Drummin:
There are many ways to paginate. I prefer to query one time building a data set then show the part being requested. Something like this.
<?php
session_start();
include ("config.php");
if(isset($_SESSION['username'])){}else{
header("location: ../index.php");
exit;
}
$username = mysqli_real_escape_string ($db, $_SESSION['username']);
/////////////////////////////////////////
//////// Define records per page ////////
$records_per_page=5;
/////////////////////////////////////////
// Query and build record set as $rows //
$rows = array();
$sql = "SELECT
`sf`.`id`,
`u`.`name`,
`sf`.`rank`,
`sf`.`channel_username`,
`sf`.`video_link`,
`sf`.`video_title`,
`sf`.`video_description`,
`sf`.`video_tags`,
`sf`.`music_sources`,
`sf`.`special_requests`
FROM `users` AS u
LEFT JOIN `submitted_forms` AS sf
ON sf.username = u.username
WHERE u.username = '$username'";
$result = $db->query($sql) or die(mysqli_error($db));
while ($row = $result->fetch_assoc()){
$rows[] = $row;
}
//////////////////////////////////////////
// $page defined as $_GET['page'] or 1 //
$page = (isset($_GET['page']) ? (int)$_GET['page'] : 1);
/////////////////////////////////////////
//////////// Total Records //////////////
$total = count($rows);
/////////////////////////////////////////
//////////////Total Pages ///////////////
$pages = ceil($total / $records_per_page);
/*///////////////////////////////////////
Our $rows array starts with KEY 0, so adjust
offset of $page - 1 times records per page
*////////////////////////////////////////
$offset = ($page - 1) * $records_per_page;
/////////////////////////////////////////
// Add 1 to offset for showing to user //
$start = $offset + 1;
/////////////////////////////////////////
////// Get last record being shown //////
$end = min(($offset + $records_per_page), $total);
/////////////////////////////////////////
/////////// Previous link ///////////////
$prevlink = ($page > 1) ? "<a href=\\"?page=1\\" title=\\"First page\\">«</a> <a href=\\"?page=" . ($page - 1) . "\\" title=\\"Previous page\\">‹</a>" : "<span class=\\"disabled\\">«</span> <span class=\\"disabled\\">‹</span>";
/////////////////////////////////////////
///////////// Next link /////////////////
$nextlink = ($page < $pages) ? "<a href=\\"?page=" . ($page + 1) . "\\" title=\\"Next page\\">›</a> <a href=\\"?page=" . $pages . "\\" title=\\"Last page\\">»</a>" : "<span class=\\"disabled\\">›</span> <span class=\\"disabled\\">»</span>";
/////////////////////////////////////////
//////// Paging information /////////////
$paginate = "<div class=\\"paging\\">" . $prevlink . " Page " . $page . " of " . $pages . " pages, displaying " . $start . "-" . $end . " of " . $total . " results " . $nextlink . " </div>";
?>
<?xml version="1.0" encoding="windows-1252"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
<style type="text/css">
.display {
width:100%;
background-color:#E5E5E5;
color:#000000;
font-family: Arial;
font-size: 13px;
}
.display th{
background-color:#84848E;
color:#FFF;
font-size: 12px;
font-weight:bold;
text-align:center;
}
.display td{
background-color:#FFF;
color:#00000;
font-weight:normal;
}
.display .head td{
background-color:#B1B1BE;
color:#00000;
font-weight:bold;
}
.paging {
width:500px;
text-align:center;
margin: 2px auto;
font-size:14px;
}
.paging a:link{
text-decoration:none;
color:#0033CC;
font-weight:bold;
font-size:24px;
cursor:pointer;
}
.paging .disabled{
color:#000;
font-weight:bold;
font-size:24px;
}
</style>
</head>
<body>
<table border=0 summary="" cellspacing="1" cellpadding="1" class="display">
<?php
$headrows = array();
if (($page > 0) && ($page <= $pages)){
$start = ($page-1) * $records_per_page;
for($i=$start;$i<=($records_per_page+$start-1) && $i<$total;$i++){
if(!in_array($rows[$i]['name'],$headrows)){
echo '<tr>
<th colspan="6">'.$rows[$i]['name'].' (Rank: '.$rows[$i]['rank'].')</th>
</tr>
<tr class="head">
<td>Channel Name</td>
<td>Title</td>
<td>Description</td>
<td>Video Tags</td>
<td>Music Sources</td>
<td>Special Requests</td>
</tr>';
$headrows[] = $rows[$i]['name'];
}
echo '<tr>
<td>'.$rows[$i]['channel_username'].'</td>
<td><a href="'.$rows[$i]['video_link'].'">'.$rows[$i]['video_title'].'</a></td>
<td>'.$rows[$i]['video_description'].'</td>
<td>'.$rows[$i]['video_tags'].'</td>
<td>'.$rows[$i]['music_sources'].'</td>
<td>'.$rows[$i]['special_requests'].'</td>
</tr>';
}
}
?>
</table>
<?php echo $paginate;?>
</body>
</html>
Thank you! I’ll try that now. I also have another problem with another code for my site. Its registration, but before they register, I add the account and email to the database and if it finds the email and username, it sends them an email with a link to activate there account and set there password. Well, the second half with the password isn’t working. Its not submitting, it just refreshes.
<?php
session_start();
require '../core/config.php';
$url = "http://elitegamerforums.com/db/";
if(isset($_SESSION['confirmer']))
{
$email = $_GET['email'];
$username = $_GET['username'];
$code = $_GET['code'];
$codedef = "nrgjbrwighbroweryhbgeprgbeirhgbirgr";
$active = $_GET['active'];
$activeno = "no";
if($email == $_SESSION['confirmer']&&$code == $codedef&&$active == $activeno)
{
if(isset($_POST['submit']))
{
$password = $_POST['Password'];
$passwordcon = $_POST['Password-con'];
$newstatus = "active";
if($passwordcon == $password)
{
$send = mysqli_query($db,"INSERT INTO users (Password,status) VALUES('$password','$newstatus') WHERE Email = '$email'") or die(mysql_error());
if($send) {
echo "<div alert alert-success>Your account has been activated, you may now".'<a link href = "">Login</a>'.".</div>";
}
else if($passwordcon != $password)
{
echo "Passwords do not match.";
}
}
}
else if($email != $_SESSION['email'])
{
header ("Location: $url");
}
else if($code != $codedef)
{
header ("Location: $url");
}
else if($active != $activeno)
{
} header ("Location: $url");
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<!-- Title and other stuffs -->
<title>Account Activation</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="keywords" content="">
<meta name="author" content="">
<!-- Stylesheets -->
<link href="../management/style/bootstrap.css" rel="stylesheet">
<link rel="stylesheet" href="../management/style/font-awesome.css">
<link href="../management/style/style.css" rel="stylesheet">
<!-- HTML5 Support for IE -->
<!--[if lt IE 9]>
<script src="js/html5shim.js"></script>
<![endif]-->
<!-- Favicon -->
<link rel="shortcut icon" href="">
</head>
<body>
<style>
#css {
width:250px;
height:28px;
float: right;
}
</style>
<!-- Form area -->
<div class="admin-form">
<div class="container">
<div class="row">
<div class="col-md-12">
<!-- Widget starts -->
<div class="widget wblue">
<!-- Widget head -->
<div class="widget-head">
<i class="icon-lock"></i> EliteGamingNetwork Account Registration
</div>
<div class="widget-content">
<div class="padd">
<!-- Login form -->
<form method="POST" class="form-horizontal">
<form method="POST">
<!-- Password -->
<div class="form-group">
<div class="col-lg-9">
<label>Password </label><input type="password" class="form-control" name="Password" id="css">
</div>
</div>
<!-- Password confirm -->
<div class="form-group">
<div class="col-lg-9">
<label>Confirm Password </label><input type="password" class="form-control" name="Password-con" id="css">
</div>
</div>
<!-- Remember me checkbox and sign in button -->
<div class="form-group">
<div class="col-lg-9 col-lg-offset-3">
<button type="submit" name="submit" class="btn btn-danger">Submit</button>
<button type="reset" class="btn btn-default">Reset</button>
</div>
</div>
</div>
</div>
<br />
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- JS -->
<script src="../management/js/jquery.js"></script>
<script src="../management/js/bootstrap.js"></script>
</body>
</html>
Drummin
February 27, 2014, 8:51pm
42
Hi fredrock,
First, do not save passwords as plain text. Add salt and encrypt.
