User Account System and Profile System
Posted: Sat Apr 06, 2013 3:38 pm
Hello, I'm connecting the Account and Profile system but there's and i can't seem to figure out why.
i used two tables for the account and the info, profile, users.
here is my code:
user.inc.php
I'm kind of a beginner in php (sorry about that) and i don't know what or how to fix the errors, i tried searching on Google how to fix the errors and i can't find anything.
P.S.Thanks for the Tutorial and i learned a lot for a beginner
Sorry for asking and Thanks again!
i used two tables for the account and the info, profile, users.
here is my code:
user.inc.php
<?php
function fetch_current_user_id($username){
$username = mysql_real_escape_string($username);
$sql = "SELECT `user_id` FROM `users` WHERE `user_name` = '{$username}'";
$result = mysql_query($sql)or die(mysql_error());;
$value = mysql_result($result, 0);
return $value;
}
if(empty($_SESSION['uid'])) {
$_SESSION['uid'] = fetch_current_user_id($_SESSION['username']);
}
function fetch_users() {
$result = mysql_query('SELECT `user_id` AS `id`, `user_name` AS `username` FROM `users`')or die(mysql_error());;
$users = array();
while (($row = mysql_fetch_assoc($result)) !== false) {
$users[] = $row;
}
return $users;
}
function fetch_user_info($uid){
$uid = (int)$uid;
$sql1 = "SELECT
`user_firstname` AS `firstname`,
`user_lastname` AS `lastname`,
`user_gender` AS `gender`,
`user_course` AS `course`,
`user_year` AS `syear`,
`user_email` AS `email`,
`user_about` AS `about`
FROM `profile`
WHERE `user_id` = {$uid}";
$result = mysql_query($sql1)or die(mysql_error());;
return mysql_fetch_assoc($result);
}
function fetch_user_acc($uid){
$uid = (int)$uid;
$sql1 = "SELECT
`user_name` AS `username`,
`user_password` AS `password`
FROM `users`
WHERE `user_id` = {$uid}";
$result = mysql_query($sql1)or die(mysql_error());;
return mysql_fetch_assoc($result);
}
//checks if the given username exists in the database
function user_exists($user){
$user = mysql_real_escape_string($user);
$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
//Validation of Given Username and Password
function valid_credentials($user, $pass){
$user = mysql_real_escape_string($user);
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
//adds a user to the database.
function add_user($user, $pass, $first, $last, $gender, $course, $year){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
$first = mysql_real_escape_string(htmlentities($first));
$last = mysql_real_escape_string(htmlentities($last));
mysql_query("INSERT INTO `users` (`user_name`, `user_password`) VALUES ('{$user}', '{$pass}')");
mysql_query("INSERT INTO `profile` (`user_firstname`, `user_lastname`, `user_gender`, `user_course`, `user_year`) VALUES ('{$first}', '{$last}', {$gender}, {$course}, {$year})");
}
function set_profile_info($user, $pass, $first, $last, $gender, $course, $year, $email, $about){
$email = mysql_real_escape_string(htmlentities($email));
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
$about = mysql_real_escape_string(nl2br(htmlentities($about)));
$first = mysql_real_escape_string(htmlentities($first));
$last = mysql_real_escape_string(htmlentities($last));
$sql_acc = "UPDATE `users`
SET
`user_name` = '{$user}',
`user_password = '{$pass}'
WHERE `user_id` = {$_SESSION['uid']}";
$sql_info = "UPDATE `profile`
SET
`user_firstname` = '{$first}',
`user_lastname` = '{$last}',
`user_gender` = {$gender},
`user_course` = {$course},
`user_year` = {$year},
`user_email` = '{$email}',
`user_about` = '{$about}'
WHERE `user_id` = {$_SESSION['uid']}";
mysql_query($sql_acc)or die(mysql_error());
mysql_query($sql_info)or die(mysql_error());
}
?>
init.inc.php
<?php
session_start();
error_reporting(E_ALL);
$exceptions = array('register', 'login');
$explode = explode('/', $_SERVER['SCRIPT_NAME']);
$page = substr(end($explode), 0, -4);
mysql_connect("localhost","root","");
mysql_select_db("csphp");
$path = dirname(__FILE__);
include("$path/inc/user.inc.php");
if (isset($_COOKIE['username'], $_COOKIE['password']) && isset($_SESSION['username']) === false) {
if (valid_credentials($_COOKIE['username'], $_COOKIE['password'])) {
$_SESSION['username'] = htmlentities($_COOKIE['username']);
setcookie('username', $_COOKIE['username'], time() + 604800);
setcookie('password', $_COOKIE['password'], time() + 604800);
}
}
if(in_array($page, $exceptions) === false){
if(isset($_SESSION['username']) === false){
header('Location: login.php');
die();
}
}
?>
login.php
<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
if (empty($_POST['username'])){
$errors[] = 'The Username Form cannot be empty';
}
if (empty($_POST['password'])){
$errors[] = 'The Password Form cannot be empty';
