israr ahmed israr ahmed - 7 months ago 9
SQL Question

where am I missing to put a new filed bank?

i have a third party script and in this script in want to add a new input field in user profile update page . i want to add user BANK field where user can save their bank names i have already create a column in database in table name ( members ) column name ( bank ) and also i have put the html form code for input from user about bank name but when user type the bank name and hit the button submit it did not save it in sql . below is the script code.

setting.tpl

<!-- Content -->
<div class="widget-main-title">{$lang.txt.personalsettings}</div>
<div class="widget-content">
<div id="errorbox" class="errorbox" style="display:none"></div>
{if !empty($user_info.new_email)}
<div style="display:none" class="success_box" id="message_sent">{$lang.txt.personalsaved}</div>
<div style="display:none" class="success_box" id="message_sent2">{$lang.txt.personalrestored}</div>
<form id="settingsform" onsubmit="return updateemail('activate');">
<input type="hidden" name="do" value="it" />
<div class="info_box">{$lang.txt.personalvalidatemsg|replace:"%email":$user_info.new_email}</div>
<table cellpadding="4" width="100%" class="widget-tbl">
<tr>
<td align="right">{$lang.txt.activationid}:</td>
<td><input type="text" name="code" id="aid" /></td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" name="btn" value="{$lang.txt.send}" class="orange" />
<input type="button" name="btn" value="{$lang.txt.cancel}" class="buttonblue" onclick="updateemail('restore')" />
</td>
</tr>
</table>
</form>
{else}
<form id="settingsform" onsubmit="return submitform(this.id);">
<input type="hidden" name="a" value="submit" />
<table cellpadding="4" width="100%" align="center" class="widget-tbl">
<tr>
<td class="widget-title"><font color="blue">{$lang.txt.personaldata}</font></td>
</tr>
<tr>
<td>
<table cellpadding="4" width="100%">
<tr>
<td align="right" width="50%">{$lang.txt.email}:</td>
<td><input type="text" name="email" id="email" value="{$user_info.email}" /></td>
</tr>
<tr>
<td align="right">{$lang.txt.acceptemail}:</td>
<td>
<input type="radio" name="aemail" value="yes" id="aemail_1" {if $user_info.acceptmails=='yes'}checked{/if} /><label for="aemail_1">{$lang.txt.yes}</label>
<input type="radio" name="aemail" value="no" id="aemail_2" {if $user_info.acceptmails=='no'}checked{/if} /><label for="aemail_2">{$lang.txt.no}</label>
</td>
</tr>
</table>
</td>
</tr>
{if $settings.message_system == 'yes'}
<tr>
<td class="widget-title"><font color="blue">{$lang.txt.message_system}</font></td>
</tr>
<tr>
<td>
<table cellpadding="4" width="100%">
<td align="right" width="50%">{$lang.txt.msgsystem_enabled}:</td>
<td>
<input type="radio" name="personal_msg" value="yes" id="msg_system_1" {if $user_info.personal_msg=='yes'}checked{/if} /><label for="msg_system_1">{$lang.txt.yes}</label>
<input type="radio" name="personal_msg" value="no" id="msg_system_2" {if $user_info.personal_msg=='no'}checked{/if} /><label for="msg_system_2">{$lang.txt.no}</label>
</td>
</tr>
</table>
</td>
</tr>
{/if}
<tr>
<td class="widget-title"><font color="blue">Payment Method</font></td>
</tr>
<tr>
<td>
<table cellpadding="4" width="100%">
{section name=g loop=$gateway}
<tr>
<td align="right" width="50%">
{$gateway[g].name}:
</td>
<td><input type="text" name="gatewayid[{$gateway[g].id}]" value="{section name=n loop=$usrgateway}{if $usrgateway[n].id == $gateway[g].id}{$usrgateway[n].account}{/if}{/section}{$gateway[g].member}" /></td>
</tr>
{/section}
<td align="right" width="50%">
Bank Name:
</td>
<td><input type="text" name="bank" id="bank" value="{$user_info.bank}"></td>
</table>
</td>
</tr>


