login.php
<?php
$error="";
include_once 'connect.php';
session_start();
if (isset($_SESSION['id'])){
header('location:welcome.php');
}
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$myusername = mysqli_real_escape_string($mysqli,$_POST['username']);
$mypassword = mysqli_real_escape_string($mysqli,$_POST['password']);
$sql = "SELECT * FROM users WHERE username = '$myusername' ";
$result = mysqli_query($mysqli,$sql);
$row = mysqli_fetch_array($result);
$hashed_password=$row['password'];
if(password_verify($mypassword, $hashed_password)) {
$_SESSION['login_user'] = $myusername;
$_SESSION['id']=$row['userid'];
header("location: welcome.php");
exit();
}
else
{
$error = " Invalid Username or Password ";
}
}
?>
<html>
<head>
<title>Login Page</title>
<style type = "text/css">
body {
font-family:Arial, Helvetica, sans-serif;
font-size:14px;
}
label {
font-weight:bold;
width:100px;
font-size:14px;
}
.box {
border:#666666 solid 1px;
}
.button {
background-color: #4CAF50;
border: none;
color: white;
padding: 10px 20px;
text-align: center;
text-decoration: none;
display: inline-block;
font-size: 12px;
margin: 4px 2px;
cursor: pointer;
}
</style>
</head>
<body bgcolor = "#FFFFFF">
<div align = "center">
<div style = "margin:30px">
<form action = "" method = "post">
<label>Username : </label><input type = "text" name = "username" class = "box"/><br /><br />
<label>Password : </label><input type = "password" name = "password" class = "box" /><br/><br />
<input class="button" type = "submit" value = " login "/><br />
<a href="index.php" class="button">Haven't Registered ? </a>
</form>
<div style = "font-size:11px; color:#cc0000; margin-top:10px"><?php echo $error; ?></div>
</div>
</div>
</body>
</html>
welcome.php
<?php
session_start();
if (!isset($_SESSION['id'])) {
header('location:login.php');
}
?>
<!DOCTYPE html>
<html>
<body>
<?php
include_once 'connect.php';
$query=mysqli_query($mysqli,"select * from `users` where userid='".$_SESSION['id']."'");
$row=mysqli_fetch_array($query);
echo 'Welcome - '.$row['username'];
?>
<br>
<a href="logout.php">Logout</a>
<br>
<?php
//include_once 'connect.php';
$result = mysqli_query($mysqli,"SELECT * FROM users");
echo "<table border='1'>
<tr>
<th>User_ID</th>
<th>Name</th>
<th>Username</th>
<th>E-mail</th>
<th>Department</th>
<th>Date_of_birth</th>
<th>Age</th>
<th>Image</th>
<th>Action</th>
<th>Action</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['userid'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['department'] . "</td>";
echo "<td>" . $row['Date_of_birth'] . "</td>";
echo "<td>" . $row['age'] . "</td>";
echo "<td><img alt='image' style='width:100px;height:50px;' src='upload/".$row['filename']."'></td>";
echo "<td> <a href='editform.php?id=" . $row['userid'] . "'>Edit</a></td>";
echo "<td> <a href='deleteform.php?id=" . $row['userid'] . "'>Delete</a></td>";
echo "</tr>";
}
echo "</table>";
?>
<?php
//include_once 'connect.php';
if(isset($_POST["happy"])){
if(empty($_POST["happy"])){ //not empty name
echo '<br>';
echo "No letter entered";
}else {
$name = $_POST["happy"];
$id = $_GET['id'];
$sql="select name, username, email, Date_of_birth from `users` where userid='".$_SESSION['id']."'";
$result = mysqli_query($mysqli, $sql);
$row = mysqli_fetch_array($result);
// $sql="select name, username, email, Date_of_birth from `users`;";
if (mysqli_query($mysqli, $sql) === TRUE) {
print_r($id);
}else {
echo 'No record found';
}
}
}
?>
<form method="post">
<br>
Search: <input type="text" name="happy"><br><br>
<input type="submit" value="Submit">
</form>
</body>
</html>
editform.php
<?php
session_start();
if (!isset($_SESSION['id'])) {
header('location:login.php');
}
?>
<?php
