Menu
so i have a registration form below with empty fields, what i am try to achieve is that when a user tries to log-in in login.php, if his/her idcode exists in the database, the user will get a notification by email with the link to this registration form with a token and id in the URL, when the user clicks this URL, heshe will be directed to the registration form which will have a pre-populated data in fields such idcode, name and and his/her email and only few fields such as designation, date-of-birth and password are fillable by the user
i have trouble in writing the query to access two tables and unable to figure out the solution to make it work and the fields should contain the value from the table such as name,idcode and email and set to readonly
*note: this page is directed only when the user clicks the url with token and people_id
please help me guys
<?php
session_start();
include ‘includes/connect.php’;
if(isset($_POST[‘login’])){
//Retrieve the field values from our login form.
$idcode = !empty($_POST[‘idcode’]) ? trim($_POST[‘idcode’]) : null;
$sql = “SELECT id, idcode FROM people WHERE idcode = :idcode”;
$stmt = $pdo->prepare($sql);
$stmt->bindValue(‘:idcode’, $idcode);
$stmt->execute();
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if($user === True){
echo ‘Incorrect idcode’;
}
else{
header(“Location: email.php”);
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset=”UTF-8″>
<title>Login</title>
</head>
<body>
<h1>Login</h1>
<form action=”login.php” method=”post”>
<label for=”idcode”>idCode</label>
<input type=”text” id=”idcode” name=”idcode”><br>
<input type=”submit” name=”login” value=”Login”>
</form>
</body>
</html>
<?php
include ‘includes/connect.php’;
//if form has been submitted process it
if(isset($_POST[‘submit’])){
//email validation
if(!filter_var($_POST[’email’], FILTER_VALIDATE_EMAIL)){
$error[] = ‘Please enter a valid email address’;
} else {
$stmt = $pdo->prepare(‘SELECT email FROM people WHERE email = :email’);
$stmt->execute(array(‘:email’ => $_POST[’email’]));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if(empty($row[’email’])){
$error[] = ‘Email provided is not recognised.’;
}
}
//if no errors have been created carry on
if(!isset($error)){
//create the activasion code
$token = md5(uniqid(rand(),true));
try {
$stmt = $pdo->prepare(“UPDATE people SET token = :token WHERE email = :email”);
$stmt->execute(array(
‘:email’ => $row[’email’],
‘:token’ => $token
));
//send email
$to = $row[’email’];
$subject = “Create Account”;
$body = “<p>An registration request was sent by you.</p>
<p>To activate your account, visit the following address: <a href='”.DIR.”resetPassword.php?key=$token’>”.DIR.”resetPassword.php?key=$token</a></p>”;
$mail = new Mail();
$mail->setFrom(SITEEMAIL);
$mail->addAddress($to);
$mail->subject($subject);
$mail->body($body);
$mail->send();
//redirect to index page
header(‘Location: login.php?action=reset’);
exit;
//else catch the exception and show the error.
} catch(PDOException $e) {
$error[] = $e->getMessage();
}
}
}
//define page title
$title = ‘Activate Account’;
?>
<div class=”container”>
<div class=”row”>
<div class=”col-xs-12 col-sm-8 col-md-6 col-sm-offset-2 col-md-offset-3″>
<form role=”form” method=”post” action=”” autocomplete=”off”>
<h2>Reset Password</h2>
<p><a href=’login.php’>Back to login page</a></p>
<hr>
<?php
//check for any errors
if(isset($error)){
foreach($error as $error){
echo ‘<p class=”bg-danger”>’.$error.'</p>’;
}
}
if(isset($_GET[‘action’])){
//check the action
switch ($_GET[‘action’]) {
case ‘active’:
echo “<h2 class=’bg-success’>Your account is now active you may now log in.</h2>”;
break;
case ‘reset’:
echo “<h2 class=’bg-success’>Please check your inbox for a reset link.</h2>”;
break;
}
}
?>
<div class=”form-group”>
<input type=”email” name=”email” id=”email” class=”form-control input-lg” placeholder=”Email” value=””>
</div>
<hr>
<div class=”row”>
<div class=”col-xs-6 col-md-6″><input type=”submit” name=”submit” value=”Sent Reset Link” class=”btn btn-primary btn-block btn-lg”></div>
</div>
</form>
</div>
</div>
</div>