#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2014
    Posts
    4
    Rep Power
    0

    Need help to add stuff to the edit_account.php


    Hello
    I am new here and i am using this secure login script, all function perfect.
    But in my data base i have more item that the user can edit by them self but i cant get them all in the edit_account.php page...
    Do we have a manual how to add more item from data base to the user logged in?

    Anyway, this is a nice script and really want to keep it.


    Here is the edit_account.php

    PHP Code:

    <!doctype html>
    <html>
    <head>
    <meta charset="utf-8">
    <title>Untitled Document</title>
    </head>

    <body>



    <?php

        
    // First we execute our common code to connection to the database and start the session
        
    require("common.php");
        
        
    // At the top of the page we check to see whether the user is logged in or not
        
    if(empty($_SESSION['user']))
        {
            
    // If they are not, we redirect them to the login page.
            
    header("Location: login.php");
            
            
    // Remember that this die statement is absolutely critical.  Without it,
            // people can view your members-only content without logging in.
            
    die("Redirecting to login.php");
        }
        
        
    // This if statement checks to determine whether the edit form has been submitted
        // If it has, then the account updating code is run, otherwise the form is displayed
        
    if(!empty($_POST))
        {
            
    // Make sure the user entered a valid E-Mail address
            
    if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
            {
                die(
    "Invalid E-Mail Address");
            }
            
            
    // If the user is changing their E-Mail address, we need to make sure that
            // the new value does not conflict with a value that is already in the system.
            // If the user is not changing their E-Mail address this check is not needed.
            
    if($_POST['email'] != $_SESSION['user']['email'])
            {
                
    // Define our SQL query
                
    $query "
                    SELECT
                        1
                    FROM profile
                    WHERE
                        email = :email
                "
    ;
                
                
    // Define our query parameter values
                
    $query_params = array(
                    
    ':email' => $_POST['email']
                );
                
                try
                {
                    
    // Execute the query
                    
    $stmt $db->prepare($query);
                    
    $result $stmt->execute($query_params);
                }
                catch(
    PDOException $ex)
                {
                    
    // Note: On a production website, you should not output $ex->getMessage().
                    // It may provide an attacker with helpful information about your code. 
                    
    die("Failed to run query: " $ex->getMessage());
                }
                
                
    // Retrieve results (if any)
                
    $row $stmt->fetch();
                if(
    $row)
                {
                    die(
    "This E-Mail address is already in use");
                }
            }
            
            
    // If the user entered a new password, we need to hash it and generate a fresh salt
            // for good measure.
            
    if(!empty($_POST['password']))
            {
                
    $salt dechex(mt_rand(02147483647)) . dechex(mt_rand(02147483647));
                
    $password hash('sha256'$_POST['password'] . $salt);
                for(
    $round 0$round 65536$round++)
                {
                    
    $password hash('sha256'$password $salt);
                }
            }
            else
            {
                
    // If the user did not enter a new password we will not update their old one.
                
    $password null;
                
    $salt null;
            }
            
            
    // Initial query parameter values
            
    $query_params = array(
                
    ':email' => $_POST['email'],
                
    ':user_id' => $_SESSION['user']['id'],
            );
            
            
    // If the user is changing their password, then we need parameter values
            // for the new password hash and salt too.
            
    if($password !== null)
            {
                
    $query_params[':password'] = $password;
                
    $query_params[':salt'] = $salt;
            }
            
            
    // Note how this is only first half of the necessary update query.  We will dynamically
            // construct the rest of it depending on whether or not the user is changing
            // their password.
            
    $query "
                UPDATE profile
                SET
                    email = :email
            "
    ;
            
            
    // If the user is changing their password, then we extend the SQL query
            // to include the password and salt columns and parameter tokens too.
            
    if($password !== null)
            {
                
    $query .= "
                    , password = :password
                    , salt = :salt
                "
    ;
            }
            
            
    // Finally we finish the update query by specifying that we only wish
            // to update the one record with for the current user.
            