There was also issues with your elseif nesting. Don’t run && together. You were trying to INSERT into users WHERE… Anytime you need to use WHERE, you’re talking about an existing record so you would use UPDATE instead of INSERT. Note the formatting for updating is a little different. Also note that you had WHERE Email = … and I believe you said you were using lower case, i.e. email. html issues had <style> in the body and because you use id=“css” twice, I changed it to class as id’s need to be unique. I believe you had an extra </div> as well.
I added a basic salt and encrypt to your script (be sure to add the field salt to your DB table).
<?php
session_start();
require '../core/config.php';
$url = "http://elitegamerforums.com/db/";
if(isset($_SESSION['confirmer']))
{
$email = $_GET['email'];
$username = $_GET['username'];
$code = $_GET['code'];
$codedef = "nrgjbrwighbroweryhbgeprgbeirhgbirgr";
$active = $_GET['active'];
$activeno = "no";
if($email == $_SESSION['confirmer'] && $code == $codedef && $active == $activeno){
if(isset($_POST['submit'])){
$password = trim($_POST['Password']);
$passwordcon = trim($_POST['Password-con']);
$newstatus = "active";
if($passwordcon == $password){
///Create Salt
function createSalt() {
$string = md5(uniqid(rand(), true));
return substr($string, 0, 13);
}
$salt = createsalt();
$hashedpassword = hash('sha256', $salt.$password);
$send = mysqli_query($db,"UPDATE users SET Password='$hashedpassword',salt='$salt',status='$newstatus' WHERE email = '$email'") or die(mysqli_error($db));
if($send){
$message = "<div alert alert-success>Your account has been activated, you may now".'<a link href = "">Login</a>'.".</div>";
}
}
}
}elseif($passwordcon != $password){
$message = "Passwords do not match.";
}elseif($email != $_SESSION['email']){
header ("Location: $url");
}elseif($code != $codedef){
header ("Location: $url");
}elseif($active != $activeno){
header ("Location: $url");
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<!-- Title and other stuffs -->
<title>Account Activation</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="keywords" content="">
<meta name="author" content="">
<!-- Stylesheets -->
<link href="../management/style/bootstrap.css" rel="stylesheet">
<link rel="stylesheet" href="../management/style/font-awesome.css">
<link href="../management/style/style.css" rel="stylesheet">
<!-- HTML5 Support for IE -->
<!--[if lt IE 9]>
<script src="js/html5shim.js"></script>
<![endif]-->
<!-- Favicon -->
<link rel="shortcut icon" href="">
<style type="text/css">
.css {
width:250px;
height:28px;
float: right;
}
</style>
</head>
<body>
<!-- Form area -->
<div class="admin-form">
<div class="container">
<?php
if(isset($message)){ echo $message;}
?>
<div class="row">
<div class="col-md-12">
<!-- Widget starts -->
<div class="widget wblue">
<!-- Widget head -->
<div class="widget-head">
<i class="icon-lock"></i> EliteGamingNetwork Account Registration
</div>
<div class="widget-content">
<div class="padd">
<!-- Login form -->
<form method="post" action="" class="form-horizontal">
<!-- Password -->
<div class="form-group">
<div class="col-lg-9">
<label>Password </label><input type="password" class="form-control css" name="Password">
</div>
</div>
<!-- Password confirm -->
<div class="form-group">
<div class="col-lg-9">
<label>Confirm Password </label><input type="password" class="form-control css" name="Password-con">
</div>
</div>
<!-- Remember me checkbox and sign in button -->
<div class="form-group">
<div class="col-lg-9 col-lg-offset-3">
<button type="submit" name="submit" class="btn btn-danger">Submit</button>
<button type="reset" class="btn btn-default">Reset</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- JS -->
<script src="../management/js/jquery.js"></script>
<script src="../management/js/bootstrap.js"></script>
</body>
</html>
Now when you verify user log in, you would NOT use WHERE Password = $password etc, you would instead query for Password and salt WHERE username = $username so can rebuild that hashed password using the posted password. So this part would go roughly
<?php
$username = $_POST['username'];
$password = $_POST['password'];
//Query table for salt and password plus any other needed values WHERE username = '$username'
$salt = $row['salt'];
$pass = $row['password'];
//make hashed password with $salt and $_POST['password']
$hashedpass = hash('sha256', $salt.$password);
//Then compare $hashedpass with $pass from database
if ($hashedpass==$pass){
//PASSED
}else{
//FAILED
}
?>
Drummin:
Hi fredrock,
First, do not save passwords as plain text. Add salt and encrypt.
There was also issues with your elseif nesting. Don’t run && together. You were trying to INSERT into users WHERE… Anytime you need to use WHERE, you’re talking about an existing record so you would use UPDATE instead of INSERT. Note the formatting for updating is a little different. Also note that you had WHERE Email = … and I believe you said you were using lower case, i.e. email. html issues had <style> in the body and because you use id=“css” twice, I changed it to class as id’s need to be unique. I believe you had an extra </div> as well.
I added a basic salt and encrypt to your script (be sure to add the field salt to your DB table).
