I want to write a program where I will insert a particular id through form in database and the corresponding email will be displayed in image in jpeg format.
But I am not getting the required email instead I am getting image with this text "No email upload".
I have 3 files in one folder
index.php,
connect_sql.php,
generate_image.php
Below is code in index.php
<?php
require 'connect_sql.php';
if(isset($_GET['id'])){
$id = $_GET['id'];
if(!empty($id)){
global $conn;
$escaped_id = mysqli_real_escape_string($conn,$id);
$query = "SELECT username,email FROM user_table WHERE id = ".$escaped_id;
$query_run = mysqli_query($conn,$query);
$num_rows = mysqli_num_rows($query_run);
if($num_rows == 1){
while($row = mysqli_fetch_assoc($query_run)){
$fetched_email = $row['email'];
$fetched_name = $row['username'];
echo $fetched_name." your email is ";
echo "<img src='generate_image.php' />";
}
}else{
echo "Id not found.";
}
}else{
echo "Please enter id.";
}
}
?>
<form action="index.php" method="get">
<p>
Id<br />
<input type="text" name="id" />
</p>
<p>
<input type="submit" value="Submit" />
</p>
</form>
Below is code in connect_sql.php
<?php
$hostname = "localhost";
$username = "root";
$password = "";
$db_name = "php_thenewboston";
$conn = mysqli_connect($hostname,$username,$password);
$conn_db = mysqli_select_db($conn,$db_name);
if(!$conn || !$conn_db){
die("Connection unsuccessful.");
}
?>
Below is code in generate_image.php
<?php
header('Content-type: image/jpeg');
if(!empty($fetched_email)){
$email = $fetched_email;
}else{
$email = "No email uploaded.";
}
$email_length = strlen($email);
$font_size = 16;
$imageHeight = ImageFontHeight($font_size);
$image_width = $imageHeight * $email_length;
$image = imagecreate($image_width,$imageHeight);
imagecolorallocate($image,255,255,255);
$font_color = imagecolorallocate($image,0,0,0);
imagestring($image, $font_size, 0, 0, $email, $font_color);
imagejpeg($image);
?>
I am unable to catch my error.
I am a beginner in php.
Please comment below for any query.
Related
I'm trying to figure out how to upload a file into the database where that form contains multiple textfields. I uploaded a BLOB field into the database. So as I try to search the field using the ID number, it will retrieve me the values associated with it. Which works fine, so I added the function of being able to upload a file into that specific id number. I get all sorts of errors and I would like to have an assistance with it. Anyone care to help out? Here are the codes:
<?php
$host = "localhost";
$user = "root";
$password ="";
$database = "ntmadb";
$id = "";
$firstname = "";
$lastname = "";
$username = "";
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
// connect to mysql database
try{
$connect = mysqli_connect($host, $user, $password, $database);
} catch (mysqli_sql_exception $ex) {
echo 'Error';
}
// get values from the form
function getPosts()
{
$posts = array();
$posts[0] = $_POST['id'];
$posts[1] = $_POST['firstname'];
$posts[2] = $_POST['lastname'];
$posts[3] = $_POST['username'];
return $posts;
}
// Search
if(isset($_POST['search']))
{
$data = getPosts();
$search_Query = "SELECT * FROM members WHERE id = $data[0]";
$search_Result = mysqli_query($connect, $search_Query);
if($search_Result)
{
if(mysqli_num_rows($search_Result))
{
while($row = mysqli_fetch_array($search_Result))
{
$id = $row['id'];
$firstname = $row['firstname'];
$lastname = $row['lastname'];
$username = $row['username'];
}
}else{
echo 'No Data For This Id';
}
}else{
echo 'Result Error';
}
}
// Edit
if(isset($_POST['update']))
{
$data = getPosts();
$update_Query = "UPDATE `members` SET `firstname`='$data[1]',`lastname`='$data[2]',`username`='$data[3]' WHERE `id` = $data[0]";
try{
