All Activity

I am trying to include a php header file to my page but it is not working. <?php session_start(); include("header.php"); $the_email = $_GET['email']; $_SESSION['user_email'] = $the_email; ?> and header have a navbar header.php <?php session_start(); $authenticated = false; $isadmin = false; if ($_SESSION['user']) { $thename = $_SESSION['user_name']; $theimage = $_SESSION['user_photo']; $authenticated = true; $isadmin = false; } if ($_SESSION['admin']) { $thename = $_SESSION['admin_name']; $authenticated = true; $isadmin = true; } ?> <!doctype html> <html lang="en"> <head> <!-- Required Meta Tags --> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- Document Title, Description, and Author --> <title>Teacher License System</title> <meta name="description" content="Wave is a Bootstrap 5 One Page Template."> <meta name="author" content="BootstrapBrain"> <!-- Favicon and Touch Icons --> <link rel="icon" type="image/png" sizes="512x512" href="./assets/favicon/favicon-512x512.png"> <!-- Google Fonts Files --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Oswald:wght@200;300;400;500;600;700&family=Satisfy&display=swap" rel="stylesheet"> <!-- CSS Files --> <link rel="stylesheet" href="./assets/css/wave-bsb.css"> <!-- BSB Head --> </head> <body data-bs-spy="scroll" data-bs-target="#bsb-tpl-navbar" data-bs-smooth-scroll="true" tabindex="0"> <!-- Header --> <header id="header" class="sticky-top bsb-tpl-header-sticky bsb-tpl-header-sticky-animationX"> <!-- Navbar 1 - Bootstrap Brain Component --> <nav class="navbar navbar-expand-lg navbar-light bg-light"> <div class="container"> <a class="navbar-brand" href="index.php"> <img src="/assets/img/logo.png" width="40" height="40" class="d-inline-block align-top" alt=""> TLS CS C2&3 </a> <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon">test</span> </button> <div class="collapse navbar-collapse" id="navbarSupportedContent"> <ul class="navbar-nav me-auto mb-2 mb-lg-0"> <li class="nav-item"> <a class="nav-link text-dark" href="index.php">Home</a> </li> <li class="nav-item"> <a class="nav-link text-dark" href="about.php">About</a> </li> <li class="nav-item"> <a class="nav-link text-dark" href="services.php">Services</a> </li> <li class="nav-item"> <a class="nav-link text-dark" href="pricing.php">Pricing</a> </li> <li class="nav-item"> <a class="nav-link text-dark" href="contact.php">Contact US</a> </li> </ul> <?php if ($isadmin) { ?> <ul class="navbar-nav"> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle text-dark" href="#" id="navbarDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false"> Hello, <?= $thename ?> </a> <ul class="dropdown-menu" aria-labelledby="navbarDropdown"> <li><a class="dropdown-item" href="main.php">TLS Materials</a></li> <li><hr class="dropdown-divider"></li> <li><a class="dropdown-item" href="logout.php">Logout</a></li> </ul> </li> </ul> <?php } else if ($authenticated) { ?> <img src='/files/<?=$theimage ?>' width="75px"> <ul class="navbar-nav"> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle text-dark" href="#" id="navbarDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false"><?= $thename ?> </a> <ul class="dropdown-menu" aria-labelledby="navbarDropdown"> <li><a class="dropdown-item" href="profile.php">My Profile</a></li> <li><a class="dropdown-item" href="main.php">TLS Materials</a></li> <li><hr class="dropdown-divider"></li> <li><a class="dropdown-item" href="logout.php">Logout</a></li> </ul> </li> </ul> <?php } else {?> <ul class="navbar-nav"> <li class="navbar-item"> <a href="register.php" class="btn btn-outline-primary me-2">Register</a> </li> <li class="navbar-item"> <a href="login.php" class="btn btn-primary">Login</a> </li> </ul> <?php } ?> </div> </div> </nav> <script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script> </header> why is that? Am i missing something?

Nimble AppGenie stands out as a premier eWallet app development company in Dubai, offering secure, feature-rich, and scalable mobile wallet solutions for businesses of all sizes. With the rapid digital transformation in the UAE, our team helps startups and enterprises build powerful eWallet apps that support seamless transactions, robust security, and real-time financial management. We specialize in creating custom eWallet applications with cutting-edge features such as biometric authentication, QR code payments, peer-to-peer transfers, AI-powered analytics, and multilingual support. Our solutions are tailored for the unique financial and regulatory environment of Dubai, ensuring compliance and top-tier performance. From Android and iOS to cross-platform development, Nimble AppGenie empowers your digital wallet idea with intuitive design, innovative technology, and a customer-first approach, helping you stay ahead in the digital payment revolution.

