Hi everyone I found this code here somewhere
RewriteEngine On
# browser requests PHP
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^\ ]+)\.php
RewriteRule ^/?(.*)\.php$ /$1 [L,R=301]
# check to see if the request is for a PHP file:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^/?(.*)$ /$1.php [L]
This removes the .php file extension but my $_GET paramaters do not work anymore how can I go about to solve this thanks in advance. I have read other posts but didn't get what I wanted.
After further examination the problem is that when I log in
$_SESSION[profileId] // doesn't set anymore
When I clear .htaccess everything goes back to normal. My code reads
$sql = "SELECT * FROM mytable WHERE userName='$_GET['profile']' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_array($user_query,MYSQL_ASSOC);
$profileId = $row['profileId'];
if($_SESSION['profileId'] === $profileId){
if(isset($_GET['profile']) && !isset($_GET['edit'])){
echo '<a id="editButtons" href="../profile.php?profile='.$_GET['profile'].'&edit=1">Edit Profile</a>';
}
if(isset($_GET['profile']) && isset($_GET['edit'])){
echo '<a id="editButtons" href="../profile.php?profile='.$_GET['profile'].'">Done editing</a>';
}
}
This is the code where I set the sessions
session_start();
$username = mysqli_real_escape_string($db_conx, $_POST['u']);
$password = $_POST['p'];
$ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
if($username == "" || $password == ""){
echo "login_failed";
}else{
$sql = "SELECT * FROM myTable WHERE username='$username' AND activated='yes' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_array($query);
$profileId = $row['profileId'];
$compName = $row['compName'];
$db_username = $row['username'];
$db_email = $row['email'];
$db_pass_str = $row['password'];
if(password_verify($password,$db_pass_str)){
$_SESSION['profileId'] = $profileId;
$_SESSION['username'] = $db_username;
$_SESSION['password'] = $db_pass_str;
setcookie("id", $profileId, strtotime( '+30 days' ), "/", "", "", TRUE);
setcookie("user", $db_username, strtotime( '+30 days' ), "/", "", "", TRUE);
setcookie("pass", $db_pass_str, strtotime( '+30 days' ), "/", "", "", TRUE);
// UPDATE THEIR "IP" AND "LASTLOGIN" FIELDS
$sql = "UPDATE myTable SET ip='$ip', lastlogin=now() WHERE profileId='$profileId' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
if($query){
echo $compName;
}
} else {
echo 'login_failed';
}
}