hey man am having trouble here. am using this code
if($user_ok == true){
header("location:user.php?u=".$_SESSION["username"]);
exit();
}
but this is my problem The requested URL /tutoringcareer/php/user.php was not found on this server. i have a .htaccess file but when i try to log in that when i have the problem
How do i set up a email server to work with my localhost site usine wamp hmailserver and squirrelmail.
i have a .htaccess file but when i try to log in that when i have the problem
That doesn't make much sense. Could you elaborate?
Is the error url what you expect? /tutoringcareer/php/user.php
Or is it supposed to be something else?
yes it url i'm expecting that when i login i should go to users.php buts it not. i took out .htaccess file but am still getting that problem. but the file is there
<!-- ******** login.php ******** -->
<?php
include_once("../php_includes/check_login_status.php");
// If user is already logged in, header that weenis away
if($user_ok == true){
header("location:user.php?u=".$_SESSION["username"]);
exit();
}
?><?php
// AJAX CALLS THIS LOGIN CODE TO EXECUTE
if(isset($_POST["e"])){
// CONNECT TO THE DATABASE
include_once("../php_includes/db_conx.php");
// GATHER THE POSTED DATA INTO LOCAL VARIABLES AND SANITIZE
$e = mysqli_real_escape_string($db_conx, $_POST['e']);
$p = md5($_POST['p']);
// GET USER IP ADDRESS
$ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
// FORM DATA ERROR HANDLING
if($e == "" || $p == ""){
echo "login_failed";
exit();
} else {
// END FORM DATA ERROR HANDLING
$sql = "SELECT id, username, password FROM users WHERE email='$e' AND activated='1' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_row($query);
$db_id = $row[0];
$db_username = $row[1];
$db_pass_str = $row[2];
if($p != $db_pass_str){
echo "login_failed";
exit();
} else {
// CREATE THEIR SESSIONS AND COOKIES
$_SESSION['userid'] = $db_id;
$_SESSION['username'] = $db_username;
$_SESSION['password'] = $db_pass_str;
setcookie("id", $db_id, strtotime( '+30 days' ), "/", "", "", TRUE);
setcookie("user", $db_username, strtotime( '+30 days' ), "/", "", "", TRUE);
setcookie("pass", $db_pass_str, strtotime( '+30 days' ), "/", "", "", TRUE);
// UPDATE THEIR "IP" AND "LASTLOGIN" FIELDS
$sql = "UPDATE users SET ip='$ip', lastlogin=now() WHERE username='$db_username' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
echo $db_username;
exit();
}
}
exit();
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Log In</title>
<link rel="icon" href="../favicon.ico" type="image/x-icon">
<link rel="stylesheet" href="../style/style.css">
<style type="text/css">
#loginform{
margin-top:24px;
}
#loginform > div {
margin-top: 12px;
}
#loginform > input {
width: 200px;
padding: 3px;
background: #F3F9DD;
}
#loginbtn {
font-size:15px;
padding: 10px;
}
</style>
<script src="../js/main.js"></script>
<script src="../js/ajax.js"></script>
<script>
function emptyElement(x){
_(x).innerHTML = "";
}
function login(){
var e = _("email").value;
var p = _("password").value;
if(e == "" || p == ""){
_("status").innerHTML = "Fill out all of the form data";
} else {
_("loginbtn").style.display = "none";
_("status").innerHTML = 'please wait ...';
var ajax = ajaxObj("POST", "login.php");
ajax.onreadystatechange = function() {
if(ajaxReturn(ajax) == true) {
if(ajax.responseText == "login_failed"){
_("status").innerHTML = "Login unsuccessful, please try again.";
_("loginbtn").style.display = "block";
} else {
window.location = "user.php?u="+ajax.responseText;
}
}
}
ajax.send("e="+e+"&p="+p);
}
}
</script>
</head>
<body>
<?php include_once("../php_includes/template_pageTop.php"); ?>
<div id="pageMiddle">
