Page 3 of 5
Re: cannot edit profile
Posted: Tue Dec 11, 2012 8:08 pm
by leverkusen
edit.profile.php
<?php
session_start();
include('core/init.inc.php');
if(isset($_POST['username'])){
$errors = array();
}
if(isset($_POST['grad'])){
$errors = array();
}
if(isset($_POST['drzava'])){
$errors = array();
}
if(isset($_POST['fan'])){
$errors = array();
}
if(isset($_POST['website'])){
$errors = array();
}
if (empty($errors)){
$grad = htmlentities($_POST['grad']);
$drzava = htmlentities($_POST['drzava']);
$fan = htmlentities($_POST['fan']);
$website = htmlentities($_POST['website']);
mysql_query("UPDATE `users` SET `grad` = '{$grad}', `drzava` = '{$drzava}',`fan` = '{$fan}', `website` = '{$website}' WHERE `uid`='{$uid}'");
$user_info = array();
$user_info['grad'] = "$grad";
$user_info['drzava'] = "$drzava";
$user_info['fan'] = "$fan";
$user_info['website'] = "$website";
}else{
$user_info = fetch_user_info($_SESSION['uid']);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<title>Global Betting</title>
</head>
<body>
<div>
<?php
if (isset($errors) ==false){
echo 'Click update to edit your profile.';
}else if (empty($errors)){
echo 'Your profile has been updated!';
}else{
echo '<ul><li>'. implode('</li><li>'. $errors). '</li></ul>';
}
?>
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']) && !empty($_SESSION['uid']))
{
?>
</div>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method ="POST">
<div>
<label for="username">Username</label>
<input type="text" name="username" id="username" value="<?php echo $user_info ['username']; ?>" />
</div><div>
<label for="grad">Grad</label>
<input type="text" name="grad" id="grad" value="<?php echo $user_info['grad']; ?>" />
</div>
<div>
<label for="drzava">Drzava</label>
<input type="text" name="drzava" id="drzava" value="<?php echo $user_info ['drzava']; ?>" />
</div>
<div>
<label for="fan">Fan</label>
<input type="text" name="fan" id="fan" value="<?php echo $user_info ['fan']; ?>" />
</div>
<div>
<label for="website">Website</label>
<input type="text" name="website" id="website" value="<?php echo $user_info ['website']; ?>" />
</div>
<div>
<input type="submit" value="Update" />
</div>
</form>
</body>
</html>
<?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$checklogin = mysql_query("SELECT * FROM users WHERE username = '".$username."' AND password = '".$password."'");
if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);
$_SESSION['Username'] = $username;
$_SESSION['LoggedIn'] = 1;
$_SESSION['uid'] = $row['uid'];
echo "<h1><center>Success</center></h1>";
echo "<p><center>We are now redirecting you to the member area.</center></p>";
echo "<meta http-equiv='refresh' content='=2;user.php' />";
}
else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your account could not be found. Please <a href=\"user.php\">click here to try again</a>.</p>";
}
}
else
{
?>
<?php
}
?>
login.php
<?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);
$_SESSION['Username'] = $username;
$_SESSION['LoggedIn'] = 1;
$_SESSION['uid'] = $row['uid'];
echo "<h1><center>Success</center></h1>";
echo "<p><center>We are now redirecting you to the member area.</center></p>";
echo "<meta http-equiv='refresh' content='=2;user.php' />";
}
else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your account could not be found. Please <a href=\"user.php\">click here to try again</a>.</p>";
}
}
else
{
?>
<?php
}
?>
init.inc.php
<?php
session_start();
$dbhost = ""; // this will ususally be 'localhost', but can sometimes differ
$dbname = ""; // the name of the database that you are going to use for this project
$dbuser = ""; // the username that you created, or were given, to access your database