$update_Result = mysqli_query($connect, $update_Query);
if($update_Result)
{
if(mysqli_affected_rows($connect) > 0)
{
echo 'Data Updated';
}else{
echo 'Data Not Updated';
}
}
} catch (Exception $ex) {
echo 'Error Update '.$ex->getMessage();
}
}
<!--UPLOADUPLOADUPLOADUPLOADUPLOADUPLOADUPLOADUPLOADUPLOADUPLOADUPLOADUPLOADUPLOAD -->
// Check if a file has been uploaded
if(isset($_FILES['uploaded_file'])) {
// Make sure the file was sent without errors
if($_FILES['uploaded_file']['error'] == 0) {
// Connect to the database
$dbLink = new mysqli('localhost', 'root', '', 'ntmadb');
if(mysqli_connect_errno()) {
die("MySQL connection failed: ". mysqli_connect_error());
}
// Gather all required data
$data = $dbLink->real_escape_string(file_get_contents($_FILES ['uploaded_file']['tmp_name']));
// Create the SQL query
$query = "
INSERT INTO `members` (
`data`
)
VALUES (
'{$data}' NOW()
)";
// Execute the query
$result = $dbLink->query($query);
// Check if it was successfull
if($result) {
echo 'Success! Your file was successfully added!';
}
else {
echo 'Error! Failed to insert the file'
. "<pre>{$dbLink->error}</pre>";
}
}
else {
echo 'An error accured while the file was being uploaded. '
. 'Error code: '. intval($_FILES['uploaded_file']['error']);
}
// Close the mysql connection
$dbLink->close();
}
else {
echo 'Error! A file was not sent!';
}
?>
and here is the html file:
<!DOCTYPE Html>
<html>
<head>
<title>PHP INSERT UPDATE DELETE SEARCH</title>
</head>
<body>
<form action="index4.php" method="post" enctype="multipart/form-data" >
<input type="number" name="id" placeholder="Id" value="<?php echo $id;?>"><br><br>
<input type="text" name="firstname" placeholder="First Name" value="<?php echo $firstname;?>"><br><br>
<input type="text" name="lastname" placeholder="Last Name" value="<?php echo $lastname;?>"><br><br>
<input type="text" name="username" placeholder="User Name" value="<?php echo $username;?>"><br><br>
<div>
<p>
<!-- Input For Edit Values -->
<input type="submit" name="update" value="Update">
<!-- Input For Find Values With The given ID -->
<input type="submit" name="search" value="Find">
</p>
<p>
<input type="file" name="uploaded_file">
<br>
<input type="submit" value="Upload file">
</p>
</div>
</form>
</body>
</html>
Thanks to anyone who can provide me with help. :)
I'm pretty sure my code is correct. The issue I have is that, when viewing the image, there is only some of the image that is showing. I think it has something to do with my database that i'm uploading to, but I can't figure out what
Here is my code:
form for the upload
<form id="form2" method="post" name="postForm" action="post.php" enctype="multipart/form-data">
<h2>Post News here</h2>
<p>Title:</p>
<input type="text" required placeholder="Enter a title" maxlength="30" name="postTitle">
<p>Body:</p>
<input type="textarea" required placeholder="Enter a body" maxlength="250" name="postBody">
<p>Link/ Reference:</p>
<input type="text" required placeholder="Enter a link or reference" maxlength="100" name="postLinkRef">
<p>Image to upload:</p>
<input type="file" name="imageTest">
<p><input type="submit" value="Submit" name="submit"></p>
</form>
inserting the image
<?php
$host = "localhost";
$userName = "root";
$password = "password";
$db = "userdata";
$connect = mysqli_connect($host,$userName,$password, $db);
if($connect)
{
if(isset($_POST['submit']) && isset($_FILES['imageTest']))
{
$postTitle = mysqli_real_escape_string($connect,$_POST['postTitle']);
$postBody = mysqli_real_escape_string($connect,$_POST['postBody']);
$postLink = mysqli_real_escape_string($connect,$_POST['postLinkRef']);
//address, postcode
//admin priveleges for scertain accounts
//wont allow me to use $_FILES and i dont know why...