}
if (valid_credentials($_POST['username'], $_POST['password']) === false){
$errors[] = 'Username / Password incorrect.';
}
if (empty($errors)){
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict-dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="ext/css/style.css" />
<title></title>
</head>
<body>
<div>
<?php
if(empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}else{
echo 'Need an account ? <a href="register.php">Register Here</a>';
}
?>
</div>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>"/>
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
</body>
</html>
logout.php <?php
session_start();
$_SESSION = array();
session_destroy();
if (isset($_COOKIE['username'], $_COOKIE['password'])) {
setcookie('username', '', time());
setcookie('password', '', time());
}
header('Location: protected.php');
?>
protected.php<?php
include('core/init.inc.php');
$user_info = fetch_user_info($_SESSION['uid']);
$user_acc = fetch_user_acc($_SESSION['uid']);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict-dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<p>
You are logged in as <?php echo $_SESSION['username']; ?>
</p>
<li>
<a href="user_list.php">View Users</a>
</li>
<li>
<a href="profile.php?uid=<?php echo $_SESSION['uid']; ?>">Profile</a>
</li>
<li>
<a href="edit_profile.php">Edit Profile</a>
</li>
<li>
<a href="logout.php">Logout</a>
</li>
</body>
</html>
register.php<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'],$_POST['firstname'],$_POST['lastname'],$_POST['gender'],$_POST['course'],$_POST['syear'])){
if (empty($_POST['username'])){
$errors[] = 'The Username Form cannot be empty.';
}
if (empty($_POST['password']) || empty($_POST['repeat_password'])){
$errors[] = 'The Password Form cannot be empty.';
}
if ($_POST['password'] !== $_POST['repeat_password']){
$errors[] = 'The Password Verification failed.';
}
if (user_exists($_POST['username'])){
$errors[] = 'The Username you entered is already taken.';
}
if (empty($errors)){
add_user($_POST['username'], $_POST['password'],$_POST['firstname'],$_POST['lastname'],$_POST['gender'],$_POST['course'],$_POST['syear']);
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content=text/html; charset=utf-8">
<style type="text/css">
form { margin:10px 0px 0px 0px; }
form div { float:left; clear:both; margin:0px 0px 4px 0px; }
label {float:left; width:100px;}
input[type="text"], textarea {float:left; width:400px;}
input[type="submit"] { margin:10px 0px 0px 100px; }
</style>
<title></title>
</head>
<body>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}
?>
</div>
<form action="" method="post">
<div>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>" />
</div>
<div>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</div>
<div>
<label for="repeat_password">Repeat Password:</label>
<input type="password" name="repeat_password" id="repeat_password" />
</div>
<div>
<label for="firstname">Firstname:</label>
<input type="text" name="firstname" id="firstname" value="" />
</div>
<div>
<label for="lastname">Lastname:</label>
<input type="text" name="lastname" id="lastname" value="" />
</div>
<div>
<label for="gender">Gender:</label>
<input type = 'Radio' Name ='gender' value= 1>Male
<input type = 'Radio' Name ='gender' value= 2>Female
</div>
<div>
<label for="course">Course:</label>
<select name="course">
<option value=1>BSCS</option>
<option value=2>BSE</option>
<option value=3>BEED</option>
</select>
</div>
<div>
<label for="syear">Year:</label>
<select name="syear">
<option value=1>1st Year</option>
<option value=2>2nd Year</option>
<option value=3>3rd Year</option>
<option value=4>4th Year</option>
</select>
</div>
<div>
<input type="submit" value="Register" />
</div>
</form>
</body>
</html>
profile.php<?php
include('core/init.inc.php');
$user_info = fetch_user_info($_GET['uid']);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict-dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="ext/css/style.css" />
<title><?php echo $user_info['firstname']; ?>'s Profile</title>
</head>
<body>
<div>
<?php
if ($user_info === false){
echo 'The user does not exists';
}else{
?>
<h1><?php echo $user_info['firstname']; echo $user_info['lastname']; ?></h1>
<p>Gender: <?php echo ($user_info['gender'] == 1) ? 'Male' : 'Female'; ?></p>
<p>Course: <?php if ($user_info['course'] == 1)
echo 'BSCS';
else if($user_info['course'] == 2)
echo 'BSE';
else if($user_info['course'] == 3)
echo 'BEED';
?>
</p>
<p>Year: <?php if ($user_info['syear'] == 1)
echo '1st Year';
else if($user_info['syear'] == 2)
echo '2nd Year';
else if($user_info['syear'] == 3)
echo '3rd Year';
else if($user_info['syear'] == 4)
echo'4th Year';
