I am redirecting a user to a page named "forgot_pass" in such a way
"forgot_pass.php?code='$code'&username='$hidden_username'>".
But when user clicks on link for redirection the url seems like this
http://localhost/Validation/forgot_pass.php?code=
and there is no any page displayed.
The variables passed in url have values as i have already checked it. But they are not displaying when sent in url.
Help me in solving this issue.
reset.php
<?php
ini_set("display_errors", TRUE);
require_once './include/db_connection.php';
$pass = $_POST['pass'];
$pass1 = $_POST['pass1'];
$code = $_GET['code'];
$hidden_username = $_POST['username'];
if($pass == $pass1)
{
echo 'Password Changed !';
}
else
{
echo "Passowrd must match
<a href='forgot_pass.php?code='$code'&username='$hidden_username'>Try Again</a>
";
}
forgot_pass.php
<?php
ini_set("display_errors", TRUE);
require_once './include/db_connection.php';
if(isset($_GET['code']))
{
$get_code = (isset($_GET['code'])? $_GET['code'] : null);
$get_username =(isset($_GET['username']) ? $_GET['username'] : null);
$match_code = mysqli_query($link, "select * from signup where username='$get_username'");
if(mysqli_num_rows($match_code) > 0)
{
while($row = mysqli_fetch_assoc($match_code))
{
$db_username = $row['username'];
$db_code = $row['paareset'];
}
}
if($get_username == $db_username && $get_code == $db_code)
{ ?>
<html>
<head>
<meta charset="UTF-8">
<title>Change Password</title>
</head>
<body>
<div class="container">
<div class="row">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-body">
<div class="text-center">
<h3><i class="fa fa-pencil fa-4x"></i></h3>
<h2 class="text-center">New Password?</h2>
<div class="panel-body">
<form class="form" method="post"
action= "reset_pass.php?code=<?php echo $get_code ?>"
<fieldset>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-pencil color-blue"></i></span>
<input name="pass" placeholder="New Password" class="form-control" type="password" required="">
</div>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-pencil color-blue"></i></span>
<input name="pass1" placeholder="Re-type Password" class="form-control" type="password" required="">
<input type="hidden" name="username" value="<?php echo $db_username ?>">
</div>
</div>
<div class="form-group">
<input class="btn btn-lg btn-primary btn-block" name="send" value="Change Password" type="submit">
</div>
<div class="form-group">
<span style="color: red"><?php if(isset($message['mail'])) {echo $message['mail']; } ?></span>
</div>
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
}
} // End if (isset['code'])
if(!isset($_GET['code']))
{
?>
<html>
<head>
</head>
<body>
// Here i am displaying another form that gets email address and sends email
</body>
</html>
<?php
}
Remove single-quotes around the arguments, you are using them to delimit the URL so don't use them inside the URL (or at least escape them) :
echo "Password must match <a href='forgot_pass.php?code=$code&username=$hidden_username'>Try Again</a>";
Try with this way
echo "Passowrd must match
Try Again"
you have mismatch in columns
try to change your code to
echo "Passowrd must match
<a href='forgot_pass.php?code=".$code."&username=".$hidden_username".'>Try Again</a>
"
Please check if your filenames are correct.