$postImageName = mysqli_real_escape_string($connect, $_FILES['imageTest']['name']);
$postImageData = mysqli_real_escape_string($connect, file_get_contents($_FILES["imageTest"]["tmp_name"]));
$postImageType = mysqli_real_escape_string($connect, $_FILES["imageTest"]["type"]);
$sql = "INSERT INTO news(title, body, link, imageName, imageData) VALUES('$postTitle','$postBody','$postLink','$postImageName','$postImageData')";
if(mysqli_query($connect, $sql))
{
echo "Your post has been uploaded\n\n";
echo "Thank you for your post $testUserName\n\n";
echo "<a href='index.php'>Got to your news </a>";
}
else
{
echo "Sorry, something went wrong!! Check to make sure the image your are uploading is a jpeg image (not any other file)!";
}
}
mysqli_close($connect);
}
else
{
echo "Fail connection";
}
?>
Showing the image
<?php
$host = "localhost";
$userName = "root";
$password = "password";
$db = "userdata";
$connect = mysqli_connect($host,$userName,$password, $db);
if(isset($_GET['postID']))
{
$id = mysqli_real_escape_string($connect, $_GET['postID']);
$q = "SELECT * FROM news WHERE postID = $id";
$r = mysqli_query($connect, $q);
if(mysqli_num_rows($r)==1)//id found in the table
{
$row = mysqli_fetch_assoc($r);
$imageData = $row["imageData"];
}
header("Content-type:image/jpeg");
echo $imageData;
}
else
{
echo "error";
}
?>
[1[2
Trying to create simple PHP login form that takes 'username' and 'password', if matched with 'dbusername' and 'dbpassword' the code should echo "You're Logged In!.
When I run the code, I get no errors.The page goes from login.php to process.php but shows a blank page. Doesn't show: echo "Incorrent username or password!" or "You're Logged In!".
I checked to see if its returning any rows from database. I'm getting 0 rows. But why?! Is my code logic incorrect? Because my database connection works AND I have a username: alex and password: abc in my database named phplogin and in table users
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$servername = 'localhost';
$username = 'root';
$password = '';
$dbname = 'phplogin';
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sql = "SELECT *
FROM users
WHERE username = '".$username."'
AND password = '".$password."'";
$result = mysqli_query($conn, $sql);
echo mysqli_num_rows($result); // I Checked to see if I was getting no rows. *I am getting 0 rows!!* But why?!
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
$dbusername = $row['username'];
$dbpassword = $row['password'];
//check to see if the match
if($username == $dbusername && $password == $dbpassword ) {
echo "You're Logged In!";
} if($username != $dbusername || $password != $dbpassword) {
echo "Incorrect password or username!";
} else {
die("That user doesn't exist!");
}
}
}
mysqli_close($conn);
?>
Here is my login.php page [form]
<html>
<form action="process.php" method="POST">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" value="Log In"><br>
</html>
Any ideas?
UPDATE 1: The issue was with my variables conflicting with database.
Now I am getting the following once I login and it has to do with the last statement on my process.php page:
Why is the final else statement printing on screen when Its logging in?
Change $username and $password to $uname and $pass as they are conflicting with database credentials
I highlighted in the code where to make changes
<?php
$uname = mysqli_real_escape_string($_POST['username']); //Change here
$pass = mysqli_real_escape_string($_POST['password']); //Change here
$servername = 'localhost';
$username = 'root';
$password = '';
$dbname = 'phplogin';
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
//Change Here
$sql = "SELECT * FROM users
WHERE username = '".$uname."'