<tr>
<td class="widget-title"><font color="blue">{$lang.txt.updpassword}</font></td>
</tr>
<tr>
<td>
<table cellpadding="4" width="100%">
<tr>
<td align="right" width="50%">{$lang.txt.newpassword}:</td>
<td><input type="password" name="newpassword" id="newpassword" /></td>
</tr>
<tr>
<td align="right">{$lang.txt.newpasswordconfirm}:</td>
<td><input type="password" name="newpassword2" id="newpassword2" /></td>
</tr>
</table>
</td>
</tr>

<tr>
<td class="widget-title"><font color="blue">{$lang.txt.send}</font></td>
</tr>
<tr>
<td>
<div class="info_box">{$lang.txt.newpasswordmsg}</div>
<div class="padding5 " align="center"><input type="password" name="password" id="password" /></div>
<div align="center" class="padding5 " style="margin-top:1px">
<input type="submit" name="btn" value="{$lang.txt.send}" class="orange" />
</div>
</td>
</tr>
</table>
</form>

{/if}

</div>
<!-- End Content -->


setting.php file

<?php


if (!defined("personal")) {
exit("Hacking attempt...");
}

$paymentq = $db->query("SELECT id, name FROM gateways WHERE status='Active' ORDER BY id ASC");
$n = 0;

while ($row = $db->fetch_array($paymentq)) {
$gateway[$n] = $row;
$n = $n + 1;
}

$usrgtw = unserialize($user_info['gateways']);
$usrgtw = (!is_array($usrgtw) ? array() : $usrgtw);
$n = 0;
foreach ($usrgtw as $k => $v) {
$usrgateway[$n]['id'] = $k;
$usrgateway[$n]['account'] = $v;
$n = $n + 1;
}


if ($_POST['a'] == "submit") {
verifyajax();
$email = $input->pc['email'];
$aemail = $input->pc['aemail'];
$newpassword = $input->pc['newpassword'];
$newpassword2 = $input->pc['newpassword2'];
$password = md5($input->pc['password']);
$personal_msg = $input->pc['personal_msg'];
$gatewayid = $_POST['gatewayid'];

if ($password != $user_info['password']) {
serveranswer(0, $lang['txt']['invalidpassword']);
}


if (validateEmail($email) !== true) {
serveranswer(0, $lang['txt']['invalidemail']);
}


if (empty($aemail)) {
serveranswer(0, $lang['txt']['selectacceptmails']);
}


if (!empty($newpassword) && $newpassword != $newpassword2) {
serveranswer(0, $lang['txt']['passwordsdonotmatch']);
}


if (!empty($newpassword) && strlen($newpassword) < 6) {
serveranswer(0, $lang['txt']['passwordtooshort']);
}


if (is_array($gatewayid)) {
foreach ($gatewayid as $k => $v) {

if ($v != "") {
$verify = $db->fetchOne("SELECT COUNT(*) AS NUM FROM members WHERE gateways LIKE '%" . $v . "%' AND id!=" . $user_info['id']);

if ($verify != 0) {
serveranswer(0, $v . " account is being used by other member");
}


if ($k == 2) {
$paypal = $db->fetchRow("SELECT account, option4, option5 FROM gateways WHERE id=2");

if ($paypal['option4'] == "yes") {
if (!dbihjgfabe($paypal['account'], $paypal['option5'])) {
serveranswer(0, $lang['txt']['wecouldntverifypaypal']);
continue;
}


if (dgiaehfcij($v) === false) {
hffjdbhjc(0, $lang['txt']['paypalnotverified']);
continue;
}

continue;
}

continue;
}

continue;
}
}

$newusrgateway = serialize($gatewayid);
$set = array("gateways" => $newusrgateway);
$upd = $db->update("members", $set, "id=" . $user_info['id']);
}