    $query .= "
                WHERE
                    id = :user_id
            "
    ;
            
            try
            {
                
    // Execute the query
                
    $stmt $db->prepare($query);
                
    $result $stmt->execute($query_params);
            }
            catch(
    PDOException $ex)
            {
                
    // Note: On a production website, you should not output $ex->getMessage().
                // It may provide an attacker with helpful information about your code. 
                
    die("Failed to run query: " $ex->getMessage());
            }
            
            
    // Now that the user's E-Mail address has changed, the data stored in the $_SESSION
            // array is stale; we need to update it so that it is accurate.
            
    $_SESSION['user']['email'] = $_POST['email'];
            
            
    // This redirects the user back to the members-only page after they register
            
    header("Location: private.php");
            
            
    // Calling die or exit after performing a redirect using the header function
            // is critical.  The rest of your PHP script will continue to execute and
            // will be sent to the user if you do not die or exit.
            
    die("Redirecting to private.php");
        }
        
    ?>
    <h1>Edit Account</h1>
    <form action="edit_account.php" method="post">
        Username:<br />
        <b><?php echo htmlentities($_SESSION['user']['username'], ENT_QUOTES'UTF-8'); ?></b>
        <br /><br />
        E-Mail Address:<br />
        <input type="text" name="email" value="<?php echo htmlentities($_SESSION['user']['email'], ENT_QUOTES'UTF-8'); ?>" />
        <br /><br />
        Password:<br />
        <input type="password" name="password" value="" /><br />
        <i>(leave blank if you do not want to change your password)</i>
        <br /><br />
        
        Profile Name:<br />
        <input type="text" name="profile_name" value="<?php echo htmlentities($_SESSION['user']['profile_name'], ENT_QUOTES'UTF-8'); ?>" />
        <br /><br />
        