$nameErr = $emailErr = $usernameErr = $DateOfBirthErr = $departmentErr = $ageErr = $fileToUploadErr = $fileToUploadErrr = $fileToUploadErrrr = $fileToUploadErrrrr = $fileToUploadErrrrrr = "";
$name = $email = $username = $DateOfBirth = $department = $age = $filename = "";
include_once 'connect.php';
$id = $_GET['id'];
$query = mysqli_query($mysqli, "select * from `users` where userid ='$id'");
$row = mysqli_fetch_array($query);
//set a default variable to hold the original value if $_POST is not triggered
$name = $row['name'];
$username = $row['username'];
$email = $row['email'];
$DateOfBirth = $row['Date_of_birth'];
$department = $row['department'];
$age = $row['age'];
// checking weather the form has been submitted before performing the update query
if (isset($_POST['update'])) {
//Name Section
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = $_POST["name"];
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/", $name)) {
$nameErr = "Only letters allowed no blank space";
}
}
//E-mail Section
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = $_POST["email"];
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}
//Username Section
if (empty($_POST["username"])) {
$usernameErr = "Username is required";
} else {
$username = $_POST["username"];
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/", $username)) {
$usernameErr = "Only letters allowed no blank space";
}
}
//D.O.B Section
if (empty($_POST["Date_of_birth"])) {
$DateOfBirthErr = "Date Of Birth is required";
} else {
$DateOfBirth = $_POST["Date_of_birth"];
}
//Department Section
if (empty($_POST["department"])) {
$departmentErr = "Department is required";
} else {
$department = $_POST["department"];
}
//Age Section
if (empty($_POST["age"])) {
$ageErr = "Age is required";
}
elseif($_POST["age"]< 17 ) {
$ageErr = "Age should be above 18 years";
}
else {
$age = $_POST["age"];
}
//UPLOAD FILE
$uploaddir = 'upload/';
$uploadfile = $uploaddir . basename($_FILES['filename']['name']);
$imageFileType = pathinfo($uploadfile, PATHINFO_EXTENSION);
if ($_FILES['filename']['name'] != '') {
// Check the image is actaully image or not
$check = getimagesize($_FILES["filename"]["tmp_name"]);
if ($check == false) {
$fileToUploadErrrrr = "File is not an image.";
}
// Check if file already exists
if (file_exists($uploadfile)) {
$fileToUploadErrrrrr = "Sorry, file already exists.";
}
if ($imageFileType != "jpg" && $imageFileType != "png") {
$fileToUploadErr = "Sorry, only JPG,PNG files are allowed.";
} elseif ($_FILES['filename']['size'] > 500000) {
$fileToUploadErrrr = "Sorry, your file is too large.";
} else {
/* if ($filename != '') {
$target = "upload/" . $filename;
unlink($target);
}*/
$uploaded = move_uploaded_file($_FILES['filename']['tmp_name'], $uploadfile);
if ($uploaded) {
$file = $_FILES['filename']['name'];
} else {
$file = $filename;
}
}
} else {
$file = $filename;
}
if ($nameErr == "" && $emailErr == "" && $usernameErr == "" && $DateOfBirthErr == "" && $departmentErr == "" && $ageErr == "" && $fileToUploadErr == "" && $fileToUploadErrr == "" && $fileToUploadErrrr == "" && $fileToUploadErrrrr == "" && $fileToUploadErrrrrr == "") {
$check = "SELECT * FROM users WHERE username = '$username' and userid !='$id'";
$rs = mysqli_query($mysqli, $check);
$da = mysqli_fetch_array($rs, MYSQLI_NUM);
if ($da > 0) {
echo "Username Already in Exists";
} else {
if($file=="")
{
$sql = "update `users` set name='$name', username='$username', email='$email', Date_of_birth='$DateOfBirth', department='$department', age='$age' where userid ='$id'";
if (mysqli_query($mysqli, $sql)) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . mysqli_error(mysqli_query);
}
