login multiple

_usr/header_usr.php

@@ -1,3 +1,10 @@
+<?php
+session_start();
+if(isset($_SESSION['userName'])) {
+  echo "Your session is running " . $_SESSION['userName'];
+}
+?>
+
 <link href='http://fonts.googleapis.com/css?family=Cookie' rel='stylesheet' type='text/css'>
 <body>
     <header class="header-user-dropdown">
@@ -15,7 +22,7 @@
 
         <div class="header-user-menu">
             <?php
-            echo (empty($value['image'])) ? '<img src="../assets/no_pp.png" alt="User Image"/>' : '<img src="../assets/no_pp.png" alt="User Image"/>';
+            echo (empty($_SESSION["profile_picture"])) ? '<img src="../assets/no_pp.png" alt="User Image"/>' : '<img src="../'.$_SESSION["profile_picture"].'" alt="User Image"/>';
             ?>
 
             <ul>

login_page.php

@@ -1,4 +1,9 @@
 <?php
+session_start();
+if(isset($_SESSION['userName'])) {
+  echo "Your session is running " . $_SESSION['userName'];
+}
+
 include("status/idle.php");
 include("header.php");
 include("config.php");
@@ -46,27 +51,33 @@
 
       $sql = "SELECT * FROM utilisateur WHERE username = '$login' AND password = '$password'";
       $sql2 = "SELECT groupe.id, utilisateur.username FROM groupe, utilisateur, groupuser WHERE groupuser.idGroup = groupe.id AND utilisateur.id = groupuser.idUser AND groupe.id=2 AND utilisateur.username = '$login'";
-
+      $sql3 = "SELECT image FROM utilisateur WHERE username = '$login' AND password = '$password'";
       // USER CHECK
       $login_query = mysqli_query($conn, $sql);
       $check_user = mysqli_num_rows($login_query);
       // ADMIN CHECK
       $login_query2 = mysqli_query($conn, $sql2);
       $check_user2 = mysqli_num_rows($login_query2);
+      //PROFILE PICTURE CHECK
+      $login_query3 = mysqli_query($conn, $sql3);
 
+      $result = mysqli_fetch_assoc($login_query3);
+      $resultstring = $result['image'];
       // if there is a valid user in the db, if the results returned are one row, then log the user in, otherwise error
       // we need to create to session variables for  user so the user can log in, save details etc.
       if ($check_user == 1 && $check_user2 == 1) { //User exists and not admin
         $_SESSION["user_login"] = $login_submit;
+        $_SESSION["profile_picture"] = $resultstring;
+
         header("Location: _adm/main_op.php");
 
       } else if ($check_user == 1 && $check_user2 != 1) {
         $_SESSION["user_login"] = $login_submit;
+        $_SESSION["profile_picture"] = $resultstring;
         header("Location: _usr/main_usr.php");
 
       } else { ?>
-  <div class="alert"><span class="closebtn" onclick="this.parentElement.style.display='none';">&times;</span>Accès
-    refusé !</div>
+  <div class="alert"><span class="closebtn" onclick="this.parentElement.style.display='none';">&times;</span>Accès refusé !</div>
   <?php }
     }
   }

main.php

@@ -1,8 +1,16 @@
 <?php
+session_start();
+$_SESSION['userName'] = 'Root';
+
 include("status/idle.php");
 include("header.php");
 include("config.php");
 include("configCSS.html");
+//reset
+$_SESSION["user_login"] = '';
+$_SESSION["profile_picture"] = '';
+$_SESSION["image"] = '';
+
 ?>
 
