I have two different buttons. One for deleting user and the other is for Changing email address. The problem is that clicking the change email button will actually delete the user from database.
header.php
<?php
session_start();
$cookie_name = "LoginSystem";
$cookie_value = "Valid";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="main.css">
<meta charset="UTF-8">
<meta name="description" content="Enrol site for activites">
<meta name="keywords" content="enrol, activities, school, hobby, college, login, register">
<meta name="author" content="Gyorgy Hadhazy">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<header>
<nav>
<div class="main-wrapper">
<ul>
<li><a href="index.php">HOME</a></li>
<li><a href="about.php">ABOUT</a></li>
<li><a href="media.php">MEDIA</a></li>
<li><a href="activities.php">ACTIVITIES</a></li>
<li><a href="contact.php">CONTACT</a></li>
</ul>
<div class="nav-login">
<?php
if (isset($_SESSION['u_id'])) {
echo '
<form action="includes/logout.inc.php" method="POST">
<button type="submit" name="submit">Logout</button>
</form>
';
echo '<form action="deleteusr.php" method="POST">
<button type="submit" name="delete">Delete User</button>
<input type="hidden" name="user_uid" value="'. $_SESSION['u_id'].'"
</form>';
} else{
echo '
<form action="includes/login.inc.php" method="POST">
<input type="text" name="uid" placeholder="StudentID/email">
<input type="password" name="pwd" placeholder="password">
<button type="submit" name="submit">LOGIN</button>
</form>
<a href="signup.php">SIGN UP</a>
';
}
?>
<button type="button" onclick="resizeText(1)" name="resizeplus" class="resize-plus">+ Text size</button>
<button type="button" onclick="resizeText(-1)" name="resizenegative">- Text size</button>
<script>
function resizeText(multiplier) {
if (document.body.style.fontSize == "") {
document.body.style.fontSize = "1.0em";
}
document.body.style.fontSize = parseFloat(document.body.style.fontSize) + (multiplier * 0.2) + "em";
}
</script>
</div>
</div>
</nav>
</header>
index.php
<?php
include 'header.php';
?>
<style>
header{
text-align: center;
}
body{
text-align: center;
}
</style>
<section class="main-container">
<div class="main-wrapper">
<h2>HOME</h2>
<p>Please log in if extra features are not displayed</p>
<?php
if (isset($_SESSION['u_email'])) {
echo '<form action="changeEmail.php" method="POST">
<button type="submit" name="email">Change Email</button>
<input type="text" name="email" value="'. $_SESSION['u_email'].'"
</form>'; }
?>
</div>
</section>
<?php
include 'footer.php';
?>
And finally the php file it should call: changeEmail.php
<?php
include 'header.php';
?>
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "loginsystem";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$email = $_SESSION['u_ email'];
$sql = "UPDATE users SET user_email='$email'";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
?>
I think the issue is in the header.php but I am not exactly sure. If someone would help to point out the issue I would really appreciate it.
HTML code rendered by index.php
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="main.css">
<meta charset="UTF-8">
<meta name="description" content="Enrol site for activites">
<meta name="keywords" content="enrol, activities, school, hobby, college, login, register">
<meta name="author" content="Gyorgy Hadhazy">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<header>
<nav>
<div class="main-wrapper">
<ul>
<li><a href="index.php">HOME</a></li>
<li><a href="about.php">ABOUT</a></li>
<li><a href="media.php">MEDIA</a></li>
<li><a href="activities.php">ACTIVITIES</a></li>
<li><a href="contact.php">CONTACT</a></li>
</ul>
<div class="nav-login">
<form action="includes/logout.inc.php" method="POST">
<button type="submit" name="submit">Logout</button>
</form>
<form action="deleteusr.php" method="POST">
<button type="submit" name="delete">Delete User</button>
<input type="hidden" name="user_uid" value="6"
</form>
<button type="button" onclick="resizeText(1)" name="resizeplus" class="resize-plus">+ Text size</button>
<button type="button" onclick="resizeText(-1)" name="resizenegative">- Text size</button>
<script>
function resizeText(multiplier) {
if (document.body.style.fontSize == "") {
document.body.style.fontSize = "1.0em";
}
document.body.style.fontSize = parseFloat(document.body.style.fontSize) + (multiplier * 0.2) + "em";
}
</script>
</div>
</div>
</nav>
</header>
<style>
header{
text-align: center;
}
body{
text-align: center;
}
</style>
<section class="main-container">
<div class="main-wrapper">
<h2>HOME</h2>
<p>Please log in if extra features are not displayed</p>
<form action="changeEmail.php" method="POST">
<button type="submit" name="email">Change Email</button>
<input type="text" name="email" value="test11@gmail.com"
</form>
</div>
</section>
Cookie 'LoginSystem' is set!<br>Value: Valid
Image of the actual look: enter image description here
The main issue:
There are two <input> tags missing closing > characters. This means the browser is constructing an inaccurate DOM tree. It's doing its best to determine which form you want to submit, but it's picking the wrong one (the delete form).
The first example is in header.php:
<input type="hidden" name="user_uid" value="'. $_SESSION['u_id'].'"
Notice there's no > closing that input tag.
And then in index.php:
<input type="text" name="email" value="'. $_SESSION['u_email'].'"
Add closing > characters to both of those, and the browser will happily parse the DOM and pick the correct form to submit when you click the button.
Other issues:
There are a couple issues in changeEmail.php:
$email = $_SESSION['u_ email'];
needs to be
$email = $_SESSION['u_email'];
Otherwise, $email will always be an empty string (or some other value you don't want - I'm unsure of $_SESSIONS's behavior), and you'll set all emails to an empty string.
The second issue is your SQL:
$sql = "UPDATE users SET user_email='$email'";
You need to specify which user's email to set, using a where clause. Otherwise you're setting every email to the value of $email.
In this specific case, you need to get the new email address from the posted form data.
$new_email = $_POST["email"];
$sql = "UPDATE users SET user_email='$new_email' WHERE user_email='$email'";
To be sure you'll get the new email form data, remove the name attribute from the button element - it's not necessary.