I have problem with article deleting. I have got 2 files(article.php, delete.php). When I require file delete.php in article.php it is not deleting the article, but when i open it itself.. just delete.php, It works. I don't know why its happening. Can someone please help me? thanks. Files below.
This is article.php:
<?php
session_start();
include_once('../connect.php');
include_once('admin.php');
include_once('../includes/article.php');
if(isset($_SESSION["user_id"])){
$query=$pdo->prepare("SELECT * FROM users WHERE id =
".$_SESSION["user_id"]);
$query->execute();
$row=$query->fetch(PDO::FETCH_ASSOC);
if($row['privileges']==1){
?>
<html>
<head>
<title>CMS Tutorial</title>
<link rel="stylesheet" href="assets/style.css" />
</head>
<body>
<br/>
<div class="options">
<img src="../images/add.png" width="20px" height="20px" style="float:left;"><form method="post"><input class="article" type="submit" name="add" value="Pridať článok">
</form>
<img src="../images/delete.png" width="20px" height="20px" style="float:left;"><form method="post"><input class="article" type="submit" name="delete" value="Odstrániť článok"></form>
<img src="../images/edit.png" width="20px" height="20px" style="float:left;"><form method="post"><input class="article" type="submit" name="edit" value="Upraviť článok"></form>
</div>
<?php
if(isset($_POST['add'])){
require_once('add.php');
}else{
if(isset($_POST['delete'])){
require_once('delete.php');
}else{
if(isset($_POST['edit'])){
require_once('edit.php');
}}}?>
</body>
</html>
<?php
} else{
header('Location: ../index.php');
}
} else{
header('Location: ../index.php');
}
?>
This is delete.php:
<?php
session_start();
include_once('../connect.php');
include_once('../includes/article.php');
$article= new Article;
if(isset($_SESSION['user_id'])){
if(isset($_POST['id'])){
$id=$_POST['id'];
$query=$pdo->prepare('DELETE FROM articles WHERE article_id=?');
$query->bindValue(1,$id);
$query->execute();
header('Location: ../index.php');
}
$articles=$article->fetch_all();
?>
<html>
<head>
<link rel="stylesheet" href="assets/style.css" />
</head>
<body>
<div class="container">
<br/>
<h4>Zvoľte článok, ktorý chcete odstrániť:</h4>
<form action="" method="post" class="addarticle">
<select name="id">
<?php foreach($articles as $article){?>
<option value="<?php echo $article['article_id']; ?>"><?php echo
$article['article_title']; ?></option>
<?php } ?>
</select>
<input type="submit" value="Odstrániť článok">
</form>
</div>
</body>
</html>
<?php
} else{
header('Location: ../index.php');
}
?>
You should make sure you are calling session_start exactly once:
if(session_id() == '') {
session_start();
}
and now to your problem. When you click on the delete button, your form is submitted and the only data sent is delete=Odstrániť článok, no id being sent there. You need to change your form like this:
<img src="../images/delete.png" width="20px" height="20px" style="float:left;"><form method="post"><input class="article" type="submit" name="delete" value="Odstrániť článok"><input type="hidden" name="id" value="<?php /*echo id of the article to be removed*/ ?>"></form>
If you do so, upon clicking on the delete button, the id will be sent to the server as well. Your delete is executed now without a problem, but the id you provide to it is faulty.
Related
i'm trying to learn about session_start() but when i run the file, it only show what is inside the
if (isset($_SESSION['username'])&& isset($_SESSION['password'])==$password) {
?>
log out
<?php } ?>
and not showing else{...} and even after i click log out, it won't print anything in else statement and only print inside the if statement. I use another file to do the log out proses but i don't know the right code for session_destroy()
here's the logout.php code below:
<?php
session_start();
session_destroy();
header("location: home.php");
?>
here's the full code:
<?php
session_start();
include("DB/db.php");
$_SESSION['username']=$username;
$_SESSION['password']=$password;
$_SESSION['is_log_in'] = true;
?><!DOCTYPE html>
<html>
<head>
<title></title>
<link rel="stylesheet" type="text/css" href="css/css.css">
</head>
<body>
<div id="blank"></div>
<div id="panel">
<nav id="bar">
<div id="submen">
<form id="sir">
<input type="Search" name="search" placeholder="Search.." id="search">
</form>
Walpaper
Art
Photos
Image
<?php
if (isset($_SESSION['username'])&& isset($_SESSION['password'])==$password) {?>
<?php echo $username?>
log out
</div>
</nav>
</div>
</table>
<?php } else {
?>
login
register
</div>
</nav>
</div>
</table>
<?php } ?>
</body>
</html>
UPDATE for log in script
<?php
session_start();
include("DB/db.php");
if ($_GET['log']=='out'){
session_destroy();
}
if ($_POST['user']){
$sql = "Select password from user where username = '".$_POST['user']."' ";
$result = mysqli_query($koneksi, $sql);
if (mysqli_num_rows($result)){
$row = mysqli_fetch_assoc($result);
if ($row['password'] == md5($_POST['pass'])) {
$_SESSION['login'] = TRUE;
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
}else{
$pesan = "Username and password mismatch";
}
}else{
$pesan = "please register";
}
}
?><!DOCTYPE html>
<html>
<head>
<title>Log in</title>
</head>
<body>
<?php
if ($_SESSION['login']) {
echo "text";
}else{
?>
<h1>Login</h1>
<form method="post" action="rahasia.php">
Username: <input type="text" name="user">
Password: <input type="password" name="pass">
<input type="submit" name="" value="Login">
</form>
<form method="post" action="register.php">
<input type="submit" name="register" value="register">
</form>
<?php
}
echo $pesan;
?>
</body>
</html>
where have i gone wrong
Your $_SESSION vars are always set, and $password always equals $_SESSION['password'].
