We Keep Coding

Index.php not opening after login

My login does not go to index.php after loging in, the page just refreshes
i am using MySqli and the database details are in the config file
This is the login.php
<form action="" method="post">
UserName: <input type="text" name="uname"><br>
Password: <input type="text" name="psw1"><br>
<button type="submit" name="submit">Login</button>
</form>
<?php
require 'config1.php';
if(isset($_POST["submit"])){
$uname = $_POST["uname"];
$psw1 = $_POST["psw1"];
$result = mysqli_query($conn, "SELECT * FROM Users WHERE Username = '$uname'");
$row = mysqli_fetch_assoc($result);
if(mysqli_num_rows($result) > 0){
if($psw1 == $row["Password"]){
$_SESSION["login"] = true;
$_SESSION["id"] = $row["id"];
header("Location: index.php");
}
else{
echo
"<script> alert('wrong password'); </script>";
}
}
else{
echo
"<script> alert('User not regitered'); </script>";
};
}
?>
This the index.php, hence the page i am supposed to go to after a successful login
`<?php
require 'config1.php';
if(!empty($_SESSION["id"])){
$id = $_SESSION["id"];
$result = mysqli_query($conn, "SELECT * FROM Users WHERE id = $id");
$row = mysqli_fetch_assoc($result);
}
else{
header("Location: login.php");
}
?>
<!DOCTYPE html>
<html>
<body>
<h1>Welcome <?php echo $row["name"]; ?></h1>
Log out
</body>
</html>`

You are emitting html before you execute the header. It does not work that way. You cannot change the page after the browser has received some html, in this case the form. So re-organise it this way.
<?php
require 'config1.php';
if(isset($_POST["submit"])){
$uname = $_POST["uname"];
$psw1 = $_POST["psw1"];
$result = mysqli_query($conn, "SELECT * FROM Users WHERE Username = '$uname'");
$row = mysqli_fetch_assoc($result);
if(mysqli_num_rows($result) > 0){
if($psw1 == $row["Password"]){
$_SESSION["login"] = true;
$_SESSION["id"] = $row["id"];
header("Location: index.php");
exit;
}
else{
echo
"<script> alert('wrong password'); </script>";
}
}
else{
echo
"<script> alert('User not regitered'); </script>";
};
}
?>
<form action="" method="post">
UserName: <input type="text" name="uname"><br>
Password: <input type="text" name="psw1"><br>
<button type="submit" name="submit">Login</button>
</form>
Note that there is an exit after the header because you dont want the rest of the file getting executed.
Note
This assumes that config1.php does not echo or emit any html

PHP MYSQL Upload Image With other data

This is what it looks like.
But when i press the submit button it wont upload the image.
Is it possible to have 2 functions in one SUBMIT?
It saves the other data in my database but the image is not uploaded nor it is in my database.
<?php
$con=mysqli_connect("localhost","root","","presyohan");
// Check connection
if (mysqli_connect_error())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if(isset($_POST['submit']))
{
$prod_name = $_POST['prod_name'];
$prod_price = $_POST['prod_price'];
$prod_category = $_POST['prod_category'];
$sql="INSERT INTO products (prod_name, prod_price, prod_category)
VALUES('$prod_name','$prod_price','$prod_category')";
$result=mysql_query($sql);
if ($con->query($sql) === TRUE) {
session_start();
$_SESSION['users'] = $rows['prod_name'];
$_SESSION['id'] = $rows['user_id'];
header("Location: store-index.php");
die();
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
//imageupload
$filename = $_FILES['uploadfile']['name'];
$filetmpname = $_FILES['uploadfile']['tmp_name'];
$folder = 'images/products/';
move_uploaded_file($filetmpname, $folder.$filename);
$sqls = "INSERT INTO 'products' ('prod_img') VALUES ('$filename')";
$qry = mysqli_query($con, $sqls);
if ($qry) {
echo 'header("Location: store-index.php")';
}
$con->close();
}
?>
<form class="form" action="add-prod.php" method="post" enctype="multipart/form-data">
<div class="upload-btn-wrapper">
<label for="file-upload" class="custom-file-upload">
Product Image <i class="fas fa-cloud-upload-alt"></i>
</label>
<input id="file-upload" type="file" name="uploadfile" />
</div>
<div class="form__group">
<button class="btn" type="submit" name="submit">ADD</button>
</div>
</form>
enter image description here

