We Keep Coding

How to integrate the remember me option to a login form with Php and Ajax

I have been trying to integrate the remember me option to my login form, using php and Ajax call, but can't seem to find my way around it. Probably messing up with cookies. The login page is working fine, but when the remember me option is checked, the login page just reloads after submission. Below is my current code;
Html form
<!DOCTYPE html>
<?php
session_start();
if( isset($_SESSION['patient_id']) || isset($_COOKIE['username']))
{
header('location: patient-details.php');
}
?>
<html lang="en">
<head>
</head>
<body class="bg-gradient-primary">
<div class="container">
<!-- Outer Row -->
<div class="row justify-content-center">
<div class="col-xl-5 col-lg-3 col-md-3">
<div class="card o-hidden border-0 shadow-lg my-5">
<div class="card-body p-0">
<!-- Nested Row within Card Body -->
<div class="row">
<div class="col-lg-12">
<div class="p-5">
<div class="text-center">
<h1 class="h4 text-gray-900 mb-4">Kabi Medical Records</h1>
<h7 class="h7 text-gray-900 mb-4">Log in to continue.</h7>
</div>
<form class="user" method = "POST" id="loginform"">
<hr>
<div id="loginmessage"></div>
<div class="form-group">
<input type="text" class="form-control form-control-user" id="UserName" aria-describedby="username" placeholder="User Name" name="username" value="">
</div>
<div class="form-group">
<input type="password" class="form-control form-control-user" id="UserPassword" placeholder="Password" name="password" value="">
</div>
<div class="form-group">
<div class="custom-control custom-checkbox small">
<input type="checkbox" class="custom-control-input" id="customCheck" name="remember" value="yes">
<label class="custom-control-label" for="customCheck">Remember Me</label>
</div>
</div>
<button type="submit" id="userloginbtn" class="btn btn-primary btn-user btn-block" name="login">Login</button>
</form>
<hr>
<div class="text-center">
<a class="small" href="#">Forgot Password?</a>
</div>
<div class="text-center">
<a class="small" href="/kabirecords">Back to Home</a>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<script src="vendor/jquery/jquery.min.js"></script>
<script src="assets/js/l.js"></script>
</body>
</html>
Login.php
<?php
//Start session
session_start();
//Connect to the database
$conn = new mysqli("localhost", "root", "", "mydb") or die(mysqli_error());
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$remember = $_POST['remember'];
//Run query: Check combinaton of usernamel & password exists
$sql = "SELECT * FROM tbl_patients WHERE username='$username' && password='$password'";
$result = mysqli_query($conn, $sql) or die(mysqli_error());
if(!empty($username) && !empty($password))
{
//If username & password don't match print error
$count = mysqli_num_rows($result);
if ($count !== 1) {
echo '<div class="alert alert-danger">Wrong Username or Password</div>';
}
else {
//log the user in: Set session variables and Cookies
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
if($remember == "yes") {
setcookie('username', $row['username'] , time()+(60*60*24*7), "");
setcookie('password', $row['password'] , time()+(60*60*24*7), "");
}
else {
$_SESSION['patient_id'] = $row['patient_id'];
$_SESSION['username'] = $row['username'];
}
echo "success";
}
}
else {
echo '<div class="alert alert-danger">Both are Required Fields </div>';
}
?>
Login.js
<script>
$("#loginform").submit(function(event) {
//prevent default php processing
event.preventDefault();
//collect user inputs
var datatopost = $(this).serializeArray();
//send them to login.php using AJAX
$.ajax({
url: "login.php",
type: "POST",
data: datatopost,
success: function(data) {
if ($.trim(data) === "success") {
Swal.fire({
icon: 'success',
title: 'Login successful',
});
window.location = "patient-details.php";
} else {
$("#loginmessage").html(data);
}
},
error: function() {
$("#loginmessage").html(
"<div class='alert alert-danger'>There was an error with the Ajax Call. Please try again later.</div>"
);$
}
});
});
</script>

How to update the user profile image using session?

