$row['lname']; $this->userlevel = $row['userlevel']; $this->cookie_id = $row['cookie_id']; $this->membership_id = $row['membership_id']; return true; } else { return false; } } /** * Users::is_Admin() * * @return */ public function is_Admin() { return($this->userlevel == 9); } /** * Users::login() * * @param mixed $username * @param mixed $pass * @return */ public function login($username, $pass) { global $db, $core; if ($username == "" && $pass == "") { $core->msgs['username'] = 'Please enter valid username and password.'; } else { $status = $this->checkStatus($username, $pass); switch ($status) { case 0: $core->msgs['username'] = 'Login and/or password did not match to the database.'; break; case 1: $core->msgs['username'] = 'Your account has been banned.'; break; case 2: $core->msgs['username'] = 'Your account it\'s not activated.'; break; case 3: $core->msgs['username'] = 'You need to verify your email address.'; break; } } if (empty($core->msgs) && $status == 5) { $row = $this->getUserInfo($username); $this->uid = $_SESSION['userid'] = $row['id']; $this->username = $_SESSION['username'] = $row['username']; $this->email = $_SESSION['email'] = $row['email']; $this->name = $_SESSION['name'] = $row['fname'].' '. $row['lname']; $this->userlevel = $_SESSION['userlevel'] = $row['userlevel']; $this->cookie_id = $_SESSION['cookie_id'] = $this->generateRandID(); $this->membership_id = $_SESSION['membership_id'] = $row['membership_id']; $data = array( 'lastlogin' => $this->lastlogin, 'cookie_id' => $this->cookie_id, 'lastip' => sanitize($_SERVER['REMOTE_ADDR']) ); $db->update($this->uTable, $data, "username='" . $this->username . "'"); if(!$this->validateMembership()) { $data = array( 'membership_id' => 0, 'mem_expire' => "0000-00-00 00:00:00" ); $db->update($this->uTable, $data, "username='" . $this->username . "'"); } if (isset($_POST['remember'])) { setcookie("MSM_SITECOOKIE", $this->username, time() + 60 * 60 * 24 * 60, '/'); setcookie("MSM_SITECOOKIE_ID", $this->cookie_id, time() + 60 * 60 * 24 * 60, '/'); } return true; } else $core->msgStatus(); } /** * Users::logout() * * @return */ public function logout() { if (isset($_COOKIE['MSM_SITECOOKIE']) && isset($_COOKIE['MSM_SITECOOKIE_ID'])) { setcookie("MSM_SITECOOKIE", "", time() - 60 * 60 * 24 * 60, '/'); setcookie("MSM_SITECOOKIE_ID", "", time() - 60 * 60 * 24 * 60, '/'); } unset($_SESSION['username']); unset($_SESSION['email']); unset($_SESSION['name']); unset($_SESSION['membership_id']); unset($_SESSION['userid']); unset($_SESSION['cookie_id']); session_destroy(); session_regenerate_id(); $this->logged_in = false; $this->username = "Guest"; $this->userlevel = 0; } /** * User::confirmUserID() * * @param mixed $username * @param mixed $cookie_id * @return */ function confirmUserID($username, $cookie_id) { global $db; $sql = "SELECT cookie_id FROM users WHERE username = '" . $db->escape($username, true)."'"; $result = $db->query($sql); if (!$result || ($db->numrows($result) < 1)) { return 1; } $row = $db->fetch($result); $row ['cookie_id'] = sanitize($row['cookie_id']); $cookie_id = sanitize($cookie_id); if ($cookie_id == $row['cookie_id']) { return 0; } else { return 2; } } /** * Users::getUserInfo() * * @param mixed $username * @return */ private function getUserInfo($username) { global $db; $username = sanitize($username); $username = $db->escape($username); $sql = "SELECT * FROM " . $this->uTable . " WHERE username = '" . $username . "'"; $row = $db->first($sql); if (!$username) return false; return ($row) ? $row : 0; } /** * Users::checkStatus() * * @param mixed $username * @param mixed $pass * @return */ public function checkStatus($username, $pass) { global $db; $username = sanitize($username); $username = $db->escape($username); $pass = sanitize($pass); $sql = "SELECT password, active FROM " . $this->uTable . "\n WHERE username = '".