        <input type="submit" value="Update Account" />
    </form>



    </body>
    </html>


    Here is the sql


    DROP TABLE IF EXISTS `profile`;
    CREATE TABLE IF NOT EXISTS `profile` (
    `id` int(11) NOT NULL auto_increment,
    `profile_image` varbinary(200) NOT NULL DEFAULT '',
    `profile_name` varchar(100) NOT NULL default '',
    `profile_intro` text NOT NULL default '',
    `profile_lvl` varchar(4) NOT NULL default '',
    `real_name` varchar(100) NOT NULL default '',
    `day` varchar(2) NOT NULL default '',
    `month` varchar(3) NOT NULL default '',
    `year` varchar(2) NOT NULL default '',
    `facebook_id` varchar(100) NOT NULL default '',
    `user_email` varchar(150) NOT NULL default '',
    `country` enum('UNKNOWN','Afghanistan','Aland','Albania','Algeria','American Samoa','Andorra','Angola','Anguilla','Antarctica','Antigua and Barbuda','Argentina','Armenia','Aruba','Australia','Austria','Azerbaijan','Bahamas','Bahrain','Bangl adesh','Barbados','Belarus','Belgium','Belize','Benin','Bermuda','Bhutan','Bolivia','Bosnia and Herzegovina','Botswana','Bouvet Island','Brazil','British Virgin Islands','British Indian Ocean Territory','Brunei Darussalam','Bulgaria','Burkina Faso','Burundi','Cambodia','Cameroon','Canada','Cape Verde','Cayman Islands','Central African Republic','Chad','Chile','China','Hong Kong','Macao','Christmas Island','Cocos Keeling Island','Colombia','Comoros','Congo Brazzaville','Congo','Cook Islands','Costa Rica','Cote dIvoire','Croatia','Cuba','Cyprus','Czech Republic','Denmark','Djibouti','Dominica','Dominican Republic','Ecuador','Egypt','El Salvador','Equatorial Guinea','Eritrea','Estonia','Ethiopia','Falkland Islands','Faroe Islands','Fiji','Finland','France','French Guiana','French Polynesia','French Southern Territories','Gabon','Gambia','Georgia','Germany','Ghana','Gibraltar','Greece','Greenland','Grenada' ,'Guadeloupe','Guam','Guatemala','Guernsey','Guinea','Guinea Bissau','Guyana','Haiti','Heard Island and Mcdonald Islands','Holy See Vatican City State','Honduras','Hungary','Iceland','India','Indonesia','Iran','Iraq','Ireland','Isle of Man','Israel','Italy','Jamaica','Japan','Jersey','Jordan','Kazakhstan','Kenya','Kiribati','Korea North','Korea South','Kuwait','Kyrgyzstan','Lao','Latvia','Lebanon','Lesotho','Liberia','Libya','Liechtenstein','L ithuania','Luxembourg','Macedonia','Madagascar','Malawi','Malaysia','Maldives','Mali','Malta','Marsh all Islands','Martinique','Mauritania','Mauritius','Mayotte','Mexico','Micronesia','Moldova','Monaco','M ongolia','Montenegro','Montserrat','Morocco','Mozambique','Myanmar','Namibia','Nauru','Nepal','Nethe rlands','Netherlands Antilles','New Caledonia','New Zealand','Nicaragua','Niger','Nigeria','Niue','Norfolk Island','Northern Mariana Islands','Norway','Oman','Pakistan','Palau','Palestinian','Panama','Papua','Paraguay','Peru','Philip pines','Pitcairn','Poland','Portugal','Puerto Rico','Qatar','Reunion','Romania','Russia','Rwanda','Saint Barthelemy','Saint Helena','Saint Kitts and Nevis','Saint Lucia','Saint Martin','Saint Pierre and Miquelon','Saint Vincent and Grenadines','Samoa','San Marino','Sao Tome and Principe','Saudi Arabia','Senegal','Serbia','Seychelles','Sierra Leone','Singapore','Slovakia','Slovenia','Solomon Islands','Somalia','South Africa','South Georgia and the South Sandwich Islands','South Sudan','Spain','Sri Lanka','Sudan','Suriname','Svalbard and Jan Mayen Islands','Swaziland','Sweden','Switzerland','Syria','Taiwan','Tajikistan','Tanzania','Thailand','Tim or Leste','Togo','Tokelau','Tonga','Trinidad and Tobago','Tunisia','Turkey','Turkmenistan','Turks and Caicos Islands','Tuvalu','Uganda','Ukraine','United Arab Emirates','United Kingdom','United States of America','United States Minor Outlying Islands','Uruguay','Uzbekistan','Vanuatu','Venezuela','Viet Nam','Virgin Islands','Wallis and Futuna Islands','Western Sahara','Yemen','Zambia','Zimbabwe') COLLATE utf8_unicode_ci NOT NULL DEFAULT 'UNKNOWN',
