Search code examples
javascriptphpserverxampp

loading my php page from login page doesn't give error but loading it from some other page in my application does

When I try to load this above php page from my login page (index.php), there is no error but when I try to load it from any other page in my application after login, it gives me an uncaught syntax error on the console. It points to the script and says that the php variable $name is not defined.

<?php

if (isset($_POST["login"])) {
session_start();
$_SESSION["email"] = $_POST["email"];
$email = $_POST["email"];
$password = $_POST["password"];
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$dbname = 'attendance_system';

$conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname);

if ($conn->connect_error) {
    die("Failed to connect: " . $conn->connect_error);
} else {
    $success = false;
    $query = "SELECT * FROM student";
    $result = $conn->query($query);
    while ($row = $result->fetch_assoc()) {
        if ($row["email"] === $email && $row["password"] === $password) {
            $name = $row["name"];
            $age = $row["age"];
            $criteria = $row["attendance_criteria"];
            $course = $row["course"];
            $college = $row["college_name"];
            $attendance = $row["attendance"];
            $success = true;
            break;
        }
    }

    if ($success === false) {
        header("Location: index.php");
    }
}
}

if (isset($_POST["signup"])) {

session_start();
$_SESSION["email"] = $_POST["email1"];
$email = $_POST["email1"];
$password = $_POST["password1"];
$name = $_POST["name"];
$age = $_POST["age"];
$criteria = 100;
$course = null;
$college = null;
$attendance = 0;
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$dbname = 'attendance_system';

$conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname);

if ($conn->connect_error) {
    die("Failed to connect: " . $conn->connect_error);
} else {
    $query = "INSERT INTO student SET email = '$email', name = '$name', age = '$age', password = 
 '$password' ";
    $result = $conn->query($query);
}
}

?>

<!DOCTYPE html>
<html lang="en">

<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width">
<title>Attendance Manager - Home</title>
<link rel="stylesheet" href="../css/skeleton.css">
<link rel="stylesheet" href="../css/home.css">
<link rel="icon" type="image/jpg" href="../media/icon.png">
</head>

<body>
<header>
    <div class="left">
        <button id="menuButton" onclick="openMenu()">≡</button>
    </div>

    <div class="center">
        <div>
            <div id="month">
            </div>
            <div id="year">
            </div>
        </div>

        <div id="day">
        </div>

        <img id="icon" src="../media/icon.png" alt="App Icon" width="48" height="48">

        <div id="name">
        </div>
    </div>

    <div class="right">
        <a id="info" href="../html/index.php">l</a>
    </div>
</header>

<main>
    <menu>
        <a href="home.php">Home</a>
        <a href="subjects.php">Subjects</a>
        <a href="criteria.php">Edit Attendance Criteria</a>
        <a href="help.html">How to Use</a>
        <a href="developer.html">Developer Information</a>
        <a href="privacy.html">Privacy Policy</a>
        <a href="contact.html">Contact Us</a>
    </menu>
</main>

<section>
    <div>
        Name :
        <span id="user_name"></span>
    </div>
    <div>
        Email :
        <span id="user_email"></span>
    </div>
    <div>
        Age :
        <span id="user_age"></span>
    </div>
    <div>
        Password :
        <span id="user_password"></span>
    </div>
</section>

<footer>
    <div class="left">
        Attendance Manager<br>2020 ©
    </div>
    <div class="center">
        <span>
            Official Page -
        </span>
        <span>
            <a href="https://twitter.com/AlokPur32580593?s=08">
                <img src="../media/twitter.png" alt="Twitter Icon" height="48px" width="48px">
            </a>
        </span>
    </div>
    <div class="right">
        <a id="privacyPolicy" href="privacy.html">Privacy Policy</a>
    </div>
</footer>

<script type="text/javascript">
    if (document.referrer === "http://localhost/AttendanceManager/html/index.php") {
        var name = "<?= $name ?>";
        var age = "<?= $age ?>";
        var email = "<?= $email ?>";
        var pasword = "<?= $password ?>";
        var criteria = "<?= $criteria ?>";
        var course = "<?= $course ?>";
        var college = "<?= $college ?>";
        var attendance = "<?= $attendance ?>";
        localStorage.setItem("name", name);
        localStorage.setItem("age", age);
        localStorage.setItem("email", email);
        localStorage.setItem("password", pasword);
        localStorage.setItem("criteria", criteria);
        localStorage.setItem("course", course);
        localStorage.setItem("college", college);
        localStorage.setItem("attendance", attendance);
    }
</script>
<script type="text/javascript" src="../javascript/home.js"></script>
</body>
</html>
Solution

  • If your footer <script> always runs and always expects $name to be filled, then you'll have to check whether the session was logged in. If it isn't, redirect the user to the login page, or specify defaults.

    Also, you should probably rewrite the SQL you're using to authenticate the user. First, save the password as a hash. Second, use a WHERE statement to fetch any rows that match the email and password, instead of looping through the results in your application.

    You probably also want to fix the var pasword typo, and I advise you to rename the $success variable to something more descriptive, like $loggedIn. This might not be critical for this particular purpose, but it's a good thing to get into the habit of properly naming your variables.