I am creating a profile page that include a profile pic, a username, title and a list of friends for the profile owner.
I used .htaccess to allow users to write in the URL, just the name of other users without putting a ? to get access to profile page.
But the problem is that if I wrote the name in the URL it works, but if I put profile .php or I press profile it displays the basic page which means that without any information related to this profile owner like a new page
How to fix this problem?
profile.php
session_start();
require_once('include/connect.php');
$login = ($_SESSION['login']);
$userid = ($_SESSION['user_id']);
$login_user = ($_SESSION['username']);
$fname = ($_SESSION['first_name']);
$lname = ($_SESSION['last_name']);
ob_start();
$username = "";
$interactionBox = "";
if(isset($_GET['u'])) {
$username = mysql_real_escape_string($_GET['u']);
if(ctype_alnum($username)) {
//check ser exists
$check = mysql_query("SELECT user_name, first_name FROM user WHERE user_name = '$username'");
if(mysql_num_rows($check) == 1) {
$get = mysql_fetch_assoc($check);
$username = $get['user_name'];
$fname = $get['first_name'];
var_dump($username);
var_dump($login_user);
} else {
echo "<meta http-equiv=\"refresh\" content=\"0; url=http://localhost/lam-el-chamel/index.php\">";
exit();
}
}
}
?>
<?php
//check if the logued in user is diffrenet from the url username
if($username != $login_user) {
$interactionBox='<div class = "InteractionLinksDiv">
Add as Friend
</div>';
} else { //check if the logued in user is equal to the url username
$interactionBox='<div style="display:inline; border:#CCC 1px solid; padding:5px; background-color:#E4E4E4; color:#999; font-size:14px;">
Others Can Add You.
</div>';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="keywords" content="" />
<meta name="description" content="" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Lam_El_Chamel</title>
<link href='http://fonts.googleapis.com/css?family=Oswald:400,300' rel='stylesheet' type='text/css' />
<link href='http://fonts.googleapis.com/css?family=Abel|Satisfy' rel='stylesheet' type='text/css' />
<link href="default.css" rel="stylesheet" type="text/css" media="all" />
<!--[if IE 6]>
<link href="default_ie6.css" rel="stylesheet" type="text/css" />
<![endif]-->
<script type = "text/javascript" src = "http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
</script>
<script language="javascript" type="text/javascript">
//jquery function for toggeling member interaction container
function toggleInteractContainers(x) {
if($('#'+x).is(":hidden")){
$('#'+x).slideDown(200);
} else {
$('#'+x).hide();
}
}
//function to add friend recive 2 arguments
function addAsFriend(a,b) {
//alert("Member with id:" + a + "request friendship with the memeber with id:" + b);
var url = "script_for_profile/request_as_friend.php";
$("#add_friend").text("please wait...").show();
$.post(url,{request:"requestFreindship",mem1:a,mem2:b},function(data){
$("#add_friend").html(data).show().fadeOut(12000);
});
}
</script>
</head>
<body>
<?php require_once('header.php');?>
<div id="wrapper">
<div id="page-wrapper">
<div id="page">
<div id="wide-content">
<?php
$check_pic = mysql_query("SELECT profile_pic FROM user WHERE user_name= '$username'")or die(mysql_error());
$get_pic_row = mysql_fetch_assoc($check_pic);
$profile_pic_db = $get_pic_row['profile_pic'];
if($profile_pic_db == "") {
$profile_pic = "images/default_img.jpg".$profile_pic_db;
}
else {
$profile_pic = "userdata/profile_pics/".$profile_pic_db;
}
?>
<img src="<?php echo $profile_pic; ?>" height="150" width="196" alt="<?php echo $username; ?>'s profile" title="<?php echo $username; ?>'s profile" />
<br />
<div class="textHeader"><?php echo $username; ?></div>
<?php echo $interactionBox; ?>
<div class="interactContainers" id="add_friend">
<div align="right">Cancel</div>
Add <?php echo $username ?> as Friend?