$_SESSION['username']=$username; // null, plus notice in error_log
$_SESSION['password']=$password; // null, plus notice in error_log
Unless those two vars are set in include("DB/db.php");, in which case that is bad practice. Can you paste db.php to see what is happening inside?
UPDATE.
Okay so the vars are being set. This now means:
$_SESSION['username']=$username; // a
$_SESSION['password']=$password; // 123456789
Therefore they will still match. You need to refactor these lines to function properly. Are you sure the mysql credentials is what you want for your logged in user
?
i don't know what is wrong with my code when there is no members page the log in redirect me to the members page address with 404 error that isn't the problem , it redirect me to login page when i log in when i write this code in members page.
<?php
session_start();
if(!isset($_SESSION['user_level'])or ($_SESSION['user_level'] != 0)){
header('location: login.php');
exit();
}?>
<!DOCTYPE html>
<html>
<head>
<title>
Admin page
</title>
<style>
table{text-align: center;}
</style>
</head>
<body>
<?php
if($_SESSION['fname']){
echo 'welcome to admin page '. $_SESSION['fname'] . "<br>";
}
?>
<input type="button" value="Log Out" onclick="window.location=' logoutt.php '">
</body>
</html>
login page code
<?php
if($_SERVER['REQUEST_METHOD']=='POST'){
$dbcon=mysqli_connect('localhost','mahmud91','password','postaldb')or die('Couldn\'t connect to database'.mysqli_error($dbcon));
if(!empty(trim($_POST['email']))){
$email=mysqli_real_escape_string($dbcon,trim($_POST['email']));
}else{
$email=false;
}
if(!empty(trim($_POST['psword']))){
$psword=mysqli_real_escape_string($dbcon,trim($_POST['psword']));
}else{
$psword=false;
}if($email && $psword){
$query="SELECT fname,user_id,user_level FROM users WHERE (email='$email' AND psword=SHA1('$psword'))";
$result=mysqli_query($dbcon,$query);
if(#mysqli_num_rows($result)==1){
$_SESSION=mysqli_fetch_array($result,MYSQLI_ASSOC);
$_SESSION['user_level']=(int)$_SESSION['user_level'];
$url=($_SESSION['user_level']===1) ? "adminnpage.php" : "memberrpage.php";
header('location: '.$url);
}else{
echo "Sorry no match was found to email or password";
}
}else{
echo" Please try again";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>
Log In
</title>
</head>
<body>
<form action="/newfolder/login.php" method="post">
<p>
<label for="email">Email: </label>
<input type="text" name="email" id="email" >
</p>
<p>
<label for="psword">Password: </label>
<input type="password" name="psword" id="psword">
</p>
<p>
<input type="submit" name="submit" value="Log In">
</p>
<p>
<input type="button" value="Register" onclick="window.location='/newfolder/registerpage.php'">
</p>
</body>
</html>
You forgot to start session at the top of login page just after php tag
session_start();
I'm a beginner in making a website and I'm still practising in making a website using PHP lounge.
This is the problem that I'm facing, if I click back button I'm still on the login page, how can i remove login form?
