sqlnoob Posted January 31, 2015 Share Posted January 31, 2015 <?php //COOKIE CHECKER if (isset($_COOKIE["person"])){ if (filter_var($_COOKIE["person"], FILTER_VALIDATE_INT)){ $user_id = $_COOKIE["person"]; //DATABASE CONNECTION VARIABLES $myserver ="localhost"; $myname = "username"; $mypassword = "password"; $mydb ="dbname"; /*SQL CONNECTION*/ // Create connection $conn = new mysqli($myserver, $myname, $mypassword, $mydb); // Check connection if ($conn->connect_error) { echo '<!DOCTYPE HTML> <HTML> <HEAD> <TITLE>test</TITLE> </HEAD> <BODY> <H1>Decline of the Han - Three Kingdoms</H1>'; die("Connection failed: " . $conn->connect_error); echo '</BODY> </HTML>'; } else { //COUNT USER $cquery = "SELECT COUNT(*) AS usercheck FROM Players WHERE ID = ?"; $cid = $conn->prepare($cquery); $cid->bind_param('i', $user_id); $cid->execute(); $cid->bind_result($usercheck); $cid->fetch(); if ($usercheck ==1){ if (isset($_POST["profile"])){ if(!filter_var($_POST["profile"], FILTER_SANITIZE_STRING)){ echo '<!DOCTYPE HTML> <HTML> <HEAD> <TITLE>test</TITLE> </HEAD> <BODY>'; echo '<P class="error">Unable to filter bio <a href="biography.php">return</a></P>'; echo '</BODY> </HTML>'; } else { $profile = $_POST["profile"]; $sql = "UPDATE Player_Data SET Bio =? WHERE ID=?"; $q = $conn->prepare($sql); $q->bind_param("si", $profile, $user_id); $q->execute(); echo '<P>Biography altered <a href="biography.php">return</a></P>'; //close connection $conn->close(); } } } else { echo '<!DOCTYPE HTML> <HTML> <HEAD> <TITLE>test</TITLE> </HEAD> <BODY>'; echo '<P class="error">'.$usercheck.' '.$user_id.'</P>'; echo '<P class="error">No such user found!</P>'; //close connection $conn->close(); //foot echo '</BODY> </HTML>'; } //end connection check } } else { echo '<!DOCTYPE HTML> <HTML> <HEAD> <TITLE>test</TITLE> </HEAD> <BODY>'; echo '<P class="error">ERROR invalid cookie!</P>'; echo '</BODY> </HTML>'; } } else { echo '<!DOCTYPE HTML> <HTML> <HEAD> <TITLE>test</TITLE> </HEAD> <BODY>'; echo '<P class="error">No cookie detected!<br><a href="login.php">login</a></P>'; echo '</BODY> </HTML>'; } ?> I have an error in the update, but I am not seeing where I made it. Its annoying because the update won't execute and anything beyond the update isn't visible in the html source code in the browser, so it is likely to be a syntax error, but where? Quote Link to comment Share on other sites More sharing options...
requinix Posted January 31, 2015 Share Posted January 31, 2015 Have you considered finding out what the error is? Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted January 31, 2015 Share Posted January 31, 2015 sorry to blast away at your code, but it contains a huge security hole, in that you are putting the user_id from the database into a cookie. this will let anyone impersonate any user and modify that user's data, simply by setting the cookie to any value they want. the only place the user_id should exist at is on the server. your login system should set a session variable with the user_id. if you want a cookie, as a longer term/remember me, login, you should generate a unique and hard to guess token value, and store that in the cookie and in the user data in the database. next, you have a lot of repetition in your code, making it harder for anyone to see what the program logic actually is, which i suspect may be (didn't actually copy the code to check) why part of it is not running. your html document should only be defined once, near the end, after a majority of the php program logic. all the php form processing logic and any database logic should be near the start of your file and should contain no html markup. Quote Link to comment Share on other sites More sharing options...
sqlnoob Posted February 1, 2015 Author Share Posted February 1, 2015 error no doesn't work, as nothing happens beyond the update as for the user ID I am aware of that. The actual one will have a random key, which i left out here. Quote Link to comment Share on other sites More sharing options...
maxxd Posted February 1, 2015 Share Posted February 1, 2015 First and foremost, you'll want to turn on error checking at the top of your script error_reporting(-1); ini_set('display_errors',true); Secondly, and I don't know if this is a forum-related thing or not, but the lack of indentation in the code makes it difficult to read and follow what's actually happening. I thought for a second you had an improperly nested if-else loop, but I missed an opening bracket earlier in the code. Also - just as a side-note - mac_gyver is absolutely correct about the issue with the repetition in the code. You're typing way too much, but that's a thing for later. Right now, turn on error reporting and see what that has to say. Quote Link to comment Share on other sites More sharing options...
CroNiX Posted February 2, 2015 Share Posted February 2, 2015 DRY: Don't Repeat Yourself. If you find yourself writing the same thing over and over (like your opening HTML), then that is a good indicator something is not structured correctly. No matter what your script does, it's going to send the same HTML starting code. So might as well write it once and not 5 times. <!DOCTYPE HTML> <HTML> <HEAD> <TITLE>test</TITLE> </HEAD> <BODY> <?php //all your php code here. ?> </BODY> </HTML> Quote Link to comment Share on other sites More sharing options...
tryingtolearn Posted February 2, 2015 Share Posted February 2, 2015 Which message is getting echoed out? Invalid cookie? if (filter_var($_COOKIE["person"], FILTER_VALIDATE_INT)){ I dont think that is going to work for you, cookies will return string data type Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.