<?php
session_start();
require '../core/config.php';
$url = "http://elitegamerforums.com/db/";
if(isset($_SESSION['confirmer']))
{
$email = $_GET['email'];
$username = $_GET['username'];
$code = $_GET['code'];
$codedef = "nrgjbrwighbroweryhbgeprgbeirhgbirgr";
$active = $_GET['active'];
$activeno = "no";
if($email == $_SESSION['confirmer'] && $code == $codedef && $active == $activeno){
if(isset($_POST['submit'])){
$password = trim($_POST['Password']);
$passwordcon = trim($_POST['Password-con']);
$newstatus = "active";
if($passwordcon == $password){
///Create Salt
function createSalt() {
$string = md5(uniqid(rand(), true));
return substr($string, 0, 13);
}
$salt = createsalt();
$hashedpassword = hash('sha256', $salt.$password);
$send = mysqli_query($db,"UPDATE users SET Password='$hashedpassword',salt='$salt',status='$newstatus' WHERE email = '$email'") or die(mysqli_error($db));
if($send){
$message = "<div alert alert-success>Your account has been activated, you may now".'<a link href = "">Login</a>'.".</div>";
}
}
}
}elseif($passwordcon != $password){
$message = "Passwords do not match.";
}elseif($email != $_SESSION['email']){
header ("Location: $url");
}elseif($code != $codedef){
header ("Location: $url");
}elseif($active != $activeno){
header ("Location: $url");
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<!-- Title and other stuffs -->
<title>Account Activation</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="keywords" content="">
<meta name="author" content="">
<!-- Stylesheets -->
<link href="../management/style/bootstrap.css" rel="stylesheet">
<link rel="stylesheet" href="../management/style/font-awesome.css">
<link href="../management/style/style.css" rel="stylesheet">
<!-- HTML5 Support for IE -->
<!--[if lt IE 9]>
<script src="js/html5shim.js"></script>
<![endif]-->
<!-- Favicon -->
<link rel="shortcut icon" href="">
<style type="text/css">
.css {
width:250px;
height:28px;
float: right;
}
</style>
</head>
<body>
<!-- Form area -->
<div class="admin-form">
<div class="container">
<?php
if(isset($message)){ echo $message;}
?>
<div class="row">
<div class="col-md-12">
<!-- Widget starts -->
<div class="widget wblue">
<!-- Widget head -->
<div class="widget-head">
<i class="icon-lock"></i> EliteGamingNetwork Account Registration
</div>
<div class="widget-content">
<div class="padd">
<!-- Login form -->
<form method="post" action="" class="form-horizontal">
<!-- Password -->
<div class="form-group">
<div class="col-lg-9">
<label>Password </label><input type="password" class="form-control css" name="Password">
</div>
</div>
<!-- Password confirm -->
<div class="form-group">
<div class="col-lg-9">
<label>Confirm Password </label><input type="password" class="form-control css" name="Password-con">
</div>
</div>
<!-- Remember me checkbox and sign in button -->
<div class="form-group">
<div class="col-lg-9 col-lg-offset-3">
<button type="submit" name="submit" class="btn btn-danger">Submit</button>
<button type="reset" class="btn btn-default">Reset</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- JS -->
<script src="../management/js/jquery.js"></script>
<script src="../management/js/bootstrap.js"></script>
</body>
</html>
Now when you verify user log in, you would NOT use WHERE Password = $password etc, you would instead query for Password and salt WHERE username = $username so can rebuild that hashed password using the posted password. So this part would go roughly
<?php
$username = $_POST['username'];
$password = $_POST['password'];
//Query table for salt and password plus any other needed values WHERE username = '$username'
$salt = $row['salt'];
$pass = $row['password'];
//make hashed password with $salt and $_POST['password']
$hashedpass = hash('sha256', $salt.$password);
//Then compare $hashedpass with $pass from database
if ($hashedpass==$pass){
//PASSED
}else{
//FAILED
}
?>
Thank you so much! I really appreciate your help, you’ve been a big help! I’m going to try this soon, if I have anything else i’ll post back here, thank you!
Drummin:
Hi fredrock,
First, do not save passwords as plain text. Add salt and encrypt.
There was also issues with your elseif nesting. Don’t run && together. You were trying to INSERT into users WHERE… Anytime you need to use WHERE, you’re talking about an existing record so you would use UPDATE instead of INSERT. Note the formatting for updating is a little different. Also note that you had WHERE Email = … and I believe you said you were using lower case, i.e. email. html issues had <style> in the body and because you use id=“css” twice, I changed it to class as id’s need to be unique. I believe you had an extra </div> as well.
I added a basic salt and encrypt to your script (be sure to add the field salt to your DB table).
<?php
session_start();
require '../core/config.php';
$url = "http://elitegamerforums.com/db/";
if(isset($_SESSION['confirmer']))
{
$email = $_GET['email'];
$username = $_GET['username'];
$code = $_GET['code'];
$codedef = "nrgjbrwighbroweryhbgeprgbeirhgbirgr";
$active = $_GET['active'];
$activeno = "no";
if($email == $_SESSION['confirmer'] && $code == $codedef && $active == $activeno){
if(isset($_POST['submit'])){
$password = trim($_POST['Password']);
$passwordcon = trim($_POST['Password-con']);
$newstatus = "active";
if($passwordcon == $password){
///Create Salt
function createSalt() {
$string = md5(uniqid(rand(), true));
return substr($string, 0, 13);
}
$salt = createsalt();
$hashedpassword = hash('sha256', $salt.$password);
$send = mysqli_query($db,"UPDATE users SET Password='$hashedpassword',salt='$salt',status='$newstatus' WHERE email = '$email'") or die(mysqli_error($db));
if($send){
$message = "<div alert alert-success>Your account has been activated, you may now".'<a link href = "">Login</a>'.".</div>";
}
}
}
}elseif($passwordcon != $password){
$message = "Passwords do not match.";
}elseif($email != $_SESSION['email']){
header ("Location: $url");
}elseif($code != $codedef){
header ("Location: $url");
}elseif($active != $activeno){
header ("Location: $url");
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<!-- Title and other stuffs -->
<title>Account Activation</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="keywords" content="">
<meta name="author" content="">
<!-- Stylesheets -->
<link href="../management/style/bootstrap.css" rel="stylesheet">
<link rel="stylesheet" href="../management/style/font-awesome.css">
<link href="../management/style/style.css" rel="stylesheet">
<!-- HTML5 Support for IE -->
<!--[if lt IE 9]>
<script src="js/html5shim.js"></script>
<![endif]-->
<!-- Favicon -->
<link rel="shortcut icon" href="">
<style type="text/css">
.css {
width:250px;
height:28px;
float: right;
}
</style>
</head>
<body>
<!-- Form area -->
<div class="admin-form">
<div class="container">
<?php
if(isset($message)){ echo $message;}
?>
<div class="row">
<div class="col-md-12">
<!-- Widget starts -->
<div class="widget wblue">
<!-- Widget head -->
<div class="widget-head">
<i class="icon-lock"></i> EliteGamingNetwork Account Registration
</div>
<div class="widget-content">
<div class="padd">
<!-- Login form -->
<form method="post" action="" class="form-horizontal">
<!-- Password -->
<div class="form-group">
<div class="col-lg-9">
<label>Password </label><input type="password" class="form-control css" name="Password">
</div>
</div>
<!-- Password confirm -->
<div class="form-group">
<div class="col-lg-9">
<label>Confirm Password </label><input type="password" class="form-control css" name="Password-con">
</div>
</div>
<!-- Remember me checkbox and sign in button -->
<div class="form-group">
<div class="col-lg-9 col-lg-offset-3">
<button type="submit" name="submit" class="btn btn-danger">Submit</button>
<button type="reset" class="btn btn-default">Reset</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- JS -->
<script src="../management/js/jquery.js"></script>
<script src="../management/js/bootstrap.js"></script>
</body>
</html>
Now when you verify user log in, you would NOT use WHERE Password = $password etc, you would instead query for Password and salt WHERE username = $username so can rebuild that hashed password using the posted password. So this part would go roughly
<?php
$username = $_POST['username'];
$password = $_POST['password'];
//Query table for salt and password plus any other needed values WHERE username = '$username'
$salt = $row['salt'];
$pass = $row['password'];
//make hashed password with $salt and $_POST['password']
$hashedpass = hash('sha256', $salt.$password);
//Then compare $hashedpass with $pass from database
if ($hashedpass==$pass){
//PASSED
}else{
//FAILED
}
?>
Hey, I need help on my information update page. The query is successful, but it doesn’t update the information. I also want to make them enter there current password before they can update the information. I want to put the update password on a different page as well if you could help me out with that too.
