Hello, I am wondering if you will be able to give me some help with some issues im currently experiencing.
I had a mock website where I need users to register for the information, an admin (hairdresser) then can make a booking for them and that information will then display on their own profile.
However, I’ve been reading over this code for about 3 days now hoping to see where to get each problem fixed however, the more i seem to change, the worse it gets.
Problem #1 : registration information is not going to the database.
Problem #2: when the admin inputs information, all users see the information, not just for that specific user.
The Login and register form
<div class="login2">
<form action="LoginCustomers.php" method="POST">
<h3>LOGIN</h3>
Email:<br>
<input type="text" placeholder="Login details" id="email" name="email"><br>
Password:<br>
<input type="password" placeholder="Your password" id="password" name="password"><br><br>
<input type="submit" value="login">
</form>
</div>
<div class="createaccount">
<form action="register.php" method="POST">
<h3>SIGN UP</h3>
Name:<br>
<input type="text" placeholder="Your Name" id="name" name="name"><br>
Email:<br>
<input type="email" placeholder="Login details" id="email" name="email"><br>
Password:<br>
<input type="password" placeholder="Your password" id="password" name="password"><br>
Confirm Password:<br>
<input type="password" placeholder="Your password" id="password2" name="password2"><br><br>
<input type="submit" value="login">
</form>
</div>
The register page
<!doctype html>
<html xml:lang="en" lang="en">
<?php
//Starting session
session_start();
$hostname = "localhost";
$username = "root";
$password = "root";
//connecting to the database
$conn = mysqli_connect($hostname, $username, $password);
mysqli_select_db($conn, "sammsproject") or die (mysqli_error($conn));
$name = $_POST["name"];
$email = $_POST["email"];
$password = $_POST["password"];
$password2 = $_POST["password2"];
$query ="SELECT * FROM customers WHERE email = '$email'";
$results=mysqli_query($conn, $query) or die (mysqli_error($conn));
$count = mysqli_num_rows($results);
if ($name == "");
echo "$name";
{
?>
<?php
die();}
if ($email == "");
{
?>
<script type="text/javascript">
alert("Please enter your email!");
history.back();
</script>
<?php
die();}
if ($password == "");
{
?>
<script type="text/javascript">
alert("Password box was left empty!");
history.back();
</script>
<?php
die();}
if($count > 0)
{
{
?>
<script type="text/javascript">
alert("Username has already been taken!");
history.back();
</script>
<?php
die();
}
}
if($password == $password2){
}
else
{
echo "Passwords do not match!";
exit;
}
$query ="INSERT INTO customers (name, email, Password)
VALUES (\"$name\",\"$email\",\"$password\")";
$results = mysqli_query($conn, $query) or die(mysqli_error($conn));
?>
<script type="text/javascript">
alert("You left a field blank!");
history.back();
</script>
<?php header("Location: home.php");
?>
the customer login page
<?php
//starting the session
session_start();
$hostname = "localhost";
$username = "root";
$password = "root";
// Check to see if we're logged in
if (!isset($_SESSION['email']))
{
header("location: login.php");
}
//connecting to the database
$conn = mysqli_connect($hostname, $username, $password);
mysqli_select_db($conn, "sammsproject") or die (mysqli_error($conn));
$email = $_POST['email'];
$password = $_POST['password'];
//get the data from the database
$sql = "SELECT * FROM customers WHERE email =\"$email\" and password=\"$password\"";
$results=mysqli_query($conn, $sql) or die (mysqli_error($conn));
$results = mysqli_fetch_array($results);
//if the results comes back higher than 0. It will only be 1 as each username is unique
if($results > 0)
{
//if the username and password is correct, this will be shown.
$_SESSION["loggedin"] = true;
header( 'location:home.php') ;
}
else
{
//if the usernameand password is incorrect, this will be shown.
echo "Wrong password";
}
if($results['usertype'] == 1)
{
//if the username and password is correct, this will be shown.
$_POST["loggedin"] = true;
$_SESSION['email'] = $email;
header( 'location:adminpage.php') ;
}
else if ($results['usertype'] ==2)
{
$_SESSION["email"] = true;
header( 'location:Customer.php') ;
}
else
{
//if the username and password is incorrect, this will be shown.
echo "Wrong password";
}
?>
<!--This will display a pop up if the username or password was incorrect-->
<script type="text/javascript">
alert("Username or password are invalid!");
history.back();
</script>
Lastly, the page where the admin can add their information.
<!doctype html>
<html xml:lang="en" lang="en">
<?php
//Starting session
session_start();
$hostname = "localhost";
$username = "root";
$password = "root";
//connecting to the database
$conn = mysqli_connect($hostname, $username, $password);
mysqli_select_db($conn, "sammsproject") or die (mysqli_error($conn));
$name = $_POST["name"];
$date = $_POST['date'];
$number = $_POST["number"];
$email = $_POST["email"];
$cut = $_POST['cut'];
$colour = $_POST["colour"];
$cost = $_POST["cost"];
$query ="SELECT * FROM customers WHERE email = '$email'";
$results=mysqli_query($conn, $query) or die (mysqli_error($conn));
$count = mysqli_num_rows($results);
if ($name == "")
{
echo $name;
?>
<script type="text/javascript">
alert("Please enter the clients name!");
history.back();
</script>
<?php
die();
}
if ($number == "")
{
?>
<script type="text/javascript">
alert("Please enter the clients number!");
history.back();
</script>
<?php
die();}
if ($email == "")
{
?>
<script type="text/javascript">
alert("Please enter the clients email!");
history.back();
</script>
<?php
$_SESSION['cut'] = $cut;
die();}
if ($cost == "")
{
?>
<script type="text/javascript">
alert("Please enter the cost of the treatment!");
history.back();
</script>
}
<?php
die();}
if ($date == "")
{
?>
<script type="text/javascript">
alert("Please enter a date");
history.back();
</script>
<?php
die();}
$query ="UPDATE customers SET email='$email' WHERE '$email'= (date, number, cut, colour, cost)";
$results = mysqli_query($conn, $query) or die(mysqli_error($conn));
?>
<script type="text/javascript">
alert("Booking successful!");
history.back();
</script>
<?php header("Location: Addbooking.php");
?>
any help would be greatly appreciated, thanks.