User Account System and Profile System

Post here is you are having problems with any of the tutorials.
Post Reply
hed
Posts: 2
Joined: Sat Apr 06, 2013 3:13 pm

User Account System and Profile System

Post by hed »

Hello, I'm connecting the Account and Profile system but there's and i can't seem to figure out why.

i used two tables for the account and the info, profile, users.

here is my code:

user.inc.php
[syntax=php]<?php

function fetch_current_user_id($username){
$username = mysql_real_escape_string($username);
$sql = "SELECT `user_id` FROM `users` WHERE `user_name` = '{$username}'";

$result = mysql_query($sql)or die(mysql_error());;

$value = mysql_result($result, 0);

return $value;

}

if(empty($_SESSION['uid'])) {
$_SESSION['uid'] = fetch_current_user_id($_SESSION['username']);
}

function fetch_users() {
$result = mysql_query('SELECT `user_id` AS `id`, `user_name` AS `username` FROM `users`')or die(mysql_error());;

$users = array();

while (($row = mysql_fetch_assoc($result)) !== false) {
$users[] = $row;
}

return $users;
}


function fetch_user_info($uid){
$uid = (int)$uid;

$sql1 = "SELECT
`user_firstname` AS `firstname`,
`user_lastname` AS `lastname`,
`user_gender` AS `gender`,
`user_course` AS `course`,
`user_year` AS `syear`,
`user_email` AS `email`,
`user_about` AS `about`
FROM `profile`
WHERE `user_id` = {$uid}";

$result = mysql_query($sql1)or die(mysql_error());;



return mysql_fetch_assoc($result);

}

function fetch_user_acc($uid){
$uid = (int)$uid;

$sql1 = "SELECT
`user_name` AS `username`,
`user_password` AS `password`
FROM `users`
WHERE `user_id` = {$uid}";

$result = mysql_query($sql1)or die(mysql_error());;



return mysql_fetch_assoc($result);

}

//checks if the given username exists in the database
function user_exists($user){
$user = mysql_real_escape_string($user);

$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");

return (mysql_result($total, 0) == '1') ? true : false;
}

//Validation of Given Username and Password
function valid_credentials($user, $pass){
$user = mysql_real_escape_string($user);
$pass = sha1($pass);

$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");

return (mysql_result($total, 0) == '1') ? true : false;
}

//adds a user to the database.
function add_user($user, $pass, $first, $last, $gender, $course, $year){

$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);

$first = mysql_real_escape_string(htmlentities($first));
$last = mysql_real_escape_string(htmlentities($last));

mysql_query("INSERT INTO `users` (`user_name`, `user_password`) VALUES ('{$user}', '{$pass}')");
mysql_query("INSERT INTO `profile` (`user_firstname`, `user_lastname`, `user_gender`, `user_course`, `user_year`) VALUES ('{$first}', '{$last}', {$gender}, {$course}, {$year})");
}

function set_profile_info($user, $pass, $first, $last, $gender, $course, $year, $email, $about){
$email = mysql_real_escape_string(htmlentities($email));
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
$about = mysql_real_escape_string(nl2br(htmlentities($about)));
$first = mysql_real_escape_string(htmlentities($first));
$last = mysql_real_escape_string(htmlentities($last));

$sql_acc = "UPDATE `users`
SET
`user_name` = '{$user}',
`user_password = '{$pass}'
WHERE `user_id` = {$_SESSION['uid']}";

$sql_info = "UPDATE `profile`
SET
`user_firstname` = '{$first}',
`user_lastname` = '{$last}',
`user_gender` = {$gender},
`user_course` = {$course},
`user_year` = {$year},
`user_email` = '{$email}',
`user_about` = '{$about}'
WHERE `user_id` = {$_SESSION['uid']}";

mysql_query($sql_acc)or die(mysql_error());
mysql_query($sql_info)or die(mysql_error());

}

?>[/syntax]

init.inc.php
[syntax=php]<?php
session_start();

error_reporting(E_ALL);

$exceptions = array('register', 'login');

$explode = explode('/', $_SERVER['SCRIPT_NAME']);

$page = substr(end($explode), 0, -4);

mysql_connect("localhost","root","");
mysql_select_db("csphp");

