I was trying to make a website. So this is the index.php page.
When 'more info' of any of the form is clicked, the user is redirected to a payment.php page, where the user must make the payment. Once the payment is done, the user is redirected to success.php page, which is supposed to show these 3 lines for two seconds and then redirect the user to details.php page. However, for some reason, instead of redirecting to details.php, both details.php and index.php come up simultaneously like this. How can I avoid the index file from being there too? I just want to show the details file.
Here is the code of the success page:
<?php
include 'index.php';
if(!empty($_GET['tid'] && !empty($_GET['product']))) {
$GET = filter_var_array($_GET, FILTER_SANITIZE_STRING);
$tid = $GET['tid'];
$product = $GET['product'];
} else {
header('Location: payment.php');
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
<title>Thank You</title>
</head>
<body>
<div class="container mt-4">
<h2>Thank you for purchasing <?php echo $product; ?></h2>
<hr>
<p>Your transaction ID is <?php echo $tid; ?></p>
<p>Check your email for more info</p>
<?php header('Refresh: 2; URL=details.php?id='.$customer['id']);?>
</div>
</body>
</html>
I feel that this is the most important part of the success.php code:
<?php header('Refresh: 2; URL=details.php?id='.$customer['id']);?>
here's the details page:
<?php
include 'config/db_connect.php';
include 'config/db.php';
include 'index.php';
if (isset($_POST['delete'])) {
$id_to_delete = mysqli_real_escape_string($conn, $_POST['id_to_delete']);
$sql = "DELETE FROM customers WHERE id = $id_to_delete";
if (mysqli_query($conn, $sql)) {
header('Location: index.php');
} else {
echo 'query error: ' . mysqli_error($conn);
}
}
// check GET request id param
if (isset($_GET['id'])) {
// escape sql chars
$id = mysqli_real_escape_string($conn, $_GET['id']);
// make sql
$sql = "SELECT * FROM customers WHERE id = $id";
// get the query result
$result = mysqli_query($conn, $sql);
// fetch result in array format
$customer = mysqli_fetch_assoc($result);
mysqli_free_result($result);
//mysqli_close($conn);
}
?>
<!DOCTYPE html>
<html>
<?php include 'templates/header.php'; ?>
<div class="container center grey-text">
<?php if ($customer) : ?>
<h4><?php echo $customer['Job_Type']; ?></h4>
<p>Contact Number of loan enquirer: <?php echo $customer['Telephone']; ?></p>
<p>Annual income: <?php echo 12 * $customer['Monthly_salary']; ?></p>
<p>Existing loan amount: <?php echo $customer['Existing_loan_amount']; ?></p>
<p>Residential_Type: <?php echo $customer['Residential_Type']; ?></p>
<p>Job: <?php echo $customer['Job']; ?></p>
<p>Form submission time: <?php echo date($customer['Form_Submission_Time']); ?></p>
<!-- DELETE FORM -->
<form action="details.php" method="POST">
<input type="hidden" name="id_to_delete" value="<?php echo $customer['id']; ?>">
<input type="submit" name="delete" value="Delete" class="btn brand z-depth-0">
</form>
<?php else : ?>
<h5>No such customer exists.</h5>
<?php endif ?>
</div>
<?php include 'templates/footer.php'; ?>
</html>
Your details page starts with these three line:
include 'config/db_connect.php';
include 'config/db.php';
include 'index.php';
As you can see, in the third line, you include index.php. My best guess is that that is the reason you see it in the details page.
Related
I am trying to insert form data to my profile table when I click the add button, but whenever I test my code below it just reloads my add.php page and clears the form instead of adding it to my table.