PHP:
<?php session_start();
require '../core/config.php';
if(isset($_SESSION['rank']) and $_SESSION['rank'] == "admin")
{
$_SESSION['username'];
} else {
header("location: ../index.php");
} ?>
<?php
if(isset($_SESSION['username']))
{
if(isset($_POST['submit']))
{
$firstname = $_POST['FName'];
$lastname = $_POST['LName'];
$username = $_POST['Username'];
$email = $_POST['Email'];
$password = $_POST['Password'];
$skype = $_POST['SkypeID'];
$defusername = $_SESSION['username'];
$update = mysqli_query($db,"UPDATE users SET Email = '$email', FName = '$firstname', LName = '$lastname', SkypeID = '$skype' WHERE Username = '$defuser'");
if($update)
{
echo "updated";
} else if(!$update) {
echo "Update Unsuccessful";
}
}
}
?>
<?php
$result = mysqli_query($db,"SELECT * FROM users WHERE Username = '$defusername'");
while($row = mysqli_fetch_assoc($result)) {
$email1 = $row['Email'];
$username1 = $row['Username'];
$skype1 = $row['SkypeID'];
$fname1 = $row['FName'];
$lname1 = $row['LName'];
}
?>
Form:
<div class="container">
<div class="row">
<div class="col-md-12">
<div class="widget wred">
<div class="widget-head">
<div class="pull-left">Update Information</div>
<div class="widget-icons pull-right">
<a href="#" class="wminimize"><i class="icon-chevron-up"></i></a>
<a href="#" class="wclose"><i class="icon-remove"></i></a>
</div>
<div class="clearfix"></div>
</div>
<div class="widget-content">
<div class="padd">
<!-- Profile form -->
<div class="form profile">
<!-- Edit profile form (not working)-->
<form method="POST" class="form-horizontal">
<!-- Username -->
<div class="form-group">
<label class="control-label col-lg-3" for="Username">Username</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="Username" id="Username" placeholder="<?php echo $username1;?>">
</div>
</div>
<!-- Name -->
<div class="form-group">
<label class="control-label col-lg-3" for="FName">First Name</label>
<div class="col-lg-6">
<input type="text" class="form-control" name= "FName" id="FName" placeholder="<?php echo $fname1;?>">
</div>
</div>
<!-- Name -->
<div class="form-group">
<label class="control-label col-lg-3" for="LName">Last Name</label>
<div class="col-lg-6">
<input type="text" class="form-control" name= "LName" id="LName" placeholder="<?php echo $lname1;?>">
</div>
</div>
<!-- Email -->
<div class="form-group">
<label class="control-label col-lg-3" for="Email">Email</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="Email" id="Email" placeholder="<?php echo $email1;?>">
</div>
</div>
<!-- Skype-->
<div class="form-group">
<label class="control-label col-lg-3" for="SkypeID">Skype ID</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="SkypeID" id="SkypeID" placeholder="<?php echo $skype1;?>">
</div>
</div>
<!-- Buttons -->
<div class="form-group">
<!-- Buttons -->
<div class="col-lg-6 col-lg-offset-1">
<button name="submit" type="submit" class="btn btn-success">Update</button>
<button type="reset" class="btn btn-default">Reset</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
Hey there.
I see $defusername = $_SESSION[‘username’];
…and in the query
Drummin:
Hey there.
I see $defusername = $_SESSION[‘username’];
…and in the query
Hi, thats weird in my code it’s fine, hmm I don’t know why it copied like that. Heres the php code I have. It still doesn’t work with the correct spelling so
<?php session_start();
require '../core/config.php';
if(isset($_SESSION['rank']) and $_SESSION['rank'] == "admin")
{
$_SESSION['username'];
} else {
header("location: ../index.php");
} ?>
<?php
$result = $db->query("SELECT * FROM users WHERE Username = '".$defusername."'");
if(isset($_SESSION['username']))
{
if(isset($_POST['submit']))
{
$firstname = $_POST['FName'];
$lastname = $_POST['LName'];
$username = $_POST['Username'];
$email = $_POST['Email'];
$password = $_POST['Password'];
$skype = $_POST['SkypeID'];
$defusername = $_SESSION['username'];
$update = $db->query("UPDATE users SET Email= '$email' , Username= '$username' , FName= '$firstname' , LName= '$lastname', SkypeID= '$skype' WHERE Username = ".$defusername."");
if($update)
{
echo "updated";
} else if(!$update) {
echo "**** didn't update";
}
}
}
?>
<?php
$result = $db->query("SELECT * FROM users WHERE Username = '$defusername'");
while($row = $result->fetch_array()) {
$email1 = $row['Email'];
$username1 = $row['Username'];
$skype1 = $row['SkypeID'];
$fname1 = $row['FName'];
$lname1 = $row['LName'];
}
?>
Assuming a table fields are NOW a mix of upper and lower case (Changed from “working code” above, where at least email was lowercase.) Removed extra </div> not used in this scope.