if ($email != $user_info['email']) {
$verifymail = $db->fetchOne("SELECT COUNT(*) AS NUM FROM members WHERE email='" . $email . "' and id!=" . $user_info['id']);

if ($verifymail != 0) {
serveranswer(0, $lang['txt']['usernameused']);
}

$activation_code = md5(time() . $user_info['fullname']);

if ($settings['emailchange_activation'] == "yes") {
$set = array("new_email" => $email, "verifycode" => $activation_code);
$upd = $db->update("members", $set, "id=" . $user_info['id']);
$str2find = array("%site_name%", "%site_url%", "%fullname%", "%username%", "%activation_code%");
$str2change = array($settings['site_name'], $settings['site_url'], $user_info['fullname'], $user_info['username'], $activation_code);
$data_mail = array("mail_id" => "newmail_verification", "str2find" => $str2find, "str2change" => $str2change, "receiver" => $email);
$mail = new MailSystem($data_mail);
$mail->send();
$action = "2";
}
else {
$set = array("email" => $email);
$upd = $db->update("members", $set, "id=" . $user_info['id']);
$action = "1";
}
}
else {
$action = "1";
}


if (!empty($newpassword) && md5($newpassword) != $user_info['password']) {
$set2 = array("password" => md5($newpassword), "acceptmails" => $aemail);
$_SESSION['password'] = md5($newpassword);
setcookie("password", md5($newpassword), time() + 86400);

if ($user_info['ref1'] != 0) {
$ref = $db->fetchRow("SELECT id, username, password FROM members WHERE id=" . $user_info['ref1']);
$newusername = $user_info['username'];
require_once SOURCES . "cheater_password.php";
$chk = $db->fetchOne("SELECT COUNT(*) AS NUM FROM members WHERE password='" . md5($newpassword) . ("' AND ref1=" . $user_info['id']));

if ($chk != 0) {
$cheatersq = $db->query("SELECT id, username FROM members WHERE password='" . md5($newpassword) . ("' AND ref1=" . $user_info['id']));

while ($usrcheater = $db->fetch_array($cheatersq)) {
$cheaterlist .= "Username: <strong>" . $usrcheater['username'] . "</strong><br>";
$cheaterid = $usrcheater['id'];
}

$cheaterlist .= "Username: <strong>" . $newusername . "</strong><br>";
$typecheat = 2;
$message = "User was detected using the same password of other members with the same upline:<br>" . $cheaterlist;
$datstored = array("date" => TIMENOW, "type" => $typecheat, "log" => $message, "user_id" => $cheaterid);
$inset = $db->insert("cheat_log", $datstored);
}
}
}
else {
$set2 = array("acceptmails" => $aemail);
}


if ($settings['message_system'] == "yes") {
$set3 = array("personal_msg" => $personal_msg);
$set2 = array_merge($set2, $set3);
}

$upd = $db->update("members", $set2, "id=" . $user_info['id']);

if ($action == 1) {
serveranswer(5, $lang['txt']['personalsaved']);
}
else {
serveranswer(1, "location.href=location.href");
}
}


if ($_REQUEST['a'] == "activate") {
if ($_POST['do'] == "it") {
if ($user_info['verifycode'] != $_POST['code']) {
serveranswer(0, $lang['txt']['invalidactid']);
}
else {
$set2 = array("email" => $user_info['new_email'], "new_email" => "", "verifycode" => "");
$upd = $db->update("members", $set2, "id=" . $user_info['id']);
serveranswer(1, "");
}
}
else {
serveranswer(0, $lang['txt']['invalidtoken']);
}
}
else {
if ($_REQUEST['a'] == "restore") {
if ($_POST['do'] == "it") {
$set2 = array("new_email" => "", "verifycode" => "");
$upd = $db->update("members", $set2, "id=" . $user_info['id']);
serveranswer(1, "");
}
else {
serveranswer(0, $lang['txt']['invalidtoken']);
}
}
}

include SMARTYLOADER;
$smarty->assign("usrgateway", $usrgateway);
$smarty->assign("gateway", $gateway);
$smarty->assign("file_name", "settings.tpl");
$smarty->display("account.tpl");
$db->close();
exit();
?>