AND password = '".$pass."'";
$result = mysqli_query($conn, $sql);
echo mysqli_num_rows($result); // I Checked to see if I was getting no rows. *I am getting 0 rows!!* But why?!
if (mysqli_num_rows($result) > 0) {
// output data of user
$row = mysqli_fetch_assoc($result);
$dbusername = $row['username'];
$dbpassword = $row['password'];
//check to see if the match
if($uname == $dbusername && $pass == $dbpassword ) { //Change Here
echo "You're Logged In!";
} if($uname != $dbusername || $pass != $dbpassword) { //Change Here
echo "Incorrect password or username!";
}
} else {
die("That user doesn't exist!");
}
mysqli_close($conn);
?>
and in your HTML missing </form>
<html>
<form action="process.php" method="POST">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" value="Log In"><br>
</form>
</html>
$username = $_POST['username'];
$password = $_POST['password'];
$servername = 'localhost';
$username = 'root'; //change this to another name like $db_username
$password = ''; //change this to another name like $db_password
$dbname = 'phplogin';
Please create a notepade++ dbconnection.php file and copy this code
<?php
mysql_connect("localhost","root","");
mysql_select_db("dabasename");
?>
----------------------------------------------------------
Please create a notepade++ index.php file and copy this code
<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<title></title>
<meta name = "viewport" content = "width=device-width,initial- scale=1" />
<link rel="shortcut icon" type = "image/jpg" href="images.jpg" />
<link rel="stylesheet" type = "text/css" href = "css/style.css" />
<link rel="stylesheet" type = "text/css" href = "css/bootstrap.css" />
<link rel="stylesheet" type = "text/css" href = "css/bootstrap.min.css" />
</head>
<body>
<div id = "container">
<div id = "login_header">
<div id = "login_text">YOur Title</div>
</div>
<div id = "login_content">
<img src = "images.jpg" width = "100%" height = "150px" />
<table width = "100%" style = "margin-top:25px;">
<form name = "frmLogIn" action = "login_check.php" method = "post">
<tr>
<td width = "10%"></td>
<td width = "20%">User Type</td>
<td width = "10%">:</td>
<td width = "50%">
<select name = "optUserType" class = "form-control">
<option></option>
<option>Admin</option>
<option>User</option>
<option>Guest</option>
</select>
</td>
<td width = "10%"></td>
</tr>
<tr>
<td width = "10%"></td>
<td width = "20%">Username</td>
<td width = "10%">:</td>
<td width = "50%"><input type = "text" name = "txtUsername" class = "form-control" /></td>
<td width = "10%"></td>
</tr>
<tr>
<td width = "10%"></td>
<td width = "20%">Password</td>
<td width = "10%">:</td>
<td width = "50%"><input type = "password" name = "txtPassword" class = "form-control" /></td>
<td width = "10%"></td>
</tr>
<tr><td colspan = "5"> </td></tr>
<tr><td colspan = "5" align = "center"><input type = "submit" name = "btnLogIn" value = "Log In" class = "btn btn-info" style = "width:100px;"/></td></tr>
</form>
</table>
</div>
<div id = "login_footer"></div>
</div>
</body>
</html>
-------------------------------------------------------------------
Please create a notepade++ login_check.php file and copy this code
<?php
session_start();
require('dbconnection.php');
if(isset($_POST['btnLogIn']))
{
$userType = mysql_real_escape_string($_POST['optUserType']);
$username = mysql_real_escape_string($_POST['txtUsername']);
$password = mysql_real_escape_string($_POST['txtPassword']);
$sql = "SELECT * FROM `tbl_user` WHERE user_type = '$userType' AND username = '$username' AND password = '$password'";
$query = mysql_query($sql);
$row = mysql_fetch_array($query);
if(mysql_affected_rows())
{
$_SESSION['user_code'] = $row['username'];
$_SESSION['password'] = $row['password'];
//header('Location:home.php');
echo "you have logged in";
}
else
{
//header('Location:home.php');
echo "you coud not logged in!";
}
}
?>
I have created a simple log in page but the code isn't working. I tried checking console but it was not giving me any errors. The out put is "0 results". I tried to correct it but i couldn't. Please see the code for your reference:
Could you guys tell me the error?