You named: reset.php and forgot_pass.php
In forgot_pass.php your action goes towards reset_pass.php
remove single quote
"forgot_pass.php?code=$code&username=$hidden_username>"
Related
I have two files
functions.php
<?php
include 'config.php';
function signup(){
if (isset($_POST['submit'])) {
$uname = $_POST['uname'];
$email = $_POST['email'];
$password = $_POST['password'];
$cpassword = $_POST['cpassword'];
if($password == $cpassword) {
$hash = md5($password);
$insert = "INSERT INTO `users`(`user_name`, `email`, `password`) VALUES ('$uname','$email','$hash')";
$result = mysqli_query($con, $insert);
if ($result) {
echo '<script>alert("Your account has been successfully created.")</script>';
}
}
else {
echo '<script>alert("Passwords do not match!")</script>';
}
}
}
?>
signup.php
<?php
include 'functions.php';
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- ===== Iconscout CSS ===== -->
<link rel="stylesheet" href="https://unicons.iconscout.com/release/v4.0.0/css/line.css">
<!-- ===== CSS ===== -->
<link rel="stylesheet" href="css/credential.css">
<title>Sing Up</title>
</head>
<body>
<div class="container">
<div class="forms">
<div class="form signup">
<span class="title">Sign Up</span>
<form method="POST" action="functions.php">
<div class="input-field">
<input type="text" name="uname" placeholder="Enter your full name" required>
<i class="uil uil-user"></i>
</div>
<div class="input-field">
<input type="email" name="email" placeholder="Enter your email" required>
<i class="uil uil-envelope icon"></i>
</div>
<div class="input-field">
<input type="password" class="password" name="password" placeholder="Create a password" required>
<i class="uil uil-lock icon"></i>
</div>
<div class="input-field">
<input type="password" class="password" name="cpassword" placeholder="Confirm a password" required>
<i class="uil uil-lock icon"></i>
<i class="uil uil-eye-slash showHidePw"></i>
</div>
<div class="checkbox-text">
<div class="checkbox-content">
<input type="checkbox" id="termCon">
<label for="termCon" class="text">I accepted all Terms and Conditions, Privacy Policy and Cookie Policy</label>
</div>
</div>
<div class="input-field button">
<input type="submit" value="Sign Up" name="submit">
</div>
</form>
<div class="login-signup">
<span class="text">Already have an account?
Login Now
</span>
</div>
</div>
<div class="form login">
<span class="title">Login</span>
<form action="#">
<div class="input-field">
<input type="email" placeholder="Enter your email" required>
<i class="uil uil-envelope icon"></i>
</div>
<div class="input-field">
<input type="password" class="password" placeholder="Enter your password" required>
<i class="uil uil-lock icon"></i>
<i class="uil uil-eye-slash showHidePw"></i>
</div>
<div class="checkbox-text">
<div class="checkbox-content">
<input type="checkbox" id="logCheck">
<label for="logCheck" class="text">Remember me</label>
</div>
Forgot password?
</div>
<div class="input-field button">
<input type="submit" value="Login" name="submit">
</div>
</form>
<div class="login-signup">
<span class="text">Don't have an account?
Signup Now
</span>
</div>
</div>
</div>
</div>
<script src="js/credential.js"></script>
</body>
</html>
I want something like this...
when I click on <input type="submit" of signup the signup() function from functions.php should work. But I don't know how to do it.
If I remove function signup(){} from functions.php and try without function then in url signup.php is replaced by functions.php and page is blank and no data is inserted in mysql localhost.
In 'config.php' file
<?php
$con = mysqli_connect("localhost","root","","get-viewed");
?>
Database name, Table name and field name are perfect I have double checked it.
The form action correctly point to function.php and the webserver execute it.
The result is blank because nothing in function.php get executed.
you defined function signup() but you don't call it
add signup(); as last code line, just before php closing tag ?>
Note 1: you can extract the code from the signup function, since it does not add any advantage.
Note 2: if the php closing tag is the last code line in the file (no html follow) you should omit, it is a good practice to avoid unwanted output.
This is a must once you start to use frameworks, otherwise header errors will popup
Thanks for helping me I have solved my question.
I updated functions.php
<?php
include 'config.php';
function signup() {
$uname = $_POST['uname'];
$email = $_POST['email'];
$password = $_POST['password'];
$cpassword = $_POST['cpassword'];
if($password == $cpassword) {
$hash = password_hash($password, PASSWORD_DEFAULT);
$insert = "INSERT INTO `users`(`user_name`, `email`, `password`) VALUES ('$uname','$email','$hash')";
$result = mysqli_query($con, $insert);
if ($result) {
echo '<script>alert("Your account has been successfully created.")</script>';
}
}
else {
echo '<script>alert("Passwords do not match!");location.replace("signup.php");</script>';
}
}
function login(){
if (isset($_POST['login'])) {
echo '<script>alert("login")</script>';
}
}
if (isset($_POST['signup'])) {
signup();
}
else {
login();
}
Now it is working perfectly as I wanted.