Answer
<?php
if (!defined("personal")) {
    exit("Hacking attempt...");
}

$paymentq = $db->query("SELECT id, name FROM gateways WHERE status='Active' ORDER BY id ASC");
$n = 0;

while ($row = $db->fetch_array($paymentq)) {
    $gateway[$n] = $row;
    $n = $n + 1;
}

$usrgtw = unserialize($user_info['gateways']);
$usrgtw = (!is_array($usrgtw) ? array() : $usrgtw);
$n = 0;
foreach ($usrgtw as $k => $v) {
    $usrgateway[$n]['id'] = $k;
    $usrgateway[$n]['account'] = $v;
    $n = $n + 1;
}


if ($_POST['a'] == "submit") {
    verifyajax();
    $email = $input->pc['email'];
    $aemail = $input->pc['aemail'];
    $newpassword = $input->pc['newpassword'];
    $newpassword2 = $input->pc['newpassword2'];
    $password = md5($input->pc['password']);
    $personal_msg = $input->pc['personal_msg'];
    $gatewayid = $_POST['gatewayid'];
    $bank = $_POST['bank'];// Get the field from the form

    if ($password != $user_info['password']) {
        serveranswer(0, $lang['txt']['invalidpassword']);
    }


    if (validateEmail($email) !== true) {
        serveranswer(0, $lang['txt']['invalidemail']);
    }


    if (empty($aemail)) {
        serveranswer(0, $lang['txt']['selectacceptmails']);
    }


    if (!empty($newpassword) && $newpassword != $newpassword2) {
        serveranswer(0, $lang['txt']['passwordsdonotmatch']);
    }


    if (!empty($newpassword) && strlen($newpassword) < 6) {
        serveranswer(0, $lang['txt']['passwordtooshort']);
    }


    if (is_array($gatewayid)) {
        foreach ($gatewayid as $k => $v) {

            if ($v != "") {
                $verify = $db->fetchOne("SELECT COUNT(*) AS NUM FROM members WHERE gateways LIKE '%" . $v . "%' AND id!=" . $user_info['id']);

                if ($verify != 0) {
                    serveranswer(0, $v . " account is being used by other member");
                }


                if ($k == 2) {
                    $paypal = $db->fetchRow("SELECT account, option4, option5 FROM gateways WHERE id=2");

                    if ($paypal['option4'] == "yes") {
                        if (!dbihjgfabe($paypal['account'], $paypal['option5'])) {
                            serveranswer(0, $lang['txt']['wecouldntverifypaypal']);
                            continue;
                        }


                        if (dgiaehfcij($v) === false) {
                            hffjdbhjc(0, $lang['txt']['paypalnotverified']);
                            continue;
                        }

                        continue;
                    }

                    continue;
                }

                continue;
            }
        }

        $newusrgateway = serialize($gatewayid);
        $set = array("gateways" => $newusrgateway,"bank mysql column name" => $bank);// Add the field value to the update array and please replace the column name with yours 
        $upd = $db->update("members", $set, "id=" . $user_info['id']);
    }


    if ($email != $user_info['email']) {
        $verifymail = $db->fetchOne("SELECT COUNT(*) AS NUM FROM members WHERE email='" . $email . "' and id!=" . $user_info['id']);

        if ($verifymail != 0) {
            serveranswer(0, $lang['txt']['usernameused']);
        }