<html>
<head>
<title>Login Page</title>
</head>
<body>
<?php
include ('conn.php');
$un = isset($_POST['name']);
$up = isset($_POST['pass']);
$query = "select * from login where l_name = '$un' AND l_pass = '$up'";
$result = mysqli_query($conn, $query);
$count = 0;
if(mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$name = $row['l_name'];
$pass = $row['l_pass'];
if ($un == $name && $up == $pass) {
$count = 1;
}
if($count==1 && !empty($un) && !empty($pa))
echo"Your Successfully Logged";
else
echo"You Failed";
}
}
else{
echo "0 result";
?>
<form name="form1" method="POST">
<fieldset>
<legend> Log in </legend>
<label> Username: <input type="text" name="name" />
<label> Password :<input type="text" name="pass" />
</fieldset>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
The problem is with these lines:
$un = isset($_POST['name']);
$up = isset($_POST['pass']);
Replace them with the below ones. They should read:
$un = isset($_POST['name']) ? $_POST['name'] : '';
$up = isset($_POST['pass']) ? $_POST['pass'] : '';
A more robust code will be:
<html>
<head>
<title>Login Page</title>
</head>
<body>
<?php
include ('conn.php');
$un = isset($_POST['name']) ? $_POST['name'] : '';
$up = isset($_POST['pass']) ? $_POST['pass'] : '';
if(empty($un) || empty($up))
{
echo 'Please fill in the name and password fields';
}
else
{
$un = mysqli_real_escape_string($conn, $un);
$up = mysqli_real_escape_string($conn, $up);
$query = "select * from login where l_name = '$un' AND l_pass = '$up'";
$result = mysqli_query($conn, $query);
$count = 0;
if(mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$name = $row['l_name'];
$pass = $row['l_pass'];
if ($un == $name && $up == $pass) {
$count = 1;
}
if($count==1){
echo"Your Successfully Logged";
}
else{
echo"You Failed";
}
}
}
else{
echo "0 result";
}
}
?>
<form name="form1" method="POST">
<fieldset>
<legend> Log in </legend>
<label> Username: <input type="text" name="name" />
<label> Password :<input type="text" name="pass" />
</fieldset>
<input type="submit" name="submit" value="Submit">
</form>
</body>
<?php
include ('conn.php');
if(isset($_POST['name']) && $_POST['name']!='')
{
$un = $_POST['name'];
}
if(isset($_POST['pass']) && $_POST['pass']!='')
{
$up = $_POST['pass'];
}
$query = "select * from `login` where `l_name` = '".$un."' AND `l_pass` = '".$up."'";
$result = mysqli_query($conn, $query);
$count = 0;
if(mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$name = $row['l_name'];
$pass = $row['l_pass'];
if ($un == $name && $up == $pass) {
$count = 1;
}
if($count==1 && !empty($un) && !empty($pa))
echo"Your Successfully Logged";
else
echo"You Failed";
}
}
else{
echo "0 result";
?>
There are a few errors:
$un = $_POST['name'];
$up = $_POST['pass'];
you forgot to close your else:
else{
echo "0 result";
}
and some notes:
Give an error when the mysqli_query fails.
Encrypt the password
You're open to mysql injection
i'm working on a dashboard for my users. I set it up by ranks and each rank can do there own thing. Now, I have three problems. One and two are about forms and another is about a redirection problem. These forms are not submitting into the database and I don't know why. The two forms are below. The third problem is redirecting. Since the system is setup by ranks I don't want ranks accessing other ranks dashboards. Its not redirecting the other ranks away from there dashboard as its all one login and when those ranks login it redirects them to there correct dashboard, but if say a partner goes to the admin dashboard, it lets them in which I don't want. Also I forgot to mention that when the user is logged in, it lets them back to the login page if they go to the login url which I don't want, I want it to redirect them to there dashboard. The forms are below.