Here is the image
my php code for login from my database
$member_email = $_POST["member_email"];
$member_password = md5($_POST["member_password"]);
require_once("db_open.php");
$sql = "SELECT * FROM members WHERE member_email='".$member_email."' AND member_password='".$member_password."'";
$result = $conn->query($sql) or die($conn->error);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
session_start();
$_SESSION["member_id"] = $row["member_id"];
$_SESSION["member_email"] = $row["member_email"];
$_SESSION["member_full_name"] = $row["member_full_name"];
}
} else {
header("Location: login_form.php");
exit();
}
require_once("db_close.php");
header("Location: index.php");
?>
Code for my checking for my login
<?php
if (!isset($_SESSION["member_id"])) {
exit("<h3>Please <a class='btn btn-primary' href='login_form.php'>login</a> first.</h3>");
}
?>
Here is my html and login form
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>All Members</title>
<link rel="stylesheet" href="bootstrap.min.css" />
</head>
<body>
<?php require_once("top_nav.php"); ?>
<div class="container">
<h1>Login</h1>
<form method="POST" action="login_db.php">
<div class="form-group">
<label for="member_email">Email:</label>
<input type="text" name="member_email" id="member_email" class="form-control" />
</div>
<div class="form-group">
<label for="member_password">Password:</label>
<input type="password" name="member_password" id="member_password" class="form-control" />
</div>
<button type="submit" class="btn btn-success btn-lg">Login</button>
</form>
</div>
</body>
</html>
Going to try to keep it short. I have a while loop in grid.php file to fill up a table as such...
<?php while($product = $products->fetch_assoc()) { ?>
<tr>
<td><?php echo $product['cd_id']?></td>
<td><?php echo $product['cd_title']?></td>
<td><?php echo $product['cd_musician_fname']?></td>
<td><?php echo $product['cd_musician_lname']?></td>
<td><?php echo $product['cd_price']?></td>
<td>Edit</td>
<td>Delete</td>
</tr>
<?php } ?>
If I click the first anchor tag takes me to a edit.php file and here is the head code for that file.
<?php include '_includes/db.php';
$cd_id = trim($_GET['id']);
$message = '';
include '_includes/connection.php';
if($db->connect_error){
$message = $db->connect_error;
}else{
$sql = "SELECT * FROM CD WHERE cd_id = $cd_id";
$result = $db->query($sql);
$row = $result->fetch_assoc();
if($db->error){
$message = $db->error;
}
}
?>
Now I will show the html of edit.php
<!-- Product Musician last name-->
<fieldset class="form-group">
<label for="cd_musician_lname">Musician's lirst name</label>
<input type="text" class="form-control" id="cd_musician_lname" name="cd_musician_lname" value="<?php echo $row['cd_musician_lname'];?>">
</fieldset>
<!-- End of Musician last name-->
<!-- Product price-->
<fieldset class="form-group">
<label for="cd_price">Product price</label>
<input type="text" class="form-control" id="cd_price" name="cd_price" value="<?php echo $row['cd_price'];?>">
</fieldset>
<!-- End of Product price-->
<!-- Form submit button-->
Update Record
<a class="btn btn-primary" href="index.php" role="button">Go Back Home</a>
I have the edit.php page working just fine but if I make changes in the fields and click the submit anchor tag I get all the fields of the row empty but the PK. Here is the code for the final edit_confirm.php file
<?php
include '_includes/db.php';
$cd_id = trim($_GET['id']);
$cd_title = $_POST['cd_title'];
$cd_musician_fname = $_POST['cd_musician_fname'];
$cd_musician_lname = $_POST['cd_musician_lname'];
$cd_price = $_POST['cd_price'];
$message = '';
include '_includes/connection.php';
if($db->connect_error){
die("Connection failed: ".$db->connect_error);
} else {
$sql = "UPDATE CD SET cd_title='".$cd_title."', cd_musician_fname='".
$cd_musician_fname."', cd_musician_lname='".
$cd_musician_lname."', cd_price='".$cd_price."' WHERE cd_id = $cd_id ";
$db->query($sql);
var_dump($sql);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<?php include '_includes/main-head.php';?>
</head>
<body>
<?php include '_includes/main-navbar.php';?>
<div class="container">
<hr>
<?php
if($db->query($sql) === TRUE){ ?>
<h1>Record updated successfully.</h1>
<?php echo $cd_title; ?>
<?php echo $record->affected_rows ?>
<p> record was updated in the database.</p></br>
<?php } else { ?>
<p>Error updating the record: </p> <?php $db->error; ?>
<?php }; ?>
<hr>
<a class="btn btn-primary" href="index.php" role="button">Go Back Home</a>
</div>
<?php include '_includes/main-script.php';?>
</body>
</html>
If you notice in the edit_confirm.php I did a var_dump to see what are the values in the variables and it shows empty.
I need help with this.
Thank you in advance.