$dbpass = ""; // the password that you created, or were given, to access your database
mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());
$path = dirname (__FILE__);
include "$path/inc/user.inc.php";
?>
user.inc.php
<?php
session_start();
function fetch_users (){
$result = mysql_query('SELECT `uid` AS `id`, `username` AS `username` FROM `users`');
$users = array();
while (($row = mysql_fetch_assoc($result)) != false){
$users[] = $row;
}
return $users;
}
function fetch_user_info($uid){
$uid = (int)$uid;
$sql = "SELECT
`username` AS `username`,
`grad` AS `grad`,
`drzava` AS `drzava`,
`fan` AS `fan`,
`Website` AS `Website`
FROM users
WHERE `uid` = '$uid'";
$result = mysql_query($sql);
return mysql_fetch_assoc($result);
}
function set_profile_info($username, $grad, $drzava, $fan, $website){
$username = mysql_real_escape_string(htmlentities($username));
$grad = mysql_real_escape_string(htmlentities($grad));
$drzava = mysql_real_escape_string(htmlentities($drzava));
$fan = mysql_real_escape_string(htmlentities($fan));
$website = mysql_real_escape_string(htmlentities($website));
$uid = $_SESSION['uid'];
mysql_query("UPDATE `users` SET `username` = `$username`, `grad` = `$grad`, `drzava` = `$drzava`,`fan` = `$fan`, `website` = `$website` WHERE `uid`=`$uid`");
}
?>
Re: cannot edit profile
Posted: Wed Dec 12, 2012 1:33 am
by ExtremeGaming
Change:
if (empty($errors)){
$grad = htmlentities($_POST['grad']);
$drzava = htmlentities($_POST['drzava']);
$fan = htmlentities($_POST['fan']);
$website = htmlentities($_POST['website']);
mysql_query("UPDATE `users` SET `grad` = '{$grad}', `drzava` = '{$drzava}',`fan` = '{$fan}', `website` = '{$website}' WHERE `uid`='{$uid}'");
In edit_profile.php to:
if (empty($errors)){
$grad = mysql_real_escape_string(htmlentities($_POST['grad']));
$drzava = mysql_real_escape_string(htmlentities($_POST['drzava']));
$fan = mysql_real_escape_string(htmlentities($_POST['fan']));
$website = mysql_real_escape_string(htmlentities($_POST['website']));
mysql_query("UPDATE `users` SET `grad` = '{$grad}', `drzava` = '{$drzava}',`fan` = '{$fan}', `website` = '{$website}' WHERE `uid`='{$uid}'") or die(mysql_error());
Re: cannot edit profile
Posted: Wed Dec 12, 2012 3:54 pm
by leverkusen
i dont get any mysql error very strange
hope you can take this scripts and edit them in your computer, then you will know when they will work
Re: cannot edit profile
Posted: Wed Dec 12, 2012 5:03 pm
by ExtremeGaming
Insert this somewhere in edit_profile.php where you will be able to see it being displayed:
echo "<h1>The current SESSION UID is: ".$_SESSION['uid']."</h1>";
What does it display?
Also why is edit_profile.php containing what should be on login.php? Post login.php correctly as it won't start with an } else if...
Re: cannot edit profile
Posted: Thu Dec 13, 2012 3:01 am
by leverkusen
haha just what i though, its a session problem
The current SESSION UID is:
Re: cannot edit profile
Posted: Thu Dec 13, 2012 3:03 am
by leverkusen
btw i added in edit.profile.php a part from login because of users to not see the page if they are logged in(edit.profile.php)
Re: cannot edit profile
Posted: Thu Dec 13, 2012 3:44 am
by ExtremeGaming
Ok first step to debugging it is...do you actually have a column in your users database called uid?
Re: cannot edit profile
Posted: Thu Dec 13, 2012 9:28 pm
by leverkusen
yes i have a column called uid auto increment primary
and how does login fails if i do not see the page when im logged out
Re: cannot edit profile
Posted: Fri Dec 14, 2012 1:17 pm
by ExtremeGaming
What is user.php?
Are you using session_unset(); or session_destroy(); in any places other than logout?
Re: cannot edit profile
Posted: Sat Dec 15, 2012 11:04 am
by leverkusen
you mean profile.php?