The "if(isset($_POST["titleId"]) && !empty($_POST["titleId"])" in my code is returning false value.
I'm working on a CRUD application, the insert modal is working fine, now I'm stuck at the update part of it. So when you click on the update icon it does fetch the right titleId in the URL but the first 'if' condition returns false and hence the update isn't working.
Here's what I've tried so far.
admin.php
<?php
$typeId = filter_input(INPUT_GET, "type");
$titleId = filter_input(INPUT_GET, "titleId");
$active = "admin" . $typeId;
require_once './pages/header.php';
require_once './functions/queries.php';
$getAll = Queries::getAllTitle($typeId);
?>
<div class="container">
<div class="wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<div class="page-header clearfix">
<h2 class="pull-left"></h2>
<button type="button" class="btn btn-success btn-sm" data-toggle="modal" data-target="#facultyAddModal">Add Title</button>
</div>
<!--<div class="container">
<button type="button" class="btn btn-success btn-sm" data-toggle="modal" data-target="#facultyAddModal">Add Title</button>
<br><br>-->
<div class="panel-group" id="titleAccordion">
<?php
for ($i = 0; $i < count($getAll); $i++) {
echo <<<HTML
<div class="panel panel-default">
<div class="panel-heading"><h4 class="panel-title">
<a data-toggle="collapse" data-parent="#titleAccordion" href="#collapseF{$i}">{$getAll[$i]['title']}</a></h4>
</div>
<div id="collapseF{$i}" class="panel-collapse collapse" >
<div class="panel-body">
<div class="table-responsive">
<table class="table table-condensed"><tbody>
<tr><td>Title:</td><td>{$getAll[$i]['title']}</td></tr>
<tr><td>Units:</td><td>{$getAll[$i]['units']}</td></tr>
<tr><td>Category:</td><td>{$getAll[$i]['category']}</td></tr>
<tr><td>
<tr><td><input type="hidden" id="titleId" name="titleId" value="{$getAll[$i]['titleId']}"> </tr><td>
<a href='edit.php?titleId={$getAll[$i]['titleId']}' title='Update Record' data-toggle='tooltip'><span class='glyphicon glyphicon-pencil'></span></a>
<a href='delete.php?titleId={$getAll[$i]['titleId']}' title='Delete Record' data-toggle='tooltip'><span class='glyphicon glyphicon-trash'></span></a>
</tr></td>
</tbody></table>
</div>
</div>
</div>
</div>
HTML;
}
?>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- Title Add Modal-->
<div class="modal fade" id="facultyAddModal" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Add Title</h4>
</div>
<div class="modal-body">
<div id="adminResult" class="hide" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>
<div id="resultAdminContent"></div>
</div>
<form class="cmxform" id="adminForm" method="post">
<label for="Activity">ActivityAttended (required)</label>
<input class="form-control" id="adminTitle" name="title" type="text" required>
<br>
<label for="units">Units (required)</label>
<input class="form-control" id="adminUnits" type="number" name="units" required>
<br>
<label for="Category">Category (Optional)</label>
<input class="form-control" id="adminCategory" type="text" name="category">
<br>
<?php echo
'<input type="hidden" id="addadminTypeId" value="'.$typeId.'">';
?>
<?php echo
'<input type="hidden" id="titleId" name="titleId" value="'.$titleId.'">';
?>
<button class="btn btn-info btn-primary" type="submit">Submit</button>
<br>
<br>
</form>
</div>
</div>
</div>
</div>
update.php
<?php
require_once 'functions/db_connection.php';
$conn = DB::databaseConnection();
$title = $units = $category = "";
if(isset($_POST["titleId"]) && !empty($_POST["titleId"])){
$titleId = $_POST['titleId'];
$sql = "UPDATE title SET title = :title, units = :units, category = :category WHERE titleId = :titleId";
if($stmt = $conn->prepare($sql))
{
// Bind variables to the prepared statement as parameters
$stmt->bindParam(':titleId', $titleId);
$stmt->bindParam(':title', $title);
$stmt->bindParam(':units', $units);
$stmt->bindParam(':category', $category);
if ($stmt->execute()) {
header("location: index.php");
exit();
} else{
echo "Something went wrong. Please try again later.";
}
unset($stmt);
}
unset($conn);
} else{
if(isset($_GET["titleId"]) && !empty(trim($_GET["titleId"]))){
