-1

Trying to run query to get user_id based on logged in username. users.php....

<?php
session_start();
include_once 'error.php';

class User{

private $db;
private $db_table = "users";

public function __construct()
{
    $this->db = new DbConnect();
}


public function isLoginExist($username, $password)
{       

    $query = "select * from " . $this->db_table . " where username =     
 '$username' AND password = '$password' Limit 1";
    $result = mysqli_query($this->db->getDb(), $query);
    if(mysqli_num_rows($result) > 0){
        mysqli_close($this->db->getDb());
        return true;
    }       
    mysqli_close($this->db->getDb());
    return false;       
}

public function createNewRegisterUser($username, $password, $email)
{

    $query = "insert into users (username, password, email, created_at, 
updated_at) values ('$username', '$password', '$email', NOW(), NOW())";
    $inserted = mysqli_query($this->db->getDb(), $query);
    if($inserted == 1){
        $json['success'] = 1;                                   
    }else{
        $json['success'] = 0;
    }
    mysqli_close($this->db->getDb());
    return $json;
}



public function loginUsers($username, $password){

    $json = array();
    $canUserLogin = $this->isLoginExist($username, $password);
    if($canUserLogin){
        $json['success'] = 1;
    }else{
        $json['success'] = 0;
    }
    return $json;
}
}


?>

index.php

<?php
session_start();
require_once 'users.php';

$username = "";
$password = "";
$email = "";



if(isset($_POST['username'])){
$username = $_POST['username'];
}
if(isset($_POST['password'])){
$password = $_POST['password'];
}
if(isset($_POST['email'])){
$email = $_POST['email'];
}

// Instance of a User class
$userObject = new User();


// Registration of new user
if(!empty($username) && !empty($password) && !empty($email)){
$hashed_password = md5($password);
$json_registration = $userObject->createNewRegisterUser($username,     
$hashed_password, $email);

echo json_encode($json_registration);
}


// User Login
if(!empty($username) && !empty($password))
{
$hashed_password = md5($password);  


$json_array = $userObject->loginUsers($username, $hashed_password);

session_start();

$_SESSION['username'] = $username;

echo json_encode($json_array);
}
//var_dump($_SESSION['username']);displays current users name on android LOG
?>

topics.php

<?php
session_start();
include_once 'error.php';


class Topic{

private $db;
private $db_table = "topics";
private $db_table1 = "created_topics";



public function __construct()
{
    $this->db = new DbConnect();
}

public function createNewTopic($topic_name, $content)
{   
    session_start();
    include_once 'index.php';   

    //query to get current logged in user_id
    $un = "SELECT user_id FROM users WHERE username = " .    
    $_SESSION['username'] . " LIMIT 1";
    //running query
    $unResults = mysqli_query($this->db->getDb(), $un);

    //insert into db topic_name and content
    $query = "INSERT INTO topics (topic_name, content, created_at, 
    updated_at) values ('$topic_name', '$content', NOW(), NOW())";

    $inserted = mysqli_query($this->db->getDb(), $query);

    //query to insert into created_topics table with  user_id and topic_id
    $q = "insert into created_topics(user_id, topic_id,created_at) values 
    ('$unResults',LAST_INSERT_ID(),NOW())";

    mysqli_query($this->db->getDb(), $q);

    if($inserted == 1){
        $json['success'] = 1;                                   
    }else{
        $json['success'] = 0;
    }

    mysqli_close($this->db->getDb());
    return $json;

}
}
?>

created_topic.php

<?php
session_start();
require_once 'topics.php';

$topic_name = "";
$content = "";
$username = $_SESSION['username'];


if(isset($_POST['topic_name']))
{
$topic_name = $_POST['topic_name'];
}
if(isset($_POST['content']))
{
$content = $_POST['content'];
}



// Instance of a Topic class
$topicObject = new Topic();

// Registration of new topic
if(!empty($topic_name) && !empty($content))
{

$json_registration = $topicObject->createNewTopic($topic_name, $content);

echo json_encode($json_registration);
}

?>

Android create_topic page

package com.example.mrbuknahsty.annovoteexdb;

import android.content.Intent;
import android.os.AsyncTask;
import android.os.Bundle;
import android.support.v7.app.AppCompatActivity;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.Toast;

import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpConnectionParams;
import org.apache.http.params.HttpParams;
import org.json.JSONException;
import org.json.JSONObject;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.List;

public class createTopic extends AppCompatActivity
{
 protected EditText enteredTopicName,enteredContent;

Button  create;

protected String topic_name;

private final String serverUrl1 =      
 "http://lkirkpatrick.btcwsd.com/anno/create_topic.php";



@Override
protected void onCreate(Bundle savedInstanceState)
{
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_create_topic);

    enteredTopicName = (EditText) findViewById(R.id.topicNameET);
    enteredContent = (EditText) findViewById(R.id.contentEdit);

    create = (Button)findViewById(R.id.createBtn);

    create.setOnClickListener(new View.OnClickListener() {

        @Override

        public void onClick(View v) {

            topic_name = enteredTopicName.getText().toString();

            String content = enteredContent.getText().toString();

            if(topic_name.equals("") || content.equals("")){

                Toast.makeText(createTopic.this, "Topic Name or Content must      
          be filled", Toast.LENGTH_LONG).show();

                return;

            }

            if(topic_name.length() <= 1 || content.length() <= 1){

                Toast.makeText(createTopic.this, "Topic Name or Content     
        length must be greater than one", Toast.LENGTH_LONG).show();

                return;