I want to update my profile image but I don't know how to update it. I successfully insert it into my database and folder but when user wants to update it So I don't know how to update this image. Can you tell me how this is possible? Thanks.
Code of my HTML form
<form class="form" action="accountsetting.php" method="post" enctype="multipart/form-data">
<div class="row">
<div class="col-12 col-sm-auto mb-3">
<div class="mx-auto" style="width: 140px;">
<div class="rounded-circle avatar avatar-xl mb-3">
<img class="rounded-circle" id="preview_avatar" name="avatar" src="<?php echo
$_SESSION['user']['avatar']; ?>" width="100" height="100">
</div>
</div>
</div>
<div class="col d-flex flex-column flex-sm-row justify-content-between mb-3">
<div class="text-center text-sm-left mb-2 mb-sm-0">
<h4 class="pt-sm-2 pb-1 mb-0 text-nowrap"><?php echo $_SESSION['user']['fullname']; ?></h4>
<p class="mb-0"><?php echo $_SESSION['user']['username']; ?></p>
<div class="form-group mb-2 pt-2">
<input class='input' type='hidden' name='id' value="<?php echo $_SESSION['user']['id']; ?>" />
<input id="avatar" type="file" name="avatar" hidden="" accept="image/png, image/jpeg,
image/jpg">
<button id="uploadBtn" type="submit" name="profile" class="btn btn-primary btn-file " ><i
class="fa fa-camera" aria-hidden="true"></i> &nbsp Upload Avatar</button>
</div>
<div class="row">
<div class="col d-flex justify-content-end pr-5">
<button class="btn btn-primary " type="submit" name="profileupdate">Save Changes</button>
</div>
</div>
</div>
</div>
</div>
</form>
Code of my PHP side
// sava image into directoray
$id="";
$filename = $avatar['name'];
$fileerror = $avatar['error'];
$filetmp = $avatar['tmp_name'];
$fileext = explode('.',$filename);
$filecheck = strtolower(end($fileext));
$fileextstored =array('png', 'jpg', 'jpeg');
$destinationfile = 'upload/';
$destinationfile = $destinationfile .$filename;
$destinationfile1 = 'userside/upload/';
$destinationfile1 = $destinationfile1 .$filename;
try {
//throw exception if can't move the file
if (!move_uploaded_file($filetmp, $destinationfile)) {
throw new Exception('Could not move file');
}
if(!copy ( $destinationfile , $destinationfile1 ))
{
throw new Exception('Could not move 2nd file');
}
}
catch(Exception $e) {
echo 'Message: ' .$e->getMessage();
}
// image insert
if(in_array($filecheck, $fileextstored))
{
$query = "INSERT INTO users (avatar) VALUES('$destinationfile')";
$displayquery = "select * from users where id= $id";
$displayquery = mysqli_query($db,$displayquery);
}
What's type of code i will use. When the user click on the save button the image will successfully update.

It looks like you need a condition in your INSERT INTO statement. Shouldn't you insert the avatar in the users table where id = $id?
Here:
"INSERT INTO users (avatar) VALUES('$destinationfile')";
Change to:
"INSERT INTO users (avatar) VALUES('$destinationfile') WHERE id = $id";
Update: if you're inserting the path to the image, then maybe you need to put the URL in with the image tag:
<!-- insert code for http or https:// -->
<img class="rounded-circle" id="preview_avatar" name="avatar" src="<?php echo "http://" . $_SERVER['SERVER_NAME'] . "/" . $_SESSION['user']['avatar']; ?>" width="100" height="100">
This relies on that path being valid and accessible from the server name, like http://localhost/uploads/image_name.jpg if the path is .../uploads/image_name.jpg. You can put the path in the session variable, then just add the image name on the end, e.g. $_SESSION['image_path'] = 'http://localhost/uploads/'.

How to fix 'If(isset($_POST['Id'])) error' while editing the form in a PHP based CRUD application?