Don't do that. Under no circumstances should the session storage location be under the web root. So first of all, the session does not "timeout" after 30 minutes. Most likely your shared host has a cron job that is going through the directories where session files are stored and deleting any session files that haven't been updated (the mtime) in over 30 minutes. Normal session file garbage collection is highly dependent on having a certain amount of requests, such that the garbage collector actually runs. You should be able to do this. If it doesn't work, then I wouldn't use the feature. Hard to say for sure, but you should check the value of gc_probability. Some OS's like Debian set it to 0, and use os level scripts to remove session files. As I stated above, it does sound like this might be the case with your host. A site with very low traffic is unlikely to run the session garbage collector in any reliable manner.

Hi I am trying to send email through php as html template. Below code, if I put the headers it will get the custom error message that the email is not sent. If I remove the headers it will send the email but the email will be not formatted as html and it will send the whole template.php as a text. $to = $myusername; $subject = "OTP - RESET PASSWORD"; $headers = array( 'MIME-Version' => '1.0', 'Content-type' => 'text/html;charset=UTF-8', 'From' => '[email protected]', 'Reply-To' => '[email protected]' ); //$message = "hi!"; ob_start(); include("mail-template.php"); $message = ob_get_contents(); ob_end_clean(); $sent = mail($to, $subject, $message); if(!$sent){ echo "Error: Message not sent. Please try again"; }else{ echo "Message was sent successfully"; }

I can answer number one and the answer is yes: <?php require_once __DIR__ . '/../config/starlite_config.php'; require_once "vendor/autoload.php"; and maybe number 4? public function logoff(): void { error_log("Starting logout process"); // Clear database token if (isset($_SESSION['user_id'])) { $sql = "UPDATE {$this->table} SET token = NULL WHERE id = :id"; $stmt = $this->pdo->prepare($sql); $stmt->execute(['id' => $_SESSION['user_id']]); } // Clear login cookie $isLocal = in_array($_SERVER['REMOTE_ADDR'], ['127.0.0.1', '::1']); $cookieDomain = $isLocal ? '' : 'www.phototechguru.com'; setcookie('login_token', '', [ 'expires' => time() - 3600, 'path' => '/', 'domain' => $cookieDomain, 'secure' => !$isLocal, 'httponly' => true, 'samesite' => 'Lax' ]); // Clear session $_SESSION = []; if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 3600, '/'); } session_destroy(); error_log("Logout complete"); header('Location: index.php'); exit(); }

In a PHP membership website hosted in shared hosting, the session used to timeout in 30 minute after closing browser. We solve that problem by creating users.ini file and creating folder 'session' in public_html. In users.ini file session.cookie_lifetime, session.gc_maxlifetime was extended also session.save_path was set to new directory path. The values of session.cookie_lifetime, session.gc_maxlifetime and session.save_path also set in each PHP program. We are facing a new problem about securing folder session that's storing PHP sessions. These are some queries that I have in this regard. 1) Is it possible to have session folder above public_html to avoid direct access? If not then what can be done to secure that folder? 2) Is anything needs to be mentioned in .htaccess to secure users.ini file or session folder? (It currently uses following in .htaccess file: Options -Indexes <Files php.ini> order allow,deny deny from all </Files>) 3) Can anyone directly access session files like sess_xyz123 created in session folder? (We can't browse session files by visiting url www.domain.com/session/sess_xyz123) 4) The session folder gets populated with session files for each user visit to website. How to remove empty session files that are no longer needed when user leaves website? Looking forward to your reply. Thank you.

If the only reason for that value is to write to the DB then you can do it in the insert query... INSERT INTO tablename (colx, coly, colz) VALUES (?, ?, NOW() + INTERVAL 10 MINUTE)

You're assigning $addingTenMinutes but then using $addingFiveMinutes, which doesn't exist. Also, strtotime('now() + 10 minute') is not a valid syntax for strtotime. Here is a corrected version: $addingTenMinutes = strtotime('+10 minutes'); $end_time = date('Y-m-d H:i:s', $addingTenMinutes);

I am trying to get the current time and add 10 minutes before saving to DB. $addingTenMinutes= strtotime('now() + 10 minute'); $end_time = date('Y-m-d H:i:s', $addingFiveMinutes); why it is not working?

