Page 3 of 5

Re: cannot edit profile

Posted: Tue Dec 11, 2012 8:08 pm
by leverkusen
edit.profile.php
[syntax=php] <?php
session_start();
include('core/init.inc.php');

if(isset($_POST['username'])){
$errors = array();
}
if(isset($_POST['grad'])){
$errors = array();
}
if(isset($_POST['drzava'])){
$errors = array();
}
if(isset($_POST['fan'])){
$errors = array();
}
if(isset($_POST['website'])){
$errors = array();
}

if (empty($errors)){
$grad = htmlentities($_POST['grad']);
$drzava = htmlentities($_POST['drzava']);
$fan = htmlentities($_POST['fan']);
$website = htmlentities($_POST['website']);

mysql_query("UPDATE `users` SET `grad` = '{$grad}', `drzava` = '{$drzava}',`fan` = '{$fan}', `website` = '{$website}' WHERE `uid`='{$uid}'");


$user_info = array();
$user_info['grad'] = "$grad";
$user_info['drzava'] = "$drzava";
$user_info['fan'] = "$fan";
$user_info['website'] = "$website";


}else{
$user_info = fetch_user_info($_SESSION['uid']);
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<title>Global Betting</title>
</head>
<body>
<div>
<?php

if (isset($errors) ==false){
echo 'Click update to edit your profile.';
}else if (empty($errors)){
echo 'Your profile has been updated!';
}else{
echo '<ul><li>'. implode('</li><li>'. $errors). '</li></ul>';
}

?>
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']) && !empty($_SESSION['uid']))
{
?>
</div>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method ="POST">

<div>
<label for="username">Username</label>
<input type="text" name="username" id="username" value="<?php echo $user_info ['username']; ?>" />
</div><div>
<label for="grad">Grad</label>
<input type="text" name="grad" id="grad" value="<?php echo $user_info['grad']; ?>" />
</div>
<div>
<label for="drzava">Drzava</label>
<input type="text" name="drzava" id="drzava" value="<?php echo $user_info ['drzava']; ?>" />
</div>
<div>
<label for="fan">Fan</label>
<input type="text" name="fan" id="fan" value="<?php echo $user_info ['fan']; ?>" />
</div>
<div>
<label for="website">Website</label>
<input type="text" name="website" id="website" value="<?php echo $user_info ['website']; ?>" />
</div>
<div>
<input type="submit" value="Update" />
</div>
</form>
</body>
</html>
<?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));

$checklogin = mysql_query("SELECT * FROM users WHERE username = '".$username."' AND password = '".$password."'");

if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);

$_SESSION['Username'] = $username;
$_SESSION['LoggedIn'] = 1;
$_SESSION['uid'] = $row['uid'];


echo "<h1><center>Success</center></h1>";
echo "<p><center>We are now redirecting you to the member area.</center></p>";
echo "<meta http-equiv='refresh' content='=2;user.php' />";
}
else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your account could not be found. Please <a href=\"user.php\">click here to try again</a>.</p>";
}
}
else
{
?>
<?php
}
?>[/syntax]
login.php
[syntax=php]<?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));

$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");

if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);

$_SESSION['Username'] = $username;
$_SESSION['LoggedIn'] = 1;
$_SESSION['uid'] = $row['uid'];


echo "<h1><center>Success</center></h1>";
echo "<p><center>We are now redirecting you to the member area.</center></p>";
echo "<meta http-equiv='refresh' content='=2;user.php' />";
}
else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your account could not be found. Please <a href=\"user.php\">click here to try again</a>.</p>";
}
}
else
{
?>
<?php
}
?>[/syntax]
init.inc.php
[syntax=php]<?php

session_start();

$dbhost = ""; // this will ususally be 'localhost', but can sometimes differ
$dbname = ""; // the name of the database that you are going to use for this project
$dbuser = ""; // the username that you created, or were given, to access your database
$dbpass = ""; // the password that you created, or were given, to access your database

mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());


$path = dirname (__FILE__);

include "$path/inc/user.inc.php";

?>[/syntax]
user.inc.php
[syntax=php]<?php
session_start();


function fetch_users (){
$result = mysql_query('SELECT `uid` AS `id`, `username` AS `username` FROM `users`');


$users = array();

while (($row = mysql_fetch_assoc($result)) != false){
$users[] = $row;
}

return $users;
}

function fetch_user_info($uid){
$uid = (int)$uid;