$username."'"; $result = $db->query($sql); if ($db->numrows($result) == 0) return 0; $row = $db->fetch($result); $entered_pass = sha1($pass); switch ($row['active']) { case "b": return 1; break; case "n": return 2; break; case "t": return 3; break; case "y" && $entered_pass == $row['password']: return 5; break; } } /** * Users::getUsers() * * @param bool $from * @return */ public function getUsers($from = false) { global $db, $pager, $core; require_once(BASEPATH . "lib/class_paginate.php"); $pager = new Paginator(); $counter = countEntries($this->uTable); $pager->items_total = $counter; $pager->default_ipp = $core->perpage; $pager->paginate(); if ($counter == 0) { $pager->limit = null; } if (isset($_GET['sort'])) { list($sort, $order) = explode("-", $_GET['sort']); $sort = sanitize($sort); $order = sanitize($order); if (in_array($sort, array("username", "fname", "lname", "email", "created"))) { $ord = ($order == 'DESC') ? " DESC" : " ASC"; $sorting = " u." . $sort . $ord; } else { $sorting = " u.created DESC"; } } else { $sorting = " u.created DESC"; } $clause = (isset($clause)) ? $clause : null; if (isset($_POST['fromdate']) && $_POST['fromdate'] <> "" || isset($from) && $from != '') { $enddate = date("Y-m-d"); $fromdate = (empty($from)) ? $_POST['fromdate'] : $from; if (isset($_POST['enddate']) && $_POST['enddate'] <> "") { $enddate = $_POST['enddate']; } $clause .= " WHERE u.created BETWEEN '" . trim($fromdate) . "' AND '" . trim($enddate) . " 23:59:59'"; } $sql = "SELECT u.*, CONCAT(u.fname,' ',u.lname) as name, m.title, m.id as mid," . "\n DATE_FORMAT(u.created, '%d. %b. %Y.') as cdate," . "\n DATE_FORMAT(u.lastlogin, '%d. %b. %Y.') as adate" . "\n FROM " . $this->uTable . " as u" . "\n LEFT JOIN memberships as m ON m.id = u.membership_id" . "\n " . $clause . "\n ORDER BY " . $sorting . $pager->limit; $row = $db->fetch_all($sql); return ($row) ? $row : 0; } /** * Users::processUser() * * @return */ public function processUser() { global $db, $core; if (!$this->userid) { if (empty($_POST['username'])) $core->msgs['username'] = 'Please Enter Valid Username'; if ($value = $this->usernameExists($_POST['username'])) { if ($value == 1) $core->msgs['username'] = 'Username Is Too Short (less Than 4 Characters Long).'; if ($value == 2) $core->msgs['username'] = 'Invalid Characters Found In Username.'; if ($value == 3) $core->msgs['username'] = 'Sorry, This Username Is Already Taken'; } } if (empty($_POST['fname'])) $core->msgs['fname'] = 'Please Enter First Name'; if (empty($_POST['lname'])) $core->msgs['lname'] = 'Please Enter Last Name'; if (!$this->userid) { if (empty($_POST['password'])) $core->msgs['password'] = 'Please Enter Valid Password.'; } if (empty($_POST['email'])) $core->msgs['email'] = 'Please Enter Valid Email Address'; if (!$this->userid) { if ($this->emailExists($_POST['email'])) $core->msgs['email'] = 'Entered Email Address Is Already In Use.'; } if (!$this->isValidEmail($_POST['email'])) $core->msgs['email'] = 'Entered Email Address Is Not Valid.'; if (empty($core->msgs)) { $trial = $live = getValue("trial", "memberships", "id = " . intval($_POST['membership_id']) . ""); $data = array( 'username' => sanitize($_POST['username']), 'email' => sanitize($_POST['email']), 'lname' => sanitize($_POST['lname']), 'fname' => sanitize($_POST['fname']), 'membership_id' => intval($_POST['membership_id']), 'mem_expire' => $this->calculateDays($_POST['membership_id']), 'trial_used' => ($trial) ? 1 : 0, 'newsletter' => intval($_POST['newsletter']), 'userlevel' => intval($_POST['userlevel']), 'active' => sanitize($_POST['active']) ); if (!