<?php
include('core/init.inc.php');
$user_info = fetch_user_info($_GET['uid']);
?>
<?php
if ($user_info === false){
echo 'That user does not exist.';
}else{
?>
<?php
}
?>
<!-- sidebar -->
<div id="sidebar">
<div class="block">
<div class="block-bot">
<div class="head"><div class="head-cnt"><h3><?php echo $user_info['username']; ?> profile</h3></div></div><font size="3"><b><table cellspacing="5"><tr></tr><tr><td> <a>Titles:</a><font color="orange"><?php echo $user_info['titles']; ?></font></td></tr><tr><td> <a>Name:</a><font color="orange"><?php echo $user_info['username']; ?></font></td></tr><tr><td> <a>Country:</a><font color="orange"><?php echo $user_info['drzava']; ?></font></td></tr><tr><td> <a>City:</a><font color="orange"><?php echo $user_info['grad']; ?></font></td></tr><tr><td> <a>Fan of:</a><font color="orange"><font color="orange"><?php echo $user_info['fan']; ?></font></font></td></tr><tr><td> <a>Website:</a><a target="_blank" href="<?php echo $user_info['website']; ?>"><font color="lime">link</font></td></tr><tr><td> <a href="index.php"><font color="lime"> <<< </font></a></td></tr><tr></tr></table></b></font></div>
</div>
Are you using session_unset(); or session_destroy(); in any places other than logout?: No
Re: cannot edit profile
Posted: Sat Dec 15, 2012 3:40 pm
by ExtremeGaming
Your login page says you are redirecting users to a user.php.
Re: cannot edit profile
Posted: Sat Dec 15, 2012 4:36 pm
by leverkusen
actually redirects to login.php again but on the content which cannot be seen without loggin in
Re: cannot edit profile
Posted: Sat Dec 15, 2012 5:33 pm
by ExtremeGaming
Put this at the top of login.php within your php tags and remove the redirect for now so it remains on the same page.
error_reporting(E_ALL);
ini_set('display_errors', '1');
Re: cannot edit profile
Posted: Sat Dec 15, 2012 8:52 pm
by leverkusen
still not editing the profile
Re: cannot edit profile
Posted: Sun Dec 16, 2012 12:17 am
by ExtremeGaming
If you put that on login.php, removed the redirect on login.php, and received no errors warnings or notices, I really have no idea
Re: cannot edit profile
Posted: Sun Dec 16, 2012 6:47 pm
by leverkusen
really no erors, nothing, except we know that the session is empty somehow
i have 1 idea and now will try it, on other hosting, maybe is a hosting problem i had few problems with this hosting so i hope that is
Re: cannot edit profile
Posted: Sat Dec 29, 2012 1:57 am
by jacek
Going off the last posted code I spotted a few problems.
This block
session_start();
include('core/init.inc.php');
if(isset($_POST['username'])){
$errors = array();
}
if(isset($_POST['grad'])){
$errors = array();
}
if(isset($_POST['drzava'])){
$errors = array();
}
if(isset($_POST['fan'])){
$errors = array();
}
if(isset($_POST['website'])){
$errors = array();
}
makes no sense. You are probably meant to be validating the various inputs here in which case it would look more like
include('core/init.inc.php');
$errors = array();
if (!isset($_POST['username'])){
$errors[] = 'You must enter your username';
}
You also do not need the session_start() since that is done in the init.inc.php file.
In the same file you are not using the set_profile_info() function like you should be, instead you use the raw SQL which just gets confusing and should be avoided.
The final problem is with the login system which seems to be from another tutorial, it's really not a good idea at all to combine two tutorials in the hope of making a working system. I have a full series on a much more organised login system which leads on to the profile system so it might be a good idea to start from there.
Re: cannot edit profile
Posted: Sun Dec 30, 2012 9:05 am
by leverkusen
when i change
session_start();
include('core/init.inc.php');
if(isset($_POST['username'])){
$errors = array();
}
if(isset($_POST['grad'])){
$errors = array();
}
if(isset($_POST['drzava'])){
$errors = array();
}
if(isset($_POST['fan'])){
$errors = array();
}
if(isset($_POST['website'])){
$errors = array();
}
to
include('core/init.inc.php');
$errors = array();
if (!isset($_POST['username'])){
$errors[] = 'You must enter your username';
}
i get error Warning: implode() [function.implode]: Argument must be an array in /home/a8772784/public_html/edit_profile.php on line 46
echo '<ul><li>'. implode('</li><li>'. $errors). '</li></ul>'; this is line 46
Now when i login i get echo of a user in html about his country and city, thats good, but still cant edit those information probably because of this error.