add.php code:
<?php
//connection to the database
$pdo = require_once 'pdo.php';
session_start();
//if user is not logged in redirect back to index.php with an error message
if(!isset($_SESSION['user_id'])){
die("ACCESS DENIED");
return;
}
//if the user requested cancel go back to index.php
if(isset($_POST['cancel'])){
header('Location: index.php');
return;
}
//handling incoming data
$uid = $_SESSION['user_id'];
if (isset($_POST['first_name']) && isset($_POST['last_name']) &&
isset($_POST['email']) && isset($_POST['headline']) && isset($_POST['summary'])){
if (strlen($_POST['first_name']) == 0 || strlen($_POST['last_name']) == 0 ||
strlen($_POST['email']) || strlen($_POST['headline']) == 0 || strlen($_POST['summary']) == 0){
$_SESSION['error'] = "All fields are required";
header("Location: add.php");
return;
}
if(strpos($_POST['email'], '#') === false){
$_SESSION['error'] = "Email address must contain #";
header("Location: add.php");
return;
}
$stmt = $pdo->prepare('INSERT INTO profile
(user_id, first_name, last_name, email, headline, summary)
VALUES ( :uid, :fn, :ln, :em, :he, :su)');
$stmt->execute(array(
':uid' => $uid,
':fn' => $_POST['first_name'],
':ln' => $_POST['last_name'],
':em' => $_POST['email'],
':he' => $_POST['headline'],
':su' => $_POST['summary'])
);
$_SESSION['success'] = "profile added";
header("location: index.php");
return;
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Mandla'ke Makondo's Profile Add</title>
<!-- bootstrap.php - this is HTML -->
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css"
integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r"
crossorigin="anonymous">
</head>
<body>
<div class="container">
<h1>Adding Profile for UMSI</h1>
<form method="post" action="index.php">
<p>First Name:
<input type="text" name="first_name" size="60"/></p>
<p>Last Name:
<input type="text" name="last_name" size="60"/></p>
<p>Email:
<input type="text" name="email" size="30"/></p>
<p>Headline:<br/>
<input type="text" name="headline" size="80"/></p>
<p>Summary:<br/>
<textarea name="summary" rows="8" cols="80"></textarea>
<p>
<input type="submit" name="add" value="Add">
<input type="submit" name="cancel" value="Cancel">
</p>
</form>
</div>
</body>
</html>
here I created my connection to the database using pdo connection and also require my config.php file for database sign in credentials
here is my pdo.php code:
<?php
require_once 'config.php';
//setting DSN
$dsn = "mysql:host=$host;dbname=$dbname;charset=UTF8";
//creating a PDO instance
try{
$pdo = new PDO($dsn, $user, $password);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if($pdo){
echo "database connected Successfully";
return;
}
}catch(PDOException $e){
echo $e->getMessage();
}
?>
my database sign in credentials are in this file, the username, password and dbname are not necessarily correct, I only changed them for the sake of asking.
here is my config.php code:
<?php
//my variables
$host = 'localhost';
$user = 'myusername';
$password = 'mypass';
$dbname = 'mydb';
?>
my index.php code has a static display for the profile entries, I wanted to be able to add the profiles first so I can make it dynamically display the profiles but here is my index.php code:
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Mandla'ke Makondo's Resume Registry</title>
<!-- bootstrap.php - this is HTML -->
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css"
integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r"
crossorigin="anonymous">
</head>
<body>
<div class="container">
<h1>Mandla'ke Makondo's Resume Registry</h1>
<p>
<?php
if(isset($_SESSION['user_id'])){
echo " <a href='logout.php'>Logout</a>";
}
if(!isset($_SESSION['user_id'])){
echo "<a href='login.php'>Please log in</a>";
}
?>
</p>
<?php
if(isset($_SESSION['user_id'])){
echo"<table border = '1'>
<tr><th>Name</th><th>Headline</th><th>Action</th><tr><tr><td>
<a href='view.php?profile_id=5634'>srghrsh yteu yt uuu</a></td><td>
eyetu e5u5</td><td><a href = 'edit.php'>Edit</a> <a href = 'delete.php'>Delete</a></td></tr>
</table>";
echo "<a href='add.php'>Add New Entry</a>";
}
if(!isset($_SESSION['user_id'])){
echo "<table border='1'>
