I'm making a simple resume-type website in which I can edit my profile. The issue that I am having is, I have a header.php file which has all the navigation buttons. I'm including that header file into every page which I have.
When I go on my profile and click 'Edit' profile, it takes me to another page with input fields enabled to edit my profile. The problem is, when I am on the edit profile page (which is in a subfolder), and it has included root using '../header.php', the navigation options are not working because on header.php, all files are in the root folder, but when I'm including the header file from a subfolder and trying to navigate, it's not going to the root folder, it's trying to find the file in the subfolder which doesn't exist.
It should let me navigate through the pages as normal by going back a directory, but I can't make a hard-coded solution as my header is in the root folder.
Here's my code: header.php:
<?php
// requires database file for connection.
require 'resources/database/mysqli_connect.php';
// Starts the session.
session_start();
$rank = 0;
// If session is not empty, assigns variables and runs the query.
if(!empty($_SESSION["id"])){
$id = $_SESSION["id"];
$rank = $_SESSION["rank"];
$result = mysqli_query($conn, "SELECT * FROM users WHERE id = $id");
$row = mysqli_fetch_assoc($result);
}
?>
<!DOCTYPE html>
<html>
<head>
</head>
<header>
<nav class="navbar navbar-expand-sm navbar-dark bg-dark">
<a href="./index.php" class="navbar-brand">IKAWORLD</a>
<button class="navbar-toggler" data-toggle="collapse" data-target="#navbarMenu">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarMenu">
<ul class="navbar-nav ml-auto">
<li class="nav-item">
<a href="./index.php" class="nav-link">Home</a>
</li>
<?php
if($rank == 5){
echo
"<li class='nav-item'>
<a href='./admin.php' class='nav-link'>Admin</a>
</li>";
}
?>
<?php
if(empty($_SESSION["id"])){
echo
"<li class='nav-item'>
<a href='login.php' class='nav-link'>Login</a>
</li>
<li class='nav-item'>
<a href='register.php' class='nav-link'>Register</a>
</li>";
} else{
echo
"<li class='nav-item'>
<a href='profile.php' class='nav-link'>Profile</a>
</li>
<li class='nav-item'>
<a href='logout.php' class='nav-link'>Logout</a>
</li>";
}
?>
</ul>
</div>
</nav>
</header>
</html>
Root navigation page example (profile.php):
<?php
// Requires database file for connection //
include 'header.php';
require './resources/database/mysqli_connect.php';
// Starts the session.
$rank = 0;
// If user is logged in, assigns variables and values //
if(!empty($_SESSION["id"])){
// Logged in user's ID //
$id = $_SESSION["id"];
$result = mysqli_query($conn, "SELECT * FROM users WHERE id = $id");
$row = mysqli_fetch_assoc($result);
// This is the parent ID associated with the user //
// This checks the rank of the logged user //
$rank = $_SESSION["rank"];
if ($rank == 1){
$level = "User";
} else if ($rank == 2){
$level = "Verified User";
} else if ($rank == 3){
$level = "Family";
} else if ($rank == 4){
$level = "Friend";
} else if ($rank == 5){
$level = "Admin";
}
}
// If user is not logged in, it brings them to the login page //
else{
header("Location: ./login.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
<link rel="stylesheet" href="resources/stylesheet/stylesheet.css">
<link rel="stylesheet" href="resources/stylesheet/register.css">
</head>
<body>
<div class="content-wrapper">
<br>
<h1 class="subheading">Profile</h1>
<table>
<th>Category</th>
<th>Value</th>
<tr>
<td>User ID:</td>
<td><?php echo $row['id']; ?></td>
</tr>
<tr>
<td>Username:</td>
<td><?php echo $row['username']; ?></td>
</tr>
<tr>
<td>First name:</td>
<td><?php echo $row['first_name']; ?></td>
</tr>
<tr>
<td>Last name:</td>
<td><?php echo $row['last_name']; ?></td>
</tr>
<tr>
<td>Email:</td>
<td><?php echo $row['email']; ?></td>
</tr>
<tr>
<td>Password:</td>
<td>--------------</td>
</tr>
<tr>
<tr>
<td>Rank</td>
<td><?php echo $level; ?></td>
</tr>
</table>
<a href="edit_pages/editProfile.php"><button>Edit Profile</button></a>
<br><br>
</div>
</body>
</html>
edit profile page (located in a subfolder):
<?php
// Requires DB document for connection //
include '../header.php';
require '../resources/database/mysqli_connect.php';
$rank = 0;
// If session is not empty, assigns variables and runs the query.
if(!empty($_SESSION["id"])){
$id = $_SESSION["id"];
$rank = $_SESSION["rank"];
$result = mysqli_query($conn, "SELECT * FROM users WHERE id = $id");
$row = mysqli_fetch_assoc($result);
}
else{
// If user not logged in, it redirects them //
header("Location: ../login.php");
}
// This code runs when user clicks update profile //
if(isset($_POST["updateProfile"])){
// Stores input data to variables + cleans them to prevent SQLi Injection //
$username = mysqli_real_escape_string($conn, $_POST["userName"]);
$firstname = mysqli_real_escape_string($conn, $_POST["firstName"]);
$lastname = mysqli_real_escape_string($conn, $_POST["lastName"]);
$email = mysqli_real_escape_string($conn, $_POST["email"]);
$password = mysqli_real_escape_string($conn, $_POST["password"]);
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
// Checks if any fields have been left empty //
if (empty($_POST["userName"]) || empty($_POST["firstName"]) || empty($_POST["lastName"]) || empty($_POST["email"]) || empty($_POST["password"])) {
// If missing fields found, it throws this error //
echo "<script>alert('Missing fields detected!')</script>";
}
else{
// If everything is good, it creates the query to update user details in the DB //
$query = "update users set username = '$username', first_name = '$firstname', last_name = '$lastname', email = '$email', password = '$hashed_password' where id = '$id'";
if ($conn -> query($query) == TRUE){
// If query is successful, it alerts the user with successful message //
echo "<script> alert('Updated Successful'); </script>";
// Redirects user/
header("Location: ../profile.php");
} else{
// If unsuccessful, this error appears //
echo "<script> alert('An error has occurred.'); </script>";
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
<link rel="stylesheet" href="../resources/stylesheet/register.css">
<link rel="stylesheet" href="../resources/stylesheet/stylesheet.css">
</head>
<body>
<div class="content-wrapper">
<br>
<h1 class="subheading">Edit Profile</h1>
<form method="post" action="">
<table>
<th>Category</th>
<th>Value</th>
<tr>
<td>Username:</td>
<td><input type="text" value="<?php echo $row['username']; ?>" name="userName"></td>
</tr>
<tr>
<td>First name:</td>
<td><input type="text" value="<?php echo $row['first_name']; ?>" name="firstName"></td>
</tr>
<tr>
<td>Last name:</td>
<td><input type="text" value="<?php echo $row['last_name']; ?>" name="lastName"></td>
</tr>
<tr>
<td>Email:</td>
<td><input type="text" value="<?php echo $row['email']; ?>" name="email"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password"></td>
</tr>
</table>
<button type="submit" name="updateProfile">Update Profile</button>
</form>
<br><br>
</div>
</body>
</html>
