PHP session implementation

ab9649 · May 11, 2022 · 5623857 · 5623857
1 parent 89e4c94
commit 5623857
Show file tree

Hide file tree

Showing 11 changed files with 86 additions and 17 deletions.
diff --git a/askquestion.php b/askquestion.php
@@ -1,6 +1,13 @@
 <?php
-    $UserID = $_GET['UserID'];
 
+    session_start();
+    if (!isset($_SESSION['UserID'])){
+        header("refresh:5; login.php"); // redirect after 5 second pause
+        echo "You're not logged in. Redirecting you to login page in 5 seconds or click <a href=\"login.php\">here</a>.";
+        exit();
+    }
+    $UserID = $_SESSION['UserID'];
+
     if ($_SERVER["REQUEST_METHOD"] == "POST"){
         include 'connection.php';
         $topic_name = $_POST['topic_name'];
@@ -16,7 +23,7 @@
         #$insert = "INSERT INTO Question VALUES (default, '$userid', '$title', '$topicID', '$body', NOW(), 0)";
         $insert = "INSERT INTO Question (QID, UserID, title, TopicID, body, q_datetime, resolved) VALUES (default,$UserID,'$title',$topicID,'$body',NOW(),0)";
         $result = $con->query($insert);      
-        header("location: homepage.php?UserID=".$UserID);
+        header("location: homepage.php?");
     }
 ?>
 
@@ -40,7 +47,7 @@
         </div>
         <br>
         <h3 style='color:black'><strong>Ask Question</strong></h3>
-        <form action="askquestion.php?UserID=<?php echo $UserID ?>" method="post">
+        <form action="askquestion.php" method="post">
             <div class="form-group">
                 <label for="Topic_name">Choose question topic</label>
                 <select class="form-control" name="topic_name">

diff --git a/browse_by_topics.php b/browse_by_topics.php
@@ -2,7 +2,13 @@
     // $UserID = 2;
     // $TopicID = 2;
     // $topicName = 'CS';
-    $UserID = $_GET['UserID'];  
+    session_start();
+    if (!isset($_SESSION['UserID'])){
+        header("refresh:5; login.php"); // redirect after 5 second pause
+        echo "You're not logged in. Redirecting you to login page in 5 seconds or click <a href=\"login.php\">here</a>.";
+        exit();
+    }
+    $UserID = $_SESSION['UserID'];
     $TopicID = $_GET['TopicID'];
     $topicName = $_GET['topicName'];
 
@@ -50,7 +56,7 @@
           while ($parentObj = $parentTopicsResult->fetch_assoc()) {
             $parentID = $parentObj['TopicID'];
             $parentName = $parentObj['topic_name'];
-            echo "<a href='browse_by_topics.php?UserID=$UserID&TopicID=$parentID&topicName=$parentName' class='btn btn-info' role='button' style='margin:1px'>$parentName</a>";
+            echo "<a href='browse_by_topics.php?TopicID=$parentID&topicName=$parentName' class='btn btn-info' role='button' style='margin:1px'>$parentName</a>";
           }
 
           echo "</h5>";
@@ -89,7 +95,7 @@
                     echo "<p class='text-sm'>";
                     echo "<span class='op-6'>Posted on $q_datetime</span>";
                     echo "<span class='op-6'> by </span>";
-                    echo "<a class='text-black' href='user_profile.php?UserID=$UserID&ViewingUserID=$question_user_id'>$question_user</a>";
+                    echo "<a class='text-black' href='user_profile.php?ViewingUserID=$question_user_id'>$question_user</a>";
                     echo "</p>";
                     echo "<p class='text-sm' style='color:black'>$body</p>";
                     if ($qobj["resolved"] == 1) {

diff --git a/components/navbar.php b/components/navbar.php
@@ -1,5 +1,5 @@
 <nav class="navbar navbar-expand-lg navbar-light bg-light">
-        <a class="navbar-brand" href='homepage.php?UserID=<?php echo $UserID?>'><strong><i>WebpageLogo</i></strong></a>
+        <a class="navbar-brand" href='homepage.php?'><strong><i>WebpageLogo</i></strong></a>
         <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
             <span class="navbar-toggler-icon"></span>
         </button>
@@ -29,11 +29,10 @@
             </ul>
 