<h3>Log In Here</h3>
<!-- LOGIN FORM -->
<form id="loginform" onsubmit="return false;">
<div>Email Address:</div>
<input type="text" id="email" onfocus="emptyElement('status')" maxlength="88">
<div>Password:</div>
<input type="password" id="password" onfocus="emptyElement('status')" maxlength="100">
<br /><br />
<button id="loginbtn" onclick="login()">Log In</button>
<p id="status"></p>
<a href="#">Forgot Your Password?</a>
</form>
<!-- LOGIN FORM -->
</div>
<?php include_once("../php_includes/template_pageBottom.php"); ?>
</body>
</html>
<!-- ******** user.php ******** -->
<?php
// Initialize any variables that the page might echo
$u = "";
$sex = "Male";
$userlevel = "";
$profile_pic = "";
$profile_pic_btn = "";
$avatar_form = "";
$country = "";
$joindate = "";
$lastsession = "";
// Make sure the _GET username is set, and sanitize it
if(isset($_GET["u"])){
$u = preg_replace('#[^a-z0-9]#i', '', $_GET['u']);
} else {
header("location: ../index.php");
exit();
}
// Select the member from the users table
$sql = "SELECT * FROM users WHERE username='$u' AND activated='1' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
// Now make sure that user exists in the table
$numrows = mysqli_num_rows($user_query);
if($numrows < 1){
echo "That user does not exist or is not yet activated, press back";
exit();
}
// Check to see if the viewer is the account owner
$isOwner = "no";
if($u == $log_username && $user_ok == true){
$isOwner = "yes";
$profile_pic_btn = '<a href="#" onclick="return false;" onmousedown="toggleElement(\'avatar_form\')">Toggle Avatar Form</a>';
$avatar_form = '<form id="avatar_form" enctype="multipart/form-data" method="post" action="php_parsers/photo_system.php">';
$avatar_form .= '<h4>Change your avatar</h4>';
$avatar_form .= '<input type="file" name="avatar" required>';
$avatar_form .= '<p><input type="submit" value="Upload"></p>';
$avatar_form .= '</form>';
}
// Fetch the user row from the query above
while ($row = mysqli_fetch_array($user_query, MYSQLI_ASSOC)) {
$profile_id = $row["id"];
$gender = $row["gender"];
$country = $row["country"];
$userlevel = $row["userlevel"];
$avatar = $row["avatar"];
$signup = $row["signup"];
$lastlogin = $row["lastlogin"];
$joindate = strftime("%b %d, %Y", strtotime($signup));
$lastsession = strftime("%b %d, %Y", strtotime($lastlogin));
}
if($gender == "f"){
$sex = "Female";
}
$profile_pic = '<img src="user/'.$u.'/'.$avatar.'" alt="'.$u.'">';
if($avatar == NULL){
$profile_pic = '<img src="images/avatardefault.jpg" alt="'.$user1.'">';
}
?><?php
$isFriend = false;
$ownerBlockViewer = false;
$viewerBlockOwner = false;
if($u != $log_username && $user_ok == true){
$friend_check = "SELECT id FROM friends WHERE user1='$log_username' AND user2='$u' AND accepted='1' OR user1='$u' AND user2='$log_username' AND accepted='1' LIMIT 1";
if(mysqli_num_rows(mysqli_query($db_conx, $friend_check)) > 0){
$isFriend = true;
}
$block_check1 = "SELECT id FROM blockedusers WHERE blocker='$u' AND blockee='$log_username' LIMIT 1";
if(mysqli_num_rows(mysqli_query($db_conx, $block_check1)) > 0){
$ownerBlockViewer = true;
}
$block_check2 = "SELECT id FROM blockedusers WHERE blocker='$log_username' AND blockee='$u' LIMIT 1";
if(mysqli_num_rows(mysqli_query($db_conx, $block_check2)) > 0){
$viewerBlockOwner = true;
}
}
?><?php
$friend_button = '<button disabled>Request As Friend</button>';
$block_button = '<button disabled>Block User</button>';
// LOGIC FOR FRIEND BUTTON
if($isFriend == true){
$friend_button = '<button onclick="friendToggle(\'unfriend\',\''.$u.'\',\'friendBtn\')">Unfriend</button>';
} else if($user_ok == true && $u != $log_username && $ownerBlockViewer == false){
