need enhancement

[riefkhy]

hi, thanks for the very beautiful works u have done and shared.
but i am stuck at some parts, bcoz i am also new at this languange, i could learn from your abt mysql and php connection but, can you make a page or giving and example for updating user information and delete user? thanks you

[ghost]

this script does not handle it. however, you can edit the database. personaly i use phpmyadmin for this. its simple and there a lot of info in the internet about it.

[riefkhy]

thanks for the reply, but do you think can we give authorise for user to edit their own account?

[ghost]

Phpmyadmin in a database administrator tool. You don't want your users in! And PHP-Login can't do it. So, unless someone commit a peice of code that do it, it's a sad no.

[mihas7f]

Hi
Paste code below in to your logged_in.php page and now we just need to find out hout to EDIT data we just GET from mysql

<!--//////////////////////// START User Profile Page //////////////////////////////////////-->
<div style="position:absolute; top:25%; left:25%;padding:10px; background-color:#fff; box-shadow: 0 1px 5px rgba(0, 0, 0, 0.25); width:600px; height:305px">
<div style="position:absolute;left: 10px; padding: 5px; width: 95%;magrin-left: 50px; background:#c9c9c9;">

<form method="post" action="index.php?register" name="registerform" id="registerform" style="padding-left:30px;">
<div class="login" style="height:250px;">
<div id="login_avatar_wrapper" style="width: 125px; height: 250px; float:left; margin:0;">
<div id="login_avatar" class="standard_avatar" style="width: 125px; height: 125px; float:left; margin:0;">

<!--<img id="login_avatar" src="views/img/ani_avatar_static_01.png" style="width:125px; height:125px;" />-->
</div>
<div style="width: 124px; height: 125px; float:right; margin:0; border-right: 1px solid #e6e6e6;">

</div>
</div>
<div style="width: 250px; height: 125px; float:left; margin:0;">
<div style="width: 250px; height: 62px; float:left; margin:0; border-bottom: 1px solid #e6e6e6;">
<input id="login_input_username" class="login_input" type="text" name="user_name" value="<?php echo $_SESSION['user_name']; ?>" />
</div>
<div style="width: 250px; height: 61px; float:left; margin:0; border-bottom: 1px solid #e6e6e6;">
<input id="login_input_email" class="login_input" type="text" name="user_email" value="<?php echo $_SESSION['user_email']; ?>" />
</div>

</div>
<div style="width: 124px; height: 250px; float:left; margin:0; border-left: 1px solid #e6e6e6;">
<div class="login_submit_register">
<input type="submit"  name="register" style="width:124px; height:250px; padding-top: 60px;  text-align: center; font-size:11px; font-family: 'Droid Sans', sans-serif; color:#666666; border:0; background: transparent; cursor: pointer;" value="Register" />            
</div>        
</div>
</div>    
<div style="width:500px; height: 40px; line-height: 40px; text-align: right; color:#ccc; font-size:11px; font-family: 'Droid Sans', sans-serif; ">
<a class="login_link" href="index.php">Back to Login Page</a>
</div>
</form>                     
</div>

[riefkhy]

ok i customized the page already :)
thanks for the help. hmmm what should I do to make user able to edit their data
thank you v much

[ghost]

it shoud create a new file and include it on request like index.php?edit_user
For the backend, Its more complex. but you can hack and reproduce/adapt what have already been made on the register process. But be shure to NOT allow unloged user to edit stuff! and user edit other user stuff.

Im waiting to see my pull request accepted or denided after, i will work on that and nonce. (Poking Panique :P)

[riefkhy]

so i have to add some script to login_class.php and make new php file named user_edit or kinda. or just put it on logged_in.php since logged_in.php only accessable by logged in user?

[riefkhy]

i just need php mysql query for update data.. anyone? thanks,,

[panique]

@riefkhy can you rewrite that sentence, i dont know what you mean

[riefkhy]

@panique I wrote so many comments, can you clarify which sentence in which comment?
anyway, I would like to add a page for logged in user to edit their information e.g password, email.

I also added some fields e.g firstname,lastname,phone.

Now, I am stuck at user edit page, where if I hit edit information button, nothing happened.

Here is the function of edit data I tried : (I put this in Login.class.php)

private function editUserData() {

    if (($_POST['edit_user_password_new'] == $_POST['edit_user_password_repeat']) && ($_SESSION['user_email'] != $_POST['edit_user_email'])) {

