User Profile with your login system.

[hys]

Hi there,

I'm on part 3, when i access the edit_profile.php is not showing the given info.

And i have looked around the forum and i can't find the answer.

Try login http://dev.onslowdemolering.dk/login.php

Username: bob
Password: test

PS; when u login when i press the profile button i make well not put me to my profile hehe.

Regards
Hys

[Temor]

post your code.

[hys]

init.inc.php

<?php

session_start();

$exceptions = array('register', 'login', 'activate');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

mysql_connect('', '', '');
mysql_select_db('');

$path = dirname(__FILE__);

include("{$path}/inc/user.inc.php");

if (isset($_COOKIE['username'], $_COOKIE['password']) && isset($_SESSION['username']) === false) {
	if (valid_credentials($_COOKIE['username'], $_COOKIE['password'])) {
		$_SESSION['username'] = htmlentities($_COOKIE['username']);
		
		setcookie('username', $_COOKIE['username'], time() + 604800);
		setcookie('password', $_COOKIE['password'], time() + 604800);
	}
}

if (in_array($page, $exceptions) === false) {
	if (isset($_SESSION['username']) === false) {
		header('Location: login.php');
		die();
	}
}

?>

user.inc.php

<?php

// fetches all of the users from the table.
function fetch_users() {
	$result = mysql_query('SELECT `user_id` AS `id`, `user_name` AS `username` FROM `users`');
	
	$users = array();
	
	while (($row = mysql_fetch_assoc($result)) !== false) {
		$users[] = $row;
	}	
	
	return $users;
}

// fetches profile infomation for the given user.
function fetch_user_info($uid) {
	$uid = (int)$uid;
	
	$sql = "SELECT
				`user_name` AS `username`,
				`user_firstname` AS `firstname`,
				`user_lastname` AS `lastname`,
				`user_email` AS `email`,
				`user_about` AS `about`,
				`user_location` AS `location`,
				`user_gender` AS `gender`
			FROM `users`
			WHERE `user_id` = {$uid}";
			
	$result = mysql_query($sql);
	
	return mysql_fetch_assoc($result);
}

// check if the given username exists in the database.
function user_exists($user) {
	$user 	= mysql_real_escape_string($user);
	
	$total 	= mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
}

// check if the given username and password combination is valid.
function valid_credentials($user, $pass) {
	$user 	= mysql_real_escape_string($user);
	$pass 	= mysql_real_escape_string($pass);
	
	$total 	= mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");

	return (mysql_result($total, 0) == '1') ? true : false;
}

// checks is the given user account is active.
function is_active($user) {
	$user = mysql_real_escape_string($user);
	
	$sql = "SELECT
				COUNT(`user_activations`.`user_id`)
			FROM `users`
			INNER JOIN `user_activations`
			ON `users`.`user_id` = `user_activations`.`user_id`
			WHERE `users`.`user_name` = '{$user}'";
			
	$result = mysql_query($sql);
	
	return (mysql_result($result, 0) == '0') ? true : false;
}


// activates the account related to the given activation code.
function activate_account($aid) {
	$aid = mysql_real_escape_string($aid);
	
	mysql_query("DELETE FROM `user_activations` WHERE `activation_code` = '{$aid}'");
}

// adds a user to the database
function add_user($user, $email, $pass) {
	$user 	= mysql_real_escape_string(htmlentities($user));
	$email 	= mysql_real_escape_string($email);
	$pass 	= sha1($pass);
	
	$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range('0', '9')));
	$aid = implode('', array_rand($charset, 10));
	
	$body = <<<EMAIL

	Hi,
	
	Thanks for registering, before you login you need to activate your account.
	
