0

This post contains:

  • 3 PHP pages
  • MySQL table picture
  • Picture of the form

As the title says, I need to extract some information from my database.

So far I have the following:

  • Index page <-- You need to login here with a personal code. (this is where I get the 'Session username' from that already works at the contact page)

  • Config page <-- Used for database access and all

  • Contact page <-- In here I would like to auto fill-in the users data.

Database table consists of:

  • username; email; realName (and some other stuff I don't need here)

So in the contact page I would like to see the following:

  • Card number = username (this already works)

  • Auto fill-in: realName and email according to the username.

Maybe it is possible to extract the info when logging in and storing these in the POST variable already? But how?

Database:

  • Table I need to use: 'members'

members

The info given by the user himself/herself = username

The info I need to auto fill-in = realName and email

Picture of the form.

The email should be in the SESSION statement, so I can send a confirmation email to the person, and the realName should be entered from the database.

Picture of the form

These are the files currently running:

config.php:

<?php
ob_start();
session_start();

//set timezone
date_default_timezone_set('Europe/Brussels');

//database credentials
define('DBHOST','*****');
define('DBUSER','*****');
define('DBPASS','*****');
define('DBNAME','*****');

//application address
define('DIR','http://*****/');
define('SITEEMAIL','noreply@*****');

try {

//create PDO connection
$db = new PDO("mysql:host=".DBHOST.";dbname=".DBNAME, DBUSER, DBPASS);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

} catch(PDOException $e) {
//show error
echo '<p class="bg-danger">'.$e->getMessage().'</p>';
exit;
}

//include the user class, pass in the database connection
include('classes/user.php');
include('classes/phpmailer/mail.php');
$user = new User($db);
?>

contact form:

<?php require('includes/config.php'); 

//if not logged in redirect to login page
if(!$user->is_logged_in()){ header('Location: index.php'); } 
?>
<html>
<head>
    <title>*****</title>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1"        />
    <!--[if lte IE 8]><script  src="siteassets/assets/js/ie/shiv.js"></script><![endif]-->
    <link rel="stylesheet" href="siteassets/assets/css/main.css" />
    <!--[if lte IE 8]><link rel="stylesheet" href="siteassets/assets/css/ie8.css" /><![endif]-->
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js"></script>
 <script>
$(document).ready(function(){
$('#next').keyup(calculate);
$('#nextprice').keyup(calculate);
$('#current').keyup(calculate);
$('#currentprice').keyup(calculate);
});
 function calculate(e)
{
$('#total').val($('#next').val() * $('#nextprice').val() + $('#current').val() * $('#currentprice').val());
}
</script>

</head>
<body class="landing">
    <div id="page-wrapper">

        <!-- Header -->
            <header id="header" class="alt">

                <nav id="nav">
                    <ul>
                        <li>
                            <a href="#" class="icon fa-angle-down">Menu</a>
                            <ul>
                                <li><a href="home.php">Current Project</a></li>
                                <li><a href="newproj.php">Next Projects</a></li>
                                <li><a href="prev.php">Previous Projects</a></li>
                                <li><a href="who.php">Who are we?</a></li>
                            </ul>
                        </li>
                        <li><a href="contact.php" class="button">contact</a></li>
                        <li><a href='logout.php'>Logout</a></li>
                    </ul>
                </nav>
            </header>

        <!-- Banner -->
            <section id="banner">
                <h2>*****</h2>
                <p>Slogan.</p>
                <ul class="actions">
                    <li><a href="home.php" class="button">Current Project</a></li>
                    <li><a href="newproj.php" class="button">Next Projects</a></li>
                    <li><a href="prev.php" class="button">Previous Projects</a></li>
                    <li><a href="who.php" class="button">Who are we?</a></li>
                    <li><a href="contact.php" class="button special">contact</a></li>
                </ul>
            </section>

        <!-- Main -->




            <section id="main" class="container 75%">
                <div class="box">
<? 
if($_SERVER['REQUEST_METHOD']=="POST")
{ 
if(strlen($_POST['name2']) == 0)
{ $error_msg ="- Please, provide us with your name.<br>"; } 