The "if(isset($_POST["titleId"]) && !empty($_POST["titleId"])" in my code is returning false value.
I'm working on a CRUD application, the insert modal is working fine, now I'm stuck at the update part of it. So when you click on the update icon it does fetch the right titleId in the URL but the first 'if' condition returns false and hence the update isn't working.
Here's what I've tried so far.
admin.php
<?php
$typeId = filter_input(INPUT_GET, "type");
$titleId = filter_input(INPUT_GET, "titleId");
$active = "admin" . $typeId;
require_once './pages/header.php';
require_once './functions/queries.php';
$getAll = Queries::getAllTitle($typeId);
?>
<div class="container">
<div class="wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<div class="page-header clearfix">
<h2 class="pull-left"></h2>
<button type="button" class="btn btn-success btn-sm" data-toggle="modal" data-target="#facultyAddModal">Add Title</button>
</div>
<!--<div class="container">
<button type="button" class="btn btn-success btn-sm" data-toggle="modal" data-target="#facultyAddModal">Add Title</button>
<br><br>-->
<div class="panel-group" id="titleAccordion">
<?php
for ($i = 0; $i < count($getAll); $i++) {
echo <<<HTML
<div class="panel panel-default">
<div class="panel-heading"><h4 class="panel-title">
<a data-toggle="collapse" data-parent="#titleAccordion" href="#collapseF{$i}">{$getAll[$i]['title']}</a></h4>
</div>
<div id="collapseF{$i}" class="panel-collapse collapse" >
<div class="panel-body">
<div class="table-responsive">
<table class="table table-condensed"><tbody>
<tr><td>Title:</td><td>{$getAll[$i]['title']}</td></tr>
<tr><td>Units:</td><td>{$getAll[$i]['units']}</td></tr>
<tr><td>Category:</td><td>{$getAll[$i]['category']}</td></tr>
<tr><td>
<tr><td><input type="hidden" id="titleId" name="titleId" value="{$getAll[$i]['titleId']}"> </tr><td>
<a href='edit.php?titleId={$getAll[$i]['titleId']}' title='Update Record' data-toggle='tooltip'><span class='glyphicon glyphicon-pencil'></span></a>
<a href='delete.php?titleId={$getAll[$i]['titleId']}' title='Delete Record' data-toggle='tooltip'><span class='glyphicon glyphicon-trash'></span></a>
</tr></td>
</tbody></table>
</div>
</div>
</div>
</div>
HTML;
}
?>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- Title Add Modal-->
<div class="modal fade" id="facultyAddModal" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Add Title</h4>
</div>
<div class="modal-body">
<div id="adminResult" class="hide" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>
<div id="resultAdminContent"></div>
</div>
<form class="cmxform" id="adminForm" method="post">
<label for="Activity">ActivityAttended (required)</label>
<input class="form-control" id="adminTitle" name="title" type="text" required>
<br>
<label for="units">Units (required)</label>
<input class="form-control" id="adminUnits" type="number" name="units" required>
<br>
<label for="Category">Category (Optional)</label>
<input class="form-control" id="adminCategory" type="text" name="category">