PHP - Can't use the fetched data

Hello monsters of programming, Good day! What i want to do is, when the user click the file button and upload the image it will update, else if the user didn't change it just echo that image. But when the user didn't change the image, im having an error **Warning**: file_get_contents(): Filename cannot be empty in C:\xampp\htdocs\studentportal\edit2.php on line 27 Can someone help me? The if(isset($_FILES['image'])) is working properly but the else statement is not. How can i just echo that image if the user didn't change it? Im new to php and starting to learn it please give me ideas.
this is cause of the error the $newsimages = $row['news_image']; in the else statement.
else{
$title = $_POST['titles'];
$date = $_POST['dates'];
$content = $_POST['contents'];
$newsimages = $row['news_image'];
$sql ="UPDATE news SET news_title ='$title', news_date ='$date', news_content = '$content', news_image ='$newsimages' WHERE news_id = '$newsid'";
mysqli_query($con, $sql);
echo "oh it worked again ";
}
this is all of the php code
<?php
include_once('connection.php');
$newsid = $_GET['news_id'];
if(isset($_POST['esubmit'])){
/* create a prepared statement */
if ($stmt = mysqli_prepare($con, "SELECT * FROM news WHERE news_id = ? LIMIT 1")) {
/* bind parameters */
mysqli_stmt_bind_param($stmt, "s", $newsid);
/* execute query */
mysqli_stmt_execute($stmt);
/* get the result set */
$result = mysqli_stmt_get_result($stmt);
/* fetch row from the result set */
$row = mysqli_fetch_array($result);
}
}
if(isset($_POST['update'])){
if(isset($_FILES['image'])){
$file=$_FILES['image']['tmp_name'];
$image= addslashes(file_get_contents($_FILES['image']['tmp_name']));
$image_name= addslashes($_FILES['image']['name']);
move_uploaded_file($_FILES["image"]["tmp_name"],"img/" . $_FILES["image"]["name"]);
$newsimage="img/" . $_FILES["image"]["name"];
$title = $_POST['titles'];
$date = $_POST['dates'];
$content = $_POST['contents'];
$sql ="UPDATE news SET news_title ='$title', news_date ='$date', news_content = '$content', news_image ='$newsimage' WHERE news_id = '$newsid'";
mysqli_query($con, $sql);
echo "oh it worked ";
}
else{
$title = $_POST['titles'];
$date = $_POST['dates'];
$content = $_POST['contents'];
$newsimages = $row['news_image'];
$sql ="UPDATE news SET news_title ='$title', news_date ='$date', news_content = '$content', news_image ='$newsimages' WHERE news_id = '$newsid'";
mysqli_query($con, $sql);
echo "oh it worked again ";
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
</head>
<body>
<?php
if(isset($_POST['esubmit'])){
?>
<form method="post" action ="edit2.php?news_id=<?php echo $row['news_id']; ?>" enctype="multipart/form-data">
Title<input type ="text" name ="titles" value="<?php echo $row['news_title']; ?>"/><br>
Date<input type ="text" name="dates" value="<?php echo $row['news_date']; ?>" /><br>
Content<textarea name="contents"><?php echo $row['news_content']; ?></textarea>
<input class="form-control" id="image" name="image" type="file" accept="image/*" onchange='AlertFilesize();'/>
<img id="blah" src="<?php echo $row['news_image']; ?>" alt="your image" style="width:200px; height:140px;"/>
<input type="submit" name="update" value="Update" />
</form>
<?php
}
?>
<script src="js/jquery-1.12.4.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<script type="text/javascript">
function readURL(input) {
if (input.files && input.files[0]) {
var reader = new FileReader();
reader.onload = function (e) {
$('#blah').attr('src', e.target.result);
}
reader.readAsDataURL(input.files[0]);
}
}
$("#image").change(function(){
readURL(this);
});
</script>
</body>
</html>

What you can do is remove <img></img> out of the first form and put it in separate <form> with separate submit button and add more php code to just update image only.You will have two forms and two updates like
$sql1 ="UPDATE news SET news_title ='$title', news_date ='$date', news_content = '$content' WHERE news_id = '$newsid'";
$sql2="update new SET new_image='$newsimages' WHERE new_id='$newsid'";
I Hope You undestand.I have done same thing for one of my websites.I think this is the best solution.Try it.For further query you can comment.

