I am very new to php, i need help adding a login and logout button. If the user is already logged in, I want the login to be hidden.And if the user is logged out, I want the logout to be hidden. The login/logout button should be in html and php. Please and thank you
Here are the scripts I’m using
Here is the login/logout buttons I tried using :
<a href="/login-user.php" class="navbar-signin">
<span>login</span>
<ion-icon name="log-in-outline"></ion-icon>
<span> <?php echo $fetch_info['name'] ?> </span>
</a>
<a href="/logout-user.php" class="navbar-signin">
<span>Log out</span>
<ion-icon name="log-in-outline"></ion-icon>
<span> <?php echo $fetch_info['name'] ?> </span>
</a>
Here is the code i use for my index.php:
<?php require_once "controllerUserData.php"; ?>
<?php $email = $_SESSION['email'];
$password = $_SESSION['password'];
if($email != false && $password != false){
$sql = "SELECT * FROM usertable WHERE email = '$email'";
$run_Sql = mysqli_query($con, $sql);
if($run_Sql){
$fetch_info = mysqli_fetch_assoc($run_Sql);
$status = $fetch_info['status'];
$code = $fetch_info['code'];
if($status == "verified"){
if($code != 0){
header('Location: reset-code.php');
}
}else{
header('Location: user-otp.php');
}
}
}else{
header('Location: ');
}
?>
Controller user data:
<?php
session_start();
require "connection.php";
$email = "";
$name = "";
$errors = array();
//if user signup button
if(isset($_POST['signup'])){
$name = mysqli_real_escape_string($con, $_POST['name']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$cpassword = mysqli_real_escape_string($con, $_POST['cpassword']);
if($password !== $cpassword){
$errors['password'] = "Confirm password not matched!";
}
$email_check = "SELECT * FROM usertable WHERE email = '$email'";
$res = mysqli_query($con, $email_check);
if(mysqli_num_rows($res) > 0){
$errors['email'] = "Email that you have entered is already exist!";
}
if(count($errors) === 0){
$encpass = password_hash($password, PASSWORD_BCRYPT);
$code = rand(999999, 111111);
$status = "notverified";
$insert_data = "INSERT INTO usertable (name, email, password, code, status)
values('$name', '$email', '$encpass', '$code', '$status')";
$data_check = mysqli_query($con, $insert_data);
if($data_check){
$subject = "Email Verification Code";
$message = "Your verification code is $code";
$sender = "From: email";
if(mail($email, $subject, $message, $sender)){
$info = "We've sent a verification code to your email - $email";
$_SESSION['info'] = $info;
$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
header('location: user-otp.php');
exit();
}else{
$errors['otp-error'] = "Failed while sending code!";
}
}else{
$errors['db-error'] = "Failed while inserting data into database!";
}
}
}
//if user click verification code submit button
if(isset($_POST['check'])){
$_SESSION['info'] = "";
$otp_code = mysqli_real_escape_string($con, $_POST['otp']);
$check_code = "SELECT * FROM usertable WHERE code = $otp_code";
$code_res = mysqli_query($con, $check_code);
if(mysqli_num_rows($code_res) > 0){
$fetch_data = mysqli_fetch_assoc($code_res);
$fetch_code = $fetch_data['code'];
$email = $fetch_data['email'];
$code = 0;
$status = 'verified';
$update_otp = "UPDATE usertable SET code = $code, status = '$status' WHERE code = $fetch_code";
$update_res = mysqli_query($con, $update_otp);
if($update_res){
$_SESSION['name'] = $name;
$_SESSION['email'] = $email;
header('location: index.php');
exit();
}else{
$errors['otp-error'] = "Failed while updating code!";
}
}else{
$errors['otp-error'] = "You've entered incorrect code!";
}
}
//if user click login button
if(isset($_POST['login'])){
$email = mysqli_real_escape_string($con, $_POST['email']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$check_email = "SELECT * FROM usertable WHERE email = '$email'";
$res = mysqli_query($con, $check_email);
if(mysqli_num_rows($res) > 0){
$fetch = mysqli_fetch_assoc($res);
$fetch_pass = $fetch['password'];
if(password_verify($password, $fetch_pass)){
$_SESSION['email'] = $email;
$status = $fetch['status'];
if($status == 'verified'){
$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
header('location: index.php');
}else{
$info = "It's look like you haven't still verify your email - $email";
$_SESSION['info'] = $info;
header('location: user-otp.php');
}
}else{
$errors['email'] = "Incorrect email or password!";
}
}else{
$errors['email'] = "It's look like you're not yet a member! Click on the bottom link to signup.";
}
}
//if user click continue button in forgot password form
if(isset($_POST['check-email'])){
$email = mysqli_real_escape_string($con, $_POST['email']);
$check_email = "SELECT * FROM usertable WHERE email='$email'";
$run_sql = mysqli_query($con, $check_email);
if(mysqli_num_rows($run_sql) > 0){
$code = rand(999999, 111111);
$insert_code = "UPDATE usertable SET code = $code WHERE email = '$email'";
$run_query = mysqli_query($con, $insert_code);
if($run_query){
$subject = "Password Reset Code";
$message = "Your password reset code is $code";
$sender = "From: email";
if(mail($email, $subject, $message, $sender)){
$info = "We've sent a passwrod reset otp to your email - $email";
$_SESSION['info'] = $info;
$_SESSION['email'] = $email;
header('location: reset-code.php');
exit();
}else{
$errors['otp-error'] = "Failed while sending code!";
}
}else{
$errors['db-error'] = "Something went wrong!";
}
}else{
$errors['email'] = "This email address does not exist!";
}
}
//if user click check reset otp button
if(isset($_POST['check-reset-otp'])){
$_SESSION['info'] = "";
$otp_code = mysqli_real_escape_string($con, $_POST['otp']);
$check_code = "SELECT * FROM usertable WHERE code = $otp_code";
$code_res = mysqli_query($con, $check_code);
if(mysqli_num_rows($code_res) > 0){
$fetch_data = mysqli_fetch_assoc($code_res);
$email = $fetch_data['email'];
$_SESSION['email'] = $email;
$info = "Please create a new password that you don't use on any other site.";
$_SESSION['info'] = $info;
header('location: new-password.php');
exit();
}else{
$errors['otp-error'] = "You've entered incorrect code!";
}
}
//if user click change password button
if(isset($_POST['change-password'])){
$_SESSION['info'] = "";
$password = mysqli_real_escape_string($con, $_POST['password']);
$cpassword = mysqli_real_escape_string($con, $_POST['cpassword']);
if($password !== $cpassword){
$errors['password'] = "Confirm password not matched!";
}else{
$code = 0;
$email = $_SESSION['email']; //getting this email using session
$encpass = password_hash($password, PASSWORD_BCRYPT);
$update_pass = "UPDATE usertable SET code = $code, password = '$encpass' WHERE email = '$email'";
$run_query = mysqli_query($con, $update_pass);
if($run_query){
$info = "Your password changed. Now you can login with your new password.";
$_SESSION['info'] = $info;
header('Location: password-changed.php');
}else{
$errors['db-error'] = "Failed to change your password!";
}
}
}
//if login now button click
if(isset($_POST['login-now'])){
header('Location: login-user.php');
}
?>
