Hello someone can help me with the task …
I have a website that needs to make a logging system with time where definitions of time a user can logs (for example, user Alex Him session will be active from 11 am to 12 am) and that Alex you will be able to enter between 11 and 12 if enter earlier session not active, also if you come later. Session Alex also can be deleted from the database.
can come and go at any time between 11 and 12
and have a working Logout.
What do you have so far?
I made only registration system
LOL! What he meant is, where is your code attempt?
code for data base
[php]CREATE TABLE IF NOT EXISTS users (
userId int(11) NOT NULL AUTO_INCREMENT,
userName varchar(30) NOT NULL,
userEmail varchar(60) NOT NULL,
userPass varchar(255) NOT NULL,
PRIMARY KEY (userId),
UNIQUE KEY userEmail (userEmail)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;[/php]
So far I’ve done this…
stay to do to limit any user who is a limit to a certain time, for example from 11h to 12h then expiry this time profile of this user be deleted from the database
We are not going to download a zip file. Post your code in the code tags.
ok
DB
[php]CREATE TABLE IF NOT EXISTS users (
userId int(11) NOT NULL AUTO_INCREMENT,
userName varchar(30) NOT NULL,
userEmail varchar(60) NOT NULL,
userPass varchar(255) NOT NULL,
PRIMARY KEY (userId),
UNIQUE KEY userEmail (userEmail)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;[/php]
index.php
[php]<?php
ob_start();
session_start();
require_once ‘dbconnect.php’;
// it will never let you open index(login) page if session is set
if ( isset($_SESSION['user'])!="" ) {
header("Location: home.php");
exit;
}
$error = false;
if( isset($_POST['btn-login']) ) {
// prevent sql injections/ clear user invalid inputs
$email = trim($_POST['email']);
$email = strip_tags($email);
$email = htmlspecialchars($email);
$pass = trim($_POST['pass']);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
// prevent sql injections / clear user invalid inputs
if(empty($email)){
$error = true;
$emailError = "Please enter your email address.";
} else if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
$error = true;
$emailError = "Please enter valid email address.";
}
if(empty($pass)){
$error = true;
$passError = "Please enter your password.";
}
// if there's no error, continue to login
if (!$error) {
$password = hash('sha256', $pass); // password hashing using SHA256
$res=mysql_query("SELECT userId, userName, userPass FROM users WHERE userEmail='$email'");
$row=mysql_fetch_array($res);
$count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row
if( $count == 1 && $row['userPass']==$password ) {
$_SESSION['user'] = $row['userId'];
header("Location: home.php");
} else {
$errMSG = "Incorrect Credentials, Try again...";
}
}
}
?>
Register<div id="login-form">
<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
<div class="col-md-12">
<div class="form-group">
<h2 class="">Sign In.</h2>
</div>
<div class="form-group">
<hr />
</div>
<?php
if ( isset($errMSG) ) {
?>
<div class="form-group">
<div class="alert alert-danger">
<span class="glyphicon glyphicon-info-sign"></span> <?php echo $errMSG; ?>
</div>
</div>
<?php
}
?>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span></span>
<input type="email" name="email" class="form-control" placeholder="Your Email" value="<?php echo $email; ?>" maxlength="40" />
</div>
<span class="text-danger"><?php echo $emailError; ?></span>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
<input type="password" name="pass" class="form-control" placeholder="Your Password" maxlength="15" />
</div>
<span class="text-danger"><?php echo $passError; ?></span>
</div>
<div class="form-group">
<hr />
</div>
<div class="form-group">
<button type="submit" class="btn btn-block btn-primary" name="btn-login">Sign In</button>
</div>
<div class="form-group">
<hr />
</div>
<div class="form-group">
<a href="register.php">Sign Up Here...</a>
</div>
</div>
</form>
</div>
register.php
[php]<?php
ob_start();
session_start();
if( isset($_SESSION[‘user’])!="" ){
header(“Location: home.php”);
}
include_once ‘dbconnect.php’;
$error = false;
if ( isset($_POST['btn-signup']) ) {
// clean user inputs to prevent sql injections
$name = trim($_POST['name']);
$name = strip_tags($name);
$name = htmlspecialchars($name);
$email = trim($_POST['email']);
$email = strip_tags($email);
$email = htmlspecialchars($email);
$pass = trim($_POST['pass']);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
// basic name validation
if (empty($name)) {
$error = true;
$nameError = "Please enter your full name.";
} else if (strlen($name) < 3) {
$error = true;
$nameError = "Name must have atleat 3 characters.";
} else if (!preg_match("/^[a-zA-Z ]+$/",$name)) {
$error = true;
$nameError = "Name must contain alphabets and space.";
}
//basic email validation
if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
$error = true;
$emailError = "Please enter valid email address.";
} else {
// check email exist or not
$query = "SELECT userEmail FROM users WHERE userEmail='$email'";
$result = mysql_query($query);
$count = mysql_num_rows($result);
if($count!=0){
$error = true;
$emailError = "Provided Email is already in use.";
}
}
// password validation
if (empty($pass)){
$error = true;
$passError = "Please enter password.";
} else if(strlen($pass) < 6) {
$error = true;
$passError = "Password must have atleast 6 characters.";
}
// password encrypt using SHA256();
$password = hash('sha256', $pass);
// if there's no error, continue to signup
if( !$error ) {
$query = "INSERT INTO users(userName,userEmail,userPass) VALUES('$name','$email','$password')";