	To do that simply click the following link.
	
	http://dev.onslowdemolering.dk/activate.php?aid={$aid}

EMAIL;

	mail($email, 'Your new account at onslowdemolering.dk', $body, 'From: ekim@onslowdemolering.dk');
	
	mysql_query("INSERT INTO `users` (`user_name`, `user_password`, `user_email`) VALUES ('{$user}', '{$pass}', '{$email}')");
	
	$user_id = mysql_insert_id();
	
	mysql_query("INSERT INTO `user_activations` (`user_id`, `activation_code`) VALUES ({$user_id}, '{$aid}')");
}

?>

protected.php

<?php 

include('core/init.inc.php');

$user_info = fetch_user_info($_SESSION['uid']);

?>
<!DOCTYPE html>

<html lang="da">
<head>
        <meta charset="utf-8">
        <title></title>
	<link rel="stylesheet" type="text/css" href="ext/css/style.css" />

</head>
	<body>
		<p>
			You are logged in as <b><?php echo $_SESSION['username']; ?></b>
		</p>
		<li>
			<a href="user_list.php">Userlist</a>
		</li>	
		<li>
			<a href="profile.php?uid=<?php echo $_SESSION['uid']; ?>">Profile</a>
		</li>	
		<li>
			<a href="edit_profile.php">Edit Profile</a>
		</li>	
		<li>
			<a href="logout.php">Logout</a>
		</li>
	</body>
</html>

profile.php

<?php 

include('core/init.inc.php');

$user_info = fetch_user_info($_GET['uid']);

?>
<!DOCTYPE html>

<html lang="da">
<head>
        <meta charset="utf-8">
        <title><?php echo $user_info['username']; ?>'s Profile</title>
	<link rel="stylesheet" type="text/css" href="ext/css/style.css" />

</head>
	<body>
		<div>
	<?php
		
	if ($user_info === false) {
		echo 'That user does not exist.';
	} else {
		
		?>
		<h1><?php echo $user_info['firstname']; ?> <?php echo $user_info['lastname']; ?></h1>
		<p>Username: <?php echo $user_info['username']; ?></p>
		<p>Gender: <?php echo ($user_info['gender'] == 1) ? 'Male' : 'Female'; ?></p>
		<p>Email: <?php echo $user_info['email']; ?></p>
		<p>Location: <?php echo $user_info['location']; ?></p>
		<p><?php echo $user_info['about']; ?></p>
		<?php
	
	}
	
	?>
		</div>
	</body>
</html>

edit_profile.php

<?php 

include('core/init.inc.php');

$user_info = fetch_user_info($_SESSION['uid']);

?>
<!DOCTYPE html>

<html lang="da">
<head>
        <meta charset="utf-8">
        <title>Edit Your Profile</title>
	<link rel="stylesheet" type="text/css" href="ext/css/style.css" />
	
</head>
	<body>
		<div>
			<?php
			


			?>
		</div>
		<form action="" method="post">
			<p>
				<label for="email">Email:</label>
				<input type="text" name="email" id="email" value="<?php echo $user_info['email']; ?>" />
			</p>
			<p>
				<label for="location">Location:</label>
				<input type="text" name="location" id="location" value="<?php echo $user_info['location']; ?>" />
			</p>
			<p>
				<label for="about">About Me:</label>
				<textarea name="about" id="about" rows="14" cols="50"><?php echo $user_info['about']; ?></textarea>
			</p>
			<p>
				<input type="submit" value="Update" />
			</p>
		</form>
	</body>
</html>

if u need more code then tell me :=)

[Temor]

well, the problem is that you never give $_SESSION['uid'] a value.
you could run a check to see which id corresponds to the logged in username and store that value in $_SESSION['uid'].

[hys]

where in the code do i need to fix that ? :s

[Temor]

try the init file.

[hys]

is it possible that u can tell me what to write and there in the init i need to put it there

[Temor]

is it possible that u can tell me what to write and there in the init i need to put it there

you'll never learn if I just give you the code.
give it a try yourself and let me know if you get stuck.

what you want do do is write a function to get the ID that matches with $_SESSION['username'] and store that value in $_SESSION['uid'].

An example is this:

function fetch_current_user_id($username){
$sql = 'SELECT `id` FROM `table` WHERE `username` = '{$_SESSION['username']'';

$result = mysql_query($sql);
return mysql_result($result, 0);
}

the number after $result in mysql_result();( 0 in this case ) chooses which row of data will be returned from the function. 0 is first row, 1 is second row, 2 is third row etc.