<tr><th>Name</th><th>Headline</th>
<tr>
<tr><td>
<a href='view.php?profile_id=5634'>srghrsh yteu yt uuu</a></td><td>
eyetu e5u5</td></tr>
</table>";
}
?>
</div>
</body>
enter code here
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Mandla'ke Makondo's Resume Registry</title>
<!-- bootstrap.php - this is HTML -->
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet"
href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css"
integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r"
crossorigin="anonymous">
</head>
<body>
<div class="container">
<h1>Mandla'ke Makondo's Resume Registry</h1>
<p>
<?php
if(isset($_SESSION['user_id'])){
echo " <a href='logout.php'>Logout</a>";
}
if(!isset($_SESSION['user_id'])){
echo "<a href='login.php'>Please log in</a>";
}
?>
</p>
<?php
if(isset($_SESSION['user_id'])){
echo"<table border = '1'>
<tr><th>Name</th><th>Headline</th><th>Action</th><tr><tr><td>
<a href='view.php?profile_id=5634'>srghrsh yteu yt uuu</a></td><td>
eyetu e5u5</td><td><a href = 'edit.php'>Edit</a> <a href = 'delete.php'>Delete</a></td></tr>
</table>";
echo "<a href='add.php'>Add New Entry</a>";
}
if(!isset($_SESSION['user_id'])){
echo "<table border='1'>
<tr><th>Name</th><th>Headline</th>
<tr>
<tr><td>
<a href='view.php?profile_id=5634'>srghrsh yteu yt uuu</a></td><td>
eyetu e5u5</td></tr>
</table>";
}
?>
</div>
</body>
I have created a button start_btn that is supposed link me to an internal header, but it is not responding at all.
It shows up, but even though I implemented other actions that it's supposed to take it, doesn't work.
<?php
session_start();
if (!isset($_SESSION['username'])) {
$_SESSION['msg'] = "You must log in first";
header('location: login.php');
}
//////
if (isset($_POST['start_btn'])) {
session_destroy();
unset($_SESSION['username']);
header('location: register.php');
}
//////
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['username']);
header("location: login.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Home</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="header">
<h2>Home Page</h2>
</div>
<div class="content">
<!-- notification message -->
<?php if (isset($_SESSION['success'])) : ?>
<div class="error success" >
<h3>
<?php
echo $_SESSION['success'];
unset($_SESSION['success']);
?>
</h3>
</div>
<?php endif ?>
<!-- logged in user information -->
<?php if (isset($_SESSION['username'])) : ?>
<p>Welcome <strong><?php echo $_SESSION['username']; ?></strong></p>
<div class = "btn">
<button type="submit" class="btn" name="start_btn">Start!</button>
</div>
<p> logout </p>
<?php endif ?>
</div>
</body>
</html>
I have created working login and register buttons and tried to implement their code into my new button, but it still doesn't work.
Right now I'm coding this really simple user page but getting one problem that's bugging me and can't find out why it's happening.
When ever I would put <?php HTML will just stop loading from there.
<?php
session_start();
if (!isset($_SESSION["user"])) {
$logged_in = "no";
} else {
$username = $_SESSION["user"];
$logged_in = "yes";
}
include ('global.php');
?>
<head>
<title><?php echo $sitename; ?></title>
<link rel="stylesheet" type="text/css" href="css.css">
<link href="https://fonts.googleapis.com/css?family=Raleway" rel="stylesheet">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<div class="header">
<div class="header_content">
<div class="middle_logo">
<p><?php echo $sitename; ?></p>
</div>
</div>
</div>
<div class="under_header">
<?php
$id = htmlentites($_GET["id"]);
$get_user_data = mysqli_query ($dconnect, "SELECT * FROM user_data WHERE id='$id'");
if (mysqli_num_rows($get_user_data) < 2) {
header ("Location: index.php");
} else {
while ($row = mysqli_fetch_array($get_user_data)) {
echo $row["username"];
}
}
?>
<h1><?php echo $users_name; ?></h1>
</div>
When I look at the source code it ends at <div class="under_header">
The answer has already been found in the comment :
The line :
$id = htmlentites($_GET["id"]);
Contain an error and should be :
$id = htmlentities($_GET["id"]);
Thanks to #RiggsFolly and #JustOnUnderMillions.
You can now accept an answer and close the question.
