user18135771
user18135771

Reputation:

Display user's name in other pages of my website after logging in using PHP and XML

I am trying to display the name of the user after they log in the header of all pages but I can not find a way to do that using PHP and XML. I can not use anything other than PHP and XML. In addition, almost all my pages are created with .html (except the registration pages and backstore ones which are accessed by the admin).

Here is my log-in code:

   <?php
    $error = false;
    if(isset($_POST['login_button'])){
         $email = $_POST['username'];
    $password = $_POST['password'];
    if(file_exists('UserList.xml')){
        $xml = new SimpleXMLElement('UserList.xml',0,true);
        $length = count($xml->info);
        for($i=0; $i<$length; $i++) {

          if($password == 'Admin' && $email == 'Admin')
          {
            session_start();
            $_SESSION['username'] = $email;
              header('Location: P7.html');
              die;
          }
          if($password==$xml->info[$i]->Password && $email == $xml->info[$i]->FirstName) {
              session_start();
              $_SESSION['username'] = $email;
              header('Location: index.php');
              die;
          }
        }
    }
    $error = true;

}
?>


<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Log-in</title>
    <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
    <link rel="stylesheet" href="Login-Signup.css">
    <link rel="stylesheet" href="Main-Stylesheet.css">
</head>
<body>



<!-- header section -->
    <nav class="nav_bar">
        <a class="nav_logo" href="index.html">
            <img src="Images/Logo.png">
        </a>
  
        <form class="search">
          <input class="search_bar" type="search" placeholder="'Product'">
          <button class="search_button" type="submit">Search</button>
        </form>

        <a class="cart_button" href="ShoppingCart.html">
            <div class="cart_circle">
                <img src="Images/cart-logo.png" />
            </div>
        </a>

    </nav>


<div class="row menu h-100 col-12 nopadding sticky-top">
       
    <div class="col-4 row text-center">
        <div class="dropdown menuText">
            <button class="dropbtn"><img class="dropdown-hamburger"src="Images/hamburger-icon2.jpg" /><p class="nav-aisles">Aisles</p></button>
            <div class="col-3 row dropdown-content">
                <a href="chickenAisle.html">Chicken</a>
                <a href="meatAisle.html">Meat</a>
                <a href="pastaAisle.html">Pasta</a>
                <a href="fruitsAisle.html">Fruits</a>
                <a href="vegetablesAisle.html">Vegetables</a>
            </div>
        </div>
    </div>

    <div class="col-4 row menuText h-100">
        <a href="index.html" style="text-decoration:none; color:white;">Home</a>
    </div>

    <div class="col-4 row menuText h-100">
        <a>Locations</a>
    </div>
      
</div>
<!-- header section -->


    <!-- Login Section start -->

    <div class="col-12 h-100 nonpadding logincontainer">

        <div class="h-100 loginmargin ">
             <h3 class="loginbar">Log in</h3>
        </div>
        <form method = "POST" action="">
            <div class="inner-container">

                <div class="nopadding login_label">
                    <label for="email" class="labellogin">Email:</label>
                </div>

                <div class="login_input">
                    <input type="email" name="Email" class="login_info" placeholder="email">
                </div>

                <div class="nopadding login_label">
                    <label for="password" class="labellogin">Password:</label>
                </div>

                <div class="login_input">
                    <input type="password" name="password" class="login_info" placeholder="password">
                </div>
                <?php
                if($error){
                    echo '<p>Invalid email and/or password</p';
                    }
                ?>

                <div class="checkbut">
                    <label for="check">Remember me</label>
                    <input type="checkbox" id="check" name="check" value="Remember">
                </div>

                <div class=" nopadding submit">
                    <button type="submit" name="login_button" class="login_button">Log in</button>
                </div>
                
                <div class=" forgotpass">
                    <p><a href="#">Forgot Password?</a></p>
                </div>

                
                <p>Don't have an account? <a href="SignUp.php">Sign up</a></p>
                

            </div>
        </form>
    </div>

    <!-- Login Section end -->


 <!-- footer section -->
<div class="col-12 row h-100 nopadding footer">

    <div class="col-4 row footer-heading nopadding about">
        <h2>About Us</h2>
        <a href="#">Our Story</a>
        <a href="#">Blog</a>
        <a href="P7.html">Customers</a>
    
    </div>
    
    <div class="col-4 row footer-heading nopadding contact-form">
        <h2>Customer Service</h2>
        <a href="#">Contact Us</a>
        <a href="#">Terms and Conditions</a>
        <a href="#">Find a Store</a>
        <a href="#">FAQ</a>
    </div>
    <div class="col-4 row footer-heading nopadding social-media">
        <h2>Social Media</h2>
        <a href="#">Instagram</a>
        <a href="#">Facebook</a>
        <a href="#">YouTube</a>
        <a href="#">Twitter</a>
    </div>
    