Don't forget to properly sanitize all user generated inputs to prevent sql injection.

[hys]

when i do so it well just get my site like a blank site there is nothing there.. Dunno why its not working I'm not that good coder at alle mate :s-

why does it not work when i follow the tutorial vid ?, my edit_profil.php it well no show the text like in the vid.

regards
mike aka hys

[Temor]

What you need to do now is figure out WHY it's not working. What have you tried so far? Any error messages? Do you have error reporting on? Where did you get the id and how did you do it? Any typos, such as a missed bracket?

All pretty relevant questions. If you go through them step by step you'll probably solve this yourself in a snap.

[hys]

What you need to do now is figure out WHY it's not working. What have you tried so far? Any error messages? Do you have error reporting on? Where did you get the id and how did you do it? Any typos, such as a missed bracket?

All pretty relevant questions. If you go through them step by step you'll probably solve this yourself in a snap.

Like i said its my first time coding so don't be that mad, just asking for bait help.

i passed the code one time so ppl can help me, and no i don't know how to do that what ur are talking about sorry just looking for a nice guy to help me.

[Temor]

I'm not mad. Where did you get that idea from? I'm trying to help you, I'm just not going to solve the problem for you by giving you perfectly working code. I'm guessing you're doing this to learn PHP and the best way to learn is to make mistakes and then figure them out. I'm here to help you figure out what's causing your problems.

The list of questions is pretty much the same list I go through every time I face an error.

So. One more time.
What have you tried so far? What code did you add? What did it do? Did it cause any errors or did it just blank out the page? If so, you probably don't have error reporting on. That's why I'm asking if you have error reporting on, because if it's off you'll have a really hard time solving this.

Did you try to fetch the ID using the $_SESSION['username'] variable, and if so, what happened?

Like I said. If you would just follow this list and ask for help whenever you reach a new problem, this would be solved by now.
The best way to learn is by doing it yourself, and PHP is nice enough to explain what the problem is in detail, whenever error reporting is on.

By the way, to set error reporting if you don't have access to the php.ini file ( which I'm guessing you don't considering you're on an external host ) all you have to do is add this piece of code to the top of init.inc.php.

<?php
error_reporting(E_ALL);

[hys]

the error code u gave me.

error_reporting(E_ALL);

i putted it at the top of the init.inc.php

but i don't get any errors

both

protected.php and edit_profile.php

i used $user_info = fetch_user_info($_SESSION['uid']);

and the profile.php

i did $user_info = fetch_user_info($_GET['uid']);

[Temor]

the problem is still that $_SESSION['uid'] is empty.
$_GET['uid'] gets its value from $_SESSION['uid'] so
fetch_user_info($_SESSION['uid']);
and
fetch_user_info($_GET['uid']);
will not return anything as you're not passing in a valid ID for the function to check.

Keep error reporting on and then try to get the ID by using a function like the one I posted earlier. Put the value in $_SESSION['uid'] and it should work.

[hys]

When i put this in the init.inc.php

function fetch_current_user_id($username){
$sql = 'SELECT `id` FROM `table` WHERE `username` = '{$_SESSION['username']'';
 
$result = mysql_query($sql);
return mysql_result($result, 0);
}

then when i refresh the site it well just give me a empty site.

i putted it at the top of the init code

[jacek]

Don't copy and paste.

[hys]

jacek, i folioed the tut vid part 3 and when i go to the edit_profile.php it won't show anything and i did like u did.

So now i don't really know what to do its hard to understand what he's saying because this is my first time coding something what i want

Regards
Mike aka hys

[jacek]

If you just get a blank page you probably have a syntax error that is being hidden.

To make sure this is not the problem you need to set error_reporting to E_ALL in your php.ini file.

[hys]

If you just get a blank page you probably have a syntax error that is being hidden.

To make sure this is not the problem you need to set error_reporting to E_ALL in your php.ini file.

i only got a blank page when i copy past the code he done. when I'm not using it then well it be blank forms.

and i have putted this in to the init error_reporting(E_ALL);

and the other problem was when u log in and press profile then it well not show a profile it says user doesent exist.