Adding image to comment box

Thanks for your time guys.
I have the following code working for my commenting system though I can't really be sure about the security for now. But I need your help guys in :
Allowing anyone that comment to add their image to their comment whether registered users or Visitors
Building the inside comment or reply box. This is what I got.
Comment for comment counter
Here is the PHP code for the comment:
<?php
// Connect to the database
include('config.php');
$id_post = "1"; //the post or the page id
?>
<div class="cmt-container" >
<?php
$sql = mysql_query("SELECT * FROM comments WHERE id_post = '$id_post'") or die(mysql_error());;
while($affcom = mysql_fetch_assoc($sql)){
$name = $affcom['name'];
$email = $affcom['email'];
$comment = $affcom['comment'];
$date = $affcom['date'];
// Get gravatar Image
// https://fr.gravatar.com/site/implement/images/php/
$default = "mm";
$size = 35;
$grav_url = "http://www.gravatar.com/avatar/".md5(strtolower(trim($email)))."?d=".$default."&s=".$size;
?>
<div class="cmt-cnt">
<img src="<?php echo $file_path; ?>" height="250" />
<div class="thecom">
<h5><?php echo $name; ?></h5><span data-utime="1371248446" class="com-dt"><?php echo $date; ?></span>
<br/>
<p>
<?php echo $comment; ?>
</p>
</div>
</div><!-- end "cmt-cnt" -->
<?php } ?>
<div class="new-com-bt">
<span>Write a comment ...</span>
</div>
<div class="new-com-cnt">
<input type="text" id="name-com" name="name-com" value="" placeholder="Your name" />
<input type="text" id="mail-com" name="mail-com" value="" placeholder="Your e-mail adress" />
<textarea class="the-new-com"></textarea>
<div class="bt-add-com">Post comment</div>
<div class="bt-cancel-com">Cancel</div>
</div>
<div class="clear"></div>
</div><!-- end of comments container "cmt-container" -->
<script type="text/javascript">
$(function(){
//alert(event.timeStamp);
$('.new-com-bt').click(function(event){
$(this).hide();
$('.new-com-cnt').show();
$('#name-com').focus();
});
/* when start writing the comment activate the "add" button */
$('.the-new-com').bind('input propertychange', function() {
$(".bt-add-com").css({opacity:0.6});
var checklength = $(this).val().length;
if(checklength){ $(".bt-add-com").css({opacity:1}); }
});
/* on clic on the cancel button */
$('.bt-cancel-com').click(function(){
$('.the-new-com').val('');
$('.new-com-cnt').fadeOut('fast', function(){
$('.new-com-bt').fadeIn('fast');
});
});
// on post comment click
$('.bt-add-com').click(function(){
var theCom = $('.the-new-com');
var theName = $('#name-com');
var theMail = $('#mail-com');
if( !theCom.val()){
alert('You need to write a comment!');
}else{
$.ajax({
type: "POST",
url: "ajax/add-comment.php",
data: 'act=add-com&id_post='+<?php echo $id_post; ?>+'&name='+theName.val()+'&email='+theMail.val()+'&comment='+theCom.val(),
success: function(html){
theCom.val('');
theMail.val('');
theName.val('');
$('.new-com-cnt').hide('fast', function(){
$('.new-com-bt').show('fast');
$('.new-com-bt').before(html);
})
}
});
}
});
});
</script>
And the Ajax Script :
<?php
extract($_POST);
if($_POST['act'] == 'add-com'):
$name = htmlentities($name);
$email = htmlentities($email);
$comment = htmlentities($comment);
// Connect to the database
include('../config.php');
// Get gravatar Image
// https://fr.gravatar.com/site/implement/images/php/
$default = "mm";
$size = 35;
$grav_url = "http://www.gravatar.com/avatar/" . md5( strtolower( trim( $email ) ) ) . "?d=" . $default . "&s=" . $size;
if(strlen($name) <= '1'){ $name = 'Guest';}
//insert the comment in the database
mysql_query("INSERT INTO comments (name, email, comment, id_post)VALUES( '$name', '$email', '$comment', '$id_post')");
if(!mysql_errno()){
?>
<div class="cmt-cnt">
<img src="<?php echo $grav_url; ?>" alt="" />
<div class="thecom">
<h5><?php echo $name; ?></h5><span class="com-dt"><?php echo date('d-m-Y H:i'); ?></span>
<br/>
<p><?php echo $comment; ?></p>
</div>
</div><!-- end "cmt-cnt" -->
<?php } ?>
<?php endif; ?>