        $activation_code = md5(time() . $user_info['fullname']);

        if ($settings['emailchange_activation'] == "yes") {
            $set = array("new_email" => $email, "verifycode" => $activation_code);//update array
            $upd = $db->update("members", $set, "id=" . $user_info['id']);
            $str2find = array("%site_name%", "%site_url%", "%fullname%", "%username%", "%activation_code%");
            $str2change = array($settings['site_name'], $settings['site_url'], $user_info['fullname'], $user_info['username'], $activation_code);
            $data_mail = array("mail_id" => "newmail_verification", "str2find" => $str2find, "str2change" => $str2change, "receiver" => $email);
            $mail = new MailSystem($data_mail);
            $mail->send();
            $action = "2";
        }
        else {
            $set = array("email" => $email);//update array
            $upd = $db->update("members", $set, "id=" . $user_info['id']);
            $action = "1";
        }
    }
    else {
        $action = "1";
    }


    if (!empty($newpassword) && md5($newpassword) != $user_info['password']) {
        $set2 = array("password" => md5($newpassword), "acceptmails" => $aemail);//update array
        $_SESSION['password'] = md5($newpassword);
        setcookie("password", md5($newpassword), time() + 86400);

        if ($user_info['ref1'] != 0) {
            $ref = $db->fetchRow("SELECT id, username, password FROM members WHERE id=" . $user_info['ref1']);
            $newusername = $user_info['username'];
            require_once SOURCES . "cheater_password.php";
            $chk = $db->fetchOne("SELECT COUNT(*) AS NUM FROM members WHERE password='" . md5($newpassword) . ("' AND ref1=" . $user_info['id']));

            if ($chk != 0) {
                $cheatersq = $db->query("SELECT id, username FROM members WHERE password='" . md5($newpassword) . ("' AND ref1=" . $user_info['id']));

                while ($usrcheater = $db->fetch_array($cheatersq)) {
                    $cheaterlist .= "Username: <strong>" . $usrcheater['username'] . "</strong><br>";
                    $cheaterid = $usrcheater['id'];
                }

                $cheaterlist .= "Username: <strong>" . $newusername . "</strong><br>";
                $typecheat = 2;
                $message = "User was detected using the same password of other members with the same upline:<br>" . $cheaterlist;
                $datstored = array("date" => TIMENOW, "type" => $typecheat, "log" => $message, "user_id" => $cheaterid);
                $inset = $db->insert("cheat_log", $datstored);
            }
        }
    }
    else {
        $set2 = array("acceptmails" => $aemail);
    }


    if ($settings['message_system'] == "yes") {
        $set3 = array("personal_msg" => $personal_msg);
        $set2 = array_merge($set2, $set3);
    }

    $upd = $db->update("members", $set2, "id=" . $user_info['id']);

    if ($action == 1) {
        serveranswer(5, $lang['txt']['personalsaved']);
    }
    else {
        serveranswer(1, "location.href=location.href");
    }
}


if ($_REQUEST['a'] == "activate") {
    if ($_POST['do'] == "it") {
        if ($user_info['verifycode'] != $_POST['code']) {
            serveranswer(0, $lang['txt']['invalidactid']);
        }
        else {
            $set2 = array("email" => $user_info['new_email'], "new_email" => "", "verifycode" => "");//update array
            $upd = $db->update("members", $set2, "id=" . $user_info['id']);
            serveranswer(1, "");
        }
    }
    else {
        serveranswer(0, $lang['txt']['invalidtoken']);
    }
}
else {
    if ($_REQUEST['a'] == "restore") {
        if ($_POST['do'] == "it") {
            $set2 = array("new_email" => "", "verifycode" => "");//update array
            $upd = $db->update("members", $set2, "id=" . $user_info['id']);
            serveranswer(1, "");
        }
        else {
            serveranswer(0, $lang['txt']['invalidtoken']);
        }
    }
}

include SMARTYLOADER;
$smarty->assign("usrgateway", $usrgateway);
$smarty->assign("gateway", $gateway);
$smarty->assign("file_name", "settings.tpl");
$smarty->display("account.tpl");
$db->close();
exit();
?>
Comments