             <?php
-              echo "<a class='nav-link' href='user_profile.php?UserID=$UserID&ViewingUserID=$UserID'>$username</a>"
+              echo "<a class='nav-link' href='user_profile.php?ViewingUserID=$UserID'>$username</a>"
             ?>
             <form class="form-inline my-2 my-lg-0" action="search.php" method="GET">
             <?php             
-              echo "<input type='hidden' name='UserID' value='$UserID'>";
               echo "<input type='hidden' name='order_by' value='Relevance'>";
             ?>
             <input name="keyword" class="form-control mr-sm-2" type="search" placeholder="Search" aria-label="Search" required>

diff --git a/components/sidebar.php b/components/sidebar.php
@@ -5,7 +5,7 @@
 
 
             <?php
-            echo "<a class='btn btn-lg btn-block btn-success rounded-0 py-4 mb-3 bg-op-6 roboto-bold' href='askquestion.php?UserID=$UserID'>Ask Question</a>";
+            echo "<a class='btn btn-lg btn-block btn-success rounded-0 py-4 mb-3 bg-op-6 roboto-bold' href='askquestion.php'>Ask Question</a>";
             ?>
 
               <div class="bg-white mb-3">
@@ -23,7 +23,6 @@
                       $TopicID = $obj["TopicID"];
                       echo "<form action='browse_by_topics.php' method='GET'>";
                       echo "<input type='hidden' name='TopicID' value='$TopicID'>";
-                      echo "<input type='hidden' name='UserID' value='$UserID'>";
                       echo "<input type='hidden' name='topicName' value='$topic_name'>";
                       echo "<button type='submit' class='btn btn-primary' style='margin:5px'>$topic_name</button>";
                       echo "</form>";

diff --git a/homepage.php b/homepage.php
@@ -1,6 +1,12 @@
 <?php
     // $UserID = 2;
-    $UserID = $_GET['UserID'];
+    session_start();
+    if (!isset($_SESSION['UserID'])){
+        header("refresh:5; login.php"); // redirect after 5 second pause
+        echo "You're not logged in. Redirecting you to login page in 5 seconds or click <a href=\"login.php\">here</a>.";
+        exit();
+    }
+    $UserID = $_SESSION['UserID'];
     include 'connection.php';
 
     $sql = "SELECT * FROM Users NATURAL JOIN user_status WHERE UserID = $UserID";

diff --git a/index.php b/index.php
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<?php
+    if (isset($_SESSION['UserID'])){
+        header("refresh:5; homepage.php"); // redirect after 5 second pause
+        echo "You're already logged in. <br> Redirecting you to your homepage in 5 seconds or click <a href=\"homepage.php\">here</a>.";
+    } else {
+        header("refresh:0; login.php"); // redirect after 5 second pause
+    }
+?>
diff --git a/login.php b/login.php
@@ -2,6 +2,13 @@
 $Success = false;
 $Failed = false;
 
+session_start();
+if (isset($_SESSION['UserID'])){
+    header("refresh:5; homepage.php"); // redirect after 5 second pause
+    echo "You're already logged in. Redirecting you to your homepage in 5 seconds or click <a href=\"homepage.php\">here</a>.";
+    exit();
+}
+
 if ($_SERVER["REQUEST_METHOD"] == "POST"){
     include 'connection.php';
     $username = $_POST["username"];
@@ -11,7 +18,9 @@
     $result = $con->query($sql);
     if ($result -> num_rows > 0){
         $row = $result->fetch_assoc();
-        header("location: homepage.php?UserID=".$row["UserID"]);
+        session_start();
+        $_SESSION['UserID'] = $row["UserID"];
+        header("location: homepage.php");
     }
     else
         $Failed = "Incorrect Username or Password";
@@ -33,6 +42,7 @@
 <body>
     <div class="wrapper">
         <h2>Login</h2>
+        <p>Do not have an account? <a href='signup.php'>Click here</a> to sign up.</p>
         <form action="login.php" method="post">
             <div class="form-group">
                 <label>Username</label>