    `flag` enum('UNKNOWN.png','AF.png','AX.png','AL.png','DZ.png','AS.png','AD.png','AO.png','AI.png','AQ.png', 'AG.png','AR.png','AM.png','AW.png','AU.png','AT.png','AZ.png','BS.png','BH.png','BD.png','BB.png',' BY.png','BE.png','BZ.png','BJ.png','BM.png','BT.png','BO.png','BA.png','BW.png','BV.png','BR.png','V G.png','IO.png','BN.png','BG.png','BF.png','BI.png','KH.png','CM.png','CA.png','CV.png','KY.png','CF .png','TD.png','CL.png','CN.png','HK.png','MO.png','CX.png','CC.png','CO.png','KM.png','CG.png','CD. png','CK.png','CR.png','CI.png','HR.png','CU.png','CY.png','CZ.png','DK.png','DJ.png','DM.png','DO.p ng','EC.png','EG.png','SV.png','GQ.png','ER.png','EE.png','ET.png','FK.png','FO.png','FJ.png','FI.pn g','FR.png','GF.png','PF.png','TF.png','GA.png','GM.png','GE.png','DE.png','GH.png','GI.png','GR.png ','GL.png','GD.png','GP.png','GU.png','GT.png','GG.png','GN.png','GW.png','GY.png','HT.png','HM.png' ,'VA.png','HN.png','HU.png','IS.png','IN.png','ID.png','IR.png','IQ.png','IE.png','IM.png','IL.png', 'IT.png','JM.png','JP.png','JE.png','JO.png','KZ.png','KE.png','KI.png','KP.png','KR.png','KW.png',' KG.png','LA.png','LV.png','LB.png','LS.png','LR.png','LY.png','LI.png','LT.png','LU.png','MK.png','M G.png','MW.png','MY.png','MV.png','ML.png','MT.png','MH.png','MQ.png','MR.png','MU.png','YT.png','MX .png','FM.png','MD.png','MC.png','MN.png','ME.png','MS.png','MA.png','MZ.png','MM.png','NA.png','NR. png','NP.png','NL.png','AN.png','NC.png','NZ.png','NI.png','NE.png','NG.png','NU.png','NF.png','MP.p ng','NO.png','OM.png','PK.png','PW.png','PS.png','PA.png','PG.png','PY.png','PE.png','PH.png','PN.pn g','PL.png','PT.png','PR.png','QA.png','RE.png','RO.png','RU.png','RW.png','BL.png','SH.png','KN.png ','LC.png','MF.png','PM.png','VC.png','WS.png','SM.png','ST.png','SA.png','SN.png','RS.png','SC.png' ,'SL.png','SG.png','SK.png','SI.png','SB.png','SO.png','ZA.png','GS.png','SS.png','ES.png','LK.png', 'SD.png','SR.png','SJ.png','SZ.png','SE.png','CH.png','SY.png','TW.png','TJ.png','TZ.png','TH.png',' TL.png','TG.png','TK.png','TO.png','TT.png','TN.png','TR.png','TM.png','TC.png','TV.png','UG.png','U A.png','AE.png','GB.png','US.png','UM.png','UY.png','UZ.png','VU.png','VE.png','VN.png','VI.png','WF .png','EH.png','YE.png','ZM.png','ZW.png') COLLATE utf8_unicode_ci NOT NULL DEFAULT 'UNKNOWN.png',
    `flag_iso2` enum('--','AF','AX','AL','DZ','AS','AD','AO','AI','AQ','AG','AR','AM','AW','AU','AT','AZ','BS','BH','BD','BB ','BY','BE','BZ','BJ','BM','BT','BO','BA','BW','BV','BR','VG','IO','BN','BG','BF','BI','KH','CM','CA ','CV','KY','CF','TD','CL','CN','HK','MO','CX','CC','CO','KM','CG','CD','CK','CR','CI','HR','CU','CY ','CZ','DK','DJ','DM','DO','EC','EG','SV','GQ','ER','EE','ET','FK','FO','FJ','FI','FR','GF','PF','TF ','GA','GM','GE','DE','GH','GI','GR','GL','GD','GP','GU','GT','GG','GN','GW','GY','HT','HM','VA','HN ','HU','IS','IN','ID','IR','IQ','IE','IM','IL','IT','JM','JP','JE','JO','KZ','KE','KI','KP','KR','KW ','KG','LA','LV','LB','LS','LR','LY','LI','LT','LU','MK','MG','MW','MY','MV','ML','MT','MH','MQ','MR ','MU','YT','MX','FM','MD','MC','MN','ME','MS','MA','MZ','MM','NA','NR','NP','NL','AN','NC','NZ','NI ','NE','NG','NU','NF','MP','NO','OM','PK','PW','PS','PA','PG','PY','PE','PH','PN','PL','PT','PR','QA ','RE','RO','RU','RW','BL','SH','KN','LC','MF','PM','VC','WS','SM','ST','SA','SN','RS','SC','SL','SG ','SK','SI','SB','SO','ZA','GS','SS','ES','LK','SD','SR','SJ','SZ','SE','CH','SY','TW','TJ','TZ','TH ','TL','TG','TK','TO','TT','TN','TR','TM','TC','TV','UG','UA','AE','GB','US','UM','UY','UZ','VU','VE ','VN','VI','WF','EH','YE','ZM','ZW') COLLATE utf8_unicode_ci NOT NULL DEFAULT '--',
    `flag_iso3` enum('---','AFG','ALA','ALB','DZA','ASM','AND','AGO','AIA','ATA','ATG','ARG','ARM','ABW','AUS','AUT','AZE','B HS','BHR','BGD','BRB','BLR','BEL','BLZ','BEN','BMU','BTN','BOL','BIH','BWA','BVT','BRA','VGB','IOT', 'BRN','BGR','BFA','BDI','KHM','CMR','CAN','CPV','CYM','CAF','TCD','CHL','CHN','HKG','MAC','CXR','CCK ','COL','COM','COG','COD','COK','CRI','CIV','HRV','CUB','CYP','CZE','DNK','DJI','DMA','DOM','ECU','E GY','SLV','GNQ','ERI','EST','ETH','FLK','FRO','FJI','FIN','FRA','GUF','PYF','ATF','GAB','GMB','GEO', 'DEU','GHA','GIB','GRC','GRL','GRD','GLP','GUM','GTM','GGY','GIN','GNB','GUY','HTI','HMD','VAT','HND ','HUN','ISL','IND','IDN','IRN','IRQ','IRL','IMN','ISR','ITA','JAM','JPN','JEY','JOR','KAZ','KEN','K IR','PRK','KOR','KWT','KGZ','LAO','LVA','LBN','LSO','LBR','LBY','LIE','LTU','LUX','MKD','MDG','MWI', 'MYS','MDV','MLI','MLT','MHL','MTQ','MRT','MUS','MYT','MEX','FSM','MDA','MCO','MNG','MNE','MSR','MAR ','MOZ','MMR','NAM','NRU','NPL','NLD','ANT','NCL','NZL','NIC','NER','NGA','NIU','NFK','MNP','NOR','O MN','PAK','PLW','PSE','PAN','PNG','PRY','PER','PHL','PCN','POL','PRT','PRI','QAT','REU','ROU','RUS', 'RWA','BLM','SHN','KNA','LCA','MAF','SPM','VCT','WSM','SMR','STP','SAU','SEN','SRB','SYC','SLE','SGP ','SVK','SVN','SLB','SOM','ZAF','SGS','SSD','ESP','LKA','SDN','SUR','SJM','SWZ','SWE','CHE','SYR','T WN','TJK','TZA','THA','TLS','TGO','TKL','TON','TTO','TUN','TUR','TKM','TCA','TUV','UGA','UKR','ARE', 'GBR','USA','UMI','URY','UZB','VUT','VEN','VNM','VIR','WLF','ESH','YEM','ZMB','ZWE') COLLATE utf8_unicode_ci NOT NULL DEFAULT '---',
    `rank_number` enum('1','2','3','4','5','6','7','8','9','10','11','12') COLLATE utf8_unicode_ci NOT NULL DEFAULT '1',
    `rank_name` enum('Admiral','Vice Admiral','Fleet Captain','Base Captain','Commander','Administrator','Webmaster','Lt Commander','Lieutenant','Master Chief','Petty Officer','Seaman') COLLATE utf8_unicode_ci NOT NULL DEFAULT 'Admiral',
    `rank_image` enum('admiral.png','vice-admiral.png','fleet-captain.png','base-captain.png','commander.png','administrator.png','webmaster.png','lt-commander.png','lieutenant.png','master-chief.png','petty-officer.png','seaman.png') COLLATE utf8_unicode_ci NOT NULL DEFAULT 'admiral.png',
    `medal` varchar(4) NOT NULL default '',
    `username` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
    `password` char(64) COLLATE utf8_unicode_ci NOT NULL,
    `salt` char(16) COLLATE utf8_unicode_ci NOT NULL,
    `email` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
    PRIMARY KEY (`id`),
    UNIQUE KEY `username` (`username`),
    UNIQUE KEY `email` (`email`)
    )
    ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=0 ;



    Thanks in advance for your help

    Best Regards
    Chile Caliente
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2014
    Posts
    4
    Rep Power
    0
    Someone please help me with this...

    Thanks

IMN logo majestic logo threadwatch logo seochat tools logo