$this->userid) $data['created'] = "NOW()"; if ($this->userid) $userrow = $core->getRowById($this->uTable, $this->userid); if ($_POST['password'] != "") { $data['password'] = sha1($_POST['password']); } else { $data['password'] = $userrow['password']; } // Start Avatar Upload include(BASEPATH . "lib/class_imageUpload.php"); include(BASEPATH . "lib/class_imageResize.php"); $newName = "IMG_" . randName(); $ext = substr($_FILES['avatar']['name'], strrpos($_FILES['avatar']['name'], '.') + 1); $name = $newName.".".strtolower($ext); $als = new Upload(); $als->File = $_FILES['avatar']; $als->method = 1; $als->SavePath = UPLOADS; $als->NewWidth = $core->thumb_w; $als->NewHeight = $core->thumb_h; $als->NewName = $newName; $als->OverWrite = true; $err = $als->UploadFile(); if ($this->userid) { $avatar = getValue("avatar",$this->uTable,"id = '".$this->userid."'"); if (!empty($_FILES['avatar']['name'])) { if ($avatar) { @unlink($als->SavePath . $avatar); } $data['avatar'] = $name; } else { $data['avatar'] = $avatar; } } else { if (!empty($_FILES['avatar']['name'])) $data['avatar'] = $name; } if (count($err) > 0 and is_array($err)) { foreach ($err as $key => $val) { $core->msgError($val, false); } } ($this->userid) ? $db->update($this->uTable, $data, "id='" . (int)$this->userid . "'") : $db->insert($this->uTable, $data); $message = ($this->userid) ? '<span>Success!</span>User updated successfully!' : '<span>Success!</span>User added successfully!'; if ($db->affected()) { $core->msgOk($message); if (isset($_POST['notify']) && intval($_POST['notify']) == 1) { require_once(BASEPATH . "lib/class_mailer.php"); $mailer = $mail->sendMail(); $row = $core->getRowById("email_templates", 3); $body = str_replace(array('[USERNAME]', '[PASSWORD]', '[NAME]', '[SITE_NAME]', '[URL]'), array($data['username'], $_POST['password'], $data['fname'].' '.$data['lname'], $core->site_name, $core->site_url), $row['body']); $message = Swift_Message::newInstance() ->setSubject($row['subject']) ->setTo(array($data['email'] => $data['fname'].' '.$data['lname'])) ->setFrom(array($core->site_email => $core->site_name)) ->setBody(cleanOut($body), 'text/html'); $mailer->send($message); } } else $core->msgAlert('<span>Alert!</span>Nothing to process.'); } else print $core->msgStatus(); } /** * Users::updateProfile() * * @return */ public function updateProfile() { global $db, $core; if (empty($_POST['fname'])) $core->msgs['fname'] = 'Please Enter First Name'; if (empty($_POST['lname'])) $core->msgs['lname'] = 'Please Enter Last Name'; if (empty($_POST['email'])) $core->msgs['email'] = 'Please Enter Valid Email Address'; if (!$this->isValidEmail($_POST['email'])) $core->msgs['email'] = 'Entered Email Address Is Not Valid.'; if (!empty($_FILES['avatar']['name'])) { if (!preg_match("/(\.jpg|\.png|\.gif)$/i", $_FILES['avatar']['name'])) { $core->msgs['avatar'] = 'Illegal file type. Only jpg,png and gif file types allowed.'; } $file_info = getimagesize($_FILES['avatar']['tmp_name']); if(empty($file_info)) $core->msgs['avatar'] = 'Illegal file type. Only jpg,png and gif file types allowed.'; } if (empty($core->msgs)) { $data = array( 'email' => sanitize($_POST['email']), 'lname' => sanitize($_POST['lname']), 'fname' => sanitize($_POST['fname']), 'newsletter' => intval($_POST['newsletter']) ); $userpass = getValue("password", $this->uTable, "id = '".$this->uid."'"); if ($_POST['password'] != "") { $data['password'] = sha1($_POST['password']); } else $data['password'] = $userpass; // Start Avatar Upload include(BASEPATH . "lib/class_imageUpload.php"); include(BASEPATH . "lib/class_imageResize.php"); $newName = "IMG_" . randName(); $ext = substr($_FILES['avatar']['name'], strrpos($_FILES['avatar']['name'], '.') + 1); $name = $newName.".".strtolower($ext); $als = new Upload(); $als->File = $_FILES['avatar']; $als->method = 1; $als->SavePath = UPLOADS; $als->NewWidth = $core->thumb_w; $als->NewHeight = $core->thumb_h; $als->NewName = $newName; $als->OverWrite = true; $err = $als->UploadFile(); $avatar = getValue("avatar",$this->uTable,"id = '".