$titleId = trim($_GET["titleId"]);
$sql = "SELECT * FROM title WHERE titleId = :titleId";
if($stmt = $conn->prepare($sql))
{
$stmt->bindParam(':titleId', $titleId);
if ($stmt->execute()){
if($stmt->rowCount() == 1){
$result = $stmt->fetch(PDO::FETCH_ASSOC);
// Retrieve individual field value
$title = $result["title"];
$units = $result["units"];
$category = $result["category"];
} else{
echo"error1";
exit();
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
unset($stmt);
unset($conn);
} else{
// URL doesn't contain id parameter. Redirect to error page
echo"error2";
exit();
}
}
?>
<!--<!DOCTYPE html>-->
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Update Record</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
<style type="text/css">
.wrapper{
width: 500px;
margin: 0 auto;
}
</style>
</head>
<body>
<div class="wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<div class="page-header">
<h2>Update Record</h2>
</div>
<form action="<?php echo htmlspecialchars(basename($_SERVER['REQUEST_URI'])); ?>" method="post">
<label for="Activity">Title</label>
<input class="form-control" id="adminTitle" name="title" type="text" value="<?php echo $title; ?>" required>
<br>
<label for="units">Units (required)</label>
<input class="form-control" id="adminUnits" type="number" name="units" value="<?php echo $units; ?>" required>
<br>
<label for="Category">Category (Optional)</label>
<input class="form-control" id="adminCategory" type="text" value="<?php echo $category; ?>" name="category">
<br>
<input type="hidden" name="titleId" value="<?php echo $titleId; ?>">
<button class="btn btn-info btn-primary" type="submit">Submit</button>
<br>
<br>
</form>
</div>
</<div>
</div>
</div>
</div>
</body>
</html>
The only goal here is to get the update form working, the user should be able to update the records of the respective title being selected.
I don't know crud but I think there is a way to debug a little:
e.g. try this:
if(isset($_POST["titleId"]) && !empty($_POST["titleId"])){
// test if you are here:
echo 'hi, yeah I am here!';
}
or this
echo '<pre>';
var_dump($_POST);
echo '</pre>';
// before:
if(isset($_POST["titleId"]) && !empty($_POST["titleId"])){
// ...
}
also, take a look at
error_get_last()['message']
I am new on PHP and I trying to make a simple login system. I want that when i login, if I submit incorrect information system gives validation error and if I submit true info I want to get email or name in profile blade.
Like hello $user!!!
Login page
<html>
<title>Login Form</title>
<body>
<div class="container">
<form class="" method="post">
<label for="email">Enter Your Email</label>
<input type="text" name="email"> <br/>
<label for="password">Enter Your Password</label>
<input type="password" name="pass"><br/>
<input type="submit" value="Login" name="submit">
</form>
</div>
</body>
</html>
<?php
if(isset($_POST['submit'])){
$email=$_POST['email'];
$pass=$_POST['pass'];
if(($email=="cagri#vargonen.com") && ($pass=="1234")){
header()
}
else{
echo "Invalid username/password";
}
}
?>
In login page, I tried;
<?php
$email = $_POST['email'];
$password = $_POST['pass'];
if($email == 'cagri#vargonen.com' && $password == '1234'){
echo "Welcome Çağrı Uğurel";
}
else{
echo "Your email or password incorrect";
}
?>
Can you please help me where is my mistake?
You need to use session_start() to get username or other temp variables.
<?php
session_start();
if (isset($_POST["submit"])) {
$username = $_POST["username"];
$password = $_POST["password"];
$actualuser = "cagri#vargonen.com";
$actualpass = "1234";
if (($email == $actualuser) && ($pass == $actualpass)) {
$_SESSION["username"] = $username;
header("location:somepage.php");
} else {
echo "Username or Password isn't matched.";
}
}
?>
And if login is succeed, username goes to session variable which means you can use that variable during the session.
somepage.php
<?php
session_start();
?>
<html>
<title>User Page</title>
<body>
<p><?php echo $_SESSION["username"];?> </p>
</body>
</html>
I suggest you to use ajax method for kind of these.