$path = dirname(__FILE__);

include("$path/inc/user.inc.php");

if (isset($_COOKIE['username'], $_COOKIE['password']) && isset($_SESSION['username']) === false) {
if (valid_credentials($_COOKIE['username'], $_COOKIE['password'])) {
$_SESSION['username'] = htmlentities($_COOKIE['username']);

setcookie('username', $_COOKIE['username'], time() + 604800);
setcookie('password', $_COOKIE['password'], time() + 604800);
}
}

if(in_array($page, $exceptions) === false){
if(isset($_SESSION['username']) === false){
header('Location: login.php');
die();
}
}

?>[/syntax]

login.php
[syntax=php]<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
if (empty($_POST['username'])){
$errors[] = 'The Username Form cannot be empty';
}

if (empty($_POST['password'])){
$errors[] = 'The Password Form cannot be empty';
}

if (valid_credentials($_POST['username'], $_POST['password']) === false){
$errors[] = 'Username / Password incorrect.';
}

if (empty($errors)){
$_SESSION['username'] = htmlentities($_POST['username']);

header('Location: protected.php');
die();
}

}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict-dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="ext/css/style.css" />
<title></title>
</head>
<body>
<div>
<?php

if(empty($errors) === false){
?>
<ul>
<?php

foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}else{
echo 'Need an account ? <a href="register.php">Register Here</a>';
}

?>
</div>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>"/>
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
</body>
</html>[/syntax]

logout.php

[syntax=php] <?php

session_start();

$_SESSION = array();

session_destroy();

if (isset($_COOKIE['username'], $_COOKIE['password'])) {
setcookie('username', '', time());
setcookie('password', '', time());
}

header('Location: protected.php');

?>
[/syntax]

protected.php

[syntax=php]<?php

include('core/init.inc.php');

$user_info = fetch_user_info($_SESSION['uid']);

$user_acc = fetch_user_acc($_SESSION['uid']);

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict-dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<p>
You are logged in as <?php echo $_SESSION['username']; ?>
</p>
<li>
<a href="user_list.php">View Users</a>
</li>
<li>
<a href="profile.php?uid=<?php echo $_SESSION['uid']; ?>">Profile</a>
</li>
<li>
<a href="edit_profile.php">Edit Profile</a>
</li>
<li>
<a href="logout.php">Logout</a>
</li>
</body>
</html>[/syntax]

register.php

[syntax=php]<?php
include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'],$_POST['firstname'],$_POST['lastname'],$_POST['gender'],$_POST['course'],$_POST['syear'])){
if (empty($_POST['username'])){
$errors[] = 'The Username Form cannot be empty.';
}
if (empty($_POST['password']) || empty($_POST['repeat_password'])){
$errors[] = 'The Password Form cannot be empty.';
}
if ($_POST['password'] !== $_POST['repeat_password']){
$errors[] = 'The Password Verification failed.';
}
if (user_exists($_POST['username'])){
$errors[] = 'The Username you entered is already taken.';
}
if (empty($errors)){
add_user($_POST['username'], $_POST['password'],$_POST['firstname'],$_POST['lastname'],$_POST['gender'],$_POST['course'],$_POST['syear']);

$_SESSION['username'] = htmlentities($_POST['username']);

header('Location: protected.php');
die();
}
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content=text/html; charset=utf-8">
<style type="text/css">
form { margin:10px 0px 0px 0px; }
form div { float:left; clear:both; margin:0px 0px 4px 0px; }
label {float:left; width:100px;}
input[type="text"], textarea {float:left; width:400px;}
input[type="submit"] { margin:10px 0px 0px 100px; }
</style>
<title></title>
</head>
<body>
<div>
<?php

if (empty($errors) === false){
?>
<ul>
<?php

foreach ($errors as $error){
echo "<li>{$error}</li>";
}

?>
</ul>
<?php
}

?>
</div>
<form action="" method="post">
<div>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>" />
</div>
<div>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</div>
<div>
<label for="repeat_password">Repeat Password:</label>
<input type="password" name="repeat_password" id="repeat_password" />
</div>
<div>
<label for="firstname">Firstname:</label>
<input type="text" name="firstname" id="firstname" value="" />
</div>
<div>
<label for="lastname">Lastname:</label>
<input type="text" name="lastname" id="lastname" value="" />
</div>
<div>
<label for="gender">Gender:</label>
<input type = 'Radio' Name ='gender' value= 1>Male
<input type = 'Radio' Name ='gender' value= 2>Female
</div>
<div>
<label for="course">Course:</label>
<select name="course">
<option value=1>BSCS</option>
<option value=2>BSE</option>
<option value=3>BEED</option>
</select>
</div>
<div>
<label for="syear">Year:</label>
<select name="syear">
<option value=1>1st Year</option>
<option value=2>2nd Year</option>
<option value=3>3rd Year</option>
<option value=4>4th Year</option>
</select>
</div>
<div>
<input type="submit" value="Register" />
</div>
</form>
</body>
</html>[/syntax]

