Not pulling data from the database correctly?

Discussion in 'MySQL' started by Matt Ridge, Oct 4, 2011.

  1. #1
    Ok, I have an issue, my login page is not pulling the data from the database it seems.

    The site is here, it is being used as a testbed.

    kaboomlabs.com

    I can register, but it won't allow me to edit data...

    Here is the login script:

    
    <?php
      require_once('connectvars.php');
    
    
      if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
        // The username/password weren't entered so send the authentication headers
        header('HTTP/1.1 401 Unauthorized');
        header('WWW-Authenticate: Basic realm="kaboomlabs"');
        exit('<h3>Mismatch</h3>Sorry, you must enter your username and password to log in and access this page. If you ' .
          'aren\'t a registered member, please <a href="signup.php">sign up</a>.');
      }
    
    
      // Connect to the database
      $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
    
    
      // Grab the user-entered log-in data
      $user_username = mysqli_real_escape_string($dbc, trim($_SERVER['PHP_AUTH_USER']));
      $user_password = mysqli_real_escape_string($dbc, trim($_SERVER['PHP_AUTH_PW']));
    
    
      // Look up the username and password in the database
      $query = "SELECT user_id, username FROM mismatch_user WHERE username = '$user_username' AND password = SHA('$user_password')";
      $data = mysqli_query($dbc, $query);
    
    
      if (mysqli_num_rows($data) == 1) {
        // The log-in is OK so set the user ID and username variables
        $row = mysqli_fetch_array($data);
        $user_id = $row['user_id'];
        $username = $row['username'];
      }
      else {
        // The username/password are incorrect so send the authentication headers
        header('HTTP/1.1 401 Unauthorized');
        header('WWW-Authenticate: Basic realm="kaboomlabs"');
        exit('<h2>Mismatch</h2>Sorry, you must enter a valid username and password to log in and access this page. If you ' .
          'aren\'t a registered member, please <a href="signup.php">sign up</a>.');
      }
    
    
      // Confirm the successful log-in
      echo('<p class="login">You are logged in as ' . $username . '.</p>');
    ?>
    
    
    <!DOCTYPE html 
         PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    
    
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title>Mismatch - Log In</title>
    <link rel="stylesheet" type="text/css" href="style.css" />
    </head>
    <body>
    <h3>Mismatch - Log In</h3>
    </body>
    </html>
    
    Code (markup):
    Here is the edit page code:

    
    <?php
        require_once('appvars.php');
        require_once('connectvars.php');
    
    
    // Connect to the database
        $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
    
    
      if (isset($_POST['submit'])) {
        // Grab the profile data from the POST
        $first_name = mysqli_real_escape_string($dbc, trim($_POST['firstname']));
        $last_name = mysqli_real_escape_string($dbc, trim($_POST['lastname']));
        $gender = mysqli_real_escape_string($dbc, trim($_POST['gender']));
        $birthdate = mysqli_real_escape_string($dbc, trim($_POST['birthdate']));
        $city = mysqli_real_escape_string($dbc, trim($_POST['city']));
        $state = mysqli_real_escape_string($dbc, trim($_POST['state']));
        $old_picture = mysqli_real_escape_string($dbc, trim($_POST['old_picture']));
        $new_picture = mysqli_real_escape_string($dbc, trim($_FILES['new_picture']['name']));
        $new_picture_type = $_FILES['new_picture']['type'];
        $new_picture_size = $_FILES['new_picture']['size']; 
        list($new_picture_width, $new_picture_height) = getimagesize($_FILES['new_picture']['tmp_name']);
        $error = false;
    
    
    // Validate and move the uploaded picture file, if necessary
        if (!empty($new_picture)) {
            if ((($new_picture_type == 'image/gif') || ($new_picture_type == 'image/jpeg') || ($new_picture_type == 'image/pjpeg') ||
            ($new_picture_type == 'image/png')) && ($new_picture_size > 0) && ($new_picture_size <= MM_MAXFILESIZE) &&
            ($new_picture_width <= MM_MAXIMGWIDTH) && ($new_picture_height <= MM_MAXIMGHEIGHT)) {
            if ($_FILES['file']['error'] == 0) {
    // Move the file to the target upload folder
            $target = MM_UPLOADPATH . basename($new_picture);
            if (move_uploaded_file($_FILES['new_picture']['tmp_name'], $target)) {
    // The new picture file move was successful, now make sure any old picture is deleted
            if (!empty($old_picture) && ($old_picture != $new_picture)) {
            @unlink(MM_UPLOADPATH . $old_picture);
            }
        }
        else {
    // The new picture file move failed, so delete the temporary file and set the error flag
        @unlink($_FILES['new_picture']['tmp_name']);
        $error = true;
        echo '<p class="error">Sorry, there was a problem uploading your picture.</p>';
        }
        }
        }
            else {
    // The new picture file is not valid, so delete the temporary file and set the error flag
                @unlink($_FILES['new_picture']['tmp_name']);
                $error = true;
            echo '<p class="error">Your picture must be a GIF, JPEG, or PNG image file no greater than ' . (MM_MAXFILESIZE / 1024) .
            ' KB and ' . MM_MAXIMGWIDTH . 'x' . MM_MAXIMGHEIGHT . ' pixels in size.</p>';
            }
        }
    // Update the profile data in the database
        if (!$error) {
            if (!empty($first_name) && !empty($last_name) && !empty($gender) && !empty($birthdate) && !empty($city) && !empty($state)) {
    // Only set the picture column if there is a new picture
            if (!empty($new_picture)) {
                $query = "UPDATE mismatch_user SET first_name = '$first_name', last_name = '$last_name', gender = '$gender', " .
                " birthdate = '$birthdate', city = '$city', state = '$state', picture = '$new_picture' WHERE user_id = '$user_id'";
            }
            else {
                $query = "UPDATE mismatch_user SET first_name = '$first_name', last_name = '$last_name', gender = '$gender', " .
                " birthdate = '$birthdate', city = '$city', state = '$state' WHERE user_id = '$user_id'";
            }
                mysqli_query($dbc, $query);
    