Inserting data into two tables resulting in "Array to string conversion"

I'm trying to create a form for my system, user could add the numbers of input fields, the input fields are mostly drop down box with the options coming from tables in the database. The forms would insert the data into two different database. But it shows error of "Array to string conversion" Right now the data only inserted into the first table. Here's what I'd done so far
My form's code:
<form method="post" name="maklumat_akaun" action="proses_daftar_akaun.php">
<label for="NoAkaun">No. Akaun</label>
<input type="text" id="NoAkaun" name="NoAkaun" class="required input_field" required/>
<div class="cleaner_h10"></div>
<label for="KodDaerah">Daerah</label>
<?php
include('dbase.php');$sql = "SELECT KodDaerah, NamaDaerah FROM koddaerah";
$result = mysql_query($sql);
echo "<select name='KodDaerah' id='KodDaerah' class='input_field' required /><option></option>";
while($kod = mysql_fetch_array($result)){
echo "<option value=".$kod['KodDaerah'].">" .$kod['NamaDaerah']."</OPTION>";
}
echo "</select>";
?>
<div class="cleaner_h10"></div>
<label for="KodBahagian">Bahagian</label>
<?php
$sql = "SELECT KodBahagian, NamaBahagian FROM kodbahagian";
$result = mysql_query($sql);
echo "<select name='KodBahagian' id='KodBahagian' class='input_field' required /><option></option>";
while($kod = mysql_fetch_array($result)){
echo "<option value=".$kod['KodBahagian'].">" .$kod['NamaBahagian']."</OPTION>";
}
echo "</select>";
?>
<div class="cleaner_h10"></div>
<label for="KodKategori">Kategori Akaun</label>
<?php
$sql = "SELECT KodKategori, NamaKategori , SubKategori FROM kodkategori";
$result = mysql_query($sql);
echo "<select name='KodKategori' id='KodKategori' class='input_field' required /><option></option>";
while($kod = mysql_fetch_array($result)){
echo "<option value=".$kod['KodKategori'].">" .$kod['NamaKategori']." (".$kod['SubKategori'].")</OPTION>";
}
echo "</select>";
?>
<div class="cleaner_h10"></div>
<label for="Tarif">Tarif</label>
<input type="text" maxlength="4" size="4" id="Tarif" name="Tarif" class="required year_field" onkeyup="this.value=this.value.replace(/[^0-9.]/g,'')">
<div class="cleaner_h10"></div>
<!-----------------------------------------------------------//-->
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<script>
$(document).ready(function() {
var max_fields = 25; //maximum input boxes allowed
var wrapper = $(".input_fields_wrap"); //Fields wrapper
var add_button = $(".add_field_button"); //Add button ID
var x = 1; //initial text box count
$(add_button).click(function(e){ //on add input button click
e.preventDefault();
if(x < max_fields){ //max input box allowed
x++; //text box increment
$(wrapper).append('<div>'+
'<td> <?php
$sql = "SELECT KodLokasi, NamaLokasi FROM kodlokasi";
$result = mysql_query($sql);
echo "<select name=\'KodLokasi[]\' id=\'KodLokasi[]\' class=\'input_field\' required ><option></option>";
while($kod = mysql_fetch_array($result)){
echo "<option value=".$kod['KodLokasi'].">" .$kod['NamaLokasi']. "</OPTION>";
}
echo "</select>";
?> </td> </tr>'+
'<tr> <td> <?php
$sql = "SELECT KodJenisAkaun, NamaJenisAkaun FROM kodjenisakaun";
$result = mysql_query($sql);
echo "<select name=\'KodJenisAkaun[]\' id=\'KodJenisAkaun[]\' class=\'input_field\' required ><option></option>";
while($kod = mysql_fetch_array($result)){
echo "<option value=".$kod['KodJenisAkaun'].">" .$kod['NamaJenisAkaun']. "</OPTION>";
}
echo "</select>";
?> </td>'+
'<td> <input type="text" name="NoTelefon[]" id="NoTelefon[]" value="0" class="required input_field"> </td>' +
'Batal</tr></div>'); //add input box
}
});