I'm trying to develop a login system in PHP which has faculty_login.php which displays faculty_login_option.inc.php which has a login form and if $_SESSION['f_id'] is set it redirects to faculty_upload_option.php. where faculty details are fetched from faculty_table using $f_id = $_SESSION['f_id'] as the primary key.but $_SESSION['f_id'] is always returning 1 and user is logging in as the user whose f_id is 1.
<?php
//faculty login page.faculty_login.php
//if logged in show upload option/show login option.
require_once 'resources/core.inc.php';//session is set here
require_once 'resources/connect.inc.php';//init db connection
if(isset($_SESSION['f_id'])&&!empty($_SESSION['f_id'])){
require_once 'faculty_upload_option.inc.php';
}
else{
require_once 'faculty_login_option.inc.php';
}
?>
<?php
/* faculty_login_db.php
* Check if the faculty can login or the credentials are wrong.
*/
require_once 'resources/core.inc.php';
require_once 'resources/connect.inc.php';
if(isset($_POST['f_username'])&&isset($_POST['f_password'])){
if(!empty($_POST['f_username'])&&!empty($_POST['f_password'])){
$username = stripcslashes($_POST['f_username']);
$password = stripcslashes($_POST['f_password']);
$result = $conn->prepare("SELECT f_id FROM faculty_table WHERE f_username= :hjhjhjh AND f_password= :asas");
$result->bindParam(':hjhjhjh', $username);
$result->bindParam(':asas', $password);
$result->execute();
$rows = $result->fetch(PDO::FETCH_NUM);
if($result->rowCount() == 1) {
$_SESSION['f_id'] = $rows ;
$_SESSION['f_username'] = $username;
header('Location:faculty_login.php');
}
else{
header('Location:faculty_login.php?username='.$username);
}
}
else{
header('Location:faculty_login.php');
}
}
else{
header('Location:faculty_login.php');
}
?>
<?php
/* faculty_login_option.php
* faculty login page. check if user exists/ use faculty_login_db.php
*/
?>
<!DOCTYPE html>
<!--
To change this license header, choose License Headers in Project Properties.
To change this template file, choose Tools | Templates
and open the template in the editor.
-->
<html>
<head>
<title>Home</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0 , maximum-scale=1">
<link rel="stylesheet" href="resources/loginstyle.css">
</head>
<body>
<?php
//<img alt="full screen background image" src="images/orange.jpg" id="full-screen-background-image" />
?>
<div id="back">Home</div>
<div id="header">
<h3>FACULTY LOGIN</h3><br>
</div>
<hr>
<div id="container">
<center>
<form action="faculty_login_db.php" method="post">
<input type="text" onFocus="if(this.value=='Username'){this.value=''}" name="f_username" class="buttons" value="<?php
if(isset($_GET['username']))
{
echo $_GET['username'];
}else{echo 'Username';}
?>"><br>
<input type="password" onFocus="if(this.value=='Password'){this.value='';}" name="f_password" class="buttons" value="Password"><br>
<input type="submit" value="Login" class="lbutton">
</form>
</center>
<?php
if(isset($_GET['username'])){
?>
<div id="errormsg">Username or password is invalid.</div>
<?php
}
?>
</body>
<?php
/* this is faculty_upload_option.inc.php
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
require_once 'resources/core.inc.php';
require_once 'resources/connect.inc.php';
if(isset($_SESSION['f_id'])&&isset($_SESSION['f_username'])&&!empty($_SESSION['f_id'])){
$f_id=trim(isset($_SESSION['f_id']));
if(!empty($f_id)){
$result = $conn->prepare("SELECT * FROM faculty_table WHERE f_id=:id");
$result->bindparam(':id', $f_id);
$result->execute();
$rows = $result->fetchAll();
foreach($rows as $db_rows){
$f_username = $db_rows['f_username'];
$category = $db_rows['category'];
$branch = $db_rows['branch'];
}
//page which should be displayed if user logs in.?>
<html>
<head><title><?php echo $f_username; ?></title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0 , maximum-scale=1">
<link href='http://fonts.googleapis.com/css?family=Indie+Flower|Yanone+Kaffeesatz' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="resources/upload_style.css">
</head>
<body><div id="parent">
<div id="header">
<img src="images/no-profile-image.png" width="30%" id="noimg">
<span id="addfont"><h1><?php echo $f_username;?></h1></span>
<h2><?php echo $category;?></h2>
<p><?php echo $branch;?></p>
<center><div class="buttons" id="left">Home</div><div class="buttons" id="right">Logout</div></center>
</div>
Are you destroying session correctly on logout? Are you setting session id before hitting the condition somewhere? What is the value before hitting the comparion condition?