<?php
session_start();
require '../core/config.php';
// These session username and rank values are required, SO check for ALL here.
if(isset($_SESSION['rank']) && $_SESSION['rank'] == "admin" && isset($_SESSION['username'])){
$defusername = $_SESSION['username'];
}else{
header("location: ../index.php");
exit;
}
// Update profile
if(isset($_POST['submit']))
{
//Not used in this version
//$password = $_POST['Password'];
$firstname = mysqli_real_escape_string($db, $_POST['FName']);
$lastname = mysqli_real_escape_string($db, $_POST['LName']);
$username = mysqli_real_escape_string($db, $_POST['Username']);
$email = mysqli_real_escape_string($db, $_POST['Email']);
$skype = mysqli_real_escape_string($db, $_POST['SkypeID']);
$update = $db->query("UPDATE users SET Email= '$email' , Username= '$username' , FName= '$firstname' , LName= '$lastname', SkypeID= '$skype' WHERE Username = '$defusername'") or die(mysqli_error($db));
if($update)
{
$message = "updated";
} else if(!$update) {
$message = "**** didn't update";
}
}
//Query for latest data
$result = $db->query("SELECT * FROM users WHERE Username = '$defusername'");
while($row = $result->fetch_array()) {
$email1 = $row['Email'];
$username1 = $row['Username'];
$skype1 = $row['SkypeID'];
$fname1 = $row['FName'];
$lname1 = $row['LName'];
}
?>
<html>
<body>
<div class="container">
<?php
if(isset($message)){ echo $message;}
?>
<div class="row">
<div class="col-md-12">
<div class="widget wred">
<div class="widget-head">
<div class="pull-left">Update Information</div>
<div class="widget-icons pull-right">
<a href="#" class="wminimize"><i class="icon-chevron-up"></i></a>
<a href="#" class="wclose"><i class="icon-remove"></i></a>
</div>
<div class="clearfix"></div>
</div>
<div class="widget-content">
<div class="padd">
<!-- Profile form -->
<div class="form profile">
<!-- Edit profile form (not working)-->
<form method="POST" class="form-horizontal">
<!-- Username -->
<div class="form-group">
<label class="control-label col-lg-3" for="Username">Username</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="Username" id="Username" placeholder="<?php echo $username1;?>">
</div>
</div>
<!-- Name -->
<div class="form-group">
<label class="control-label col-lg-3" for="FName">First Name</label>
<div class="col-lg-6">
<input type="text" class="form-control" name= "FName" id="FName" placeholder="<?php echo $fname1;?>">
</div>
</div>
<!-- Name -->
<div class="form-group">
<label class="control-label col-lg-3" for="LName">Last Name</label>
<div class="col-lg-6">
<input type="text" class="form-control" name= "LName" id="LName" placeholder="<?php echo $lname1;?>">
</div>
</div>
<!-- Email -->
<div class="form-group">
<label class="control-label col-lg-3" for="Email">Email</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="Email" id="Email" placeholder="<?php echo $email1;?>">
</div>
</div>
<!-- Skype-->
<div class="form-group">
<label class="control-label col-lg-3" for="SkypeID">Skype ID</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="SkypeID" id="SkypeID" placeholder="<?php echo $skype1;?>">
</div>
</div>
<!-- Buttons -->
<div class="form-group">
<!-- Buttons -->
<div class="col-lg-6 col-lg-offset-1">
<button name="submit" type="submit" class="btn btn-success">Update</button>
<button type="reset" class="btn btn-default">Reset</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
Drummin:
Assuming a table fields are NOW a mix of upper and lower case (Changed from “working code” above, where at least email was lowercase.) Removed extra </div> not used in this scope.
<?php
session_start();
require '../core/config.php';
// These session username and rank values are required, SO check for ALL here.
if(isset($_SESSION['rank']) && $_SESSION['rank'] == "admin" && isset($_SESSION['username'])){
$defusername = $_SESSION['username'];
}else{
header("location: ../index.php");
exit;
}
// Update profile
if(isset($_POST['submit']))
{
//Not used in this version
//$password = $_POST['Password'];
$firstname = mysqli_real_escape_string($db, $_POST['FName']);
$lastname = mysqli_real_escape_string($db, $_POST['LName']);
$username = mysqli_real_escape_string($db, $_POST['Username']);
$email = mysqli_real_escape_string($db, $_POST['Email']);
$skype = mysqli_real_escape_string($db, $_POST['SkypeID']);
$update = $db->query("UPDATE users SET Email= '$email' , Username= '$username' , FName= '$firstname' , LName= '$lastname', SkypeID= '$skype' WHERE Username = '$defusername'") or die(mysqli_error($db));
if($update)
{
$message = "updated";
} else if(!$update) {
$message = "**** didn't update";
}
}
//Query for latest data
$result = $db->query("SELECT * FROM users WHERE Username = '$defusername'");
while($row = $result->fetch_array()) {
$email1 = $row['Email'];
$username1 = $row['Username'];
$skype1 = $row['SkypeID'];
$fname1 = $row['FName'];
$lname1 = $row['LName'];
}
?>
<html>
<body>
<div class="container">
<?php
if(isset($message)){ echo $message;}
?>
<div class="row">
<div class="col-md-12">
<div class="widget wred">
<div class="widget-head">
<div class="pull-left">Update Information</div>
<div class="widget-icons pull-right">
<a href="#" class="wminimize"><i class="icon-chevron-up"></i></a>
<a href="#" class="wclose"><i class="icon-remove"></i></a>
</div>
<div class="clearfix"></div>
</div>
<div class="widget-content">
<div class="padd">
<!-- Profile form -->
<div class="form profile">
<!-- Edit profile form (not working)-->
<form method="POST" class="form-horizontal">
<!-- Username -->
<div class="form-group">
<label class="control-label col-lg-3" for="Username">Username</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="Username" id="Username" placeholder="<?php echo $username1;?>">
</div>
</div>
<!-- Name -->
<div class="form-group">
<label class="control-label col-lg-3" for="FName">First Name</label>
<div class="col-lg-6">
<input type="text" class="form-control" name= "FName" id="FName" placeholder="<?php echo $fname1;?>">
</div>
</div>
<!-- Name -->
<div class="form-group">
<label class="control-label col-lg-3" for="LName">Last Name</label>
<div class="col-lg-6">
<input type="text" class="form-control" name= "LName" id="LName" placeholder="<?php echo $lname1;?>">
</div>
</div>
<!-- Email -->
<div class="form-group">
<label class="control-label col-lg-3" for="Email">Email</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="Email" id="Email" placeholder="<?php echo $email1;?>">
</div>
</div>
<!-- Skype-->
<div class="form-group">
<label class="control-label col-lg-3" for="SkypeID">Skype ID</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="SkypeID" id="SkypeID" placeholder="<?php echo $skype1;?>">
</div>
</div>
<!-- Buttons -->
<div class="form-group">
<!-- Buttons -->
<div class="col-lg-6 col-lg-offset-1">
<button name="submit" type="submit" class="btn btn-success">Update</button>
<button type="reset" class="btn btn-default">Reset</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
Thats working sort of. Its updating. Its just when you don’t enter anything in the fields, its blank so it erases the fields in the database that was there. It also doesn’t echo the fields well. Like only after you update them some times. Thats a very weird problem I can’t explain.
UPDATE
After you update the information then the data doesn’t show in the boxes unless you log out and log back in. You also need to log out and log back in to see any changes.
Well that’s correct that there is no validation for empty POST fields so empty values are entered. As far as, not showing until you log back in sounds like a session issue.