profile.php

[syntax=php]<?php

include('core/init.inc.php');

$user_info = fetch_user_info($_GET['uid']);

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict-dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="ext/css/style.css" />
<title><?php echo $user_info['firstname']; ?>'s Profile</title>
</head>
<body>
<div>
<?php

if ($user_info === false){
echo 'The user does not exists';
}else{
?>
<h1><?php echo $user_info['firstname']; echo $user_info['lastname']; ?></h1>
<p>Gender: <?php echo ($user_info['gender'] == 1) ? 'Male' : 'Female'; ?></p>
<p>Course: <?php if ($user_info['course'] == 1)
echo 'BSCS';
else if($user_info['course'] == 2)
echo 'BSE';
else if($user_info['course'] == 3)
echo 'BEED';

?>
</p>
<p>Year: <?php if ($user_info['syear'] == 1)
echo '1st Year';
else if($user_info['syear'] == 2)
echo '2nd Year';
else if($user_info['syear'] == 3)
echo '3rd Year';
else if($user_info['syear'] == 4)
echo'4th Year';

?>
</p>
<p>Email: <?php echo $user_info['email']; ?></p>
<p><?php echo $user_info['about']; ?></p>
<?php
}

?>
</div>
</body>
</html>[/syntax]

edit_profile.php

[syntax=php] <?php

include('core/init.inc.php');

$user_info = fetch_user_info($_SESSION['uid']);

$user_acc = fetch_user_acc($_SESSION['uid']);

if (isset($_POST['username'],$_POST['password'],$_POST['firstname'],$_POST['lastname'],$_POST['gender'],$_POST['course'],$_POST['syear'],$_POST['email'],$_POST['about'])){
$errors = array();

if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false){
$errors[] = 'The email address you entered is not valid.';
}

if (empty($errors)){
set_profile_info($_POST['username'],$_POST['password'],$_POST['firstname'],$_POST['lastname'],$_POST['gender'],$_POST['course'],$_POST['syear'],$_POST['email'],$_POST['about']);
}


$user_info = array(
'email' => htmlentities($_POST['email']),
'first' => htmlentities($_POST['first']),
'last' => htmlentities($_POST['last']),
'course' => htmlentities($_POST['course']),
'syear' => htmlentities($_POST['syear']),
'gender' => htmlentities($_POST['gender']),
'about' => htmlentities($_POST['about'])
);


}else{

$user_info = fetch_user_info($_SESSION['uid']);

$user_acc = fetch_user_acc($_SESSION['uid']);

}



?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict-dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css">
form { margin:10px 0px 0px 0px; }
form div { float:left; clear:both; margin:0px 0px 4px 0px; }
label {float:left; width:100px;}
input[type="text"], textarea {float:left; width:400px;}
input[type="submit"] { margin:10px 0px 0px 100px; }
</style>
<title><?php echo $user_info['firstname']; ?>'s Profile</title>
</head>
<body>
<div>
<?php

if (isset($errors) === false){
echo 'Click to Update your Profile.';

}else if(empty($errors)){
echo 'Your Profile has been Updated';
}else
echo '<ul><li>', implode('</li><li>', $errors), '</li></ul>';