if(!empty($error_msg))
{ 
//Een van de velden werd niet goed ingevuld 
echo "<b>Your message can't be send due to the following reason:</b>    <br><br>"; 
echo $error_msg; 
echo "<br>Click on <a href='javascript:history.back(1)'>Go back</a> and  provide us with your name.<br><br>"; 
}
else 
{ 
$recipient = "*****"; 
$subject = "******"; 
$header = "From: " . $_POST['uwemail'] . "\n"; 
$mail_body = "Contact script werd op " . date("d-m-Y") . " om " . date("H:i") . " uur uitgevoerd.\n"; 
$mail_body .= "*****:\n\n"; 
$mail_body .= "Naam: " . $_POST['name2'] . "\n"; 
$mail_body .= "Met als kaartnummer: " . $_POST['card2'] . "\n"; 
$mail_body .= "******: " .  $_POST['current2'] . "\n"; 
$mail_body .= "******: " .  $_POST['next2'] . "\n"; 
$mail_body .= "Voor een totaal van: " . $_POST['total2'] . " EUR.";   
$mail_body .= "\n\n -- ****** --"; 
mail($recipient, $subject, $mail_body, $header); 
print "<b>IMPORTANT!</b>";
print "<br><br>*****.";
print "<br><br>***** ";
print $_POST['total2'];
print " *****";
print "<br><br>******.";
print "<br><br>******";
}
} 
else 
{ 
?>      
        <form action="<? echo $_SERVER['PHP_SELF']; ?>" method="POST" name="contact">
                        <div class="row uniform 50%">
                            <div class="6u 12u(mobilep)">
                            Your personal card number
                                <input type="text" name="card2" id="card" value="<?php echo $_SESSION['username']; ?>" placeholder="Card Number" readonly/>
                            </div>
                            <div class="6u 12u(mobilep)">
                            Please enter your name. (mandatory)
                                <input type="text" name="name2"  id="name" value="" placeholder="Your name" />
                            </div>
                        </div>
                        <div class="row uniform 50%">
                            <div class="6u 12u(mobilep)">
                            Current Project - Smile
                                <input type="text" name="current2" id="current" value="" placeholder="How many tickets would you like?" />
                            </div>
                            <div class="6u 12u(mobilep)">
                            Next Project - Sand
                                <input type="text" name="next2" id="next" value="" placeholder="How many tickets would you like?" />
                            </div>
                        </div>
                        <div class="row uniform 50%">
                            <div class="6u 12u(mobilep)">
                                <input type="hidden" id="currentprice" value="10" />
                            </div>
                            <div class="6u 12u(mobilep)">
                                <input type="hidden" id="nextprice" value="10" placeholder="" />
                            </div>
                        </div>
                                        <div class="6u 12u(mobile)">
                                            <input name="uwemail" placeholder="Email" type="hidden" value="******"/>
                                        </div>
                        <div class="6u 12u(mobilep)">
                        Total price.(In EUR)
                                <input type="text" name="total2" id="total" value=""  readonly/>
                            </div>
                        </div>

                        <div class="row uniform">
                            <div class="12u">
                                <ul class="actions align-center">
                                    <li><input type="submit" name="submit"value="Place Order"/></li>
                                </ul>
                            </div>
                        </div>
                    </form>


<?php 
} 
?> 

                </div>
            </section>


        <!-- Footer -->
            <footer id="footer">

                <ul class="copyright">
                    <li>&copy; *****. All rights reserved.</li>
                </ul>
            </footer>

    </div>

    <!-- Scripts -->
        <script src="siteassets/assets/js/jquery.min.js"></script>
        <script src="siteassets/assets/js/jquery.dropotron.min.js"></script>
        <script src="siteassets/assets/js/jquery.scrollgress.min.js"></script>
        <script src="siteassets/assets/js/skel.min.js"></script>
        <script src="siteassets/assets/js/util.js"></script>
        <!--[if lte IE 8]><script src="siteassets/assets/js/ie/respond.min.js"></script><![endif]-->
        <script src="siteassets/assets/js/main.js"></script>




</body>
</html>

Index page (where they have to login)

<?php
//include config
require_once('includes/config.php');


//process login form if submitted
if(isset($_POST['submit'])){

$username = $_POST['username'];
$password = $_POST['password'];

if($user->login($username,$password)){ 
    $_SESSION['username'] = $username;
    header('Location: home.php');
    exit;

} else {
    $error[] = 'Wrong username or password or your account has not been activated.';
}

}//end if submit


?>

<html>
<head>



    <title>******</title>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1"     />
    <!--[if lte IE 8]><script src="assets/js/iv.js"></script><!    [endif]-->
    <link rel="stylesheet" href="assets/css/main.css" />
    <!--[if lte IE 9]><link rel="stylesheet" href="assets/css/ie9.css"     /><![endif]-->
    <!--[if lte IE 8]><link rel="stylesheet" href="assets/css/ie8.css"     /><![endif]-->
    <noscript><link rel="stylesheet" href="assets/css/noscript.css" />        </noscript>
</head>
<body class="is-loading">

    <!-- Wrapper -->
        <div id="wrapper">

            <!-- Main -->
                <section id="main">
                    <header>

                        <h1>*****</h1>
                        <h1><a style="color:#FFFFFF" href=''>Coming soon.</a></h1>



<div class="container">

<div class="row">

    <div class="col-xs-12 col-sm-8 col-md-6 col-sm-offset-2 col-md-offset-3">
        <form role="form" method="post" action="" autocomplete="off">
            <h2>Please Login</h2>