diff --git a/logout.php b/logout.php
@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<?php
+    session_start();
+    session_destroy();
+    header("refresh:5; login.php"); // redirect after 5 second pause
+    echo "You've been logged out. You will be redirected to the log in page in 5 seconds. ";
+    echo "If not, click <a href=\"login.php\">here</a>.";
+?>
diff --git a/search.php b/search.php
@@ -2,7 +2,13 @@
     // $UserID = 2;
     // $keyword = "web";
     // $order_by = 'dt';
-    $UserID = $_GET['UserID'];  
+    session_start();
+    if (!isset($_SESSION['UserID'])){
+        header("refresh:5; login.php"); // redirect after 5 second pause
+        echo "You're not logged in. Redirecting you to login page in 5 seconds or click <a href=\"login.php\">here</a>.";
+        exit();
+    }
+    $UserID = $_SESSION['UserID'];
     $keyword = $_GET['keyword'];
     $order_by = $_GET['order_by'];    
 
@@ -46,7 +52,6 @@
           <label for="Topic_name">Sort by</label><br>
           <div class="btn-group" style="max-width:25%; margin-bottom:5px">
             <?php
-              echo "<input type='hidden' name='UserID' value='$UserID'>";
               echo "<input type='hidden' name='keyword' value='$keyword'>";
             ?>
             <select class="form-control" name="order_by">
@@ -99,7 +104,7 @@
                     echo "<p class='text-sm'>";
                     echo "<span class='op-6'>Posted on $q_datetime</span>";
                     echo "<span class='op-6'> by </span>";
-                    echo "<a class='text-black' href='user_profile.php?UserID=$UserID&ViewingUserID=$question_user_id'>$question_user</a>";
+                    echo "<a class='text-black' href='user_profile.php?ViewingUserID=$question_user_id'>$question_user</a>";
                     echo "</p>";
                     echo "<p class='text-sm' style='color:black'>$body</p>";
                     if ($qobj["resolved"] == 1) {

diff --git a/signup.php b/signup.php
@@ -3,6 +3,13 @@
 $Taken = false;
 $Failed = false;
 
+session_start();
+if (isset($_SESSION['UserID'])){
+    header("refresh:5; homepage.php"); // redirect after 5 second pause
+    echo "You're already logged in. Log out first to create a new account. <br> Redirecting you to your homepage in 5 seconds or click <a href=\"homepage.php\">here</a>.";
+    exit();
+}
+
 if ($_SERVER["REQUEST_METHOD"] == "POST"){
     include 'connection.php';
     $username = $_POST["username"];

diff --git a/user_profile.php b/user_profile.php
@@ -1,7 +1,13 @@
 <?php
     // $UserID = 2;
     // $ViewingUserID = 2;
-    $UserID = $_GET['UserID'];  
+    session_start();
+    if (!isset($_SESSION['UserID'])){
+        header("refresh:5; login.php"); // redirect after 5 second pause
+        echo "You're not logged in. Redirecting you to login page in 5 seconds or click <a href=\"login.php\">here</a>.";
+        exit();
+    }
+    $UserID = $_SESSION['UserID'];
     $ViewingUserID = $_GET['ViewingUserID'];  
 
     include 'connection.php';
@@ -58,6 +64,13 @@
           echo "<h6><strong>Lives in: </strong>$pcity, $pstate, $pcountry</h6>";
           echo "<h6><strong>User Status: </strong>$puser_status</h6>";
         ?>
+
+        <?php
+            if ($UserID == $ViewingUserID) {
+                echo "<a href='logout.php' class='btn btn-danger' role='button' style='margin:1px'>Sign Out</a>";
+                echo "<br><br>";
+            }
+        ?>
 
         <br>
         <p>Their recent activities:</p>