Hmm, how would I do the validation for the empty posts?
Just check if empty and wrap your update query within this condition.
<?php
session_start();
require '../core/config.php';
// These session username and rank values are required, SO check for ALL here.
if(isset($_SESSION['rank']) && $_SESSION['rank'] == "admin" && isset($_SESSION['username'])){
$defusername = $_SESSION['username'];
}else{
header("location: ../index.php");
exit;
}
// Update profile
if(isset($_POST['submit']))
{
if(empty($_POST['FName']) || empty($_POST['LName']) || empty($_POST['Username']) || empty($_POST['Email']) || empty($_POST['SkypeID']))
{
$message = "All fields required";
}else{
//Not used in this version
//$password = $_POST['Password'];
$firstname = mysqli_real_escape_string($db, $_POST['FName']);
$lastname = mysqli_real_escape_string($db, $_POST['LName']);
$username = mysqli_real_escape_string($db, $_POST['Username']);
$email = mysqli_real_escape_string($db, $_POST['Email']);
$skype = mysqli_real_escape_string($db, $_POST['SkypeID']);
$update = $db->query("UPDATE users SET Email= '$email' , Username= '$username' , FName= '$firstname' , LName= '$lastname', SkypeID= '$skype' WHERE Username = '$defusername'") or die(mysqli_error($db));
if($update)
{
$message = "updated";
} else if(!$update) {
$message = "**** didn't update";
}
}
}
//Query for latest data
$result = $db->query("SELECT * FROM users WHERE Username = '$defusername'");
while($row = $result->fetch_array()) {
$email1 = $row['Email'];
$username1 = $row['Username'];
$skype1 = $row['SkypeID'];
$fname1 = $row['FName'];
$lname1 = $row['LName'];
}
?>
<html>
<body>
<div class="container">
<?php
if(isset($message)){ echo $message;}
?>
<div class="row">
<div class="col-md-12">
<div class="widget wred">
<div class="widget-head">
<div class="pull-left">Update Information</div>
<div class="widget-icons pull-right">
<a href="#" class="wminimize"><i class="icon-chevron-up"></i></a>
<a href="#" class="wclose"><i class="icon-remove"></i></a>
</div>
<div class="clearfix"></div>
</div>
<div class="widget-content">
<div class="padd">
<!-- Profile form -->
<div class="form profile">
<!-- Edit profile form (not working)-->
<form method="POST" class="form-horizontal">
<!-- Username -->
<div class="form-group">
<label class="control-label col-lg-3" for="Username">Username</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="Username" id="Username" placeholder="<?php echo $username1;?>">
</div>
</div>
<!-- Name -->
<div class="form-group">
<label class="control-label col-lg-3" for="FName">First Name</label>
<div class="col-lg-6">
<input type="text" class="form-control" name= "FName" id="FName" placeholder="<?php echo $fname1;?>">
</div>
</div>
<!-- Name -->
<div class="form-group">
<label class="control-label col-lg-3" for="LName">Last Name</label>
<div class="col-lg-6">
<input type="text" class="form-control" name= "LName" id="LName" placeholder="<?php echo $lname1;?>">
</div>
</div>
<!-- Email -->
<div class="form-group">
<label class="control-label col-lg-3" for="Email">Email</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="Email" id="Email" placeholder="<?php echo $email1;?>">
</div>
</div>
<!-- Skype-->
<div class="form-group">
<label class="control-label col-lg-3" for="SkypeID">Skype ID</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="SkypeID" id="SkypeID" placeholder="<?php echo $skype1;?>">
</div>
</div>
<!-- Buttons -->
<div class="form-group">
<!-- Buttons -->
<div class="col-lg-6 col-lg-offset-1">
<button name="submit" type="submit" class="btn btn-success">Update</button>
<button type="reset" class="btn btn-default">Reset</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
Drummin:
Just check if empty and wrap your update query within this condition.
<?php
session_start();
require '../core/config.php';
// These session username and rank values are required, SO check for ALL here.
if(isset($_SESSION['rank']) && $_SESSION['rank'] == "admin" && isset($_SESSION['username'])){
$defusername = $_SESSION['username'];
}else{
header("location: ../index.php");
exit;
}
// Update profile
if(isset($_POST['submit']))
{
if(empty($_POST['FName']) || empty($_POST['LName']) || empty($_POST['Username']) || empty($_POST['Email']) || empty($_POST['SkypeID']))
{
$message = "All fields required";
}else{
//Not used in this version
//$password = $_POST['Password'];
$firstname = mysqli_real_escape_string($db, $_POST['FName']);
$lastname = mysqli_real_escape_string($db, $_POST['LName']);
$username = mysqli_real_escape_string($db, $_POST['Username']);
$email = mysqli_real_escape_string($db, $_POST['Email']);
$skype = mysqli_real_escape_string($db, $_POST['SkypeID']);
$update = $db->query("UPDATE users SET Email= '$email' , Username= '$username' , FName= '$firstname' , LName= '$lastname', SkypeID= '$skype' WHERE Username = '$defusername'") or die(mysqli_error($db));
if($update)
{
$message = "updated";
} else if(!$update) {
$message = "**** didn't update";
}
}
}
//Query for latest data
$result = $db->query("SELECT * FROM users WHERE Username = '$defusername'");
while($row = $result->fetch_array()) {
$email1 = $row['Email'];
$username1 = $row['Username'];
$skype1 = $row['SkypeID'];
$fname1 = $row['FName'];
$lname1 = $row['LName'];
}
?>
<html>
<body>
<div class="container">
<?php
if(isset($message)){ echo $message;}
?>
<div class="row">
<div class="col-md-12">
<div class="widget wred">
<div class="widget-head">
<div class="pull-left">Update Information</div>
<div class="widget-icons pull-right">
<a href="#" class="wminimize"><i class="icon-chevron-up"></i></a>
<a href="#" class="wclose"><i class="icon-remove"></i></a>
</div>
<div class="clearfix"></div>
</div>
<div class="widget-content">
<div class="padd">
<!-- Profile form -->
<div class="form profile">
<!-- Edit profile form (not working)-->
<form method="POST" class="form-horizontal">
<!-- Username -->
<div class="form-group">
<label class="control-label col-lg-3" for="Username">Username</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="Username" id="Username" placeholder="<?php echo $username1;?>">
</div>
</div>
<!-- Name -->
<div class="form-group">
<label class="control-label col-lg-3" for="FName">First Name</label>
<div class="col-lg-6">
<input type="text" class="form-control" name= "FName" id="FName" placeholder="<?php echo $fname1;?>">
</div>
</div>
<!-- Name -->
<div class="form-group">
<label class="control-label col-lg-3" for="LName">Last Name</label>
<div class="col-lg-6">
<input type="text" class="form-control" name= "LName" id="LName" placeholder="<?php echo $lname1;?>">
</div>
</div>
<!-- Email -->
<div class="form-group">
<label class="control-label col-lg-3" for="Email">Email</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="Email" id="Email" placeholder="<?php echo $email1;?>">
</div>
</div>
<!-- Skype-->
<div class="form-group">
<label class="control-label col-lg-3" for="SkypeID">Skype ID</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="SkypeID" id="SkypeID" placeholder="<?php echo $skype1;?>">
</div>
</div>
<!-- Buttons -->
<div class="form-group">
<!-- Buttons -->
<div class="col-lg-6 col-lg-offset-1">
<button name="submit" type="submit" class="btn btn-success">Update</button>
<button type="reset" class="btn btn-default">Reset</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
Hmm I don’t want to make all fields required, I just want the values to be the same. So like if the fields are empty then just don’t update them, how would I do that?