            <hr>

            <?php
            //check for any errors
            if(isset($error)){
                foreach($error as $error){
                    echo '<p class="bg-danger">'.$error.'</p>';
                }
            }

            if(isset($_GET['action'])){

                //check the action
                switch ($_GET['action']) {
                    case 'active':
                        echo "<h2 class='bg-success'>Your account is now active you may now log in.</h2>";
                        break;
                    case 'reset':
                        echo "<h2 class='bg-success'>Please contact us for a new card.</h2>";
                        break;
                    case 'resetAccount':
                        echo "<h2 class='bg-success'>Password changed, you may now login.</h2>";
                        break;
                }

            }


            ?>

            <div class="form-group">
                <input type="text" name="username" id="username"     class="form-control input-lg" placeholder="Enter your card number" value="    <?php if(isset($error)){ echo $_POST['username']; } ?>" tabindex="1">
            </div>

            <div class="form-group">
                <input type="hidden" name="password" id="password" class="form-control input-lg" value="*****" tabindex="3" >
            </div>

<br>

            <div class="row">
                <div class="col-xs-6 col-md-6"><input type="submit"    name="submit" value="Login" class="btn btn-primary btn-block btn-lg"     tabindex="5"></div>
            </div>
<hr>
                <div class="row">
                <div class="col-xs-9 col-sm-9 col-md-9">
                     <a style="color:#FFFFFF" href='*********'>Lost your card? Contact us.</a>
                </div>
            </div>

        </form>
    </div>
</div>



</div>




                    </header>

                </section>

            <!-- Footer -->
                <footer id="footer">
                    <ul class="copyright">
                        <li>&copy; ******</li>
                    </ul>
                </footer>

        </div>

    <!-- Scripts -->
        <!--[if lte IE 8]><script src="assets/js/respond.min.js"> </script><![endif]-->
        <script>
            if ('addEventListener' in window) {
                window.addEventListener('load', function() {  document.body.className = document.body.className.replace(/\bis-loading\b/,  ''); });
                document.body.className +=  (navigator.userAgent.match(/(MSIE|rv:11\.0)/) ? ' is-ie' : '');
            }
        </script>

</body>
</html>
Improve this question
1
  • use a WHERE clause and SELECT the columns in question in a loop. This being a blind shot at unknown db schema and MySQL API used to connect with. Commented May 28, 2016 at 12:50

2 Answers 2

Reset to default
1

EDITED: Since you're having user class (ex.: $user->is_logged_in()), then in $_POST[] method ignore $_POST['name2'] as it can still be changed through DEV tools and instead change that to $_SESSION['username'] (assuming that's the correct value). This is much more reliable than using HTML field. The PHP part (of query) also differs because you're using PDO, but I can't help with this one because I'm using mysqli_, not PDO (sorry about that), but query itself should be similar.

"SELECT * FROM `table` WHERE `number` = '".$_POST['number']."'"

But don't forget to escape your string, otherwise, your query is vulnerable.

Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

Hey, What info would you like?
You should provide your PHP code that is related to your problem.
OP states: "If I'm looking for (for example) number: 'AB123'" - = $_POST['number'] will fail here, as it needs to be quoted since it's a string. Plus, that also leaves them open to an SQL injection. The question is way too unclear also. You're in for a probable long haul on this one.
@Fred-ii- Right, I missed that. Thanks for noticing it.
Thanks for the edit mate, I'll keep googling till I find it, or till someone knows it for me ;).
|
1

I fixed the problem.

In the user.php file I had everything prepared already, but I just didn't understand why it didn't work.

Turned out to be a simple error XD

<?php
include('password.php');
class User extends Password{

private $_db;
function __construct($db){
    parent::__construct();
    $this->_db = $db;
}
private function get_user_hash($username){
    try {
        $stmt = $this->_db->prepare('SELECT password, username, memberID, realName, email FROM members WHERE username = :username AND active="Yes" ');
        $stmt->execute(array('username' => $username));
        return $stmt->fetch();
    } catch(PDOException $e) {
        echo '<p class="bg-danger">'.$e->getMessage().'</p>';
    }
}
public function login($username,$password){
    $row = $this->get_user_hash($username);
    if($this->password_verify($password,$row['password']) == 1){
        $_SESSION['loggedin'] = true;
        $_SESSION['username'] = $row['username'];
        $_SESSION['memberID'] = $row['memberID'];
        $_SESSION['realName'] = $row['realName']; 
        $_SESSION['email'] = $row['email'];  
        return true;
    }
}

public function logout(){
    session_destroy();
}

public function is_logged_in(){
    if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true)    {
        return true;
    }
}
}
?>

I forgot to add the realName and email to this line: (idiot me :D)

$stmt = $this->_db->prepare('SELECT password, username, memberID, realName, email FROM members WHERE username = :username AND active="Yes" ');
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.