EDIT:
Here is real-life example from my previous project.
index.php
<div class="modal fade" id="loginmodal" role="dialog" data-backdrop="static">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header" style="padding:35px 50px;">
<button type="button" class="close" data-dismiss="modal">×</button>
<h1> Giriş yap</h1>
</div>
<div class="modal-body" style="padding:40px 50px;">
<form role="form" method="post" action="index.php">
<div class="form-group">
<label for="usrname"><span class=""></span> Kullanıcı Adı</label>
<input type="text" pattern="[a-z]*"class="form-control" id="usrname" name="username" placeholder="Yetkili veya normal kullanıcı adı giriniz" required>
</div>
<div class="form-group">
<label for="psw"><span class=""></span> Şifre</label>
<input type="password" class="form-control" id="psw" name="password" placeholder="Şifre" required>
</div>
<button type="submit" class="btn btn-success btn-block" name="login"><span class=""></span> Giriş</button>
</form>
</div>
logincheck.php
<?php
if(isset($_POST["login"])){
$username = $_POST["username"];
$password = $_POST["password"];
$query = $db->prepare("select * from users where username=:username AND password=:password");
$query->execute(array(
':username' => $username,
':password' => $password
));
$r = $query->fetch();
$count = $query->rowCount();
if($count > 0 && $r["rank"] > 0) {
$_SESSION["username"] = $username;
$_SESSION["rank"] = $r["rank"];
header("location:project.php");
}
}
?>
userpage.php
<ul class="nav navbar-nav navbar-right">
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#"> <?php echo $_SESSION["username"];?> <span class="caret">
</span></a>
<ul class="dropdown-menu">
<li>Çıkış yap</li>
</ul>
</li>
</ul>
Hope, this is help!
Add semicolon here header();
<html>
<title>Login Form</title>
<body>
<div class="container">
<form class="" method="post">
<label for="email">Enter Your Email</label>
<input type="text" name="email"> <br/>
<label for="password">Enter Your Password</label>
<input type="password" name="pass"><br/>
<input type="submit" value="Login" name="submit">
</form>
</div>
</body>
</html>
<?php
if(isset($_POST['submit'])){
session_start();
$email=$_POST['email'];
$pass=$_POST['pass'];
if(($email=="cagri#vargonen.com") && ($pass=="1234")){
$_SESSION['user'] = array('email'=>$email);
echo 'Hello '.$_SESSION['user']['email'].'...!';
}
else{
echo "Invalid username/password";
}
}
?>
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
Hope someone can help. I have a profile page that I want to display the logged in users details. So far I have this on the Profile page.
<?php
/* This script pulls the existing name input and displays it when the user logs in. */
session_start();
include("db.php"); ?>
<?php include("includes/header.php") ?>
<?php include("includes/nav.php") ?>
<?php
if(logged_in()) {
$result = mysqli_query($link,$query);
$row = mysqli_fetch_array($result);
if (!$_POST['name'] && $_POST['name']=="") $error.="<br />Please enter your name";
if (!$_POST['email'] && $_POST['email']=="") $error.="<br />Please enter your email";
if (!$_POST['DOB'] && $_POST['DOB']=="") $error.="<br />Please enter your date of birth";
if (!$_POST['country'] && $_POST['country']=="") $error.="<br />Please enter your country";
if ($error) {
echo '<div class="alert alert-success alert-dismissable">'.addslashes($error).'</div>';
}
if(isset($_POST['form-control'])) {
move_uploaded_file($_FILES['file']['tmp_name'],"img/".$_FILES['file']['name']);
$query = mysqli_query("UPDATE users SET image = '".$_FILES['file']['name']."'");
}
} else {
redirect("login.php");
}
?>
<Style>
.alert{