Then I would get rid of placeholder and use value instead. Then remove that empty condition check.
<?php
session_start();
require '../core/config.php';
// These session username and rank values are required, SO check for ALL here.
if(isset($_SESSION['rank']) && $_SESSION['rank'] == "admin" && isset($_SESSION['username'])){
$defusername = $_SESSION['username'];
}else{
header("location: ../index.php");
exit;
}
// Update profile
if(isset($_POST['submit']))
{
//Not used in this version
//$password = $_POST['Password'];
$firstname = mysqli_real_escape_string($db, $_POST['FName']);
$lastname = mysqli_real_escape_string($db, $_POST['LName']);
$username = mysqli_real_escape_string($db, $_POST['Username']);
$email = mysqli_real_escape_string($db, $_POST['Email']);
$skype = mysqli_real_escape_string($db, $_POST['SkypeID']);
$update = $db->query("UPDATE users SET Email= '$email' , Username= '$username' , FName= '$firstname' , LName= '$lastname', SkypeID= '$skype' WHERE Username = '$defusername'") or die(mysqli_error($db));
if($update)
{
$message = "updated";
} else if(!$update) {
$message = "**** didn't update";
}
}
//Query for latest data
$result = $db->query("SELECT * FROM users WHERE Username = '$defusername'");
while($row = $result->fetch_array()) {
$email1 = $row['Email'];
$username1 = $row['Username'];
$skype1 = $row['SkypeID'];
$fname1 = $row['FName'];
$lname1 = $row['LName'];
}
?>
<html>
<body>
<div class="container">
<?php
if(isset($message)){ echo $message;}
?>
<div class="row">
<div class="col-md-12">
<div class="widget wred">
<div class="widget-head">
<div class="pull-left">Update Information</div>
<div class="widget-icons pull-right">
<a href="#" class="wminimize"><i class="icon-chevron-up"></i></a>
<a href="#" class="wclose"><i class="icon-remove"></i></a>
</div>
<div class="clearfix"></div>
</div>
<div class="widget-content">
<div class="padd">
<!-- Profile form -->
<div class="form profile">
<!-- Edit profile form (not working)-->
<form method="POST" class="form-horizontal">
<!-- Username -->
<div class="form-group">
<label class="control-label col-lg-3" for="Username">Username</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="Username" id="Username" value="<?php echo $username1;?>">
</div>
</div>
<!-- Name -->
<div class="form-group">
<label class="control-label col-lg-3" for="FName">First Name</label>
<div class="col-lg-6">
<input type="text" class="form-control" name= "FName" id="FName" value="<?php echo $fname1;?>">
</div>
</div>
<!-- Name -->
<div class="form-group">
<label class="control-label col-lg-3" for="LName">Last Name</label>
<div class="col-lg-6">
<input type="text" class="form-control" name= "LName" id="LName" value="<?php echo $lname1;?>">
</div>
</div>
<!-- Email -->
<div class="form-group">
<label class="control-label col-lg-3" for="Email">Email</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="Email" id="Email" value="<?php echo $email1;?>">
</div>
</div>
<!-- Skype-->
<div class="form-group">
<label class="control-label col-lg-3" for="SkypeID">Skype ID</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="SkypeID" id="SkypeID" value="<?php echo $skype1;?>">
</div>
</div>
<!-- Buttons -->
<div class="form-group">
<!-- Buttons -->
<div class="col-lg-6 col-lg-offset-1">
<button name="submit" type="submit" class="btn btn-success">Update</button>
<button type="reset" class="btn btn-default">Reset</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
Drummin:
Then I would get rid of placeholder and use value instead. Then remove that empty condition check.
<?php
session_start();
require '../core/config.php';
// These session username and rank values are required, SO check for ALL here.
if(isset($_SESSION['rank']) && $_SESSION['rank'] == "admin" && isset($_SESSION['username'])){
$defusername = $_SESSION['username'];
}else{
header("location: ../index.php");
exit;
}
// Update profile
if(isset($_POST['submit']))
{
//Not used in this version
//$password = $_POST['Password'];
$firstname = mysqli_real_escape_string($db, $_POST['FName']);
$lastname = mysqli_real_escape_string($db, $_POST['LName']);
$username = mysqli_real_escape_string($db, $_POST['Username']);
$email = mysqli_real_escape_string($db, $_POST['Email']);
$skype = mysqli_real_escape_string($db, $_POST['SkypeID']);
$update = $db->query("UPDATE users SET Email= '$email' , Username= '$username' , FName= '$firstname' , LName= '$lastname', SkypeID= '$skype' WHERE Username = '$defusername'") or die(mysqli_error($db));
if($update)
{
$message = "updated";
} else if(!$update) {
$message = "**** didn't update";
}
}
//Query for latest data
$result = $db->query("SELECT * FROM users WHERE Username = '$defusername'");
while($row = $result->fetch_array()) {
$email1 = $row['Email'];
$username1 = $row['Username'];
$skype1 = $row['SkypeID'];
$fname1 = $row['FName'];
$lname1 = $row['LName'];
}
?>
<html>
<body>
<div class="container">
<?php
if(isset($message)){ echo $message;}
?>
<div class="row">
<div class="col-md-12">
<div class="widget wred">
<div class="widget-head">
<div class="pull-left">Update Information</div>
<div class="widget-icons pull-right">
<a href="#" class="wminimize"><i class="icon-chevron-up"></i></a>
<a href="#" class="wclose"><i class="icon-remove"></i></a>
</div>
<div class="clearfix"></div>
</div>
<div class="widget-content">
<div class="padd">
<!-- Profile form -->
<div class="form profile">
<!-- Edit profile form (not working)-->
<form method="POST" class="form-horizontal">
<!-- Username -->
<div class="form-group">
<label class="control-label col-lg-3" for="Username">Username</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="Username" id="Username" value="<?php echo $username1;?>">
</div>
</div>
<!-- Name -->
<div class="form-group">
<label class="control-label col-lg-3" for="FName">First Name</label>
<div class="col-lg-6">
<input type="text" class="form-control" name= "FName" id="FName" value="<?php echo $fname1;?>">
</div>
</div>
<!-- Name -->
<div class="form-group">
<label class="control-label col-lg-3" for="LName">Last Name</label>
<div class="col-lg-6">
<input type="text" class="form-control" name= "LName" id="LName" value="<?php echo $lname1;?>">
</div>
</div>
<!-- Email -->
<div class="form-group">
<label class="control-label col-lg-3" for="Email">Email</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="Email" id="Email" value="<?php echo $email1;?>">
</div>
</div>
<!-- Skype-->
<div class="form-group">
<label class="control-label col-lg-3" for="SkypeID">Skype ID</label>
<div class="col-lg-6">
<input type="text" class="form-control" name="SkypeID" id="SkypeID" value="<?php echo $skype1;?>">
</div>
</div>
<!-- Buttons -->
<div class="form-group">
<!-- Buttons -->
<div class="col-lg-6 col-lg-offset-1">
<button name="submit" type="submit" class="btn btn-success">Update</button>
<button type="reset" class="btn btn-default">Reset</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
I’ve tried that, it didn’t work
UPDATE
fredrock:
I’ve tried that, it didn’t work
UPDATE
I see why it didn’t work, because I had the disabled input on the username field, but I don’t want them to change the username so I don’t see how I would fix that.