<br>
<?php echo
'<input type="hidden" id="addadminTypeId" value="'.$typeId.'">';
?>
<?php echo
'<input type="hidden" id="titleId" name="titleId" value="'.$titleId.'">';
?>
<button class="btn btn-info btn-primary" type="submit">Submit</button>
<br>
<br>
</form>
</div>
</div>
</div>
</div>
update.php
<?php
require_once 'functions/db_connection.php';
$conn = DB::databaseConnection();
$title = $units = $category = "";
if(isset($_POST["titleId"]) && !empty($_POST["titleId"])){
$titleId = $_POST['titleId'];
$sql = "UPDATE title SET title = :title, units = :units, category = :category WHERE titleId = :titleId";
if($stmt = $conn->prepare($sql))
{
// Bind variables to the prepared statement as parameters
$stmt->bindParam(':titleId', $titleId);
$stmt->bindParam(':title', $title);
$stmt->bindParam(':units', $units);
$stmt->bindParam(':category', $category);
if ($stmt->execute()) {
header("location: index.php");
exit();
} else{
echo "Something went wrong. Please try again later.";
}
unset($stmt);
}
unset($conn);
} else{
if(isset($_GET["titleId"]) && !empty(trim($_GET["titleId"]))){
$titleId = trim($_GET["titleId"]);
$sql = "SELECT * FROM title WHERE titleId = :titleId";
if($stmt = $conn->prepare($sql))
{
$stmt->bindParam(':titleId', $titleId);
if ($stmt->execute()){
if($stmt->rowCount() == 1){
$result = $stmt->fetch(PDO::FETCH_ASSOC);
// Retrieve individual field value
$title = $result["title"];
$units = $result["units"];
$category = $result["category"];
} else{
echo"error1";
exit();
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
unset($stmt);
unset($conn);
} else{
// URL doesn't contain id parameter. Redirect to error page
echo"error2";
exit();
}
}
?>
<!--<!DOCTYPE html>-->
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Update Record</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
<style type="text/css">
.wrapper{
width: 500px;
margin: 0 auto;
}
</style>
</head>
<body>
<div class="wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<div class="page-header">
<h2>Update Record</h2>
</div>
<form action="<?php echo htmlspecialchars(basename($_SERVER['REQUEST_URI'])); ?>" method="post">
<label for="Activity">Title</label>
<input class="form-control" id="adminTitle" name="title" type="text" value="<?php echo $title; ?>" required>
<br>
<label for="units">Units (required)</label>
<input class="form-control" id="adminUnits" type="number" name="units" value="<?php echo $units; ?>" required>
<br>
<label for="Category">Category (Optional)</label>
<input class="form-control" id="adminCategory" type="text" value="<?php echo $category; ?>" name="category">
<br>
<input type="hidden" name="titleId" value="<?php echo $titleId; ?>">
<button class="btn btn-info btn-primary" type="submit">Submit</button>
<br>
<br>
</form>
</div>
</<div>
</div>
</div>
</div>
</body>
</html>
The only goal here is to get the update form working, the user should be able to update the records of the respective title being selected.