$friend_button = '<button onclick="friendToggle(\'friend\',\''.$u.'\',\'friendBtn\')">Request As Friend</button>';
}
// LOGIC FOR BLOCK BUTTON
if($viewerBlockOwner == true){
$block_button = '<button onclick="blockToggle(\'unblock\',\''.$u.'\',\'blockBtn\')">Unblock User</button>';
} else if($user_ok == true && $u != $log_username){
$block_button = '<button onclick="blockToggle(\'block\',\''.$u.'\',\'blockBtn\')">Block User</button>';
}
?><?php
$friendsHTML = '';
$friends_view_all_link = '';
$sql = "SELECT COUNT(id) FROM friends WHERE user1='$u' AND accepted='1' OR user2='$u' AND accepted='1'";
$query = mysqli_query($db_conx, $sql);
$query_count = mysqli_fetch_row($query);
$friend_count = $query_count[0];
if($friend_count < 1){
$friendsHTML = $u." has no friends yet";
} else {
$max = 18;
$all_friends = array();
$sql = "SELECT user1 FROM friends WHERE user2='$u' AND accepted='1' ORDER BY RAND() LIMIT $max";
$query = mysqli_query($db_conx, $sql);
while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) {
array_push($all_friends, $row["user1"]);
}
$sql = "SELECT user2 FROM friends WHERE user1='$u' AND accepted='1' ORDER BY RAND() LIMIT $max";
$query = mysqli_query($db_conx, $sql);
while ($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) {
array_push($all_friends, $row["user2"]);
}
$friendArrayCount = count($all_friends);
if($friendArrayCount > $max){
array_splice($all_friends, $max);
}
if($friend_count > $max){
$friends_view_all_link = '<a href="view_friends.php?u='.$u.'">view all</a>';
}
$orLogic = '';
foreach($all_friends as $key => $user){
$orLogic .= "username='$user' OR ";
}
$orLogic = chop($orLogic, "OR ");
$sql = "SELECT username, avatar FROM users WHERE $orLogic";
$query = mysqli_query($db_conx, $sql);
while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)) {
$friend_username = $row["username"];
$friend_avatar = $row["avatar"];
if($friend_avatar != ""){
$friend_pic = 'user/'.$friend_username.'/'.$friend_avatar.'';
} else {
$friend_pic = 'images/avatardefault.jpg';
}
$friendsHTML .= '<a href="user.php?u='.$friend_username.'"><img class="friendpics" src="'.$friend_pic.'" alt="'.$friend_username.'" title="'.$friend_username.'"></a>';
}
}
?><?php
$coverpic = "";
$sql = "SELECT filename FROM photos WHERE user='$u' ORDER BY RAND() LIMIT 1";
$query = mysqli_query($db_conx, $sql);
if(mysqli_num_rows($query) > 0){
$row = mysqli_fetch_row($query);
$filename = $row[0];
$coverpic = '<img src="user/'.$u.'/'.$filename.'" alt="pic">';
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title><?php echo $u; ?></title>
<link rel="icon" href="../favicon.ico" type="image/x-icon">
<link rel="stylesheet" href="../style/style.css">
<style type="text/css">
div#profile_pic_box{float:right; border:#999 2px solid; width:200px; height:200px; margin:20px 30px 0px 0px; overflow-y:hidden;}
div#profile_pic_box > img{z-index:2000; width:200px;}
div#profile_pic_box > a {
display: none;
position:absolute;
margin:140px 0px 0px 120px;
z-index:4000;
background:#D8F08E;
border:#81A332 1px solid;
border-radius:3px;
padding:5px;
font-size:12px;
text-decoration:none;
color:#60750B;
}
div#profile_pic_box > form{
display:none;
position:absolute;
z-index:3000;
padding:10px;
opacity:.8;
background:#F0FEC2;
width:180px;
height:180px;
}
div#profile_pic_box:hover a {
display: block;
}
div#photo_showcase{float:right; background:url(../style/photo_showcase_bg.jpg) no-repeat; width:136px; height:127px; margin:20px 30px 0px 0px; cursor:pointer;}
div#photo_showcase > img{width:74px; height:74px; margin:37px 0px 0px 9px;}
img.friendpics{border:#000 1px solid; width:40px; height:40px; margin:2px;}
</style>
<style type="text/css">