$this->uid."'"); if (!empty($_FILES['avatar']['name'])) { if ($avatar) { @unlink($als->SavePath . $avatar); } $data['avatar'] = $name; } else { $data['avatar'] = $avatar; } if (count($err) > 0 and is_array($err)) { foreach ($err as $key => $val) { $core->msgError($val, false); } } $db->update($this->uTable, $data, "id='" . (int)$this->uid . "'"); ($db->affected()) ? $core->msgOk('<span>Success!</span> You have successfully updated your profile.') : $core->msgAlert('<span>Alert!</span>Nothing to process.'); } else print $core->msgStatus(); } /** * User::register() * * @return */ public function register() { global $db, $core; if (empty($_POST['username'])) $core->msgs['username'] = 'Please Enter Valid Username'; if ($value = $this->usernameExists($_POST['username'])) { if ($value == 1) $core->msgs['username'] = 'Username Is Too Short (less Than 4 Characters Long).'; if ($value == 2) $core->msgs['username'] = 'Invalid Characters Found In Username.'; if ($value == 3) $core->msgs['username'] = 'Sorry, This Username Is Already Taken'; } if (empty($_POST['fname'])) $core->msgs['fname'] = 'Please Enter First Name'; if (empty($_POST['lname'])) $core->msgs['lname'] = 'Please Enter Last Name'; if (empty($_POST['pass'])) $core->msgs['pass'] = 'Please Enter Valid Password.'; if (strlen($_POST['pass']) < 6) $core->msgs['pass'] = 'Password is too short (less than 6 characters long)'; elseif (!preg_match("/^([0-9a-z])+$/i", ($_POST['pass'] = trim($_POST['pass'])))) $core->msgs['pass'] = 'Password entered is not alphanumeric.'; elseif ($_POST['pass'] != $_POST['pass2']) $core->msgs['pass'] = 'Your password did not match the confirmed password!.'; if (empty($_POST['email'])) $core->msgs['email'] = 'Please Enter Valid Email Address'; if ($this->emailExists($_POST['email'])) $core->msgs['email'] = 'Entered Email Address Is Already In Use.'; if (!$this->isValidEmail($_POST['email'])) $core->msgs['email'] = 'Entered Email Address Is Not Valid.'; if ((int)empty($_POST['captcha'])) $core->msgs['captcha'] = 'Please enter the total amount.'; if ($_POST['captcha'] != "9") $core->msgs['captcha'] = 'Entered total amount is incorrect.'; if (empty($core->msgs)) { $token = ($core->reg_verify == 1) ? $this->generateRandID() : 0; $pass = sanitize($_POST['pass']); if($core->reg_verify == 1) { $active = "t"; } elseif($core->auto_verify == 0) { $active = "n"; } else { $active = "y"; } $data = array( 'username' => sanitize($_POST['username']), 'password' => sha1($_POST['pass']), 'email' => sanitize($_POST['email']), 'fname' => sanitize($_POST['fname']), 'lname' => sanitize($_POST['lname']), 'token' => $token, 'active' => $active, 'created' => "NOW()" ); $db->insert($this->uTable, $data); require_once(BASEPATH . "lib/class_mailer.php"); if ($core->reg_verify == 1) { $actlink = $core->site_url . "/activate.php"; $row = $core->getRowById("email_templates", 1); $body = str_replace( array('[NAME]', '[USERNAME]', '[PASSWORD]', '[TOKEN]', '[EMAIL]', '[URL]', '[LINK]', '[SITE_NAME]'), array($data['fname'].' '.$data['lname'], $data['username'], $_POST['pass'], $token, $data['email'], $core->site_url, $actlink, $core->site_name), $row['body'] ); $newbody = cleanOut($body); $mailer = $mail->sendMail(); $message = Swift_Message::newInstance() ->setSubject($row['subject']) ->setTo(array($data['email'] => $data['username'])) ->setFrom(array($core->site_email => $core->site_name)) ->setBody($newbody, 'text/html'); $mailer->send($message); } elseif ($core->auto_verify == 0) { $row = $core->getRowById("email_templates", 14); $body = str_replace( array('[NAME]', '[USERNAME]', '[PASSWORD]', '[URL]', '[SITE_NAME]'), array($data['fname'].' '.