?>
</p>
<p>Email: <?php echo $user_info['email']; ?></p>
<p><?php echo $user_info['about']; ?></p>
<?php
}
?>
</div>
</body>
</html>
edit_profile.php <?php
include('core/init.inc.php');
$user_info = fetch_user_info($_SESSION['uid']);
$user_acc = fetch_user_acc($_SESSION['uid']);
if (isset($_POST['username'],$_POST['password'],$_POST['firstname'],$_POST['lastname'],$_POST['gender'],$_POST['course'],$_POST['syear'],$_POST['email'],$_POST['about'])){
$errors = array();
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false){
$errors[] = 'The email address you entered is not valid.';
}
if (empty($errors)){
set_profile_info($_POST['username'],$_POST['password'],$_POST['firstname'],$_POST['lastname'],$_POST['gender'],$_POST['course'],$_POST['syear'],$_POST['email'],$_POST['about']);
}
$user_info = array(
'email' => htmlentities($_POST['email']),
'first' => htmlentities($_POST['first']),
'last' => htmlentities($_POST['last']),
'course' => htmlentities($_POST['course']),
'syear' => htmlentities($_POST['syear']),
'gender' => htmlentities($_POST['gender']),
'about' => htmlentities($_POST['about'])
);
}else{
$user_info = fetch_user_info($_SESSION['uid']);
$user_acc = fetch_user_acc($_SESSION['uid']);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict-dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css">
form { margin:10px 0px 0px 0px; }
form div { float:left; clear:both; margin:0px 0px 4px 0px; }
label {float:left; width:100px;}
input[type="text"], textarea {float:left; width:400px;}
input[type="submit"] { margin:10px 0px 0px 100px; }
</style>
<title><?php echo $user_info['firstname']; ?>'s Profile</title>
</head>
<body>
<div>
<?php
if (isset($errors) === false){
echo 'Click to Update your Profile.';
}else if(empty($errors)){
echo 'Your Profile has been Updated';
}else
echo '<ul><li>', implode('</li><li>', $errors), '</li></ul>';
?>
</div>
<form action="" method="post">
<div>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="" />
</div>
<div>
<label for="password">Password:</label>
<input type="text" name="password" id="password" value="" />
</div>
<div>
<label for="firstname">Firstname:</label>
<input type="text" name="firstname" id="firstname" value="<?php echo $user_info['firstname']; ?>" />
</div>
<div>
<label for="lastname">Lastname:</label>
<input type="text" name="lastname" id="lastname" value="<?php echo $user_info['lastname']; ?>" />
</div>
<div>
<label for="gender">Gender:</label>
<input type = 'Radio' Name ='gender' value= 1 <?php if ($user_info['gender'] == 1) echo 'checked=checked'; ?>>Male
<input type = 'Radio' Name ='gender' value= 2 <?php if ($user_info['gender'] == 2) echo 'checked=checked'; ?>>Female
</div>
<div>
<label for="course">Course:</label>
<select name="course">
<option value=1 <?php if ($user_info['course'] == 1) echo 'selected'; ?>>BSCS</option>
<option value=2 <?php if ($user_info['course'] == 2) echo 'selected'; ?>>BSE</option>
<option value=3 <?php if ($user_info['course'] == 3) echo 'selected'; ?>>BEED</option>
</select>
</div>
<div>
<label for="syear">Year:</label>
<select name="syear">
<option value=1 <?php if ($user_info['syear'] == 1) echo 'selected'; ?>>1st Year</option>
<option value=2 <?php if ($user_info['syear'] == 2) echo 'selected'; ?>>2nd Year</option>
<option value=3 <?php if ($user_info['syear'] == 3) echo 'selected'; ?>>3rd Year</option>
<option value=4 <?php if ($user_info['syear'] == 4) echo 'selected'; ?>>4th Year</option>
</select>
</div>
<div>
<label for="email">Email:</label>
<input type="text" name="email" id="email" value="<?php echo $user_info['email']; ?>" />
</div>
<div>
<label for="about">About Me:</label>
<textarea name="about" id="about" rows="14" cols="50"><?php echo $user_info['about']; ?></textarea>
</div>
<div>
<input type="submit" value="Update" />
</div>
</form>
</body>
</html>
user_list.php <?php
include('core/init.inc.php');
?>
<!DOCTYPE html>
<html lang="da">
<head>
<meta charset="utf-8">
<title></title>
<link rel="stylesheet" type="text/css" href="ext/css/style.css" />
</head>
<body>
<div>
<h2>Userlist</h2>
<?php
foreach (fetch_users() as $user) {
?>
<p>
<a href="profile.php?uid=<?php echo $user['id']; ?>"><?php echo $user['username']; ?></a>
</p>
<?php
}
?>
</div>
</body>
</html>
I tried using INNER JOIN for the 2 tables and doesn't seem to work, so i tried using two functions for fetching info, updating, and also adding data in the database.I'm kind of a beginner in php (sorry about that) and i don't know what or how to fix the errors, i tried searching on Google how to fix the errors and i can't find anything.
P.S.Thanks for the Tutorial and i learned a lot for a beginner
Sorry for asking and Thanks again!