textarea#statustext{width:982px; height:80px; padding:8px; border:#999 1px solid; font-size:16px;}
div.status_boxes{padding:12px; line-height:1.5em;}
div.status_boxes > div{padding:8px; border:#99C20C 1px solid; background: #F4FDDF;}
div.status_boxes > div > b{font-size:12px;}
div.status_boxes > button{padding:5px; font-size:12px;}
textarea.replytext{width:98%; height:40px; padding:1%; border:#999 1px solid;}
div.reply_boxes{padding:12px; border:#999 1px solid; background:#F5F5F5;}
div.reply_boxes > div > b{font-size:12px;}
</style>
<script src="../js/main.js"></script>
<script src="../js/ajax.js"></script>
<script type="text/javascript">
function friendToggle(type,user,elem){
var conf = confirm("Press OK to confirm the '"+type+"' action for user <?php echo $u; ?>.");
if(conf != true){
return false;
}
_(elem).innerHTML = 'please wait ...';
var ajax = ajaxObj("POST", "php_parsers/friend_system.php");
ajax.onreadystatechange = function() {
if(ajaxReturn(ajax) == true) {
if(ajax.responseText == "friend_request_sent"){
_(elem).innerHTML = 'OK Friend Request Sent';
} else if(ajax.responseText == "unfriend_ok"){
_(elem).innerHTML = '<button onclick="friendToggle(\'friend\',\'<?php echo $u; ?>\',\'friendBtn\')">Request As Friend</button>';
} else {
alert(ajax.responseText);
_(elem).innerHTML = 'Try again later';
}
}
}
ajax.send("type="+type+"&user="+user);
}
function blockToggle(type,blockee,elem){
var conf = confirm("Press OK to confirm the '"+type+"' action on user <?php echo $u; ?>.");
if(conf != true){
return false;
}
var elem = document.getElementById(elem);
elem.innerHTML = 'please wait ...';
var ajax = ajaxObj("POST", "php_parsers/block_system.php");
ajax.onreadystatechange = function() {
if(ajaxReturn(ajax) == true) {
if(ajax.responseText == "blocked_ok"){
elem.innerHTML = '<button onclick="blockToggle(\'unblock\',\'<?php echo $u; ?>\',\'blockBtn\')">Unblock User</button>';
} else if(ajax.responseText == "unblocked_ok"){
elem.innerHTML = '<button onclick="blockToggle(\'block\',\'<?php echo $u; ?>\',\'blockBtn\')">Block User</button>';
} else {
alert(ajax.responseText);
elem.innerHTML = 'Try again later';
}
}
}
ajax.send("type="+type+"&blockee="+blockee);
}
</script>
</head>
<body>
<?php include_once("../php_includes/template_pageTop.php"); ?>
<div id="pageMiddle">
<div id="profile_pic_box" ><?php echo $profile_pic_btn; ?><?php echo $avatar_form; ?><?php echo $profile_pic; ?></div>
<div id="photo_showcase" onclick="window.location = 'photos.php?u=<?php echo $u; ?>';" title="view <?php echo $u; ?>'s photo galleries">
<?php echo $coverpic; ?>
</div>
<h2><?php echo $u; ?><script></h2>
<p>Is the viewer the page owner, logged in and verified? <b><?php echo $isOwner; ?></b></p>
<p>Gender: <?php echo $sex; ?></p>
<p>Country: <?php echo $country; ?></p>
<p>User Level: <?php echo $userlevel; ?></p>
<p>Join Date: <?php echo $joindate; ?></p>
<p>Last Session: <?php echo $lastsession; ?></p>
<hr />
<p>Friend Button: <span id="friendBtn"><?php echo $friend_button; ?></span> <?php echo $u." has ".$friend_count." friends"; ?> <?php echo $friends_view_all_link; ?></p>
<p>Block Button: <span id="blockBtn"><?php echo $block_button; ?></span></p>
<hr />
<p><?php echo $friendsHTML; ?></p>
<hr />
<?php include_once("template_status.php"); ?>
</div>
<?php include_once("../php_includes/template_pageBottom.php"); ?>
</body>
</html>
That code formatting has gone to hell. ANy chance of you reformatting? Just select all the code and press TAB - that should indent it all. Also, there seems to be hundreds of lines of code here. Just include what's required - we have limited time in which to help you.