$data['lname'], $data['username'], $_POST['pass'], $core->site_url, $core->site_name), $row['body'] ); $newbody = cleanOut($body); $mailer = $mail->sendMail(); $message = Swift_Message::newInstance() ->setSubject($row['subject']) ->setTo(array($data['email'] => $data['username'])) ->setFrom(array($core->site_email => $core->site_name)) ->setBody($newbody, 'text/html'); $mailer->send($message); } else { $row = $core->getRowById("email_templates", 7); $body = str_replace( array('[NAME]', '[USERNAME]', '[PASSWORD]', '[URL]', '[SITE_NAME]'), array($data['fname'].' '.$data['lname'], $data['username'], $_POST['pass'], $core->site_url, $core->site_name), $row['body'] ); $newbody = cleanOut($body); $mailer = $mail->sendMail(); $message = Swift_Message::newInstance() ->setSubject($row['subject']) ->setTo(array($data['email'] => $data['username'])) ->setFrom(array($core->site_email => $core->site_name)) ->setBody($newbody, 'text/html'); $mailer->send($message); } if($core->notify_admin) { $arow = $core->getRowById("email_templates", 13); $abody = str_replace( array('[USERNAME]', '[EMAIL]', '[NAME]', '[IP]'), array($data['username'], $data['email'], $data['fname'].' '.$data['lname'], $_SERVER['REMOTE_ADDR']), $arow['body'] ); $anewbody = cleanOut($abody); $amailer = $mail->sendMail(); $amessage = Swift_Message::newInstance() ->setSubject($arow['subject']) ->setTo(array($core->site_email => $core->site_name)) ->setFrom(array($core->site_email => $core->site_name)) ->setBody($anewbody, 'text/html'); $amailer->send($amessage); } ($db->affected() && $mailer) ? print "OK" : $core->msgError('<span>Error!</span>There was an error during registration process. Please contact the administrator...',false); } else print $core->msgStatus(); } /** * User::passReset() * * @return */ public function passReset() { global $db, $core; if (empty($_POST['uname'])) $core->msgs['uname'] = 'Please Enter Valid Username'; $uname = $this->usernameExists($_POST['uname']); if (strlen($_POST['uname']) < 4 || strlen($_POST['uname']) > 30 || !preg_match("/^([0-9a-z])+$/i", $_POST['uname']) || $uname != 3) $core->msgs['uname'] = 'We are sorry, selected username does not exist in our database'; if (empty($_POST['email'])) $core->msgs['email'] = 'Please Enter Valid Email Address'; if (!$this->emailExists($_POST['email'])) $core->msgs['uname'] = 'Entered Email Address Does Not Exists.'; if (empty($_POST['captcha'])) $core->msgs['captcha'] = 'Please enter the total amount'; if ($_POST['captcha'] != "10") $core->msgs['captcha'] = 'Entered total amount is incorrect'; if (empty($core->msgs)) { $user = $this->getUserInfo($_POST['uname']); $randpass = $this->getUniqueCode(12); $newpass = sha1($randpass); $data['password'] = $newpass; $db->update($this->uTable, $data, "username = '" . $user['username'] . "'"); require_once(BASEPATH . "lib/class_mailer.php"); $row = $core->getRowById("email_templates", 2); $body = str_replace( array('[USERNAME]', '[PASSWORD]', '[URL]', '[LINK]', '[IP]', '[SITE_NAME]'), array($user['username'], $randpass, $core->site_url, $core->site_url, $_SERVER['REMOTE_ADDR'], $core->site_name), $row['body'] ); $newbody = cleanOut($body); $mailer = $mail->sendMail(); $message = Swift_Message::newInstance() ->setSubject($row['subject']) ->setTo(array($user['email'] => $user['username'])) ->setFrom(array($core->site_email => $core->site_name)) ->setBody($newbody, 'text/html'); ($db->affected() && $mailer->send($message)) ? $core->msgOk('<span>Success!</span>You have successfully changed your password. Please check your email for further info!',false) : $core->msgError('<span>Error!</span>There was an error during the process. Please contact the administrator.',false); } else print $core->msgStatus(); } /** * User::activateUser() * * @return */ public function activateUser() { global $db, $core; if (empty($_POST['email'])) $core->msgs['email'] = 'Please Enter Valid Email Address'; if (!$this->emailExists($_POST['email'])) $core->msgs['email'] = 'Entered Email Address Does Not Exists.'; if (empty($_POST['token'])) $core->msgs['token'] = 'The token code is not valid'; if (!