display:none;
}
#profileimg {
height: 100px;
width: auto;
}
</Style>
<div class="container">
<h1>Edit Profile</h1>
<hr>
<div class="row">
<!-- left column -->
<div class="col-md-3">
<div class="text-center">
<img src="//placehold.it/100" class="avatar img-circle" alt="avatar" id="profileimg">
<h6>Upload a different photo...</h6>
<input class="form-control" type="file" name="name">
</div>
</div>
<!-- edit form column -->
<div class="col-md-9 personal-info">
<div class="alert alert-success alert-dismissable">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
<strong>Profile updated.</strong>
</div>
<h3>Personal info</h3>
<form class="form-horizontal" role="form" action="edit_profile.php" method="post">
<div class="form-group">
<label class="col-lg-3 control-label name">name:</label>
<div class="col-lg-8">
<input class="form-control" value="<?php echo $row['name'];?>" type="text" name="name" required>
</div>
</div>
<div class="form-group">
<label class="col-lg-3 control-label">Email:</label>
<div class="col-lg-8">
<input class="form-control" value="<?php echo $row['email'];?>" type="text" name="email" required>
</div>
</div>
<div class="form-group">
<label class="col-lg-3 control-label">DOB:</label>
<div class="col-lg-8">
<input class="form-control" value="<?php echo $row['DOB'];?>" type="date" name="DOB" required>
</div>
</div>
<div class="form-group">
<label class="col-lg-3 control-label">Country</label>
<div class="col-lg-8">
<input class="form-control" value="<?php echo $row['country'];?>" type="text" name="country" required>
</div>
</div>
<div class="form-group">
<label class="col-md-3 control-label"></label>
<div class="col-md-8">
<input class="btn btn-primary" value="Save Changes" type="submit">
<span></span>
<input class="btn btn-default" id="updated" value="Cancel" type="reset">
</div>
</div>
</form>
</div>
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<!-- Include all compiled plugins (below), or include individual files as needed -->
<script src="js/bootstrap.min.js"></script>
<script>
$("#updated").click(function(){
$(".alert").hide().show('medium');
</script>
</body>
</html>
I then have another php file for the updating which is this:
<?php
session_start();
include("db.php");
$name = $_POST['name'];
$email = $_POST['email'];
$DOB = $_POST['DOB'];
$country = $_POST['country'];
$password = md5($salt.$_POST['password']);
$query = "UPDATE users SET name = '".$name."', email = '".$email."', DOB = '".$DOB."', country = '".$country."', password = '".$password."'";
$result = mysqli_query($link,$query);
header('Location: profile.php');
?>
So the short is it doesn't display or update and I am not sure why. I am new to PHP so go easy on me if this is simple, I have searched but can't seem to find the answer.
Thanks in advance.
Im also new to this but normally when I check if a SESSION id is active I use
if(isset($_SESSION['id'])) {
$query = "UPDATE users SET name = '".$name."', email = '".$email."', DOB = '".$DOB."', country = '".$country."', password = '".$password."' WHERE id='".$_SESSION['id']."'";
}
You also need to echo back the indexed rows that you are trying to query to display results
$name = row['username'];
echo $name;
There are lots of errors in your code: You are trying to upload a file in the same page whereas you send the form data to another page. How you handle form validation is also a little overhead. What I did change in the form is: I add name="save" in your submit button and added new hidden input for storing your user profile id. I am not sure what login() function did in your code, better stick to if($id){}.
