7 Replies - 22584 Views - Last Post: 17 July 2008 - 11:18 AM Rate Topic: -----

#1 cbgfilms   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 22
  • Joined: 14-July 08

Allow users to edit their information

Post icon  Posted 15 July 2008 - 02:48 PM

Hii.

I'm looking for some sort of tutorial that will instruct me on how to do the following, for example this is what the users of my website would beable to do:

1. They Login, using the login system I've already created.
2. They click the edit my account button.
3. There are fields on the page with their password, email, username, profile etc.
4. They can add bits in, and change their details.
5. They click submit, the information is updated on the database.

Please note I already have a database that I'll be storing the users.

If anyone could point me in the right direction that would be great! :^: :D

Is This A Good Question/Topic? 0
  • +

Replies To: Allow users to edit their information

#2 Dancia   User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 60
  • Joined: 15-June 08

Re: Allow users to edit their information

Posted 15 July 2008 - 04:19 PM

5. They click submit, the information is <b>updated</b> on the database.

If you using mysql its easy. You already sayd that you need to UPDATE.
If you are familiar with mysql read: http://www.w3schools...ysql_update.asp
else for beginning:
http://www.w3schools...mysql_intro.asp
Was This Post Helpful? 1

#3 akozlik   User is offline

  • D.I.C Addict
  • member icon

Reputation: 92
  • View blog
  • Posts: 798
  • Joined: 25-February 08

Re: Allow users to edit their information

Posted 15 July 2008 - 04:38 PM

View Postcbgfilms, on 15 Jul, 2008 - 05:48 PM, said:

Hii.

I'm looking for some sort of tutorial that will instruct me on how to do the following, for example this is what the users of my website would beable to do:

1. They Login, using the login system I've already created.
2. They click the edit my account button.
3. There are fields on the page with their password, email, username, profile etc.
4. They can add bits in, and change their details.
5. They click submit, the information is updated on the database.

Please note I already have a database that I'll be storing the users.

If anyone could point me in the right direction that would be great! :^: :D


We have a policy on the board that asks that you give us source code you've written so we could help you from there. Nobody will write the code for you, and as an act of good faith we ask that you post where you're at. How do you think you would solve the problem? We can help you from there.

I will say that what you want to do is use a series of select statements to pull the details out of the database and display them to the user. You will then use INSERT or UPDATE statements to insert new data into the database, or update existing data.

That should get you started in researching what you need to do.
Was This Post Helpful? 0
  • +
  • -

#4 cbgfilms   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 22
  • Joined: 14-July 08

Re: Allow users to edit their information

Posted 15 July 2008 - 11:31 PM

View PostDancia, on 15 Jul, 2008 - 04:19 PM, said:

5. They click submit, the information is <b>updated</b> on the database.

If you using mysql its easy. You already sayd that you need to UPDATE.
If you are familiar with mysql read: http://www.w3schools...ysql_update.asp
else for beginning:
http://www.w3schools...mysql_intro.asp

Hii Dancia, this looks pretty good, but say someone was logged in how could I make their unique data be edited, instead of having a billion edit pages for eah users. Is there a way that it'll detect the session and edit that information.
Hope you understand what I mean, thanks :)

<b>EDIT:</b> Would this be it? http://www.w3schools...ysql_insert.asp

This post has been edited by cbgfilms: 15 July 2008 - 11:40 PM

Was This Post Helpful? 0
  • +
  • -

#5 Dancia   User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 60
  • Joined: 15-June 08

Re: Allow users to edit their information

Posted 16 July 2008 - 09:29 AM

Erm Once your member is registered you must somehow remember users data. Instead of using a file (because really hards to handle) you can use mySQL.

For example person A is registered with password B. You can INSERT him to database. But wait, where? So you need a table in your mysql database.