 <html>

produit.php

@@ -1,4 +1,9 @@
 <?php
+session_start();
+if(isset($_SESSION['userName'])) {
+  echo "Your session is running " . $_SESSION['userName'];
+}
+
 include("status/idle.php");
 include("header.php");
 include("config.php");
@@ -54,14 +59,16 @@
 		<tr>
 			<th>Date</th>
 			<th>Utilisateur</th>
+			<th>Image</th>
 			<th>Note</th>
 			<th>Commentaire</th>
 		</tr>
 		<?php
-        $connect2 = $conn->query('SELECT DISTINCT rating.dateOfPub as "date",utilisateur.username as "user",rating.rate as "rate",rating.comm as "comm" FROM utilisateur,rating,product WHERE utilisateur.id = rating.idUser AND rating.idProduct =' . $idget);
+        $connect2 = $conn->query('SELECT DISTINCT rating.dateOfPub as "date",utilisateur.username as "user", utilisateur.image as image, rating.rate as "rate",rating.comm as "comm" FROM utilisateur,rating,product WHERE utilisateur.id = rating.idUser AND rating.idProduct =' . $idget);
         while ($row2 = $connect2->fetch_assoc()) {
 	        echo (empty($row2['date'])) ? "<td> NA </td>" : "<td>" . $row2['date'] . "</td>";
 	        echo (empty($row2['user'])) ? "<td> NA </td>" : "<td>" . $row2['user'] . "</td>";
+			echo (empty($row2['image'])) ? "<td> NA </td>" : '<td> <img src="'.$row2['image'].'" width="100" height="100" alt="User Image"/> </td>' ;
 	        echo (empty($row2['rate'])) ? "<td> NA </td>" : "<td>" . $row2['rate'] . "/5 </td>";
 	        echo (empty($row2['comm'])) ? "<td> NA </td>" : "<td>" . $row2['comm'] . "</td>";
 	        echo "<tr>";

signup_page.php

@@ -3,7 +3,6 @@
 include("header.php");
 include("config.php");
 include("configCSS.html");
-$url = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
 ?>
 <!DOCTYPE html>
 <html>
@@ -15,96 +14,15 @@
 
 <body>
   <h2>📥 Inscription 📥</h2>
-
-  <?php
-  global $actual_image;
-  if (strpos($url, '?image=assets/pp/') !== false) {
-    $actual_image = substr($url, strpos($url, "assets/pp/"));
-  ?>
-  <div class="alert2"><span class="closebtn" onclick="this.parentElement.style.display='none';">&times;</span>L'image
-    <?php echo $actual_image ?> a été uploadée avec succès !</div>
-  <?php
-    echo '<img class="fit-picture"' . "src=" . $actual_image . ">";
-  }
-  ?>
-
-
-
   <form action="upload.php" class="form-container" enctype="multipart/form-data" method="POST">
     Photo de profil : <br>
-    <input type="file" name="fileToUpload" id="fileToUpload" accept="image/x-png,image/gif,image/jpeg" />
-    <input type="submit" name="submit" value="Upload">
+    <input type="file" name="fileToUpload" id="fileToUpload" accept="image/x-png,image/gif,image/jpeg" required/>
+    <input type="submit" name="signup_submit" value="Upload">
   </form>
 