Try this:
<?php
/* This script pulls the existing name input
and displays it when the user logs in. */
session_start();
include("db.php");
include("includes/header.php");
include("includes/nav.php");
$id = $_SESSION['id'];
if(loginned()) {//you can do if($id){}
$query="SELECT * FROM users WHERE id='$id' LIMIT 1";
$result = mysqli_query($link,$query);
$row = mysqli_fetch_array($result);
?>
<style>
.alert{
display:none;
}
#profileimg {
height: 100px;
width: auto;
}
</style>
<div class="container">
<h1>Edit Profile</h1>
<hr>
<div class="row">
<!-- left column -->
<!-- edit form column -->
<div class="col-md-9 personal-info">
<div class="alert alert-success alert-dismissable">
<button type="button" class="close" data-dismiss="alert"
aria-hidden="true">×</button>
<strong>Profile updated.</strong>
</div>
<h3>Personal info</h3>
<form class="form-horizontal" role="form"
action="edit_profile.php" method="post">
<div class="form-group">
<label class="col-lg-3 control-label name">name:</label>
<div class="col-lg-8">
<input class="form-control" value="<?php echo $row['name'];?>"
type="text" name="name" required>
</div>
</div>
<div class="col-md-3">
<div class="text-center">
<img src="//placehold.it/100" class="avatar
img-circle" alt="avatar" id="profileimg">
<h6>Upload a different photo...</h6>
<input class="form-control" type="file" name="name">
</div>
</div>
<div class="form-group">
<label class="col-lg-3 control-label">Email:</label>
<div class="col-lg-8">
<input class="form-control" value="<?php echo $row['email'];?>"
type="text" name="email" required>
</div>
</div>
<div class="form-group">
<label class="col-lg-3 control-label">DOB:</label>
<div class="col-lg-8">
<input class="form-control" value="<?php echo $row['DOB'];?>"
type="date" name="DOB" required>
</div>
</div>
<div class="form-group">
<label class="col-lg-3 control-label">Country</label>
<div class="col-lg-8">
<input class="form-control" value="<?php echo $row['country'];?>"
type="text" name="country" required>
</div>
</div>
<div class="form-group">
<input type="hidden" name="id" value="<?php echo $row['id'];?>">
<label class="col-md-3 control-label"></label>
<div class="col-md-8">
<input class="btn btn-primary" name="save"
value="Save Changes" type="submit">
<span></span>
<input class="btn btn-default" id="updated"
value="Cancel" type="reset">
</div>
</div>
</form>
</div>
<?php }else{ redirect("login.php"); } ?>
edit_profile.php First we check whether any post with a name of save is there, We validate the posted data. if validation is successful, we proceed to upload your file and then run your update query.
<?php
session_start();
include("db.php");
if(isset($_POST['save'])){
$id = isset($_POST['id'])? $_POST['id']:'';
$name = isset($_POST['name'])? $_POST['name']:'';
$email = isset($_POST['email'])? $_POST['email']:'';
$dob = isset($_POST['DOB'])? $_POST['DOB']:'';
$pass = isset($_POST['passwrd'])? md5($salt.$_POST['password']):'';
$country = isset($_POST['country'])? $_POST['country']:'';
if(empty($name)){
$error = 'Please enter your name';
}elseif(empty($email)){
$error = 'Please enter your email';
}elseif(empty($dob)){
$error = 'Please enter your date of birth';
}elseif(empty($country)){
$error = 'Please enter your country';
}elseif(empty($pass)){
$error = 'Please enter your password';
}else{
move_uploaded_file($_FILES['file']['tmp_name'],"img/".$_FILES['file']['name']);
$query = mysqli_query("UPDATE users SET image = '".$_FILES['file']['name']."'
WHERE id='$id'");
$query = "UPDATE users SET name = '$name', email = '$email',
DOB = '$DOB', country = '$country', password = '$password'
WHERE id='$id'";
$result = mysqli_query($link,$query);
header('Location: profile.php');
}
}
?>
<?php if(!empty($error)){
echo '<div class="alert alert-success
alert-dismissable">'.addslashes($error).'</div>';
}else{
echo '<div class="alert alert-success">Success</div>';
}
?>
I have added a demo here. At least this will help:
I apologise if the title is confusing, but when I run the page with the code below and enter an email not found in the database, on the webpage I get Notice: Trying to get property of non-object in C:\xampp\htdocs\Testing\login.php on line 72. Instead of it saying this, I want it to give an error that the email is not registered.
<?php
session_start();//session starts here
if(isset($_SESSION['adminName'])||isset($_SESSION['email'])){
header("Location: welcome.php");//redirect to login page to secure the welcome page without login access.