            // escapin' this
            $this->edit_user_name            = $this->connection->real_escape_string($_POST['edit_user_name']);
            $this->edit_user_password        = $this->connection->real_escape_string($_POST['edit_user_password_new']);
            $this->edit_user_password_repeat = $this->connection->real_escape_string($_POST['edit_user_password_repeat']);
            $this->edit_user_email           = $this->connection->real_escape_string($_POST['edit_user_email']);
            $this->edit_countryArea          = $this->connection->real_escape_string($_POST['edit_countryArea']);
            $this->edit_phone                = $this->connection->real_escape_string($_POST['edit_phone']);
            $this->edit_first_name           = $this->connection->real_escape_string($_POST['edit_first_name']);
            $this->edit_last_name            = $this->connection->real_escape_string($_POST['edit_last_name']);
            $this->edit_month                = $_POST['edit_month'];
            $this->edit_day                  = $_POST['edit_day'];
            $this->edit_year                 = $_POST['edit_year'];
            $edit_date                       = date("Y-m-d", mktime(0,0,0,$this->month, $this->day,  $this->year));
            $this->edit_gender               = $this->connection->real_escape_string($_POST['edit_gender']);
            $this->edit_country              = $this->connection->real_escape_string($_POST['edit_country']);
            $edit_phonenumber                = $_POST['edit_countryArea'] . $_POST['edit_phone'];

            // cut data down to max 64 chars to prevent database flooding
            $this->edit_user_name            = substr($this->user_name, 0, 64);
            $this->edit_user_password        = substr($this->user_password, 0, 64);
            $this->edit_user_password_repeat = substr($this->user_password_repeat, 0, 64);
            $this->edit_user_email           = substr($this->user_email, 0, 64);
            $this->edit_phone                = substr($this->phone, 0, 15);
            $this->edit_first_name           = substr($this->first_name, 0, 15);
            $this->edit_last_name            = substr($this->last_name, 0, 15);


            // generate random string "salt", a string to "encrypt" the password hash
            // this is a basic salt, you might replace this with a more advanced function
            // @see https://en.wikipedia.org/wiki/Salt_(cryptography)

            function get_salt($length) {

                $options = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
                $salt = '';

                for ($i = 0; $i <= $length; $i ++) {
                    $options = str_shuffle ( $options );
                    $salt .= $options [rand ( 0, 63 )];
                }
                return $salt;
            }

            ////////////////////////////////////////////////////////////////////////////////////////////////////////////////

            $max_salt = CRYPT_SALT_LENGTH;

            //blowfish hashing with a salt as follows: "$2a$", a two digit cost parameter, "$", and 22 base 64
            //here you can define the hashing algorithm.
            //@see: php.net/manual/en/function.crypt.php
            $hashing_algorithm = '$2a$10$';

            //get the longest salt, could set to 22 crypt ignores extra data
            $salt = get_salt ( $max_salt );

            //append salt2 data to the password, and crypt using salt, results in a 60 char output
            $this->user_password_hash = crypt ( $this->edit_user_password, $hashing_algorithm . $salt );               

            $query_check_user_name = $this->connection->query("SELECT * FROM users WHERE user_name = '".$this->edit_user_name."'");

            if($query_check_user_name->num_rows == 1) {

                $query_edit_user = $this->connection->query("UPDATE users SET first_name, last_name, user_name, user_email, user_password_hash, phone, birthday, gender, country = '".$this->edit_user_name."', '".$this->edit_user_password_hash."', '".$this->edit_user_email."', '".$edit_phonenumber."', '".$this->edit_first_name."', '".$this->edit_last_name."', '".$edit_date."', '".$this->edit_gender."', '".$this->edit_country."' WHERE user_name = '".$this->user_name."';");

            } else {

                $this->errors[] = "Fatal Error";

                if ($query_edit_user) {

                    $this->messages[] = "Your account was successfully edited.<br/>Please <a href='index.php' class='green_link'>click here to go back to Main Menu</a>.";
                    $this->registration_successful = true;

                } else {

                    $this->errors[] = "Sorry, your registration failed. Please go back and try again.";

                }
            }
    }
}

[riefkhy]

sorry for the messed up comment I just made, I dont know how to make it neater.
(Fixed it) thanks you:)

[panique]

@riefkhy Sorry, i meant the last one. Cannot figure out what you want to say...

[riefkhy]

@panique answered though, I meant this part

$query_edit_user = $this->connection->query("UPDATE users SET first_name, last_name, user_name, user_email, user_password_hash, phone, birthday, gender, country = '".$this->edit_user_name."', '".$this->edit_user_password_hash."', '".$this->edit_user_email."', '".$edit_phonenumber."', '".$this->edit_first_name."', '".$this->edit_last_name."', '".$edit_date."', '".$this->edit_gender."', '".$this->edit_country."' WHERE user_name = '".$this->user_name."';");

is it correct?

[sjaaklauwers]

@riefkhy Why do you want to add user data management functionality into login functionality? Makes no sense to me at all. Better to seperate the two and NOT to add it into the class login. Giving the (registered) user the ability to change his/her username, password, etc. has nothing to do with giving the (registered) user the ability to login.

Same holds for the registering part of this script. An improvement would be to seperate the registering part from the class login and move it to some other class like class user.

One should keep in mind the difference between login functionality and (user) data management. The first is about permissions regarding (parts of) an application, the second is about data management (create, read, update, delete) regardingone or more data collections.

[panique]

Coming up in the 2-advanced version of the script.