mysqli_close($mysqli);
}
else{
$sql = "update `users` set name='$name', username='$username', email='$email', Date_of_birth='$DateOfBirth', department='$department', age='$age' , filename='$file' where userid ='$id'";
$target = "upload/".$row['filename'];
unlink($target);
if (mysqli_query($mysqli, $sql)) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . mysqli_error(mysqli_query);
}
mysqli_close($mysqli);
}
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<style>
.error {
color:red;
}
.button {
background-color: #4CAF50;
border: none;
color: white;
padding: 10px 25px;
text-align: center;
text-decoration: none;
display: inline-block;
font-size: 16px;
margin: 4px 2px;
cursor: pointer;
}
.div1 {
background-color: #f2f2f2;
margin-top: -19px;
margin-bottom: -25px;
margin-left: -19px;
}
.copy {
border-radius: 4px;
padding: 6px 20px;
border-style: ridge;
}
.copy1{
border-radius: 4px;
padding: 6px 28px;
border-style: ridge;
}
.copy2{
border-radius: 4px;
padding: 4px 2px;
}
</style>
</head>
<body>
<div style="padding-left: 250px" class="div1">
<h2 style="color:#009999">EDIT :</h2>
<form method="POST" action="" enctype="multipart/form-data">
<input type="hidden" name="hidden_id" value="<?= $id ?>"/>
<label style="color:#0099ff">Name:</label><input class= "copy" style="margin-left: 52px" type="text" value="<?= $name ?>" name="name">
<span class="error"> <?php echo $nameErr; ?></span>
<br><br>
<label style="color:#0099ff">Username:</label><input type="text" class= "copy" style="margin-left:26px" value="<?= $username ?>" name="username">
<span class="error"><?php echo $usernameErr; ?></span>
<br><br>
<label style="color:#0099ff">E-mail:</label><input type="text" class= "copy" style="margin-left: 48px" value="<?= $email ?>" name="email">
<span class="error"><?php echo $emailErr; ?></span>
<br><br>
<label style="color:#0099ff">Date_of_birth: </label><input type="date" class= "copy1" value="<?= $DateOfBirth ?>" name="Date_of_birth">
<span class="error"> <?php echo $DateOfBirthErr; ?></span>
<br><br>
<label style="color:#0099ff">Department:</label>
<select name="department" class= "copy2" style="margin-left:14px" value="<?= $department ?>">
<option value="EE">Electrical & Electronics</option>
<option value="EC">Electronics & Communication</option>
<option value="ME">Mechanical</option>
<option value="CS">Computer Science</option>
<option value="CV">Civil</option>
<option value="IS">Information Science</option>
</select>
<span class="error"> <?php echo $departmentErr; ?></span>
<br><br>
<label style="color:#0099ff">Age:</label><input type="number" class= "copy" style="margin-left:62px" value="<?= $age ?>" name="age">
<span class="error"> <?php echo $ageErr; ?></span>
<br><br>
<label style="color:#0099ff">Select image : </label><input type="file" style="width:180px;height:100px;padding:10px;" name="filename" >
<!--img src='' height='50px' width='50px'-->
<br>
<?php echo "<img alt='image' style='width:180px;height:100px;' src='upload/" . $row['filename'] . "'>";?>
<span class="error"><br><?php echo $fileToUploadErr; ?></span>
<span class="error"><?php echo $fileToUploadErrrr; ?></span>
<span class="error"><?php echo $fileToUploadErrrrr; ?></span>
<span class="error"><?php echo $fileToUploadErrrrrr; ?></span>
<br>
<input type="submit" class="button" name="update" value="Update">
<a href="welcome.php">Back</a>
</form>
</div>
</body>
</html>
я добавил одно имя файла editform.php в этомвсе значения выбираются, за исключением поля отдела, я смотрю на него, но не знаю, где происходит ошибка, и другая проблема заключается в том, что если я обновлю изображение, обновленное изображение должно отображаться на той же странице, а когда я вернусь кмой