First Form:
<?php
$id = $_GET['id'];
$result = $db->query("SELECT * FROM users WHERE Id = '.$id.'");
if(isset($_POST['submit']))
{
$username1 = $_POST['username'];
$email1 = $_POST['email'];
$password1 = $_POST['password'];
$f_name = $_POST['f_name'];
$l_name = $_POST['l_name'];
$rank1 = $_POST['rank'];
$skype1 = $_POST['skype'];
$db->query("UPDATE users SET (Email, Username, FName, LName, Rank, SkypeID) VALUES(''.$email1.'', ''.$username1.'', ''.$f_name.'', ''.$l_name.'', ''.$rank1.'', ''.$skype1.'') WHERE Id = ".$id."");
}
?>
<?php
$id = $_GET['id'];
$result = $db->query("SELECT * FROM users WHERE id='$id'");
while($row = $result->fetch_assoc())
{
$username = $row['Username'];
$email = $row['Email'];
$fname = $row['FName'];
$lname = $row['LName'];
$rank = $row['Rank'];
$skype = $row['SkypeID'];
}
?>
<form method="POST">
Username: <input type="text" name="username" value="<?php echo ($username); ?>"><br>
Email: <input type="email" name="email" value="<?php echo ($email);?>"><br>
Passowrd: <input type="password" name="password"><br>
First Name: <input type="text" name="f_name" value="<?php echo ($fname);?>"><br>
Last Name: <input type="text" name="l_name" value="<?php echo($lname); ?>"><br>
Rank: <input type="text" name="rank" value="<?php echo ($rank); ?>"><br>
Skype: <input type="text" name="rank" value="<?php echo ($skype); ?>">
<button type="submit" name="submit">Update User</button>
</form>
Second Form:
<?php
if(isset($_POST['submit']))
{
$c_name = $_POST['c_name'];
$v_link = $_POST['v_link'];
$v_title = $_POST['v_title'];
$v_desc = $_POST['v_desc'];
$v_tags = $_POST['v_tags'];
$m_sources = $_POST['m_sources'];
$s_requests = $_POST['s_requests'];
if(empty($c_name) or empty($v_link) or empty($v_title) or empty($v_title) or empty($v_desc) or empty($v_tags))
{
echo 'You must fill in the first 5 fields.';
}
else
{
$getRank = $db->query("SELECT * FROM users WHERE username = ".$_SESSION['username']."");
while ($row = $getRank->fetch_assoc($getRank))
{
$usename = $row['username'];
$rank = $row['rank'];
}
$db->query("INSERT INTO submitted_forms (username, rank, channel_username, video_link, video_title, video_description, video_tags, music_sources, special_requests) VALUES (''.$username.'', ''.$rank.'', ''.$c_name.'', ''.$v_link.'', ''.$v_title.'', ''.$v_desc.'', ''.$v_tags.'', ''.$m_sources.'', ''.$s_requests.'')");
echo 'Form submitted successfully.';
}
}
?>
<form method="POST">
Channel name: <input type="text" name="c_name" required>*<br>
Video Link: <input type="text" name="v_link" required>*<br>
Video Title: <input type="text" name="v_title" required>*<br>
Video Description: <input type="text" name="v_desc" required>*<br>
Video Tags: <input type="text" name="v_tags" required>*<br>
Music Sources: <input type="text" name="m_sources"><br>
Special Requests: <input type="text" name="s_requests"><br>
<button type="submit" name="submit">Submit</button><br>
</form>
Now, heres the code I use to redirect a user away from the dashboards if its not there dashboard. It redirects not logged in users, but not like other users. Its supposed to only allow admins in.
<?php session_start();
if(isset($_SESSION['admin']))
{
$_SESSION['username'];
} else {
header("location: ../index.php");
} ?>
Now, heres the login script. I want it to redirect the ranks to there dashboard if they're logged in, I don't know how to implant this.