-  <?php
-  if (!empty($_POST['image'])) {
-  }
-  ?>
-
-  <form action="signup_page.php" class="form-container" method="POST">
-    Email* : <br>
-    <input type="text" name="email"> <br>
-
-    Login* : <br>
-    <input type="text" name="login"> <br>
-
-    Mot de passe* : <br>
-    <input type="text" name="password"> <br>
-
-    <input type="submit" name="signup_submit" value="S'inscrire">
+  <form action="signup_page2.php" class="form-container" enctype="multipart/form-data" method="POST">
+  <input type="submit" name="no_pp" value="Pas de photo">
   </form>
-
-  <p style="color:#FF0000">*Champs obligatoires !!</p>
-
-  <?php
-
-  if (empty($_POST['login']) && isset($_POST['login'])) { ?>
-  <div class="alert"><span class="closebtn" onclick="this.parentElement.style.display='none';">&times;</span>Nom
-    d'utilisateur manquant</div>
-  <?php }
-  if (empty($_POST['password']) && isset($_POST['login'])) { ?>
-  <div class="alert"><span class="closebtn" onclick="this.parentElement.style.display='none';">&times;</span>Mot de
-    passe manquant.</div>
-  <?php }
-  if (empty($_POST['email']) && isset($_POST['email'])) { ?>
-  <div class="alert"><span class="closebtn" onclick="this.parentElement.style.display='none';">&times;</span>Email
-    manquant.</div>
-  <?php }
-
-
-  if (!empty($_POST['login']) && (!empty($_POST['password']))) {
-    $signup_submit = ($_POST['signup_submit']);
-    if ($signup_submit) {
-
-      $sql = "SELECT * FROM utilisateur WHERE username = '" . $_POST['login'] . "' AND password = '" . $_POST['password'] . "'";
-
-      $sql2 = "INSERT INTO utilisateur (username, password, email) VALUES ( '" . $_POST['login'] . "',  '" . $_POST['password'] . "', '" . $_POST['email'] . "')";
-
-      $sql3 = "INSERT INTO utilisateur (image) VALUES ($actual_image)";
-
-      echo $actual_image;
-      echo "prout";
-      if (!empty($actual_image)) {
-        $image_query = mysqli_query($conn, $sql3);
-        echo "fanta";
-      }
-
-      $signup_query = mysqli_query($conn, $sql);
-      $check_user = mysqli_num_rows($signup_query);
-      if ($check_user == 0) {
-
-        $login_query = mysqli_query($conn, $sql2);
-        $_SESSION["user_login"] = $signup_submit;
-        //header("Location: _usr/main_usr.php");
-        echo "logged in";
-      } else { ?>
-  <div class="alert"><span class="closebtn" onclick="this.parentElement.style.display='none';">&times;</span>Ce compte
-    existe déjà.</div>
-  <?php }
-    }
-  }
-  ?>
-
 </body>
 
 </html>

signup_page2.php

@@ -0,0 +1,97 @@
+<?php
+session_start();   // in top of PHP file
+$_SESSION["image"] = get_pp();
+
+include("status/idle.php");
+include("header.php");
+include("config.php");
+include("configCSS.html");
+function get_pp() {
+  if(isset($_GET['image'])) {
+    return $_GET['image'];
+  } else {
+    return '';
+  }
+}
+?>
+
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="utf-8">
+  <title>Inscription</title>
+</head>
+
+<body>
+  <h2>📥 Inscription 📥</h2>
+  <form class="form-container" method="POST">
+    Email* : <br>
+    <input type="text" name="email" required> <br>
+    Login* : <br>
+    <input type="text" name="login" required> <br>
+    Mot de passe* : <br>
+    <input type="text" name="password" required> <br>
+    <input type="submit" name="signup_submit2" value="Upload">
+  </form>
+  <p style="color:#FF0000">*Champs obligatoires !!</p>
+
+  <?php
+  if (isset($_GET['image'])) { //si la photo a été envoyée ?> 
+  <div class="alert2"><span class="closebtn" onclick="this.parentElement.style.display='none';">&times;</span>L'image
+  <?php echo ($_GET['image']) ?> a été uploadée avec succès ! Entrez maintenant vos nouveaux identifiants afin de poursuivre la création de compte !</div>
+  <?php echo '<img class="fit-picture"' . "src=" . ($_GET['image']) . ">";
+  }
+  ?>
+
+  <?php
+  if (empty($_POST['login']) && isset($_POST['login'])) { ?>
+  <div class="alert"><span class="closebtn" onclick="this.parentElement.style.display='none';">&times;</span>Nom
+    d'utilisateur manquant</div>
+  <?php }
+  if (empty($_POST['password']) && isset($_POST['login'])) { ?>
+  <div class="alert"><span class="closebtn" onclick="this.parentElement.style.display='none';">&times;</span>Mot de
+    passe manquant.</div>
+  <?php }
+  if (empty($_POST['email']) && isset($_POST['email'])) { ?>
+  <div class="alert"><span class="closebtn" onclick="this.parentElement.style.display='none';">&times;</span>Email
+    manquant.</div>
+  <?php }
+
+
+
+  if (!empty($_POST['login']) && (!empty($_POST['password'])) && isset($_POST['signup_submit2'])) {
+    $signup_submit2 = $_POST['signup_submit2'];
+    $sql = "SELECT * FROM utilisateur WHERE username = '" . $_POST['login'] . "' AND password = '" . $_POST['password'] . "'";
+    $sql2 = "INSERT INTO utilisateur (username, password, email) VALUES ( '" . $_POST['login'] . "',  '" . $_POST['password'] . "', '" . $_POST['email'] . "')";
+    $sql3 = "INSERT INTO utilisateur (username, password, email, image) VALUES ( '" . $_POST['login'] . "',  '" . $_POST['password'] . "', '" . $_POST['email'] . "', '" . $_SESSION["image"] . "')";
+    $signup_query = mysqli_query($conn, $sql);
+    $check_user = mysqli_num_rows($signup_query);
+
+      if ($check_user == 0) {
+
+        if (!empty($_SESSION["image"])) {
+        $image_query = mysqli_query($conn, $sql3);
+        $_SESSION["user_login"] = $signup_submit2;
+        $_SESSION["profile_picture"] = $_SESSION["image"];
+        header("Location: _usr/main_usr.php");
+        }
+
+        if (empty($_SESSION["image"])) {
+          $login_query = mysqli_query($conn, $sql2);
+          $_SESSION["user_login"] = $signup_submit2;
+          $_SESSION["profile_picture"] = $_SESSION["image"];
+          header("Location: _usr/main_usr.php");
+          }
+      }
+
+    } else if (isset($_POST['signup_submit2'])) { 
+    ?>
+<div class="alert"><span class="closebtn" onclick="this.parentElement.style.display='none';">&times;</span>Ce compte existe déjà.</div>
+    <?php 
+    }
+  ?>
+
+</body>
+
+</html>