    
    
    <div class="col-12 row nopadding">
      
        
        <div class="col-2 footer-bottom footer">
            &copy; 2022 poeatry.com 
    
        </div>
        <div class="col-5">
    
        </div>

    </div>
</div>
<!-- footer section -->
</body>
</html>

Here is the header that Ill be using in all the pages:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Log-in</title>
    <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
    <link rel="stylesheet" href="Login-Signup.css">
    <link rel="stylesheet" href="Main-Stylesheet.css">
</head>
<body>



<!-- header section -->
    <nav class="nav_bar">
        <a class="nav_logo" href="index.html">
            <img src="Images/Logo.png">
        </a>
  
        <form class="search">
          <input class="search_bar" type="search" placeholder="'Product'">
          <button class="search_button" type="submit">Search</button>
        </form>

        <a class="cart_button" href="ShoppingCart.html">
            <div class="cart_circle">
                <img src="Images/cart-logo.png" />
            </div>
        </a>

    </nav>

Here is my XML file:

<?xml version="1.0"?>
<UserList>
  

<info><FirstName>Admin</FirstName><LastName>a</LastName><Email>[email protected]</Email><Password>Admin</Password><Address>St Catherine</Address><Number>+1 234</Number></info></UserList>

Upvotes: 2

Views: 108

Answers (1)

Jacob Mulquin
Jacob Mulquin

Reputation: 3608

Here's a barebones authentication system, I hope you can adapt it well. All pages must be php pages and have session_start() at the beginning.

This system has 3 pages, index.php, auth.php and admin.php.

The way you were doing the admin page was wildy insecure, anybody could go to P7.html. What I have done is add the Access tag in the XML file.

Put the XML in a directory that a person cannot access through the web browser.

index.php

<?php

session_start();

?>
<html>
    <head><title>XML Auth Test</title></head>
    <body>
        <nav>
            <?php
                if (isset($_SESSION['user']))
                    echo 'Logged in as ' . $_SESSION['user']['FirstName'];
                else
                    echo 'Not logged in';
            ?>
        </nav>
        <main>
            <?php
                if (!isset($_SESSION['user'])) {
            ?>
            <h2>Login</h2>
            <form method="POST" action="auth.php">
                    <label for="email" class="labellogin">Email:</label>
                    <input type="email" name="email" class="login_info" placeholder="email">

                    <label for="password" class="labellogin">Password:</label>
                    <input type="password" name="password" class="login_info" placeholder="password">

                <?php
                if(!empty($_SESSION['error']))
                    echo '<p>'.$_SESSION['error'].'</p>';
                ?>

                    <button type="submit" name="login_button" class="login_button">Log in</button>
            </form>
            <?php
                } else {
            ?>
            <pre>
                <?php var_dump($_SESSION['user']); ?>
            </pre>
            <?php
                }
            ?>
    </body>
</html>

auth.php

<?php

$xml_file = 'users.xml';
$redirect_to = 'index.php';

session_start();

if (!file_exists($xml_file)) {
    $_SESSION['error'] = 'Login system disabled';
    header('Location: ' . $redirect_to);
}

if (isset($_POST['login_button'])) {
    $email = $_POST['email'];
    $password = $_POST['password'];

    $xml = new SimpleXMLElement($xml_file, 0, true);

    foreach ($xml->info as $info) {
        if ($email == $info->Email && $password == $info->Password) {
    
            
            $_SESSION['user'] = (array) $info;

            $_SESSION['error'] = '';

            if ($info->Access == 'Admin')
                $redirect_to = 'admin.php';

            header('Location: ' . $redirect_to);
        }
    }

    $_SESSION['error'] = 'Invalid email and/or password';
    header('Location: ' . $redirect_to);
}

admin.php

<?php

session_start();

if ($_SESSION['user']['Access'] !== 'Admin')
    header('Location: index.php');

?>

<h2>Hi admin!</h2>

users.xml

<?xml version="1.0"?>
<UserList>
    <info>
        <FirstName>Admin</FirstName>
        <LastName>a</LastName>
        <Email>[email protected]</Email>
        <Password>Admin</Password>
        <Address>St Catherine</Address>
        <Number>+1 234</Number>
        <Access>Admin</Access>
    </info>
    <info>
        <FirstName>User</FirstName>
        <LastName>b</LastName>
        <Email>[email protected]</Email>
        <Password>User</Password>
        <Address>St Catherine</Address>
        <Number>+1 234</Number>
        <Access>User</Access>
    </info>
</UserList>

Upvotes: 1

Related Questions