}
?>
<html>
<head lang="en">
<meta charset="UTF-8">
<link type="text/css" rel="stylesheet" href="bootstrap-3.2.0-dist\css\bootstrap.css">
<title>Login</title>
</head>
<style>
.login-panel {
margin-top: 150px;
</style>
<body>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="login-panel panel panel-success">
<div class="panel-heading">
<h3 class="panel-title">Sign In</h3>
</div>
<div class="panel-body">
<form role="form" method="post" action="login.php">
<fieldset>
<div class="form-group" >
<input class="form-control" placeholder="E-Mail" name="email" type="email" autofocus>
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="pass" type="password" value="">
</div>
<input class="btn btn-lg btn-success btn-block" type="submit" value="login" name="login" >
<!-- Change this to a button or input when using this as a form -->
<!-- Login -->
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
include("database/db_conection.php");
if(isset($_POST['login'])){
$user_email=mysqli_real_escape_string($dbcon, $_POST['email']);
$user_pass=mysqli_real_escape_string($dbcon, $_POST['pass']);
$encrypted_password = password_hash($user_pass, PASSWORD_BCRYPT);
$query = $dbcon->query("SELECT user_pass FROM users WHERE user_email='$user_email'");
$passwordValue=$query->fetch_object()->user_pass;
if (password_verify($user_pass,$passwordValue)){
echo "Success!";
}else{
echo $encrypted_password;
echo "<div class='alert alert-danger'><a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a><strong>Error!</strong> Email or password entered was incorrect!</div>";
}
/*$check_user="select * from users WHERE user_email='$encrypted_email' AND user_pass='$user_pass'";
$run=mysqli_query($dbcon,$check_user);
if(mysqli_num_rows($run))
{
echo "<script>window.open('welcome.php','_self')</script>";
$_SESSION['email']=$user_email;//here session is used and value of $user_email store in $_SESSION.
}
else
{
echo "<script>alert('Email or password is incorrect!')</script>";
}*/
}
?>
This is the code found in my login.php file. The php code within the comment isn't part of the web page, I will be removing it later.
<html>
<head lang="en">
<meta charset="UTF-8">
<link type="text/css" rel="stylesheet" href="bootstrap-3.2.0-dist\css\bootstrap.css">
<title>Login</title>
</head>
<style>
.login-panel {
margin-top: 150px;
</style>
<body>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="login-panel panel panel-success">
<div class="panel-heading">
<h3 class="panel-title">Sign In</h3>
</div>
<div class="panel-body">
<form role="form" method="post" action="login.php">
<fieldset>
<div class="form-group" >
<input class="form-control" placeholder="E-Mail" name="email" type="email" autofocus>
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="pass" type="password" value="">
</div>
<input class="btn btn-lg btn-success btn-block" type="submit" value="login" name="login" >
<!-- Change this to a button or input when using this as a form -->
<!-- Login -->
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
include("database/db_conection.php");
if(isset($_POST['login'])){
$user_email=mysqli_real_escape_string($dbcon, $_POST['email']);
$user_pass=mysqli_real_escape_string($dbcon, $_POST['pass']);
$encrypted_password = password_hash($user_pass, PASSWORD_BCRYPT);
if ($query = $dbcon->query("SELECT user_pass FROM users WHERE user_email='$user_email'") == false) {
echo "The email doesn't exist in the DB";
} else {
$passwordValue=$query->fetch_object()->user_pass;
if (password_verify($user_pass,$passwordValue)){
echo "Success!";
}else{
echo $encrypted_password;
echo "<div class='alert alert-danger'><a href='#' class='close' data-dismiss='alert' aria-label='close'>×</a><strong>Error!</strong> Email or password entered was incorrect!</div>";
}
/*$check_user="select * from users WHERE user_email='$encrypted_email' AND user_pass='$user_pass'";
$run=mysqli_query($dbcon,$check_user);
if(mysqli_num_rows($run))
{
echo "<script>window.open('welcome.php','_self')</script>";
$_SESSION['email']=$user_email;//here session is used and value of $user_email store in $_SESSION.
}
else
{
echo "<script>alert('Email or password is incorrect!')</script>";
}*/
}
}
?>
I've added an if statement that checks if the query is false, if it's false it will echo that the email doesn't exist in the database, as you wanted, but if it exist, then you're fetched the password exactly as you want.
I used an if statement for the code: $query->num_rows() (credit to #MasterOdin for that) and if the number of rows equaled 0, then I echoed that you typed in an invalid email.
Ex.
if ($query->num_rows==0){
echo "You typed an invalid email!";
}else{
I further verified information here...
}