UPDATE
Basically the same. Just remember to create a new salt and hash password like I showed you here for the create account/login and update both DB fields.http://www.sitepoint.com/forums/showthread.php?1198195-Form-submission-help-and-other-question&p=5639353&viewfull=1#post5639353
Ok, so what I did was put the password on the same page and just have them either enter a new password or there old one, but they must enter one. The problem is its letting them submit it even if they don’t have a password. I tried to put the if empty statement many different places and it wasn’t working right. The rows would come up empty instead of displaying them, then when I hit the submit button they come up, but still says successful, so then I moved it to this spot and now when the password field is filled, it says unsuccessful, but when its not its successful. Very confused
<?php
session_start();
require '../core/config.php';
// These session username and rank values are required, SO check for ALL here.
if(isset($_SESSION['rank']) && $_SESSION['rank'] == "partner" && isset($_SESSION['username'])){
$defusername = $_SESSION['username'];
}else{
header("location: ../index.php");
exit;
}
// Update profile
if(isset($_POST['submit']))
{
//Not used in this version
//$password = $_POST['Password'];
$password = mysqli_real_escape_string($db, md5($_POST['Password']));
$firstname = mysqli_real_escape_string($db, $_POST['FName']);
$lastname = mysqli_real_escape_string($db, $_POST['LName']);
$username = mysqli_real_escape_string($db, $_POST['Username']);
$email = mysqli_real_escape_string($db, $_POST['Email']);
$skype = mysqli_real_escape_string($db, $_POST['SkypeID']);
if (!empty($password)) {
$update = $db->query("UPDATE users SET Email= '$email' , FName= '$firstname' , Password= '$password', LName= '$lastname', SkypeID= '$skype' WHERE Username = '$defusername'") or die(mysqli_error($db));
if($update)
{
$message = "<div class='alert alert-success'><div align='center'>Updated Successfully</div></div>";
} else if(!$update) {
$message = "<div class='alert alert-danger'><div align='center'>Update not successful</div></div>";
}
}
}
//Query for latest data
$result = $db->query("SELECT * FROM users WHERE Username = '$defusername'");
while($row = $result->fetch_array()) {
$email1 = $row['Email'];
$username1 = $row['Username'];
$skype1 = $row['SkypeID'];
$fname1 = $row['FName'];
$lname1 = $row['LName'];
if(!empty($_POST['Password'])) {
$message = "<div class='alert alert-danger'><div align='center'>Update not successful</div></div>";
}
}
?>
And what do you see when you check this?
<?php
$_POST['Password']="";
echo md5($_POST['Password']);
?>
As you can see, just because $_POST[‘Password’] is empty, the variable $password you set is NOT empty so you can’t use that to make your check. Use if (!empty($_POST[‘Password’])) {
Really that can be added to the if(isset($_POST[‘submit’])) line.
if(isset($_POST['submit']) && !empty($_POST['Password']))
{
Get rid of that extra if (!empty($password)) { and its closing bracket }.
Note md5() is not very secure. You should be salting and using a better hash like I mentioned in the other post.
Drummin:
And what do you see when you check this?
<?php
$_POST['Password']="";
echo md5($_POST['Password']);
?>
As you can see, just because $_POST[‘Password’] is empty, the variable $password you set is NOT empty so you can’t use that to make your check. Use if (!empty($_POST[‘Password’])) {
Really that can be added to the if(isset($_POST[‘submit’])) line.
if(isset($_POST['submit']) && !empty($_POST['Password']))
{
Get rid of that extra if (!empty($password)) { and its closing bracket }.
Note md5() is not very secure. You should be salting and using a better hash like I mentioned in the other post.
Ah thank you that helped. Now, it doesn’t let them submit it, but I want to display an error message and the message doesn’t display.
if(isset($_POST['submit']) && !empty($_POST['Password']))
{
$message = "<div class='alert alert-danger'><div align='center'>Please enter a password</div></div>";
Do your checks within the isset POST line, wrapping the last else around the query like so. Note uncomment any conditions needed. Also use tab not space key for indenting so things line up.
<?php
if(isset($_POST['submit'])){
//Check for any required fields and make last one }else{ wrapping query
if(empty($_POST['Password'])){
$message = "<div class='alert alert-danger'><div align='center'>Please enter a password</div></div>";
}elseif(empty($_POST['Username']) ){
$message = "<div class='alert alert-danger'><div align='center'>Please enter a Username</div></div>";
//}elseif(empty($_POST['FName'])){
//$message = "<div class='alert alert-danger'><div align='center'>Please enter your First Name</div></div>";
//}elseif(empty($_POST['LName'])){
//$message = "<div class='alert alert-danger'><div align='center'>Please enter your Last Name</div></div>";
//}elseif(empty($_POST['Email'])){
//$message = "<div class='alert alert-danger'><div align='center'>Please enter your Email</div></div>";
//}elseif(empty($_POST['SkypeID'])){
//$message = "<div class='alert alert-danger'><div align='center'>Please enter your SkypeID</div></div>";
}else{
$password = mysqli_real_escape_string($db, md5($_POST['Password']));
$firstname = mysqli_real_escape_string($db, $_POST['FName']);
$lastname = mysqli_real_escape_string($db, $_POST['LName']);
$username = mysqli_real_escape_string($db, $_POST['Username']);
$email = mysqli_real_escape_string($db, $_POST['Email']);
$skype = mysqli_real_escape_string($db, $_POST['SkypeID']);
$update = $db->query("UPDATE users SET Email= '$email' , FName= '$firstname' , Password= '$password', LName= '$lastname', SkypeID= '$skype' WHERE Username = '$defusername'") or die(mysqli_error($db));
if($update){
$message = "<div class='alert alert-success'><div align='center'>Updated Successfully</div></div>";
}elseif(!$update){
$message = "<div class='alert alert-danger'><div align='center'>Update not successful</div></div>";
}
}
}
?>