I don't know crud but I think there is a way to debug a little:
e.g. try this:
if(isset($_POST["titleId"]) && !empty($_POST["titleId"])){
// test if you are here:
echo 'hi, yeah I am here!';
}
or this
echo '<pre>';
var_dump($_POST);
echo '</pre>';
// before:
if(isset($_POST["titleId"]) && !empty($_POST["titleId"])){
// ...
}
also, take a look at
error_get_last()['message']

PHP post request from HTML page showing blank input fields

Currently looking to implement functionality to edit details in MySQL database via a HTML page. The page itself shows all data in the database which matches the unique id of the user who is is logged in via a PHP session and echos that data to input boxes in a while loop.
When the user makes changes to the input text and hits the save changes link it then calls the edit endpoint which in turn calls the edit SQL function in a functions file.
I'm using an anchor tag wrapped in a button to send the id of the row that is being edited and all this sits inside a POST action form.
However the input texts are only showing as blank as if the endpoint is not receiving the text in the input field, and despite trying quite a few different methods I can't seem to get a result.
Code for Web page (not whole page but only concerned code)
<?php
$connect =mysqli_connect('localhost','root','','micaddy');
$id_query = mysqli_query($connect, "SELECT unique_id FROM users WHERE email = '{$_SESSION['login_user']}'");
$id_array = mysqli_fetch_assoc($id_query);
$uid = $id_array['unique_id'];
$result = mysqli_query($connect, "SELECT * FROM clubs WHERE user_id =
'$uid'");
?>
<div class="container">
<div class="row">
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-heading clearfix"><h3 class="panel-title"><strong>Your Golfbag</strong><button type="button" class="btn btn-info btn-lg pull-right" data-toggle="modal" data-target="#addModal">Add Club</button></h3></div>
<?php while($row=mysqli_fetch_assoc($result)):?>
&nbsp <span><?php if(isset($_SESSION['message'])){ echo $_SESSION['message']; unset($_SESSION['message']);} ?></span>
<div class="panel-body">
<div class="container-fluid">
<div class="row">
<div class="col-md-5">
<div class="panel panel-default">
<div class="panel-heading"><h3 class="panel-title"><strong><?php echo $row['club_type'];?></strong></h3></div>
<div class="panel-body">
<form id="" method="POST" action="editClub.php">
<div class="form-group">
<label for="clubType">Club ID</label>
<input type="text" readonly="" class="form-control" id="inputClubType" value="<?php echo $row['id'];?>" name="clubIdInput">
</div>
<div class="form-group">
<label for="clubBrand">Type</label>
<input type="text" class="form-control" id="inputclubBrand" value="<?php echo $row['club_type'];?>" name="clubTypeInput">
</div>
<div class="form-group">
<label for="clubBrand">Brand</label>
<input type="text" class="form-control" id="inputclubBrand" value="<?php echo $row['brand'];?>" name="clubBrandInput">
</div>
<div class="form-group">
<label for="clubNum">Number or Type</label>
<input type="text" class="form-control" id="inputclubNum" value="<?php echo $row['club_number'];?>" name="clubNumInput">
</div>
<div id="deleteClub">
<button id="submitChange" type="button" class="btn btn-danger btn-lg"><?php echo "<a href='deleteClub.php?id=".$row['id']."'>Delete</a>" ?></button>
<button type="button" class="btn btn-info btn-lg"><?php echo "<a href='editClub.php?id=".$row['id']."'>Save Changes</a>" ?></button>
</div>
<span><?php if(isset($_SESSION['message'])){ echo $_SESSION['message']; unset($_SESSION['message']);} ?></span>
</form>
</div>
</div>
</div>
<div class="col-md-5">
<div class="panel panel-default">
<div class="panel-heading"><h3 class="panel-title"><strong>Club Image</strong></h3></div>
<div class="panel-body">
<div class="form-group">
<img src="club_images/<?php echo $row['clubImg']; ?>" class="img-rounded" width="250px" height="250px" alt="Image"/>
</div>
</div>
</div>
</div>
</div>
</div>
<span><?php if(isset($_SESSION['message'])){ echo $_SESSION['message']; unset($_SESSION['message']);} ?></span>
</div>
<?php endwhile;?>
</div>
</div>
</div>
</div>
The edit endpoint:
<?php
session_start();
$error='';
require_once '../include/DB_Functions.php';
$db = new DB_Functions();
if(empty($_POST['clubBrandInput']) || empty($_POST['clubNumInput'])){
$_SESSION['message'] = "Warning: Some fields are blank! Please try again";
header("Location: golfbag.php");
} else{
if(isset($_POST['clubBrandInput']) && isset($_POST['clubTypeInput']) && isset($_POST['clubNumInput'])){
$brand = $_POST['clubBrandInput'];
$type = $_POST['clubTypeInput'];
$num = $_POST['clubNumInput'];
$id = $_GET['id'];
$club = $db->editclub($brand, $type, $num, $id);
if($club) {
header("Location: golfbag.php");
$_SESSION['message'] = "Success! Details edited.";
}else{
header("Location: golfbag.php");
echo $error;
}
}
}
?>
The function method:
public function editClub($brand, $type, $num, $id){
$stmt = $this->conn->prepare("UPDATE clubs SET brand = '$brand', club_type = '$type', club_number = '$num' WHERE id = '$id'");
$result = $stmt->execute();
$stmt->close();
if($result){
$stmt = $this->conn->prepare("SELECT * FROM clubs WHERE user_id = ?");
$stmt->bind_param("s", $uid);
$stmt->execute();
$club = $stmt->get_result()->fetch_assoc();
$stmt->close();
return $club;
}else{
return false;
}
}