Yes
</div>
<div class="interactContainers" id="friend_requests" style="background-color:#FFF ; height:240px; overflow:auto;">
<h3>The Following People want to be friends</h3>
</div>
<div class="profileLeftSideContent">Introduce YourSelf....<br />
<?php
$about_query = mysql_query("SELECT interest FROM user WHERE user_name = '$username'")or die(mysql_error());
$get_result = mysql_fetch_assoc($about_query);
$about_the_user = $get_result['interest'];
echo $about_the_user;
?>
.htaccess
RewriteEngine On
RewriteRule ^([a-zA-Z0-9_-]+)$ profile.php?u=$1 [L]
Your current RewriteRule will rewrite a request to /profile.php to /profile.php?u=profile.php
You should define a prefix or sufix to detect URLs that should be rewritten. For example
RewriteRule ^profile/([a-zA-Z0-9_-]+)$ profile.php?u=$1 [L]
Then you would be able to access to profile pages via /profile/UserName and calling /profile.php would still work.
Related
this is the code i use for my user page atm it only shows their names out of the database
userlist.php
<?php
include "header.php";
include "footer.php";
include "db_conn.php";
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Home</title>
<link rel="icon" type="image/x-icon" href="fotos/favicon.ico">
<link href="https://cdn.jsdelivr.net/npm/bootstrap#5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js"></script>
<link rel="stylesheet" type="text/css" href="css/style.css">
<link rel="stylesheet" href="style.css">
<link rel="stylesheet" href="styletwo.css">
<script src="java/currentime.js"></script>
</head>
<body>
<h3 style="text-align: center;">Users on the website</h3>
<div id="usernamelist" style="border: solid black 1px; width: 60px; height: 20px; margin-left: auto; margin-right: auto;">
<?php if ($user) {
$sql = "SELECT * FROM users;";
foreach ($conn->query($sql) as $row) {
print $row['username'] . '<br>';
}
/*
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
while ($row = mysqli_fetch_assoc($result)) {
echo $row['username'] . "<br>";
}
}*/
}else {
header("Location: login.php");
exit;
} ?>
</div>
</div>
</body>
</html>
and this is what handles the pictures
profilepicture.php
if (isset($_FILES['pp']['name']) AND !empty($_FILES['pp']['name'])) {
$img_name = $_FILES['pp']['name'];
$tmp_name = $_FILES['pp']['tmp_name'];
$error = $_FILES['pp']['error'];
if($error === 0){
$img_ex = pathinfo($img_name, PATHINFO_EXTENSION);
$img_ex_to_lc = strtolower($img_ex);
$allowed_exs = array('jpg', 'jpeg', 'png');
if(in_array($img_ex_to_lc, $allowed_exs)){
$new_img_name = uniqid($uname, true).'.'.$img_ex_to_lc;
$img_upload_path = '../upload/'.$new_img_name;
move_uploaded_file($tmp_name, $img_upload_path);
this is what shows the profile pictures on the website when someone updated their profile or signed up now i wanna make it show it shows up on the website through the database enter image description here
Since you saved user profile image in a folder, you should also insert its name in a column of user table (e.g profile_image) and by that, you can find each user's image.
# Inserting => After saving image in a folder
$query = "INSERT INTO $tableName (profile_image)
VALUES($new_img_name)";
$conn->query($query);
And then reading data.
function getUserData($id){
# Reading
global $conn;
$query = "SELECT * FROM $tableName WHERE user_id=$id";
$result = mysqli_query($conn, $query);
$info = mysqli_fetch_assoc($result);
return $info;
}
And you can call this function like this:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
<?php require('db_conn.php')?>
<?php
function getUserData($id){
# Reading
global $conn;
$query = "SELECT * FROM $tableName WHERE user_id=$id";
$result = mysqli_query($conn, $query);
$info = mysqli_fetch_assoc($result);
return $info;
}
?>
</head>
<body>
<?php
$userInfo= getUserData($id); ?>
<img src='<?= "../upload/".$userInfo["profile_image"] ?>' alt="">
</body>
</html>
i am kinda new to PHP and not sure if this has been answered before i cant really find anything. what im asking for help with is with a google sign in if the email address is not in the database i would like it to redirect the user back to the login page, i have attached the code for the login below if anyone can help it will be highly appreciated thank you.