$sql = "SELECT
`username` AS `username`,
`grad` AS `grad`,
`drzava` AS `drzava`,
`fan` AS `fan`,
`Website` AS `Website`
FROM users
WHERE `uid` = '$uid'";

$result = mysql_query($sql);

return mysql_fetch_assoc($result);

}
function set_profile_info($username, $grad, $drzava, $fan, $website){
$username = mysql_real_escape_string(htmlentities($username));
$grad = mysql_real_escape_string(htmlentities($grad));
$drzava = mysql_real_escape_string(htmlentities($drzava));
$fan = mysql_real_escape_string(htmlentities($fan));
$website = mysql_real_escape_string(htmlentities($website));
$uid = $_SESSION['uid'];

mysql_query("UPDATE `users` SET `username` = `$username`, `grad` = `$grad`, `drzava` = `$drzava`,`fan` = `$fan`, `website` = `$website` WHERE `uid`=`$uid`");
}


?>[/syntax]

Re: cannot edit profile

Posted: Wed Dec 12, 2012 1:33 am
by ExtremeGaming
Change:
[syntax=php]if (empty($errors)){
$grad = htmlentities($_POST['grad']);
$drzava = htmlentities($_POST['drzava']);
$fan = htmlentities($_POST['fan']);
$website = htmlentities($_POST['website']);

mysql_query("UPDATE `users` SET `grad` = '{$grad}', `drzava` = '{$drzava}',`fan` = '{$fan}', `website` = '{$website}' WHERE `uid`='{$uid}'");[/syntax]

In edit_profile.php to:

[syntax=php]if (empty($errors)){
$grad = mysql_real_escape_string(htmlentities($_POST['grad']));
$drzava = mysql_real_escape_string(htmlentities($_POST['drzava']));
$fan = mysql_real_escape_string(htmlentities($_POST['fan']));
$website = mysql_real_escape_string(htmlentities($_POST['website']));

mysql_query("UPDATE `users` SET `grad` = '{$grad}', `drzava` = '{$drzava}',`fan` = '{$fan}', `website` = '{$website}' WHERE `uid`='{$uid}'") or die(mysql_error());[/syntax]

Re: cannot edit profile

Posted: Wed Dec 12, 2012 3:54 pm
by leverkusen
i dont get any mysql error very strange
hope you can take this scripts and edit them in your computer, then you will know when they will work

Re: cannot edit profile

Posted: Wed Dec 12, 2012 5:03 pm
by ExtremeGaming
Insert this somewhere in edit_profile.php where you will be able to see it being displayed:

[syntax=php]echo "<h1>The current SESSION UID is: ".$_SESSION['uid']."</h1>";[/syntax]

What does it display?

Also why is edit_profile.php containing what should be on login.php? Post login.php correctly as it won't start with an } else if...

Re: cannot edit profile

Posted: Thu Dec 13, 2012 3:01 am
by leverkusen
haha just what i though, its a session problem
The current SESSION UID is: :roll:

Re: cannot edit profile

Posted: Thu Dec 13, 2012 3:03 am
by leverkusen
btw i added in edit.profile.php a part from login because of users to not see the page if they are logged in(edit.profile.php)

Re: cannot edit profile

Posted: Thu Dec 13, 2012 3:44 am
by ExtremeGaming
Ok first step to debugging it is...do you actually have a column in your users database called uid?

Re: cannot edit profile

Posted: Thu Dec 13, 2012 9:28 pm
by leverkusen
yes i have a column called uid auto increment primary
and how does login fails if i do not see the page when im logged out :x

Re: cannot edit profile

Posted: Fri Dec 14, 2012 1:17 pm
by ExtremeGaming
What is user.php?

Are you using session_unset(); or session_destroy(); in any places other than logout?

Re: cannot edit profile

Posted: Sat Dec 15, 2012 11:04 am
by leverkusen
you mean profile.php?
[syntax=php]<?php

include('core/init.inc.php');

$user_info = fetch_user_info($_GET['uid']);