You do not have a <form> defined in this HTML.
You are also clicking an anchor link <button id="submitChange" type="button" class="btn btn-danger btn-lg"><?php echo "<a href='deleteClub.php?id=".$row['id']."'>Delete</a>" ?></button>
even though it is in a button.
Therefore you will only pass the id=".$row['id']." parameter to the endpoint and that will be passed in the $_GET array and not the $_POST array

Variables not passed in url and page not displaying

I am redirecting a user to a page named "forgot_pass" in such a way
"forgot_pass.php?code='$code'&username='$hidden_username'>".
But when user clicks on link for redirection the url seems like this
http://localhost/Validation/forgot_pass.php?code=
and there is no any page displayed.
The variables passed in url have values as i have already checked it. But they are not displaying when sent in url.
Help me in solving this issue.
reset.php
<?php
ini_set("display_errors", TRUE);
require_once './include/db_connection.php';
$pass = $_POST['pass'];
$pass1 = $_POST['pass1'];
$code = $_GET['code'];
$hidden_username = $_POST['username'];
if($pass == $pass1)
{
echo 'Password Changed !';
}
else
{
echo "Passowrd must match
<a href='forgot_pass.php?code='$code'&username='$hidden_username'>Try Again</a>
";
}
forgot_pass.php
<?php
ini_set("display_errors", TRUE);
require_once './include/db_connection.php';
if(isset($_GET['code']))
{
$get_code = (isset($_GET['code'])? $_GET['code'] : null);
$get_username =(isset($_GET['username']) ? $_GET['username'] : null);
$match_code = mysqli_query($link, "select * from signup where username='$get_username'");
if(mysqli_num_rows($match_code) > 0)
{
while($row = mysqli_fetch_assoc($match_code))
{
$db_username = $row['username'];
$db_code = $row['paareset'];
}
}
if($get_username == $db_username && $get_code == $db_code)
{ ?>
<html>
<head>
<meta charset="UTF-8">
<title>Change Password</title>
</head>
<body>
<div class="container">
<div class="row">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-body">
<div class="text-center">
<h3><i class="fa fa-pencil fa-4x"></i></h3>
<h2 class="text-center">New Password?</h2>
<div class="panel-body">
<form class="form" method="post"
action= "reset_pass.php?code=<?php echo $get_code ?>"
<fieldset>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-pencil color-blue"></i></span>
<input name="pass" placeholder="New Password" class="form-control" type="password" required="">
</div>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-pencil color-blue"></i></span>
<input name="pass1" placeholder="Re-type Password" class="form-control" type="password" required="">
<input type="hidden" name="username" value="<?php echo $db_username ?>">
</div>
</div>
<div class="form-group">
<input class="btn btn-lg btn-primary btn-block" name="send" value="Change Password" type="submit">
</div>
<div class="form-group">
<span style="color: red"><?php if(isset($message['mail'])) {echo $message['mail']; } ?></span>
</div>
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
}
} // End if (isset['code'])
if(!isset($_GET['code']))
{
?>
<html>
<head>
</head>
<body>
// Here i am displaying another form that gets email address and sends email
</body>
</html>
<?php
}

Remove single-quotes around the arguments, you are using them to delimit the URL so don't use them inside the URL (or at least escape them) :
echo "Password must match <a href='forgot_pass.php?code=$code&username=$hidden_username'>Try Again</a>";

Try with this way
echo "Passowrd must match
Try Again"

you have mismatch in columns
try to change your code to
echo "Passowrd must match
<a href='forgot_pass.php?code=".$code."&username=".$hidden_username".'>Try Again</a>
"

Please check if your filenames are correct.
You named: reset.php and forgot_pass.php
In forgot_pass.php your action goes towards reset_pass.php

remove single quote
"forgot_pass.php?code=$code&username=$hidden_username>"