//session_start();
//index.php
include('classDev.php');
//Include Configuration File
include('config.php');
$login_button = '';
if(isset($_GET["code"]))
{
$token = $google_client->fetchAccessTokenWithAuthCode($_GET["code"]);
if(!isset($token['error']))
{
$google_client->setAccessToken($token['access_token']);
$_SESSION['access_token'] = $token['access_token'];
$google_service = new Google_Service_Oauth2($google_client);
$gData = $google_service->userinfo->get();
if(!empty($gData['given_name']))
{
$_SESSION['user_first_name'] = $gData['given_name'];
}
if(!empty($gData['family_name']))
{
$_SESSION['user_last_name'] = $gData['family_name'];
}
//if (empty(($data->select_where("user",$where_condition)))) {
// header("location: index.php?status=failure");
//}
if(!empty($gData['email']))
{
$where_condition = array("email" => $gData['email']);
if (($data->select_where("user",$where_condition))) {
$_SESSION['user_email_address'] = $gData['email'];
}
}
if (empty($_SESSION['email'])) {
//echo "please enter an email address that is valid.";
//header('location: index.php?status=failure');
}
if(!empty($gData['gender']))
{
$_SESSION['user_gender'] = $gData['gender'];
}
if(!empty($gData['picture']))
{
$_SESSION['user_image'] = $gData['picture'];
}
}
}
if(!isset($_SESSION['access_token']))
{
$login_button = 'Login With Google';
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PHP Login using Google Account</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<br />
<h2 align="center">PHP Login using Google Account</h2>
<br />
<div class="panel panel-default">
<?php
if($login_button == '')
{
echo '<div class="panel-heading">Welcome User</div><div class="panel-body">';
echo '<img src="'.$_SESSION["user_image"].'" class="img-responsive img-circle img-thumbnail" />';
echo '<h3><b>Name :</b> '.$_SESSION['user_first_name'].' '.$_SESSION['user_last_name'].'</h3>';
echo '<h3><b>Email :</b> '.$_SESSION['user_email_address'].'</h3>';
echo '<h3><a href="logout.php">Logout</h3></div>';
//header('location: home.php');
include('home.php');
}
else
{
echo '<div align="center">'.$login_button . '</div>';
}
?>
</div>
</div>
</body>
</html>```
Login.php
<?php
session_start();
require("Register.php");
if(isset($_POST['loginButton'])){
try {
$email = $_POST['email'];
$password = $_POST['password'];
$query = $conn->prepare("SELECT * FROM Users WHERE Email = '$email' AND password = '$password'");
$query->execute();
if($query->rowCount() > 0 ) {
$_SESSION['user'] = $email;
header("location: ../html/myAccount.html");
}
else {
echo "Email not found!";
}
}
catch (PDOException $e){
echo $e->getMessage();
}
}
?>
HTML page
<?php
session_start();
echo $_SESSION['user'];
?>
<!DOCTYPE html>
<HTML>
<HEAD>
<title>BMA.WALLET</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="../css/page-style.css">
<link rel="stylesheet" type="text/css" href="../css/account-style.css">
<link href='https://fonts.googleapis.com/css?family=Open+Sans:400,300,300italic,400italic,600,600italic,700,700italic,800,800italic' rel='stylesheet' type='text/css'>
<link href='https://fonts.googleapis.com/css?family=Roboto:400,100,300,100italic,300italic,400italic,500,500italic,700,700italic,900,900italic&subset=latin,latin-ext' rel='stylesheet' type='text/css'>
<link rel="shortcut icon" href="../img/wallet.png"/>
</HEAD>
<BODY>
<div id="wrapper">
<div id="HEADER">
<h1><span>BMA.</span>WALLET</h1>
<div class="motto">Cu noi știi unde ți-au zburat banii!</div>
<div class="main-menu">
<ul>
<li><img src="../img/facilities.png" width="40" alt="logout icon" title="Facilități"></li>
<li><img src="../img/report.png" width="40" alt="logout icon" title="Rapoartele tale"></li>
<li><img src="../img/group.png" width="40" alt="logout icon" title="Grupurile tale"></li>
<li><img src="../img/settings.png" width="40" alt="settings icon" title="Setările tale"></li>
<li><img src="../img/iconLogout.png" width="40" alt="logout icon" title="Deconectează-te!"></li>
</ul>
</div>
</div>
<div class="center" id="CONTENT">
<div class="personal-reports">
<h1>Contul personal - rapoarte</h1>
<h2>Statistică periodică: Venituri și Cheltuieli </h2>
I am building for my project a user management system and I want to show after log in the user's profile. After I press login I should be redirected to the html page. This works but I don't know how to print in the HTML page the value of $_SESSION, it doesn't matter where or how I just want to test it so I can see if it works and I get the $SESSION value. I found no solution to this so if you can help me I would really appreciate.