$(wrapper).on("click",".remove_field", function(e){ //user click on remove text
e.preventDefault(); $(this).parent('div').remove(); x--;
});
});
</script>
<fieldset>
<div class="input_fields_wrap">
<h3 class="add_field_button">Add More Fields</h3>
<table>
<tr>
<td> <label for="KodLokasi">Lokasi</label> </td> <td> <label for="KodJenisAkaun">Jenis Akaun</label> </td> <td> <label>No.Telefon:</label> </td>
</tr>
<tr>
<td> <?php
$sql = "SELECT KodLokasi, NamaLokasi FROM kodlokasi";
$result = mysql_query($sql);
echo "<select name='KodLokasi[]' id='KodLokasi' class='input_field' required /><option></option>";
while($kod = mysql_fetch_array($result)){
echo "<option value=".$kod['KodLokasi'].">" .$kod['NamaLokasi']."</OPTION>";
}
echo "</select>";
?>
</td>
<td> <?php
$sql = "SELECT KodJenisAkaun, NamaJenisAkaun FROM kodjenisakaun";
$result = mysql_query($sql);
echo "<select name='KodJenisAkaun[]' id='KodJenisAkaun' class='input_field' required /><option></option>";
while($kod = mysql_fetch_array($result)){
echo "<option value=".$kod['KodJenisAkaun'].">" .$kod['NamaJenisAkaun']."</OPTION>";
}
echo "</select>";
?>
</td>
<td> <input type="text" name="no_telefon[]" value="0" class="required input_field" onkeyup="this.value=this.value.replace(/[^0-9.]/g,'')"> </td>
</tr>
</table>
</div>
</fieldset>
<!-----------------------------------------------------------//-->
<div class="cleaner_h10"></div>
<div class="cleaner_h10"></div>
<input type="submit" value="Daftar" id="submit" name="register-submit" class="submit_btn" />
<input type="reset" value="Batal" id="reset" name="reset" class="submit_btn" />
</table>
</form>
While this is my code for the inserting process.
<?php
require("dbase.php");
if ($_POST) {
$NoAkaun = isset($_POST['NoAkaun']) ? $_POST['NoAkaun'] : '';
$KodBahagian = isset($_POST['KodBahagian']) ? $_POST['KodBahagian'] : '';
$Tarif = ISSET($_POST['Tarif']) ? $_POST['Tarif'] : '';
$KodDaerah = isset($_POST['KodDaerah']) ? $_POST['KodDaerah'] : '';
$KodKategori = isset($_POST['KodKategori']) ? $_POST['KodKategori'] : '';
$NoTelefon = isset($_POST['NoTelefon']) ? $_POST['NoTelefon'] : '';
$KodLokasi = isset($_POST['KodLokasi']) ? $_POST['KodLokasi'] : '';
$KodJenisAkaun = isset($_POST['KodJenisAkaun']) ? $_POST['KodJenisAkaun'] : '';
$akaun_idAkaun = isset($_POST['akaun_idAkaun']) ? $_POST['akaun_idAkaun'] : '';
$sql = mysql_query("INSERT INTO maklumatakaun VALUES ('', '$NoAkaun' , '$KodBahagian' , '$KodDaerah' , '$KodKategori' , '$Tarif' )");
$akaun_idAkaun = mysql_insert_id();
foreach ($NoTelefon AS $i => $telefon) {
$sql = mysql_query("INSERT INTO detailakaun VALUES ('', '$KodLokasi[$i]', '$KodJenisAkaun' , '$telefon' , '$akaun_idAkaun' )");
}
echo "<script type='text/javascript'> alert('AKAUN BERJAYA DIDAFTARKAN')</script> ";
echo "<script type='text/javascript'>window.location='pilih_kategori_daftar.php'</script>";
}
?>
Can anyone help me figure this out?

The error "Array to string conversion" means you are using an array as a string somewhere in your code. That error message is usually followed by a filename and line number which should help you narrow down your search. One helpful way to see what is contained within a variable is to use the following:
echo '<pre>'; print_r($stuff); die();
If the error is happening on a line inside of a while loop you should put the echo '' before the while and the die(); after so that you can see all instances of the problem within the loop.

I found your problem on this statement
$sql = mysql_query("INSERT INTO detailakaun VALUES ('', '$KodLokasi[$i]', '$KodJenisAkaun' , '$telefon' , '$akaun_idAkaun' )");
$KodJenisAkaun is an array and you use it as a string