<?php
require 'core/config.php';
if(isset($_POST['submit']))
{
$username = $db->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
if(empty($username) or empty($password))
{
echo 'You must fill in both boxes!';
} else {
$query = $db->query("SELECT * FROM users WHERE username = '".$username."'");
while($row = $query->fetch_assoc())
{
$dbpassword = $row['Password'];
}
if($password !== $dbpassword)
{
echo 'Password was incorrect.';
} else {
$query1 = $db->query("SELECT * FROM users WHERE username='".$username."'");
while($rows = $query1->fetch_assoc())
{
$rank = $rows['Rank'];
}
if($rank === 'admin')
{
$_SESSION['admin'] = '1';
$_SESSION['username'] = $username;
echo '<script>window.location="management/index.php";</script>';
}
elseif ($rank === 'partner')
{
$_SESSION['partner'] = '1';
$_SESSION['username'] = $username;
echo '<script>window.location="partner/index.php";</script>';
}
elseif ($rank === 'trainee')
{
$_SESSION['trainee'] = '1';
$_SESSION['username'] = $username;
echo '<script>window.location="trainee/index.php";</script>';
}
else
{
echo 'Account not found.';
}
}
}
}
?>
try this in your login script:
<?php
require 'core/config.php';
//assuming that you have already start your session at the very top
if(isset($_POST['submit']))
{
$username = $db->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
if(empty($username) or empty($password))
{
echo 'You must fill in both boxes!';
} else {
$query = $db->query("SELECT * FROM users WHERE username = '".$username."'");
while($row = $query->fetch_assoc())
{
$dbpassword = $row['Password'];
}
if($password !== $dbpassword)
{
echo 'Password was incorrect.';
} else {
$query1 = $db->query("SELECT * FROM users WHERE username='".$username."'");
while($rows = $query1->fetch_assoc())
{
$rank = $rows['Rank'];
}
if($rank === 'admin')
{
$_SESSION['rank'] = $rank;
$_SESSION['username'] = $username;
echo '<script>window.location="management/index.php";</script>';
}
else if ($rank === 'partner')
{
$_SESSION['rank'] = $rank;
$_SESSION['username'] = $username;
echo '<script>window.location="partner/index.php";</script>';
}
else if ($rank === 'trainee')
{
$_SESSION['rank'] = $rank;
$_SESSION['username'] = $username;
echo '<script>window.location="trainee/index.php";</script>';
}
else
{
echo 'Account not found.';
}
}
}
}
?>
in your management/index.php or in the page where supposed to only allow admins in.
<?php session_start();
if(isset($_SESSION['rank']) and $_SESSION['rank'] == "admin")
{
$_SESSION['username'];
} else {
header("location: ../index.php");
} ?>
and with you saving, you just maybe forget the right quotations:
<?php
if(isset($_POST['submit']))
{
$c_name = $_POST['c_name'];
$v_link = $_POST['v_link'];
$v_title = $_POST['v_title'];
$v_desc = $_POST['v_desc'];
$v_tags = $_POST['v_tags'];
$m_sources = $_POST['m_sources'];
$s_requests = $_POST['s_requests'];
if(empty($c_name) or empty($v_link) or empty($v_title) or empty($v_title) or empty($v_desc) or empty($v_tags))
{
echo 'You must fill in the first 5 fields.';
}
else
{
$getRank = $db->query("SELECT * FROM users WHERE username = '$_SESSION[username]'");
while ($row = $getRank->fetch_assoc($getRank))
{
$usename = $row['username'];
$rank = $row['rank'];
}
$db->query("INSERT INTO submitted_forms (username, rank, channel_username, video_link, video_title, video_description, video_tags, music_sources, special_requests) VALUES ('$username', '$rank', '$c_name', '$v_link', '$v_title', '$v_desc', '$v_tags', '$m_sources', '$s_requests')");
echo 'Form submitted successfully.';
}
}
?>