You have stored your email in the session variable:
$_SESSION['user'] = $email;
So, in your other HTML page, you simply need to echo this:
// myAccount.html
<?php echo "Logged in user: ".$_SESSION['user']; ?>
I'm trying to develop a login system in PHP which has faculty_login.php which displays faculty_login_option.inc.php which has a login form and if $_SESSION['f_id'] is set it redirects to faculty_upload_option.php. where faculty details are fetched from faculty_table using $f_id = $_SESSION['f_id'] as the primary key.but $_SESSION['f_id'] is always returning 1 and user is logging in as the user whose f_id is 1.
<?php
//faculty login page.faculty_login.php
//if logged in show upload option/show login option.
require_once 'resources/core.inc.php';//session is set here
require_once 'resources/connect.inc.php';//init db connection
if(isset($_SESSION['f_id'])&&!empty($_SESSION['f_id'])){
require_once 'faculty_upload_option.inc.php';
}
else{
require_once 'faculty_login_option.inc.php';
}
?>
<?php
/* faculty_login_db.php
* Check if the faculty can login or the credentials are wrong.
*/
require_once 'resources/core.inc.php';
require_once 'resources/connect.inc.php';
if(isset($_POST['f_username'])&&isset($_POST['f_password'])){
if(!empty($_POST['f_username'])&&!empty($_POST['f_password'])){
$username = stripcslashes($_POST['f_username']);
$password = stripcslashes($_POST['f_password']);
$result = $conn->prepare("SELECT f_id FROM faculty_table WHERE f_username= :hjhjhjh AND f_password= :asas");
$result->bindParam(':hjhjhjh', $username);
$result->bindParam(':asas', $password);
$result->execute();
$rows = $result->fetch(PDO::FETCH_NUM);
if($result->rowCount() == 1) {
$_SESSION['f_id'] = $rows ;
$_SESSION['f_username'] = $username;
header('Location:faculty_login.php');
}
else{
header('Location:faculty_login.php?username='.$username);
}
}
else{
header('Location:faculty_login.php');
}
}
else{
header('Location:faculty_login.php');
}
?>
<?php
/* faculty_login_option.php
* faculty login page. check if user exists/ use faculty_login_db.php
*/
?>
<!DOCTYPE html>
<!--
To change this license header, choose License Headers in Project Properties.
To change this template file, choose Tools | Templates
and open the template in the editor.