    
    // Confirm success with the user
            echo '<p>Your profile has been successfully updated. Would you like to <a href="viewprofile.php">view your profile</a>?</p>';
    
    
            mysqli_close($dbc);
            exit();
            }
            else {
                echo '<p class="error">You must enter all of the profile data (the picture is optional).</p>';
            }
        }
        }
        // End of check for form submission
        else {
    // Grab the profile data from the database
        $query = "SELECT first_name, last_name, gender, birthdate, city, state, picture FROM mismatch_user WHERE user_id = '$user_id'";
        $data = mysqli_query($dbc, $query);
        $row = mysqli_fetch_array($data);
    
    
        if ($row != NULL) {
            $first_name = $row['first_name'];
            $last_name = $row['last_name'];
            $gender = $row['gender'];
            $birthdate = $row['birthdate'];
            $city = $row['city'];
            $state = $row['state'];
            $old_picture = $row['picture'];
        }
        else {
            echo '<p class="error">There was a problem accessing your profile.</p>';
        }
        }
    
    
    mysqli_close($dbc);
     if (!empty($old_picture)) {
            echo '<img class="profile" src="' . MM_UPLOADPATH . $old_picture . '" alt="Profile Picture" />';
            }
    
    
    ?>
    
    
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Mismatch - Edit Profile</title>
        <link rel="stylesheet" type="text/css" href="style.css" />
    </head>
    <body>
    <h3>Mismatch - Edit Profile</h3>
        <form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
            <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MM_MAXFILESIZE; ?>" />
            <fieldset>
            <legend>Personal Information</legend>
            <label for="firstname">First name:</label>
            <input type="text" id="firstname" name="firstname" value="<?php if (!empty($first_name)) echo $first_name; ?>" /><br />
            <label for="lastname">Last name:</label>
            <input type="text" id="lastname" name="lastname" value="<?php if (!empty($last_name)) echo $last_name; ?>" /><br />
            <label for="gender">Gender:</label>
            <select id="gender" name="gender">
                <option value="M" <?php if (!empty($gender) && $gender == 'M') echo 'selected = "selected"'; ?>>Male</option>
                <option value="F" <?php if (!empty($gender) && $gender == 'F') echo 'selected = "selected"'; ?>>Female</option>
            </select><br />
            <label for="birthdate">Birthdate:</label>
            <input type="text" id="birthdate" name="birthdate" value="<?php if (!empty($birthdate)) echo $birthdate; else echo 'YYYY-MM-DD'; ?>" /><br />
            <label for="city">City:</label>
            <input type="text" id="city" name="city" value="<?php if (!empty($city)) echo $city; ?>" /><br />
            <label for="state">State:</label>
            <input type="text" id="state" name="state" value="<?php if (!empty($state)) echo $state; ?>" /><br />
            <input type="hidden" name="old_picture" value="<?php if (!empty($old_picture)) echo $old_picture; ?>" />
            <label for="new_picture">Picture:</label>
            <input type="file" id="new_picture" name="new_picture" />
    </fieldset>
        <input type="submit" value="Save Profile" name="submit" />
        </form>
    </body> 
    </html>
    
    Code (markup):
    I can't figure out what is going on, for all intended purposes I have everything set up correctly... the only thing I can think of is the connection to the database.

    The connectvars.php file is correct, so that is not the issue.

    
    <?php
      // Define database connection constants
      define('DB_HOST', 'localhost');
      define('DB_USER', 'pawz_PDI');
      define('DB_PASSWORD', 'xxxxxxx');
      define('DB_NAME', 'pawz_headfirst');
    ?>
    
    Code (markup):
    Can someone help me and tell me what I am missing? I think it is the database connection, but I am not sure any more.
     
    Matt Ridge, Oct 4, 2011 IP