?>
<?php

if ($user_info === false){
echo 'That user does not exist.';
}else{

?>
<?php
}
?>
<!-- sidebar -->
<div id="sidebar">

<div class="block">
<div class="block-bot">
<div class="head"><div class="head-cnt"><h3><?php echo $user_info['username']; ?> profile</h3></div></div><font size="3"><b><table cellspacing="5"><tr></tr><tr><td>&nbsp;<a>Titles:</a><font color="orange"><?php echo $user_info['titles']; ?></font></td></tr><tr><td>&nbsp;<a>Name:</a><font color="orange"><?php echo $user_info['username']; ?></font></td></tr><tr><td>&nbsp;<a>Country:</a><font color="orange"><?php echo $user_info['drzava']; ?></font></td></tr><tr><td>&nbsp;<a>City:</a><font color="orange"><?php echo $user_info['grad']; ?></font></td></tr><tr><td>&nbsp;<a>Fan of:</a><font color="orange"><font color="orange"><?php echo $user_info['fan']; ?></font></font></td></tr><tr><td>&nbsp;<a>Website:</a><a target="_blank" href="<?php echo $user_info['website']; ?>"><font color="lime">link</font></td></tr><tr><td>&nbsp;<a href="index.php"><font color="lime"> <<< </font></a></td></tr><tr></tr></table></b></font></div>
</div>
[/syntax]
Are you using session_unset(); or session_destroy(); in any places other than logout?: No

Re: cannot edit profile

Posted: Sat Dec 15, 2012 3:40 pm
by ExtremeGaming
Your login page says you are redirecting users to a user.php.

Re: cannot edit profile

Posted: Sat Dec 15, 2012 4:36 pm
by leverkusen
actually redirects to login.php again but on the content which cannot be seen without loggin in

Re: cannot edit profile

Posted: Sat Dec 15, 2012 5:33 pm
by ExtremeGaming
Put this at the top of login.php within your php tags and remove the redirect for now so it remains on the same page.

[syntax=php]error_reporting(E_ALL);
ini_set('display_errors', '1');[/syntax]

Re: cannot edit profile

Posted: Sat Dec 15, 2012 8:52 pm
by leverkusen
:( still not editing the profile

Re: cannot edit profile

Posted: Sun Dec 16, 2012 12:17 am
by ExtremeGaming
If you put that on login.php, removed the redirect on login.php, and received no errors warnings or notices, I really have no idea

Re: cannot edit profile

Posted: Sun Dec 16, 2012 6:47 pm
by leverkusen
really no erors, nothing, except we know that the session is empty somehow :(
i have 1 idea and now will try it, on other hosting, maybe is a hosting problem i had few problems with this hosting so i hope that is

Re: cannot edit profile

Posted: Sat Dec 29, 2012 1:57 am
by jacek
Going off the last posted code I spotted a few problems.

This block
[syntax=php] session_start();
include('core/init.inc.php');

if(isset($_POST['username'])){
$errors = array();
}
if(isset($_POST['grad'])){
$errors = array();
}
if(isset($_POST['drzava'])){
$errors = array();
}
if(isset($_POST['fan'])){
$errors = array();
}
if(isset($_POST['website'])){
$errors = array();
}[/syntax]
makes no sense. You are probably meant to be validating the various inputs here in which case it would look more like

[syntax=php]include('core/init.inc.php');

$errors = array();

if (!isset($_POST['username'])){
$errors[] = 'You must enter your username';
}
[/syntax]
You also do not need the session_start() since that is done in the init.inc.php file.

In the same file you are not using the set_profile_info() function like you should be, instead you use the raw SQL which just gets confusing and should be avoided.

The final problem is with the login system which seems to be from another tutorial, it's really not a good idea at all to combine two tutorials in the hope of making a working system. I have a full series on a much more organised login system which leads on to the profile system so it might be a good idea to start from there.

Re: cannot edit profile

Posted: Sun Dec 30, 2012 9:05 am
by leverkusen
when i change
[syntax=php]session_start();
include('core/init.inc.php');

if(isset($_POST['username'])){
$errors = array();
}
if(isset($_POST['grad'])){
$errors = array();
}
if(isset($_POST['drzava'])){
$errors = array();
}
if(isset($_POST['fan'])){
$errors = array();
}
if(isset($_POST['website'])){
$errors = array();
}[/syntax]
to
[syntax=php] include('core/init.inc.php');

$errors = array();

if (!isset($_POST['username'])){
$errors[] = 'You must enter your username';
}

[/syntax]
i get error Warning: implode() [function.implode]: Argument must be an array in /home/a8772784/public_html/edit_profile.php on line 46
[syntax=php]echo '<ul><li>'. implode('</li><li>'. $errors). '</li></ul>';[/syntax] this is line 46
Now when i login i get echo of a user in html about his country and city, thats good, but still cant edit those information probably because of this error.
And some strange bolded black dot is appearing

Re: cannot edit profile

Posted: Sun Dec 30, 2012 11:02 pm
by ExtremeGaming
Well, for starters, php functions use a comma to seperate arguments, not a period. So change
[syntax=php]echo '<ul><li>'. implode('</li><li>'. $errors). '</li></ul>';[/syntax]
To
[syntax=php]echo '<ul><li>'. implode('</li><li>', $errors). '</li></ul>';[/syntax]
The change you made could not possibly result in that error, so what else did you change?