sorry about that i did not know. any way i had alot of wrong spelling but not i cat seem to get the login info to get assess to the users.php
<!-- ******** login.php ******** -->
<?php
include_once("../php_includes/check_login_status.php");
// If user is already logged in, header that weenis away
if($user_ok == true){
header("location:users.php?u=".$_SESSION["username"]);
exit();
}
?><?php
// AJAX CALLS THIS LOGIN CODE TO EXECUTE
if(isset($_POST["e"])){
// CONNECT TO THE DATABASE
include_once("../php_includes/db_conx.php");
// GATHER THE POSTED DATA INTO LOCAL VARIABLES AND SANITIZE
$e = mysqli_real_escape_string($db_conx, $_POST['e']);
$p = md5($_POST['p']);
// GET USER IP ADDRESS
$ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
// FORM DATA ERROR HANDLING
if($e == "" || $p == ""){
echo "login_failed";
exit();
} else {
// END FORM DATA ERROR HANDLING
$sql = "SELECT id, username, password FROM users WHERE email='$e' AND activated='1' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_row($query);
$db_id = $row[0];
$db_username = $row[1];
$db_pass_str = $row[2];
if($p != $db_pass_str){
echo "login_failed";
exit();
} else {
// CREATE THEIR SESSIONS AND COOKIES
$_SESSION['userid'] = $db_id;
$_SESSION['username'] = $db_username;
$_SESSION['password'] = $db_pass_str;
setcookie("id", $db_id, strtotime( '+30 days' ), "/", "", "", TRUE);
setcookie("user", $db_username, strtotime( '+30 days' ), "/", "", "", TRUE);
setcookie("pass", $db_pass_str, strtotime( '+30 days' ), "/", "", "", TRUE);
// UPDATE THEIR "IP" AND "LASTLOGIN" FIELDS
$sql = "UPDATE users SET ip='$ip', lastlogin=now() WHERE username='$db_username' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
echo $db_username;
exit();
}
}
exit();
}
?>
<!-- ******** users.php ******** -->
<?php
include_once("../php_includes/db_conx.php");
// Initialize any variables that the page might echo
$e = "";
$u = "";
$sex = "Male";
$userlevel = "";
$profile_pic = "";
$profile_pic_btn = "";
$avatar_form = "";
$country = "";
$joindate = "";
$lastsession = "";
// Make sure the _GET username is set, and sanitize it
if(isset($_GET["e"])){
$u = preg_replace('#[^a-z0-9]#i', '', $_GET['e']);
}
// Select the member from the users table
$sql = "SELECT * FROM users WHERE username='$e' AND activated='1' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
// Now make sure that user exists in the table
$numrows = mysqli_num_rows($user_query);
if($numrows < 1){
echo "That user does not exist or is not yet activated, press back";
exit();
}
You don't seem to have a session_start() at the top of the page. You need one of these on every page in order to propagate the session variables.
i inserted the session_start(); in the users.php and the same this is going on. is ['e'] the right vareble to be used or shoud i be using ['u']. i did try it with the ['u'] but it return the same problem.
if(isset($_GET["e"])){
$u = preg_replace('#[^a-z0-9]#i', '', $_GET['e']);
}
// Select the member from the users table
$sql = "SELECT * FROM users WHERE username='$e' AND activated='1' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
// Now make sure that user exists in the table
$numrows = mysqli_num_rows($user_query);
if($numrows < 1){
echo "That user does not exist or is not yet activated, press back";
exit();
}
You're stripping non alphanumeric characters from the username in the url querystring . OK, but I don't understand why you're doing this - if you bind parameters in a prepared statement (mysqli), there's no need.
