I have a PHP page which should display the currently logged in users information like firstname, lastname, etc. The only problem I am having on the page is that it only displays the first user account within the database which happens to be the admin account on any user account I am logged in with on my website which is false as the information on there should be unique for each user.
DATABASE INFO:
PRIMARY KEY: user_id
Database connection code(init.inc.php):
<?php
session_start();
@mysql_connect('localhost', 'root', '');
mysql_select_db('loginsystem');
$path = dirname(__FILE__);
include("user.inc.php");
$_SESSION['uid'] = 1;
?>
My backend code (user.inc.php):
function fetch_users(){
$result = @mysql_query('SELECT `user_id` AS `id`, `user_uid` AS `username` FROM users');
$users = array();
while (($row = mysql_fetch_assoc($result)) !== false){
$users[] = $row;
}
return $users;
}
//fetches profile info for the given user
function fetch_user_info($uid){
$uid = (int)$uid;
$sql = "SELECT `user_uid` AS `username`, `user_first` AS `firstname`, `user_last` AS `lastname`, `user_email` AS `email` FROM `users` WHERE `user_id` = {$uid}";
$result = mysql_query($sql);
return mysql_fetch_assoc($result);
}
//Updates the current users profile.
function set_profile_info($username, $firstname, $lastname, $email){
$firstname = mysql_real_escape_string($firstname);
$lastname = mysql_real_escape_string($lastname);
$email = mysql_real_escape_string(htmlentities($email));
$sql = "SELECT `user_first` AS `firstname`, `user_last` AS `lastname`, `user_email` AS `email` FROM `users` WHERE `user_id` = {$uid}";
mysql_query($sql);
}
Frontend code (edit_profile.php):
<?php
include('init.inc.php');
if (isset($_POST['username'], $_POST['firstname'], $_POST['lastname'], $_POST['email'])){
$errors = array();
if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false){
$errors[] = 'The email address you entered is not valid.';
}
if(preg_match('#^[a-zA-Z ]+$#i', $_POST['firstname']) === 0){
$errors[] = 'Your first name must only contain a-z characters only.';
}
if(preg_match('#^[a-zA-Z ]+$#i', $_POST['lastname']) === 0){
$errors[] = 'Your last name must only contain a-z characters only.';
}
if (empty($errors)){
set_profile_info($_POST['username'], $_POST['firstname'], $_POST['lastname'], $_POST['email']);
}
$user_info = array(
'username' => htmlentities($_POST['username']),
'firstname' => htmlentities($_POST['firstname']),
'lastname' => htmlentities($_POST['lastname']),
'email' => htmlentities($_POST['email'])
);
}else{
$user_info = fetch_user_info($_SESSION['uid']);
}
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns=""http://www.w3.org/1999/xhtml>
<head>
<title>Edit Your Profile</title>
<style type="text/css">
form div {color: white; font-weight: bold; float: left; clear: both; margin: 0px 0px 4px 0px; }
label {font: 19px/1.5 Arial, Helvetica,sans-serif; color: white; font-weight: bold; float:left; clear:both; margin: 0px 0px 4px 0px; }
input[type="text"], textarea {font: 16px/1.5 Arial, Helvetica,sans-serif; margin-left: 10px; float:left; width: 400px; }
input[type="submit"] {
width: 300px;
-webkit-transition: all .1s;
background: #333;
line-height: 50px;
font-weight: bold;
color: #e3e3e3;
border-radius: 6px;
box-shadow: 0px 0px 2px rgba(0,0,0,.5), 1px 1px 5px rgba(0,0,0,.3);
cursor: pointer;
font-weight: bold;
font: 17px/1.5 Arial, Helvetica,sans-serif;
float: left;
position: absolute;
top: 39%;
}
input[type="submit"]:hover {
background: #e3e3e3;
color: #333;
}
</style>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="./css/style.css">
</head>
<body>
<section id="showcase1">
<div>
<?php
if(isset($errors) === false){
echo 'Click update to edit your profile';
}else if(empty($errors)) {
echo 'Your profile has been updated.';
}else{
echo '<ul><li>', implode('</li><li>', $errors), '</li></ul>';
}
?>
</div>
<form action="" method="post">
<div>
<label for="username">Username: <?php echo $user_info['username'] ?></label>
</div>
<div>
<label for="firstname">First name:</label>
<input type="text" name="firstname" id="firstname" value="<?php echo $user_info['firstname'] ?>" />
</div>
<div>
<label for="lastname">Last name:</label>
<input type="text" name="lastname" id="lastname" value="<?php echo $user_info['lastname'] ?>" />
</div>
<div>
<label for="email">Email: </label>
<input type="text" name="email" id="email" value="<?php echo $user_info['email'] ?>" />
</div>
<!--<div>
<label for="password">Password:</label>
<input type="text" name="password" id="password" value="" />
</div> -->
<div>
<input type="submit" value="Update" />
</div>
</form>
</section>
</body>
</html>
UPDATES: login.inc.php code:
<?php
session_start();
if (isset($_POST['submit'])) {
include 'dbh.inc.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//Error handlers
//Check if inputs are empty
if (empty($uid) || empty($pwd)) {
header("Location: ../index.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid' OR user_email='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
header("Location: ../index.php?login=error");
exit();
} else {
if ($row = mysqli_fetch_assoc($result)) {
//De-hashing the password
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if ($hashedPwdCheck == false) {
header("Location: ../index.php?login=error");
exit();
} elseif ($hashedPwdCheck == true) {
//log in the user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../homepage.php");
exit();
}
}
}
}
} else {
header("Location: ../index.php?login=error");
exit();
}
The database file the login.inc.php uses:
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "loginsystem";
$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword, $dbName);