I have login.php page for the user to login their credentials. After the user logs in that is when the doLogin.php page will be displayed. In other words their user profile will be displayed. On the User Profile element, there is an edit button which leads them to editProfile.php page to edit their personal info. However when I clicked the back arrow on my tab to go to the User profile page back an error "Confirm Form Resubmission" was displayed. How do I counter this such that when the user wished to go back to the User Profile page, their details will be displayed?
This is my doLogin.php
session_start();
$msg = "";
//check whether session variable 'user_id' is set
//in other words, check whether the user is already logged in
if (isset($_SESSION['user_id'])) {
$msg = "You are already logged in.<br/><a href='index.php'>Home</a>";
$msg = "<a href ='logout.php'>logout</a>";
} else { //user is not logged in
//check whether form input 'username' contains value
if (isset($_POST['username'])) {
//retrieve form data
$entered_username = $_POST['username'];
$entered_password = $_POST['password'];
//connect to database
include ("dbfunctions.php");
//match the username and password entered with database record
$query = "SELECT *from role,user
WHERE user_name='$entered_username' AND
PASSWORD = SHA1('$entered_password') AND user.role_id = role.role_id";
$result = mysqli_query($link, $query) or die(mysqli_error($link));
$query2 = "SELECT * FROM user,country where user.country_id=country.country_id ORDER BY `user`.`id` ASC ";
$result2 = mysqli_query($link, $query2) or die(mysqli_error($link));
$query3 = "SELECT * FROM book";
$result3 = mysqli_query($link, $query3) or die(mysqli_error($link));
if (mysqli_num_rows($result) == 1) {
$update = "UPDATE `user` SET last_login = NOW() WHERE user_name='$entered_username' ";
$resultupdate = mysqli_query($link, $update);
$row = mysqli_fetch_array($result);
$_SESSION['user_id'] = $row['id'];
$_SESSION['username'] = $row['user_name'];
$_SESSION['email'] = $row['email_address'];
$_SESSION['gender'] = $row['gender_id'];
$_SESSION['role_id'] = $row['role_type'];
$_SESSION['lastlog'] = $row['last_login'];
$msg1 = $_SESSION['username'];
$msg2 = "<b>Gender: </b> " . $_SESSION['gender'] . "<br/>";
$msg3 = "<b>Email: </b>" . $_SESSION['email'] . "<br/>";
$msg4 = "<b>Your last visit on this site: </b>" . $_SESSION['lastlog'];
$msg .= "You are logged in as " . $_SESSION['role_id'] . "<br/>";
$rowz = mysqli_fetch_array($result3);
} else { //record not found
$msg = "<p>Sorry, you must enter a valid username and password to log in.<a href='login.php'>Back</a></p>";
}
}
and this is my editProfile.php
// include a php file that contains the common database connection codes
include ("dbfunctions.php");
session_start();
$userID = $_POST['userID'];
$queryedit = "SELECT * FROM user WHERE id=$userID";
// execute the query
$resultedit = mysqli_query($link, $queryedit) or die(mysqli_error($link));
// fetch the execution result to an array
$rowedit = mysqli_fetch_array($resultedit);
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link href="style.css" rel="stylesheet" type="text/css"/>
<link rel="stylesheet" type="text/css" href="bootstrap/css/bootstrap.min.css" />
<link rel="stylesheet" type="text/css" href="font-awesome/css/font-awesome.min.css" />
<script src="script.js"></script>
<script type="text/javascript" src="js/jquery-1.10.2.min.js"></script>
<script type="text/javascript" src="bootstrap/js/bootstrap.min.js"></script>
<link rel="stylesheet" href="styles.css">
<title>Edit Profile & Settings</title>
</head>
<body>
<div class="container">
<a href="logout.php" class="btn btn-info" role="button">Sign Out</a>
<div class="page-header">
<h1>OBC <small>onlinebookclub</small></h1>
<div class="row">
<div class="col-lg-6">
<form method="post" action="doSearch.php">
<div class="input-group">
<span class="input-group-btn">
<button class="btn btn-default" type="submit">Go!</button>
</span>
<input type="text" class="form-control" placeholder="Title/Author/YearOfPublish">
</form>
</div><!-- /input-group -->
</div><!-- /.col-lg-6 -->
</div><!-- /.row -->
</div>
</div>
<!-- Registration Form - START -->
<div class="container" id="container1">
<div id='cssmenu'>
<ul>
<li class='active'><a href='#'>Profile</a></li>
<li><a href='addbook.php'>Add/Edit Books</a></li>
<li><a href='#'>Add/Edit Authors</a></li>
<li><a href='editProfile.php'>Edit Profile & Settings</a></li>
</ul>
</div>
<h2>Edit Profile</h2>
<hr>
<div class="row">
<!-- left column -->
<div class="col-md-3">
<div class="text-center">
<img src="//placehold.it/100" class="avatar img-circle" alt="avatar">
<h6>Upload a different photo...</h6>
<input type="file" class="form-control">
</div>
</div>
<!-- edit form column -->
<div class="col-md-9 personal-info">
<h3>Personal info</h3>
<form class="form-horizontal" role="form">
<div class="form-group">
<label class="col-lg-3 control-label">Username:</label>
<div class="col-lg-8">
<input class="form-control" type="text" value="<?php echo $rowedit['user_name'] ?>">
</div>
</div>
<div class="form-group">
<label class="col-lg-3 control-label">Email:</label>
<div class="col-lg-8">
<input class="form-control" type="text" value="<?php echo $rowedit['email_address'] ?>">
</div>
</div>
<div class="form-group">
<label class="col-md-3 control-label"></label>
<div class="col-md-8">
<input type="hidden" name="id" value="<?php echo $rowedit['id'] ?>" />
<input type="submit" class="btn btn-primary" value="Save Changes">
<span></span>
<input type="reset" class="btn btn-default" value="Cancel">
</div>
</div>
</form>
</div>
</div>
</div>
<style>
#container1 {
background-color: #e2dada;
opacity: 0.9;
border-radius: 2em;
}
.centered-form {
margin-top: -185px;
margin-bottom: 120px;
}
.centered-form .panel {
background: rgba(255, 255, 255, 0.8);
box-shadow: rgba(0, 0, 0, 0.3) 20px 20px 20px;
}
h2{
color: orange;
}
</style>
</body>