Re: cannot edit profile

Posted: Mon Dec 31, 2012 8:27 am
by leverkusen
No i havent changed anything error in line 46 is gone
when i log in with usernames i get different informations whats good, but above html box i have 'You must enter your username'
When i want to edit anything in profile i get echo 'Your profile has been updated'! but when i refresh there are still old informations but no 'You must enter your username'
edit-profile.php
[syntax=php] <?php
include('core/init.inc.php');

$errors = array();

if (!isset($_POST["username"])){
$errors[] = 'You must enter your username';
}
if (empty($errors)){
$grad = mysql_real_escape_string(htmlentities($_POST['grad']));
$drzava = mysql_real_escape_string(htmlentities($_POST['drzava']));
$fan = mysql_real_escape_string(htmlentities($_POST['fan']));
$website = mysql_real_escape_string(htmlentities($_POST['website']));

mysql_query("UPDATE `users` SET `grad` = '{$grad}', `drzava` = '{$drzava}',`fan` = '{$fan}', `website` = '{$website}' WHERE `uid`='{$uid}'") or die(mysql_error());


$user_info = array();
$user_info['grad'] = "$grad";
$user_info['drzava'] = "$drzava";
$user_info['fan'] = "$fan";
$user_info['website'] = "$website";


}else{
$user_info = fetch_user_info($_SESSION['uid']);
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<title>Global Betting</title>
</head>
<body>
<div>
<?php

if (isset($errors) ==false){
echo 'Click update to edit your profile.';
}else if (empty($errors)){
echo 'Your profile has been updated!';
}else{
echo '<ul><li>'. implode('</li><li>', $errors). '</li></ul>';

}

?>
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']) && !empty($_SESSION['uid']))
{
?>
</div>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method ="POST">

<div>
<label for="username">Username</label>
<input type="text" name="username" id="username" value="<?php echo $user_info['username']; ?>" />
</div><div>
<label for="grad">Grad</label>
<input type="text" name="grad" id="grad" value="<?php echo $user_info['grad']; ?>" />
</div>
<div>
<label for="drzava">Drzava</label>
<input type="text" name="drzava" id="drzava" value="<?php echo $user_info['drzava']; ?>" />
</div>
<div>
<label for="fan">Fan</label>
<input type="text" name="fan" id="fan" value="<?php echo $user_info['fan']; ?>" />
</div>
<div>
<label for="website">Website</label>
<input type="text" name="website" id="website" value="<?php echo $user_info['website']; ?>" />
</div>
<div>
<input type="submit" value="Update" />
</div>
</form>
</body>
</html>
<?php
}
?>[/syntax]
login(user).php

[syntax=php]<?php include "base.php"; ?>
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
?>
<?php

}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));

$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");

if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);

$_SESSION['Username'] = $username;
$_SESSION['LoggedIn'] = 1;
$_SESSION['uid'] = $row['uid'];


echo "<h1><center>Success</center></h1>";
echo "<p><center>We are now redirecting you to the member area.</center></p>";
echo "<meta http-equiv='refresh' content='=2;user.php' />";
}
else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your account could not be found. Please <a href=\"user.php\">click here to try again</a>.</p>";
}
}
else
{
?>
<br>
<center>
<form method="post" action="/user.php">
<table align="center" cellpadding="2" cellspacing="5">
<tbody><tr><td style="width: 100px;"><div align="left"><b>Username:</b></div></td><td><div align="left"><input required="required" name="username" class="login" size="32" type="text"></div></td></tr>
<tr><td style="width: 100px;"><div align="left"><b>Password:</b></div></td><td><div align="left"><input required="required" name="password" class="login" size="32" type="password"></div></td></tr>
<tr><td colspan="2"><div align="right"><input class="dugme_login" value="login" type="submit"></div></td></tr>
</tbody></table>
</form>
</center>
<br>
<?php
}
?>[/syntax]

Re: cannot edit profile

Posted: Thu Jan 03, 2013 3:13 am
by jacek
You blindly copied

[syntax=php]if (!isset($_POST["username"])){[/syntax]
you were meant to substitute your variable name :P

the stuff I said about the login system still applied too.