-->
<html>
<head>
<title>Home</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0 , maximum-scale=1">
<link rel="stylesheet" href="resources/loginstyle.css">
</head>
<body>
<?php
//<img alt="full screen background image" src="images/orange.jpg" id="full-screen-background-image" />
?>
<div id="back">Home</div>
<div id="header">
<h3>FACULTY LOGIN</h3><br>
</div>
<hr>
<div id="container">
<center>
<form action="faculty_login_db.php" method="post">
<input type="text" onFocus="if(this.value=='Username'){this.value=''}" name="f_username" class="buttons" value="<?php
if(isset($_GET['username']))
{
echo $_GET['username'];
}else{echo 'Username';}
?>"><br>
<input type="password" onFocus="if(this.value=='Password'){this.value='';}" name="f_password" class="buttons" value="Password"><br>
<input type="submit" value="Login" class="lbutton">
</form>
</center>
<?php
if(isset($_GET['username'])){
?>
<div id="errormsg">Username or password is invalid.</div>
<?php
}
?>
</body>
<?php
/* this is faculty_upload_option.inc.php
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
require_once 'resources/core.inc.php';
require_once 'resources/connect.inc.php';
if(isset($_SESSION['f_id'])&&isset($_SESSION['f_username'])&&!empty($_SESSION['f_id'])){
$f_id=trim(isset($_SESSION['f_id']));
if(!empty($f_id)){
$result = $conn->prepare("SELECT * FROM faculty_table WHERE f_id=:id");
$result->bindparam(':id', $f_id);
$result->execute();
$rows = $result->fetchAll();
foreach($rows as $db_rows){
$f_username = $db_rows['f_username'];
$category = $db_rows['category'];
$branch = $db_rows['branch'];
}
//page which should be displayed if user logs in.?>
<html>
<head><title><?php echo $f_username; ?></title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0 , maximum-scale=1">
<link href='http://fonts.googleapis.com/css?family=Indie+Flower|Yanone+Kaffeesatz' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="resources/upload_style.css">
</head>
<body><div id="parent">
<div id="header">
<img src="images/no-profile-image.png" width="30%" id="noimg">
<span id="addfont"><h1><?php echo $f_username;?></h1></span>
<h2><?php echo $category;?></h2>
<p><?php echo $branch;?></p>
<center><div class="buttons" id="left">Home</div><div class="buttons" id="right">Logout</div></center>
</div>
Are you destroying session correctly on logout? Are you setting session id before hitting the condition somewhere? What is the value before hitting the comparion condition?
I am designing a simple login page that can allow users to login.
But I am not able to login. I have checked my data In database,
in fact I also tried to edit database table's data,
but it didn't help me either.
It tells me that my email or password is incorrect. I don't know why this is happening.
Here's my code, Please help me to solve this problem
<div class="header">
<a href="<?php echo $url_home; ?>"><img src="<?php echo
$design; ?>/images/logo1.png" alt="Forum" style="float:right;" /></a>
</div>
<div class="message">You have successfully been logged out.<br />
Home</div>
<?php
}
else
{
$ousername = '';
if(isset($_POST['username'], $_POST['password']))
{
if(get_magic_quotes_gpc())
{
$ousername = stripslashes($_POST['username']);
$username = mysql_real_escape_string(stripslashes
($_POST['username']));
$password = stripslashes($_POST['password']);
}
else
{
$username = mysql_real_escape_string($_POST
['username']);
$password = $_POST['password'];
}
$req = mysql_query('select password,id from users where
username="'.$username.'"');
$dn = mysql_fetch_array($req);
if($dn['password']==sha1($password) and mysql_num_row
($req)>0)
{
$form = false;
$_SESSION['username'] = $_POST['username'];
$_SESSION['userid'] = $dn['id'];
if(isset($_POST['memorize']) and $_POST['memorize']
=='yes')
{
$one_year = time()+(60*60*24*365);
setcookie('username', $_POST['username'],
$one_year);
setcookie('password', sha1($password),
$one_year);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-
transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-
8" />
<link href="<?php echo $design; ?>/style.css" rel="stylesheet"
title="Style" />
<title>Login</title>
</head>
<body>
<div class="header">
<a href="<?php echo $url_home; ?>"><img src="<?php echo
$design; ?>/images/logo1.png" alt="Forum" /></a>
</div>
<div class="message">You have successfully been logged.<br />
<a href="<?php echo $url_home; ?>"><b>Click here to go to main
forum</b></a></div>
<?php
}
else
{
$form = true;
$message = 'The username or password you entered is
invalid.';
}
}
else
{
$form = true;
}
if($form)
{
?>
I recommend you take a look at PHP's PDO instead. Much easier and secure to work with.