And some strange bolded black dot is appearing
Re: cannot edit profile
Posted: Sun Dec 30, 2012 11:02 pm
by ExtremeGaming
Well, for starters, php functions use a comma to seperate arguments, not a period. So change
echo '<ul><li>'. implode('</li><li>'. $errors). '</li></ul>';
To
echo '<ul><li>'. implode('</li><li>', $errors). '</li></ul>';
The change you made could not possibly result in that error, so what else did you change?
Re: cannot edit profile
Posted: Mon Dec 31, 2012 8:27 am
by leverkusen
No i havent changed anything error in line 46 is gone
when i log in with usernames i get different informations whats good, but above html box i have 'You must enter your username'
When i want to edit anything in profile i get echo 'Your profile has been updated'! but when i refresh there are still old informations but no 'You must enter your username'
edit-profile.php
<?php
include('core/init.inc.php');
$errors = array();
if (!isset($_POST["username"])){
$errors[] = 'You must enter your username';
}
if (empty($errors)){
$grad = mysql_real_escape_string(htmlentities($_POST['grad']));
$drzava = mysql_real_escape_string(htmlentities($_POST['drzava']));
$fan = mysql_real_escape_string(htmlentities($_POST['fan']));
$website = mysql_real_escape_string(htmlentities($_POST['website']));
mysql_query("UPDATE `users` SET `grad` = '{$grad}', `drzava` = '{$drzava}',`fan` = '{$fan}', `website` = '{$website}' WHERE `uid`='{$uid}'") or die(mysql_error());
$user_info = array();
$user_info['grad'] = "$grad";
$user_info['drzava'] = "$drzava";
$user_info['fan'] = "$fan";
$user_info['website'] = "$website";
}else{
$user_info = fetch_user_info($_SESSION['uid']);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<title>Global Betting</title>
</head>
<body>
<div>
<?php
if (isset($errors) ==false){
echo 'Click update to edit your profile.';
}else if (empty($errors)){
echo 'Your profile has been updated!';
}else{
echo '<ul><li>'. implode('</li><li>', $errors). '</li></ul>';
}
?>
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']) && !empty($_SESSION['uid']))
{
?>
</div>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method ="POST">
<div>
<label for="username">Username</label>
<input type="text" name="username" id="username" value="<?php echo $user_info['username']; ?>" />
</div><div>
<label for="grad">Grad</label>
<input type="text" name="grad" id="grad" value="<?php echo $user_info['grad']; ?>" />
</div>
<div>
<label for="drzava">Drzava</label>
<input type="text" name="drzava" id="drzava" value="<?php echo $user_info['drzava']; ?>" />
</div>
<div>
<label for="fan">Fan</label>
<input type="text" name="fan" id="fan" value="<?php echo $user_info['fan']; ?>" />
</div>
<div>
<label for="website">Website</label>
<input type="text" name="website" id="website" value="<?php echo $user_info['website']; ?>" />
</div>
<div>
<input type="submit" value="Update" />
</div>
</form>
</body>
</html>
<?php
}
?>
login(user).php
<?php include "base.php"; ?>
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
?>
<?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);
$_SESSION['Username'] = $username;
$_SESSION['LoggedIn'] = 1;
$_SESSION['uid'] = $row['uid'];
echo "<h1><center>Success</center></h1>";
echo "<p><center>We are now redirecting you to the member area.</center></p>";
echo "<meta http-equiv='refresh' content='=2;user.php' />";
}
else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your account could not be found. Please <a href=\"user.php\">click here to try again</a>.</p>";
}
}
else
{
?>
<br>
<center>
<form method="post" action="/user.php">
<table align="center" cellpadding="2" cellspacing="5">
<tbody><tr><td style="width: 100px;"><div align="left"><b>Username:</b></div></td><td><div align="left"><input required="required" name="username" class="login" size="32" type="text"></div></td></tr>
<tr><td style="width: 100px;"><div align="left"><b>Password:</b></div></td><td><div align="left"><input required="required" name="password" class="login" size="32" type="password"></div></td></tr>
<tr><td colspan="2"><div align="right"><input class="dugme_login" value="login" type="submit"></div></td></tr>
</tbody></table>
</form>
</center>
<br>
<?php
}
?>
Re: cannot edit profile
Posted: Thu Jan 03, 2013 3:13 am
by jacek
You blindly copied
if (!isset($_POST["username"])){
you were meant to substitute your variable name
the stuff I said about the login system still applied too.