upload.php

@@ -1,30 +1,34 @@
 <?php
+include("status/idle.php");
+include("header.php");
+include("config.php");
+include("configCSS.html");
 $target_dir = "assets/pp/";
 $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
 $uploadOk = 1;
 $imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));
 
 // Check if image file is a actual image or fake image
-if (isset($_POST["submit"])) {
+if (isset($_POST["signup_submit"])) {
   $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
   if ($check !== false) {
     echo "File is an image - " . $check["mime"] . ".";
     $uploadOk = 1;
   } else {
-    echo "File is not an image.";
+    echo "File is not an image.<br>";
     $uploadOk = 0;
   }
 }
 
 // Check if file already exists
 if (file_exists($target_file)) {
-  echo "Sorry, file already exists.";
+  echo "Sorry, file already exists.<br>";
   $uploadOk = 0;
 }
 
 // Check file size
 if ($_FILES["fileToUpload"]["size"] > 500000) {
-  echo "Sorry, your file is too large.";
+  echo "Sorry, your file is too large.<br>";
   $uploadOk = 0;
 }
 
@@ -33,21 +37,26 @@
   $imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
   && $imageFileType != "gif"
 ) {
-  echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
+  echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.<br>";
   $uploadOk = 0;
 }
 
 // Check if $uploadOk is set to 0 by an error
 if ($uploadOk == 0) {
-  echo "Sorry, your file was not uploaded.";
+  echo "Sorry, your file was not uploaded.<br>";
+  echo '<form action="signup_page.php" class="form-container" enctype="multipart/form-data" method="POST">';
+  echo '<input type="submit" name="submit" value="OK">';
+  echo '</form>';
   // if everything is ok, try to upload file
 } else {
   if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
     echo "The file " . htmlspecialchars(basename($_FILES["fileToUpload"]["name"])) . " has been uploaded.";
+    header("Location: signup_page2.php?image=$target_file");
   } else {
-    echo "Sorry, there was an error uploading your file.";
+    echo "Sorry, there was an error uploading your file.<br>";
+    echo '<form action="signup_page.php" class="form-container" enctype="multipart/form-data" method="POST">';
+    echo '<input type="submit" name="submit" value="OK">';
+    echo '</form>';
   }
 }
-
-header("Location: signup_page.php?image=$target_file")
-  ?>
+?>