You can create something like: members and create some fields.

member_name, member_password. Ok you can store your details into it.
Ok now we table with users data.
Now we want to make user profile. We can easily add more field to member.
For more advanced system we would need to put something unique so we can get data which belongs to person A from other tables. For this we create one more field (it will be PRIMARY (important one)) which would have unique ID. It's easy because mysql has auto_increment option so that field will increment automaticaly. Then person A is registered he will get id 1. Another person 2 and etc.
(i forgot to mention that that field can be called id_member)
So we now got.
id_member, member_name, member_password..........
1, A, B

How to detect if the right one is logged in?
So then member fills his name and password, you would need to check if there's ANY members which have that name and password. If you find someone then data is correct and you can use his name and add it to session. ($_SESSION) So now he's registered and you have a member.

I will share my php script with you.
function login2() {
	$username = $_POST['username'];
	$password = $_POST['password'];

	if($username == mysql_real_escape_string($username)) {
		$password = sha1(md5(sha1($username.$password.'5KSK5RIWXJT3OVFN14WQSHXLWZDKR58ZP7GTY5V5')));

		$result = mysql_query("SELECT id_member FROM members where is_activated='1' AND real_name='$username' AND password='$password'");
		if(mysql_num_rows($result) !== 0) {
			$row = mysql_fetch_object($result);
			$_SESSION['id_member'] = $row->id_member;
			$_SESSION['password_hash'] = $password;

			if($_POST['remember_me']) {
				$time = 60*60*24*12 + time();
				$id = $row->id_member;
				setcookie("_id", $id, strtotime("+365 days"));
				setcookie("_hash", $password, strtotime("+365 days"));
			}
		}
	}

	loadLanguage('login');
	loadTemplate('login');
}



This script is only example and won't work properly because you will be missing functions and mysql table.

So I get from form username and password. Escape bad characters. (google SQL injection for more information why). Encode my password with md5 and sha1 functions so I can't see password directly. From password B it will become something like 'fdjeswifrewif546f65e7g8'. Mysql_query - i ask for something from table then check if someone found
if(mysql_num_rows($result) !== 0)
if not 0 rows of data found then this one exists, we can set session.

If you don't understand something then go to php.net and in search box type the function or look at w3schools.

Read this:
http://www.w3schools...p/php_forms.asp So now you will know what $_POST or $_GET does.
To connect to mysql http://www.w3schools...sql_connect.asp

This post has been edited by Dancia: 16 July 2008 - 09:37 AM

Was This Post Helpful? 0
  • +
  • -

#6 cbgfilms   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 22
  • Joined: 14-July 08

Re: Allow users to edit their information

Posted 17 July 2008 - 07:56 AM

View PostDancia, on 16 Jul, 2008 - 09:29 AM, said:

Erm Once your member is registered you must somehow remember users data. Instead of using a file (because really hards to handle) you can use mySQL.

For example person A is registered with password B. You can INSERT him to database. But wait, where? So you need a table in your mysql database.

You can create something like: members and create some fields.

member_name, member_password. Ok you can store your details into it.
Ok now we table with users data.
Now we want to make user profile. We can easily add more field to member.
For more advanced system we would need to put something unique so we can get data which belongs to person A from other tables. For this we create one more field (it will be PRIMARY (important one)) which would have unique ID. It's easy because mysql has auto_increment option so that field will increment automaticaly. Then person A is registered he will get id 1. Another person 2 and etc.
(i forgot to mention that that field can be called id_member)
So we now got.
id_member, member_name, member_password..........
1, A, B

How to detect if the right one is logged in?
So then member fills his name and password, you would need to check if there's ANY members which have that name and password. If you find someone then data is correct and you can use his name and add it to session. ($_SESSION) So now he's registered and you have a member.

I will share my php script with you.
function login2() {
	$username = $_POST['username'];
	$password = $_POST['password'];

	if($username == mysql_real_escape_string($username)) {
		$password = sha1(md5(sha1($username.$password.'5KSK5RIWXJT3OVFN14WQSHXLWZDKR58ZP7GTY5V5')));

		$result = mysql_query("SELECT id_member FROM members where is_activated='1' AND real_name='$username' AND password='$password'");
		if(mysql_num_rows($result) !== 0) {
			$row = mysql_fetch_object($result);
			$_SESSION['id_member'] = $row->id_member;
			$_SESSION['password_hash'] = $password;

			if($_POST['remember_me']) {
				$time = 60*60*24*12 + time();
				$id = $row->id_member;
				setcookie("_id", $id, strtotime("+365 days"));
				setcookie("_hash", $password, strtotime("+365 days"));
			}
		}
	}

	loadLanguage('login');
	loadTemplate('login');
}



This script is only example and won't work properly because you will be missing functions and mysql table.