I have been follwing a series of tutorials over at [thedigitalcraft.com][1] building my first ever dynamic website. I recently followed his 15th, and thought I followed along greatly, but for some reason the content that should be showing up isn't when I run the page. No errors, its almost like one of my sql statements is wrong, or it can't connect to my phpMyAdmin database.I'm building a user interface for editing each of the pages, a control panel. I'm running on XAMPP localhost btw, working in dreamweaver. Why is my content not showing up in the form? I know that I am connected to the database.. I've pasted my code from my pages.php and index.php
1. pages.php:
<?php ## Page Manager ?>
<h2>Page Manager</h2>
<div class="col sidebar">
<ul>
<?php
$q = "SELECT * FROM pages ORDER BY name ASC";
$r = mysqli_query($dbc, $q);
if ($r)
{
while($link = mysqli_fetch_assoc($r))
{
echo '<li>'.$link['name'].'</li>';
}
}
?>
</ul>
</div>
<div class="col editor">
<?php if (isset($_GET['id'])) {
$q = "SELECT * FROM pages WHERE id = '$_GET(id)' LIMIT 1";
// the database connection, our query
$r = mysqli_query($dbc, $q);
$opened = mysqli_fetch_assoc($r);
?>
<form action="#" method="post">
<p><label>Page title: </label><input type="text" size="30" name="title" value="<?php echo $opened['title']?>"></p>
<p><label>Page name:</label> <input type="text" size="30" name="name" value="<?php echo $opened['name']?>"></p>
<label>Page body:</label><br>
<textarea name="body" cols="30" rows="8"><?php echo $opened['body'] ?></textarea>
</form>
<?php } ?>
</div>
index.php:
<?php
error_reporting(0);
// Setup document:
include('config/setup.php');
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title><?php //echo $page_title; ?>JakeForDesign - Admin Panel</title>
<link rel="stylesheet" type="text/css" href="css/styles.css">
</head>
<body>
<div class="wrap_overall">
<div class="header"> <?php head(); ?> </div>
<div class="nav_main"> <?php nav_main(); ?> </div>
<div class="content"> <?php include('content/'.$pg.'.php'); ?> </div>
<div class="footer"> <?php footer(); ?> </div>
</div>
</body>
</html>
2. index.php:
<?php
error_reporting(0);
// Setup document:
include('config/setup.php');
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title><?php //echo $page_title; ?>JakeForDesign - Admin Panel</title>
<link rel="stylesheet" type="text/css" href="css/styles.css">
</head>
<body>
<div class="wrap_overall">
<div class="header"> <?php head(); ?> </div>
<div class="nav_main"> <?php nav_main(); ?> </div>
<div class="content"> <?php include('content/'.$pg.'.php'); ?> </div>
<div class="footer"> <?php footer(); ?> </div>
</div>
</body>
</html>
3. setup.php(for connection to database)
<?php
## Setup Document
// host(or location of the database), username, //password, database name
$dbc = #mysqli_connect('localhost', 'root', 'password', 'database') OR die ('Could not connect to the database because: '. mysqli_connect_error() );
include('Functions/sandbox.php');
include('Functions/template.php');
if ($_GET['page'] == '')
{
$pg = 'home';
}
else
{
$pg = $_GET['page'];
}
$page_title = get_page_title($dbc, $pg);
?>
$q = "SELECT * FROM pages WHERE id = '$_GET(id)' LIMIT 1";
This is wrong
$q = "SELECT * FROM pages WHERE id = '" . $_GET['id'] . "' LIMIT 1";
This is good
Don't forget to secure it with intval() if it's a numeric value!