Why is the SQL and rest of the code outside the first if block? Surely you don't want the code to execute if there's no $_GET['e']
The SQL is wrong as there's no $e initialised, only $u.
Is there a reason for using the 'u=' as a querystring parameter? Would not a session var, say be more secure? Anybody can change the 'u=' to anything they want. What happens then?
i thought the 'u=' was like a target for the ajax. anyway i did a little changes and now it saying mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in. so i place or die(mysqli_error()) at the end but same problem
$user_query = mysqli_query($db_conx, $sql);
// Now make sure that user exists in the table
$numrows = mysqli_num_rows($user_query) or die(mysqli_error());
if($numrows < 1){
echo "That user does not exist or is not yet activated, press back";
could it be that it is not getting that activated value of 1
$sql = "SELECT * FROM users WHERE username='$u' AND activated='1' LIMIT 1";
did i code it right to go get that value
sould i be more specific to which field to get the info from rather that selecting the whole table
Try
if($numrows == 0){
instead.
could it be that it is not getting that activated value of 1
No idea. That's up to you to check. Do this..
$sql = "SELECT * FROM users WHERE username='$u' AND activated='1' LIMIT 1";
echo $sql;
Copy and paste the query string output on the screen to the SQL box in PHPMyAdmin and see if you get a record.
sould i be more specific to which field to get the info from rather that selecting the whole table
Shouldn't matter at the moment - we need to get the login working first.
in phphmyadmin
SELECT * FROM `users` WHERE 1
works
but
$sql = "SELECT * FROM users WHERE username='$u' AND activated='1' LIMIT 1";
echo $sql;
did not
Maybeheader("location:user.php?u=".$_SESSION['username']);//single quotes
thanks Tpojka but now am having a problem with
$sql = "SELECT * FROM users WHERE username='$u' AND activated='1' LIMIT 1";
it is not getting that value of 1
in php my admin
SELECT * FROM `users` WHERE 1
works fine
How are these two line related?SELECT * FROM users WHERE username='$u' AND activated='1' LIMIT 1
andSELECT * FROMusersWHERE 1
Why don't you try first line in phpMyAdmin either (with hard coded value for $u)?
if i state it like this is doesn't work
SELECT * FROM users WHERE username='$u' AND activated='1' LIMIT 1
But it would work if i do this
SELECT * FROM users WHERE peter
so could it be that username is not properly define and also $u is not properly define? if so how would i do that?
<!-- ******** user.php ******** -->
<?php
session_start();
include_once("../php_includes/check_login_status.php");
// Initialize any variables that the page might echo
$u = "";
$sex = "Male";
$userlevel = "";
$profile_pic = "";
$profile_pic_btn = "";
$avatar_form = "";
$country = "";
$joindate = "";
$lastsession = "";
// Make sure the _GET username is set, and sanitize it
if(isset($_GET["u"])){
$u = preg_replace('#[^a-z0-9]#i', '', $_GET['u']);
} else {
header("location: login.php");
exit();
}
// Select the member from the users table
$sql = "SELECT * FROM users WHERE email='$u' AND activated='1' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
// Now make sure that user exists in the table
$numrows = mysqli_num_rows($user_query);
if($numrows == 0){
echo "That user does not exist or is not yet activated, press back";
exit();
}
am not getting in when i login
it echos "That user does not exist or is not yet activated, press back"
You didn't do as I said. Copy and paste the query from the screen and insert it into phpmyadmin. How is phpmyadmin supposed to know what $u means? It has no meaning.
I'm assuming that your SQL will look something like:
SELECT * FROM users WHERE username='peter' AND activated='1' LIMIT 1
If peter is in the table and you don't get a result then it's your query
Also have
$user_query = mysqli_query($db_conx, $sql) or die(mysqli_error());
That should tell you if there's an error with the query syntax.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.