$res = mysql_query($query);
if ($res) {
$errTyp = "success";
$errMSG = "Successfully registered, you may login now";
unset($name);
unset($email);
unset($pass);
} else {
$errTyp = "danger";
$errMSG = "Something went wrong, try again later...";
}
}
}
?>
Register<div id="login-form">
<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
<div class="col-md-12">
<div class="form-group">
<h2 class="">Sign Up.</h2>
</div>
<div class="form-group">
<hr />
</div>
<?php
if ( isset($errMSG) ) {
?>
<div class="form-group">
<div class="alert alert-<?php echo ($errTyp=="success") ? "success" : $errTyp; ?>">
<span class="glyphicon glyphicon-info-sign"></span> <?php echo $errMSG; ?>
</div>
</div>
<?php
}
?>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-user"></span></span>
<input type="text" name="name" class="form-control" placeholder="Enter Name" maxlength="50" value="<?php echo $name ?>" />
</div>
<span class="text-danger"><?php echo $nameError; ?></span>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span></span>
<input type="email" name="email" class="form-control" placeholder="Enter Your Email" maxlength="40" value="<?php echo $email ?>" />
</div>
<span class="text-danger"><?php echo $emailError; ?></span>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
<input type="password" name="pass" class="form-control" placeholder="Enter Password" maxlength="15" />
</div>
<span class="text-danger"><?php echo $passError; ?></span>
</div>
<div class="form-group">
<hr />
</div>
<div class="form-group">
<button type="submit" class="btn btn-block btn-primary" name="btn-signup">Sign Up</button>
</div>
<div class="form-group">
<hr />
</div>
<div class="form-group">
<a href="index.php">Sign in Here...</a>
</div>
</div>
</form>
</div>
home.php
[php]<?php
ob_start();
session_start();
require_once ‘dbconnect.php’;
// if session is not set this will redirect to login page
if( !isset($_SESSION['user']) ) {
header("Location: index.php");
exit;
}
// select loggedin users detail
$res=mysql_query("SELECT * FROM users WHERE userId=".$_SESSION['user']);
$userRow=mysql_fetch_array($res);
?>
Welcome - <?php echo $userRow['userEmail']; ?><nav class="navbar navbar-default navbar-fixed-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">Home</a>
</div>
<div id="navbar" class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<a class="navbar-brand" href="#">applications</a></li>
<li><a href="#">comments</a></li>
<li><a href="#">customers</a></li>
</ul>
<ul class="nav navbar-nav navbar-right">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">
<span class="glyphicon glyphicon-user"></span> Hi' <?php echo $userRow['userEmail']; ?> <span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="logout.php?logout"><span class="glyphicon glyphicon-log-out"></span> Sign Out</a></li>
</ul>
</li>
</ul>
</div><!--/.nav-collapse -->
</div>
</nav>
<div id="wrapper">
<div class="container">
<div class="page-header">
<h3>php admin panel</h3>
</div>
<div class="row">
<div class="col-lg-12">
<h1>wellcome</h1>
</div>
</div>
</div>
</div>
<script src="assets/jquery-1.11.3-jquery.min.js"></script>
<script src="assets/js/bootstrap.min.js"></script>
Logout.Php
[php]<?php
session_start();
if (!isset($_SESSION[‘user’])) {
header(“Location: index.php”);
} else if(isset($_SESSION[‘user’])!="") {
header(“Location: home.php”);
}
if (isset($_GET[‘logout’])) {
unset($_SESSION[‘user’]);
session_unset();
session_destroy();
header(“Location: index.php”);
exit;
}[/php]
Your code is no good. You are using obsolete code that has been completely removed from Php. It is also vulnerable to an SQL Injection Attack. You NEVER EVER submit user supplied data directly to the database.
You need to use PDO. You can download my PDO Bumpstart Database from my signature and study this tutorial https://phpdelusions.net/pdo
There is no fixing your code. There are many other problems but there is no point in getting into it. Come back with a PDO version of what you are trying to do and we will go from there.
To use this database
[php]$host = ‘127.0.0.1’;
$db = ‘test’;
$user = ‘root’;
$pass = ‘’;
$charset = ‘utf8’;
$dsn = “mysql:host=$host;dbname=$db;charset=$charset”;
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$pdo = new PDO($dsn, $user, $pass, $opt);[/php]
Hello will be a little more explanation of how to do a good data base? I saw a website that recommended me, but began to create data base I get the following.
Here’s the code you write
dbconnect.php
[php]<?php
$host = ‘localhost’;
$db = ‘test122331321’;
$user = ‘root’;
$pass = ‘jdsakhdajkh’;
$charset = ‘utf8’;
$dsn = “mysql:host=$host;dbname=$db;charset=$charset”;
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$pdo = new PDO($dsn, $user, $pass, $opt);
}[/php]
perhaps did not enter correctly :
in index.php file integrating it in the following way
[php] require_once ‘dbconnect.php’;[/php]
I guess that is not right because my draws following…
mywebsite.com is currently unable to handle this request.
HTTP ERROR 500
I just want to grasp the idea of work SQL Injection, PDO, SafeMySQL, in the website is quite explain, but I need a real example and in which situations to use these things :
I gave you a link to a good tutorial on PDO.
My PDO Bumpstart Database was designed specifically to help inexperienced coders get up and running with PDO in a few minutes. Did you install the Bumpstart database and look through the code? It has several examples of basic things you would do with a database.
Thanks for the comprehensive answers. yes it is a good lesson, but the question is to know where, how and in what instances using the given code.