?>
</div>
<form action="" method="post">
<div>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="" />
</div>
<div>
<label for="password">Password:</label>
<input type="text" name="password" id="password" value="" />
</div>
<div>
<label for="firstname">Firstname:</label>
<input type="text" name="firstname" id="firstname" value="<?php echo $user_info['firstname']; ?>" />
</div>
<div>
<label for="lastname">Lastname:</label>
<input type="text" name="lastname" id="lastname" value="<?php echo $user_info['lastname']; ?>" />
</div>
<div>
<label for="gender">Gender:</label>
<input type = 'Radio' Name ='gender' value= 1 <?php if ($user_info['gender'] == 1) echo 'checked=checked'; ?>>Male
<input type = 'Radio' Name ='gender' value= 2 <?php if ($user_info['gender'] == 2) echo 'checked=checked'; ?>>Female
</div>
<div>
<label for="course">Course:</label>
<select name="course">
<option value=1 <?php if ($user_info['course'] == 1) echo 'selected'; ?>>BSCS</option>
<option value=2 <?php if ($user_info['course'] == 2) echo 'selected'; ?>>BSE</option>
<option value=3 <?php if ($user_info['course'] == 3) echo 'selected'; ?>>BEED</option>
</select>
</div>
<div>
<label for="syear">Year:</label>
<select name="syear">
<option value=1 <?php if ($user_info['syear'] == 1) echo 'selected'; ?>>1st Year</option>
<option value=2 <?php if ($user_info['syear'] == 2) echo 'selected'; ?>>2nd Year</option>
<option value=3 <?php if ($user_info['syear'] == 3) echo 'selected'; ?>>3rd Year</option>
<option value=4 <?php if ($user_info['syear'] == 4) echo 'selected'; ?>>4th Year</option>
</select>
</div>
<div>
<label for="email">Email:</label>
<input type="text" name="email" id="email" value="<?php echo $user_info['email']; ?>" />
</div>
<div>
<label for="about">About Me:</label>
<textarea name="about" id="about" rows="14" cols="50"><?php echo $user_info['about']; ?></textarea>
</div>
<div>
<input type="submit" value="Update" />
</div>
</form>
</body>
</html>
[/syntax]

user_list.php

[syntax=php] <?php

include('core/init.inc.php');

?>
<!DOCTYPE html>

<html lang="da">
<head>
<meta charset="utf-8">
<title></title>
<link rel="stylesheet" type="text/css" href="ext/css/style.css" />

</head>
<body>
<div>
<h2>Userlist</h2>
<?php

foreach (fetch_users() as $user) {
?>
<p>
<a href="profile.php?uid=<?php echo $user['id']; ?>"><?php echo $user['username']; ?></a>
</p>
<?php
}

?>
</div>
</body>
</html>
[/syntax]

I tried using INNER JOIN for the 2 tables and doesn't seem to work, so i tried using two functions for fetching info, updating, and also adding data in the database.

I'm kind of a beginner in php (sorry about that) and i don't know what or how to fix the errors, i tried searching on Google how to fix the errors and i can't find anything.

P.S.Thanks for the Tutorial and i learned a lot for a beginner :D


Sorry for asking and Thanks again!
Last edited by hed on Sun Apr 07, 2013 3:45 am, edited 2 times in total.
Top
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: User Account System and Profile System

Post by Temor »

I think you forgot to post what errors you get :)
Top
hed
Posts: 2
Joined: Sat Apr 06, 2013 3:13 pm

Re: User Account System and Profile System

Post by hed »

sorry about that, i forgot.

i think there's 2 or more errors.
a. i can't update a profile, there's an error that said its near the update on password.
The Error : "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'user_id` = 1' at line 4"

b. there's an error on user.init.php unidentified index and also MySQL error (in the login page).
Undefined index: username in C:\wamp\www\CSPhp\core\inc\user.inc.php on line 16
mysql_result(): Unable to jump to row 0 on MySQL result index 6 in C:\wamp\www\CSPhp\core\inc\user.inc.php on line 9

c. when i register it only inserts on the users table, not on the profile. (fixed)
d. when i click the newly registered user (in the user list) it said that it cannot find the user. (fixed)

is it alright to use two inserts and two function to fetch and insert data?

i think that's all the problem that i can think of right now.

again, thanks in advance :D
Top
User avatar
Temor
Posts: 1186
Joined: Thu May 05, 2011 8:04 pm

Re: User Account System and Profile System

Post by Temor »

in your set_profile_info function you've missed one backtick after user_password.
[syntax=php]
"UPDATE `users`
SET
`user_name` = '{$user}',
`user_password = '{$pass}' <-- here
WHERE `user_id` = {$_SESSION['uid']}";[/syntax]
Top
Post Reply

Return to “Tutorials”