$this->validateToken($_POST['token'])) $core->msgs['token'] = 'This account has been already activated!'; if (empty($core->msgs)) { $email = sanitize($_POST['email']); $token = sanitize($_POST['token']); $message = ($core->auto_verify == 1) ? '<span>Success!</span>You have successfully activated your account!' : '<span>Success!</span>Your account is now active. However you still need to wait for administrative approval.'; $data = array( 'token' => 0, 'active' => ($core->auto_verify) ? "y" : "n" ); $db->update($this->uTable, $data, "email = '" . $email . "' AND token = '" . $token . "'"); ($db->affected()) ? $core->msgOk($message,false) : $core->msgError('<span>Error!</span>There was an error during the activation process. Please contact the administrator.',false); } else print $core->msgStatus(); } /** * Users::getUserData() * * @return */ public function getUserData() { global $db, $core; $sql = "SELECT *, DATE_FORMAT(created, '%a. %d, %M %Y') as cdate," . "\n DATE_FORMAT(lastlogin, '%a. %d, %M %Y') as ldate" . "\n FROM " . $this->uTable . "\n WHERE id = '" . $this->uid . "'"; $row = $db->first($sql); return ($row) ? $row : 0; } /** * Users::getUserMembership() * * @return */ public function getUserMembership() { global $db, $core; $sql = "SELECT u.*, m.title," . "\n DATE_FORMAT(u.mem_expire, '%d. %b. %Y.') as expiry" . "\n FROM " . $this->uTable . " as u" . "\n LEFT JOIN memberships as m ON m.id = u.membership_id" . "\n WHERE u.id = '" . $this->uid . "'"; $row = $db->first($sql); return ($row) ? $row : 0; } /** * Users::calculateDays() * * @return */ public function calculateDays($membership_id) { global $db; $now = date('Y-m-d H:i:s'); $row = $db->first("SELECT days, period FROM memberships WHERE id = '" . (int)$membership_id . "'"); if($row) { switch($row['period']) { case "D" : $diff = $row['days']; break; case "W" : $diff = $row['days'] * 7; break; case "M" : $diff = $row['days'] * 30; break; case "Y" : $diff = $row['days'] * 365; break; } $expire = date("Y-m-d H:i:s", strtotime($now . + $diff . " days")); } else { $expire = "0000-00-00 00:00:00"; } return $expire; } /** * User::trialUsed() * * @return */ public function trialUsed() { global $db; $sql = "SELECT trial_used" . "\n FROM ".$this->uTable . "\n WHERE id ='" . $this->uid . "'" . "\n LIMIT 1"; $row = $db->first($sql); return ($row['trial_used'] == 1) ? true : false; } /** * Users::validateMembership() * * @return */ public function validateMembership() { global $db; $sql = "SELECT mem_expire" . "\n FROM " . $this->uTable . "\n WHERE id = '" . $this->uid . "'" . "\n AND TO_DAYS(mem_expire) > TO_DAYS(NOW())"; $row = $db->first($sql); return ($row) ? $row : 0; } /** * Users::checkMembership() * * @param string $memids * @return */ public function checkMembership($memids) { global $db; $m_arr = explode(",", $memids); reset($m_arr); if ($this->logged_in and $this->validateMembership() and in_array($this->membership_id, $m_arr)) { return true; } else return false; } /** * Users::usernameExists() * * @param mixed $username * @return */ private function usernameExists($username) { global $db; $username = sanitize($username); if (strlen($db->escape($username)) < 4) return 1; $alpha_num = str_replace(" ", "", $username); if (!ctype_alnum($alpha_num)) return 2; $sql = $db->query("SELECT username" . "\n FROM users" . "\n WHERE username = '" . $username . "'" . "\n LIMIT 1"); $count = $db->numrows($sql); return ($count > 0) ? 