[Temor]

If you just get a blank page you probably have a syntax error that is being hidden.

To make sure this is not the problem you need to set error_reporting to E_ALL in your php.ini file.

i only got a blank page when i copy past the code he done. when I'm not using it then well it be blank forms.

and i have putted this in to the init error_reporting(E_ALL);

and the other problem was when u log in and press profile then it well not show a profile it says user doesent exist.

the reason you get those errors is because like I said, $_SESSION['uid'] is empty.
My code won't work for you if you just copy paste. You need to change it to fit your database setup.
I'm guessing your table isn't really named table.

[hys]

Hello again

Now i changed the table to my info. its still not working empty site

Where shall i put an error to look whats going on.

Regards
Mike aka hys

<?php

function fetch_current_user_id($user_id){
$sql = 'SELECT `user_id` FROM `users` WHERE `user_name` = '{$_SESSION['username']'';
 
$result = mysql_query($sql);

return mysql_result($result, 0);

}

// fetches all of the users from the table.
function fetch_users() {
	$result = mysql_query('SELECT `user_id` AS `id`, `user_name` AS `username` FROM `users`');
	
	$users = array();
	
	while (($row = mysql_fetch_assoc($result)) !== false) {
		$users[] = $row;
	}	
	
	return $users;
}

// fetches profile infomation for the given user.
function fetch_user_info($uid) {
	$uid = (int)$uid;
	
	$sql = "SELECT
				`user_name` AS `username`,
				`user_firstname` AS `firstname`,
				`user_lastname` AS `lastname`,
				`user_email` AS `email`,
				`user_about` AS `about`,
				`user_location` AS `location`,
				`user_gender` AS `gender`
			FROM `users`
			WHERE `user_id` = {$uid}";
			
	$result = mysql_query($sql);
	
	return mysql_fetch_assoc($result);
}

// check if the given username exists in the database.
function user_exists($user) {
	$user 	= mysql_real_escape_string($user);
	
	$total 	= mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
}

// check if the given username and password combination is valid.
function valid_credentials($user, $pass) {
	$user 	= mysql_real_escape_string($user);
	$pass 	= mysql_real_escape_string($pass);
	
	$total 	= mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");

	return (mysql_result($total, 0) == '1') ? true : false;
}

// checks is the given user account is active.
function is_active($user) {
	$user = mysql_real_escape_string($user);
	
	$sql = "SELECT
				COUNT(`user_activations`.`user_id`)
			FROM `users`
			INNER JOIN `user_activations`
			ON `users`.`user_id` = `user_activations`.`user_id`
			WHERE `users`.`user_name` = '{$user}'";
			
	$result = mysql_query($sql);
	
	return (mysql_result($result, 0) == '0') ? true : false;
}


// activates the account related to the given activation code.
function activate_account($aid) {
	$aid = mysql_real_escape_string($aid);
	
	mysql_query("DELETE FROM `user_activations` WHERE `activation_code` = '{$aid}'");
}

// adds a user to the database
function add_user($user, $email, $pass) {
	$user 	= mysql_real_escape_string(htmlentities($user));
	$email 	= mysql_real_escape_string($email);
	$pass 	= sha1($pass);
	
	$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range('0', '9')));
	$aid = implode('', array_rand($charset, 10));
	
	$body = <<<EMAIL

	Hi,
	
	Thanks for registering, before you login you need to activate your account.
	
	To do that simply click the following link.
	
	http://dev.onslowdemolering.dk/activate.php?aid={$aid}

EMAIL;

	mail($email, 'Your new account at onslowdemolering.dk', $body, 'From: ekim@onslowdemolering.dk');
	
	mysql_query("INSERT INTO `users` (`user_name`, `user_password`, `user_email`) VALUES ('{$user}', '{$pass}', '{$email}')");
	
	$user_id = mysql_insert_id();
	
	mysql_query("INSERT INTO `user_activations` (`user_id`, `activation_code`) VALUES ({$user_id}, '{$aid}')");
}

?>