So I get from form username and password. Escape bad characters. (google SQL injection for more information why). Encode my password with md5 and sha1 functions so I can't see password directly. From password B it will become something like 'fdjeswifrewif546f65e7g8'. Mysql_query - i ask for something from table then check if someone found
if(mysql_num_rows($result) !== 0)
if not 0 rows of data found then this one exists, we can set session.

If you don't understand something then go to php.net and in search box type the function or look at w3schools.

Read this:
http://www.w3schools...p/php_forms.asp So now you will know what $_POST or $_GET does.
To connect to mysql http://www.w3schools...sql_connect.asp


Hi thanks, could you read my post here for more updated info, and get back to me, thanks.
http://www.weberforu...3895.html#33895
Was This Post Helpful? 0
  • +
  • -

#7 Dancia   User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 60
  • Joined: 15-June 08

Re: Allow users to edit their information

Posted 17 July 2008 - 08:55 AM

Ok first you need get data which is currently set.

You have set name="" values as these:
<input name="username" type="text" size="35">
<input name="password" type="password" size="35">
<input name="email" type="text" size="35">
<textarea name="profile" cols="27" rows="8"></textarea>
And you method is:
<form method="POST" action="updatedetails.php"> POST

So will will retrieve the data:
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST['email']);
$profile = mysql_real_escape_string($_POST['[profile']);


mysql_real_escape_string - i escape bad stuff that user could write into queries. Additionally you would need to hash the password put its up to you.
NOTE: It donesn't delete those characters, only escape. If you need to delete them, from username, for example then look at php.net for eregi, preg_match and preg_replace functions.

Now we need to find the member in our database and update it.
The mysql_query will be something like UPDATE table name SET new values WHERE erm put here something to identify the user
If you have a $_SESSION set in your database with username or username ID (if you have it) (erm you need to have it because if someone want's to update his info, he has to be logged in and you need to identify he)
So for every part the mysql_query will be something like:
mysql_query('UPDATE members SET username="'.$username.'" WHERE username="''.$_SESSION['username']."');



I suggest you searching Dream.In.Code for php tutorials.
Exaple: http://www.dreaminco...showforum47.htm

This post has been edited by Dancia: 17 July 2008 - 09:09 AM

Was This Post Helpful? 0
  • +
  • -

#8 cbgfilms   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 22
  • Joined: 14-July 08

Re: Allow users to edit their information

Posted 17 July 2008 - 11:18 AM

View PostDancia, on 17 Jul, 2008 - 08:55 AM, said:

Ok first you need get data which is currently set.

You have set name="" values as these:
<input name="username" type="text" size="35">
<input name="password" type="password" size="35">
<input name="email" type="text" size="35">
<textarea name="profile" cols="27" rows="8"></textarea>
And you method is:
<form method="POST" action="updatedetails.php"> POST

So will will retrieve the data:
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST['email']);
$profile = mysql_real_escape_string($_POST['[profile']);


mysql_real_escape_string - i escape bad stuff that user could write into queries. Additionally you would need to hash the password put its up to you.
NOTE: It donesn't delete those characters, only escape. If you need to delete them, from username, for example then look at php.net for eregi, preg_match and preg_replace functions.

Now we need to find the member in our database and update it.
The mysql_query will be something like UPDATE table name SET new values WHERE erm put here something to identify the user
If you have a $_SESSION set in your database with username or username ID (if you have it) (erm you need to have it because if someone want's to update his info, he has to be logged in and you need to identify he)
So for every part the mysql_query will be something like:
mysql_query('UPDATE members SET username="'.$username.'" WHERE username="''.$_SESSION['username']."');



I suggest you searching Dream.In.Code for php tutorials.
Exaple: http://www.dreaminco...showforum47.htm


Hi i've just added you on MSN, could you help me there?
Thanks, Charlie.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1