            }

    // request authentication with remote server4

            AsyncDataClass asyncRequestObject = new AsyncDataClass();

            asyncRequestObject.execute(serverUrl1, topic_name, content);

        }

    });
}

private class AsyncDataClass extends AsyncTask<String, Void, String> {

    @Override

    protected String doInBackground(String... params) {

        HttpParams httpParameters = new BasicHttpParams();

        HttpConnectionParams.setConnectionTimeout(httpParameters, 5000);

        HttpConnectionParams.setSoTimeout(httpParameters, 5000);

        HttpClient httpClient = new DefaultHttpClient(httpParameters);

        HttpPost httpPost = new HttpPost(params[0]);

        String jsonResult = "";

        try {

            List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>   
            (2);

            nameValuePairs.add(new BasicNameValuePair("topic_name", 
           params[1]));

            nameValuePairs.add(new BasicNameValuePair("content", params[2]));

            nameValuePairs.add(new BasicNameValuePair("content", params[2]));

            httpPost.setEntity(new UrlEncodedFormEntity(nameValuePairs));

            HttpResponse response = httpClient.execute(httpPost);

            jsonResult =     
     inputStreamToString(response.getEntity().getContent()).toString();

        } catch (ClientProtocolException e) {

            e.printStackTrace();

        } catch (IOException e) {

            e.printStackTrace();

        }

        return jsonResult;

    }

    @Override

    protected void onPreExecute() {

        super.onPreExecute();

    }

    @Override

    protected void onPostExecute(String result) {

        super.onPostExecute(result);

        System.out.println("Resulted Value: " + result);

        if(result.equals("") || result == null){

            Toast.makeText(createTopic.this, "Server connection failed", 
         Toast.LENGTH_LONG).show();

            return;

        }

        int jsonResult = returnParsedJsonObject(result);

        if(jsonResult == 0){

            Toast.makeText(createTopic.this, "Something Went Wrong", 
         Toast.LENGTH_LONG).show();          

            return;

        }

        if(jsonResult == 1){

            Intent intent = new Intent(createTopic.this, login.class);

            intent.putExtra("USERNAME", topic_name);

            intent.putExtra("MESSAGE", "Topic successfully created!");

            startActivity(intent);

        }

    }

    private StringBuilder inputStreamToString(InputStream is) {

        String rLine = "";

        StringBuilder answer = new StringBuilder();

        BufferedReader br = new BufferedReader(new InputStreamReader(is));

        try {

            while ((rLine = br.readLine()) != null) {

                answer.append(rLine);

            }

        } catch (IOException e) {

// TODO Auto-generated catch block

            e.printStackTrace();

        }

        return answer;

    }

}

private int returnParsedJsonObject(String result){

    JSONObject resultObject = null;

    int returnedResult = 0;

    try {

        resultObject = new JSONObject(result);

        returnedResult = resultObject.getInt("success");

    } catch (JSONException e) {

        e.printStackTrace();

    }

    return returnedResult;

}

}

Everything ran fine until i added the query to get user_id from users where username = '$username'; Now in my android log i only get-- Resulted value:
and my toast says server connection fail. Any help would be awesome.

Thanks

luke
  • 153
  • 2
  • 2
  • 11
  • To fix your problem you should read the relevant part in the accepted answer here http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Your Common Sense May 10 '16 at 13:44
  • Read through but not sure how that pertains to my question. I appriciate the help im just not clear on how that will help me from NOT losing my session variable??? I see it echoing out my variable (username) after log in but when i go to use it in another query on another php file, it constantly returns 0 in my DB. im getting NO errors which is actually making it more difficult – luke May 10 '16 at 14:26
  • It will help you to run a query properly. the way you run SQL at the moment is wrong, and it's the very reason for the error you get. – Your Common Sense May 10 '16 at 15:36

1 Answers1

0

You should read about scopes in programming.

Check you createNewTopic function in topics.php and the variables you define / use in there. I am confident you will spot the mistake ;)

pocketrocket
  • 365
  • 2
  • 8
  • session_start(); $findUser = $_SESSION['username']; //query to get current logged in user_id $un = "SELECT user_id FROM users WHERE username ='$findUser' LIMIT 1"; I added a _SESSION['username'] = $username in my index.php but still no luck. Ive been at this for over 2 weeks but can not get this username. Please help – luke May 09 '16 at 21:35
  • Im not sure what i should be looking for or doing....Total noob here. – luke May 09 '16 at 22:03
  • It's hard to say, if you forgot to post some parts of the code, or if you are lacking some basic concepts of your logic in the code. – pocketrocket May 10 '16 at 10:38
  • 1) You request the username from the session with `$username = $_SESSION["username"];` but you don't write to the session on successful login - something like `$_SESSION["username"] = $username;` after login success (so in `loginUsers()` after `if($canUserLogin){`) 2) you query for the ID from users in DB: in `createNewTopic` you are using `$username`, which is not defined in that scope of function. Unless you user `register_globals` in php.ini or `global $username` in top of that function, it will not work (both not clean nor recommended). Just pass the username as parameter too – pocketrocket May 10 '16 at 10:47
  • Ive updated my code and put $_SESSION["username"] = $username in the log in part of index.php. I added a var_dump to see what it was holding and everything looked good. ive also changed my createNewTopic function to call the SESSION inside of the function. When i run it and create a new topic the user_id from always showing up as zero(0) in my DB...It seems like somehow im losing the data from the $_SESSION["username"] = $username before i can run the query for user_id? – luke May 10 '16 at 13:33
  • I just added some variables in my create_topic.php and passed params from android create_topic and POW, worked like a charm! Thanks for all the help fellas!!! – luke May 10 '16 at 17:04