3 : false; } /** * User::emailExists() * * @param mixed $email * @return */ private function emailExists($email) { global $db; $sql = $db->query("SELECT email" . "\n FROM users" . "\n WHERE email = '" . sanitize($email) . "'" . "\n LIMIT 1"); if ($db->numrows($sql) == 1) { return true; } else return false; } /** * User::isValidEmail() * * @param mixed $email * @return */ private function isValidEmail($email) { if (function_exists('filter_var')) { if (filter_var($email, FILTER_VALIDATE_EMAIL)) { return true; } else return false; } else return preg_match('/^[a-zA-Z0-9._+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/', $email); } /** * User::validateToken() * * @param mixed $token * @return */ private function validateToken($token) { global $db; $token = sanitize($token,40); $sql = "SELECT token" . "\n FROM ".$this->uTable . "\n WHERE token ='" . $db->escape($token) . "'" . "\n LIMIT 1"; $result = $db->query($sql); if ($db->numrows($result)) return true; } /** * Users::getUniqueCode() * * @param string $length * @return */ private function getUniqueCode($length = "") { $code = sha1(uniqid(rand(), true)); if ($length != "") { return substr($code, 0, $length); } else return $code; } /** * Users::generateRandID() * * @return */ private function generateRandID() { return sha1($this->getUniqueCode(24)); } /** * Users::levelCheck() * * @param string $levels * @return */ public function levelCheck($levels) { global $db; $m_arr = explode(",", $levels); reset($m_arr); if ($this->logged_in and in_array($this->userlevel, $m_arr)) return true; } /** * Users::getUserLevels() * * @return */ public function getUserLevels($level = false) { $arr = array( 9 => 'Super Admin', 1 => 'Registered User', 2 => 'User Level 2', 3 => 'User Level 3', 4 => 'User Level 4', 5 => 'User Level 5', 6 => 'User Level 6', 7 => 'User Level 7' ); $list = ''; foreach ($arr as $key => $val) { if ($key == $level) { $list .= "<option selected=\"selected\" value=\"$key\">$val</option>\n"; } else $list .= "<option value=\"$key\">$val</option>\n"; } unset($val); return $list; } /** * Users::getUserFilter() * * @return */ public function getUserFilter() { $arr = array( 'username-ASC' => 'Username ↑', 'username-DESC' => 'Username & ↓', 'fname-ASC' => 'First Name ↑', 'fname-DESC' => 'First Name ↓', 'lname-ASC' => 'Last Name ↑', 'lname-DESC' => 'Last Name ↓', 'email-ASC' => 'Email Address ↑', 'email-DESC' => 'Email Address ↓', 'created-ASC' => 'Registered ↑', 'created-DESC' => 'Registered ↓', ); $filter = ''; foreach ($arr as $key => $val) { if ($key == get('sort')) { $filter .= "<option selected=\"selected\" value=\"$key\">$val</option>\n"; } else $filter .= "<option value=\"$key\">$val</option>\n"; } unset($val); return $filter; } } ?> Edited April 17, 2013 by lolclol Quote Link to comment https://forums.phpfreaks.com/topic/277045-showing-other-peoples-data/#findComment-1425410 Share on other sites More sharing options...
lemmin Posted April 17, 2013 Share Posted April 17, 2013 Ok, try changing the $sql variable to this: $sql = "select * from weight WHERE username = '.$user->username.'"; Quote Link to comment https://forums.phpfreaks.com/topic/277045-showing-other-peoples-data/#findComment-1425411 Share on other sites More sharing options...
lolclol Posted April 17, 2013 Author Share Posted April 17, 2013 (edited) no luck just get error echo No weight with username: in database. thank you for the help Edited April 17, 2013 by lolclol Quote Link to comment https://forums.phpfreaks.com/topic/277045-showing-other-peoples-data/#findComment-1425419 Share on other sites More sharing options...
lolclol Posted April 17, 2013 Author Share Posted April 17, 2013 $sql = "select * from weight WHERE username = '$user->username'"; Â i took out the . at '$user->username'Â Â and it works for just the admin but not other users Quote Link to comment https://forums.phpfreaks.com/topic/277045-showing-other-peoples-data/#findComment-1425422 Share on other sites More sharing options...
lolclol Posted April 17, 2013 Author Share Posted April 17, 2013 all fixed.. thank you so much  limmin Quote Link to comment https://forums.phpfreaks.com/topic/277045-showing-other-peoples-data/#findComment-1425423 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.