Man the better way to do this is make it simple to test if the record is updating or not
formsample.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<?php
include("connection.php");
$id = $_GET['id'];
$query= "select * from clients where id = '$id'";
$sql = mysqli_query($connect, $query);
$result = mysqli_fetch_assoc($sql);
?>
<form action="process.php" method="post">
<input type="text" name="name" id="name" value="<?php echo $result['name'] ?>" />
<input type="text" name="email" id="email" value="<?php echo $result['email'] ?>" />
<input type="hidden" name="id" id="id" value="<?php echo $id?>" />
<input type="submit" />
</form>
</body>
</html>
process.php
<?php
include("connection.php");
$id = $_POST['id'];
$name = $_POST['name'];
$email= $_POST['email'];
$query = "UPDATE clients set name= '$name', email ='$email' where id = '$id'";
$sql = mysqli_query($connect, $query);
?>
Update Record
This is not the proper way to submit a form - it won't work at all.
You need to have a form opening and closing tag, the target address is in the action attribute of the form element, and the method is on there too and should be post for this form (method="POST"). In your code you have a link where you should have a submit input so it won't submit the data, it will just redirect you to that URL. You should have something like this:
<input type="submit" value="Update Record" />
http://www.w3schools.com/html/html_forms.asp
Index.php Page
I am a beginner.
This is index page in which i print a name of user who is logged in and i want to update the username whenever a user edit his detail i try to update it,it's updating the username but when i edit detail then i have log out first then login again then the name will update.I want to update the name instantly when a user edit his detail and redirect to index page just like facebook do.
i almost spend a week for solving this problem.Please give me code if anything needs to with ajax.
Thank you
<?php
session_start();
require_once("inc/connection.php");
if (empty($_SESSION['usersession'])) {
header("Location: login.php");
}
if (isset($_SESSION['msg'])) {
echo $_SESSION['msg'];
unset($_SESSION['msg']);
}
?>
<!DOCTYPE html>
<html>
<head>
<title>WELCOME TO USER AREA</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body>
<div id="main">
<nav id="nav">
<div class="logout">
WELCOME <?php echo $_SESSION['usersession']['name']; ?> // echo name of user
Log out
</div>
<ul>
<li>Home</li>
<li>Register</li>
<li>Edit</li>
<li>Delete(not recommended)</li>
</ul>
</nav>
<div class="para">
some text
</div>
</div>
</body>
</html>
Edit.php
This is edit.php code
<?php
session_start();
if (empty($_SESSION['usersession'])) {
header("Location: login.php");
}
if (isset($_SESSION['msg'])) {
echo $_SESSION['msg'];
unset($_SESSION['msg']);
}
?>
<!DOCTYPE html>
<html>
<head>
<title>REGISTER HERE</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body>
<div id="reg2">
<?php
if (isset($_POST['btn'])) {
$name = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
$id = $_SESSION['usersession']['id'];
if (!empty($name && $email && $password)) {
if (!empty($password)) {
$password = sha1($password);
require_once("inc/connection.php");
$query = mysqli_query($conn, "UPDATE register SET name='$name',email='$email',password='$password' WHERE id='$id'");
if ($query) {
header("Location: index.php");
} else {
echo "not updated right now please try again later";
}
$_SESSION['msg'] = "Your detail has been updated successfully";
}
} else {
echo "please put your updated password";
}
}
?>
</div>
<div id="form">
<form method="post" action="edit.php">
<label>NAME</label><p>
<input class="int" type="text" class="nm" name="name" placeholder="Please Enter Your Name Here" value="<?php echo $_SESSION['usersession']['name']; ?>" /><p>
<label>EMAIL</label><p>
<input class="int" type="email" class="em" name="email" placeholder="Please Enter Your Email Here" value="<?php echo $_SESSION['usersession']['email']; ?>" /><p>
<label>PASSWORD</label><p>
<input class="int" type="password" name="password" placeholder="Please Enter Your new Password Here" />
<p></p>
<input type="hidden" name="id[]" value="<?php echo $_SESSION['usersession']['id']; ?>"/>
<input type="submit" name="btn" id="btu" value="Update">
</form>
</div>
</body>
</html>
When updating your Database you didnt change the value in your $_SESSION.
You have to do that manually.
// Add that under $_SESSION['msg'] = '....'
$_SESSION['usersession']['username'] = $name; // Same with email and password
Note that your code is vulnerable to mysql-injection. You should mysql_real_escape_string to avoid that.
Furthermore you display your message before even outputting your <!DOCUMENT html>. Please dont do that. Instead echo the message somewhere in your html!