Here is the comparison echo "DIFF1: "; $diff = $dom->diff($x1Doc, $x2Doc); echo $diff->saveHTML(); echo "MERGE1: "; echo $dom->merge($x1Doc, $diff)->saveXML(); echo "DIFF2: "; $diff = $dom->diff($x2Doc, $x1Doc); echo $diff->saveHTML(); echo "MERGE2: "; echo $dom->merge($x1Doc, $diff)->saveXML(); Output DIFF1: <dm:diff xmlns:dm="http://www.locus.cz/diffmark"> <dm:delete> <aaa xxx1="aaa"> </aaa> </dm:delete> <dm:insert> <aaa xxx2="bbb"> </aaa> </dm:insert> </dm:diff> MERGE1: <?xml version="1.0"?> <aaa xxx2="bbb"> </aaa> DIFF2: <dm:diff xmlns:dm="http://www.locus.cz/diffmark"> <aaa xxx1="aaa" dm:update="aaa"> <dm:insert> <bbb> blabla1 </bbb> </dm:insert> <dm:copy count="1"> </dm:copy> </aaa> </dm:diff> MERGE2: <?xml version="1.0"?> <aaa xxx1="aaa"> <bbb> blabla1 </bbb> </aaa> Unfortunately I don't have time to comment on the differences. If anyone else wants to... Anyway Precisely.

Just doing some research on Coverting HTML content quotes into PDF. Allot of what I read and watched is pointing to using composer then a tool like dompdf. For the guru's out there what would you recommend to turn a page like the below with a customers name quote number and 10 to 20 line items and then some totals into a pdf document. I eventually want to have some type of cron job run a task and email pdfs out. Most quotes will be a single page but project quotes will go over to 2 pages. I don't really want to muck around installing composer but before I go too far down the garden path with this section I thought I'd get some feedback on the best way/path to go for php pdf generation for things like quotes and invoices. Option 1. mPDF Options 2. jsPDF Options 3. Puppeteer Option 4. Dompdf This is basic example of the data to go on the quote.

the most common reason for a password_hash()/password_verify() to fail is because the database column is not long enough to hold the hashed value. another common reason are programming mistakes in the form/form processing code and a lack of server-side validation that results in the hash value not actually being from the password that was submitted in the registration code, or the value being used in the login code not being what you think it is. your post method form processing code should always trim the input data, mainly so that you can detect if all white-space characters were entered, then validate all inputs before using them.

Are you storing your password as a plain text in the database? If yes, then password verify won't work. But if no, and properly hashed this version should work. session_start(); include("config.php"); $test1 = 0; $test2 = 1; $error = ''; if($_SERVER["REQUEST_METHOD"] == "POST") { $myusername = mysqli_real_escape_string($db, $_POST['email']); $mypassword = mysqli_real_escape_string($db, $_POST['password']); $sql = "SELECT * FROM login_users WHERE username_email = '$myusername'"; $result = mysqli_query($db, $sql); $count = mysqli_num_rows($result); if ($count == 1) { $data = mysqli_fetch_array($result); if (password_verify($mypassword, $data['password'])) { if ($data['IsAdmin'] == $test2) { $_SESSION['admin'] = $myusername; header('Location: admin_page.php'); exit(); } else { $_SESSION['user'] = $myusername; header('Location: welcome.php'); exit(); } } else { $error = "Invalid password."; } } else { $error = "User not found."; } } if (isset($_SESSION['admin'])) { include("header.php"); include("admin_page.php"); } elseif (isset($_SESSION['user'])) { include("header.php"); include("welcome.php"); }

I made the code more readable and was being able to get some results but a disappointing one! when using the verify it is giving me that the password is not correct, I know it is correct, why? main.php code: <?php session_start(); //include("header.php"); include("config.php"); if ($_SESSION['admin']) { include("header.php"); include("admin_page.php"); } if ($_SESSION['user']) { include("header.php"); include("welcome.php"); } $myusername = ''; $mypassword = ''; $test1 = 0; $test2 = 1; $error=''; if($_SERVER["REQUEST_METHOD"] == "POST") { $myusername = mysqli_real_escape_string($db,$_POST['email']); $mypassword = mysqli_real_escape_string($db,$_POST['password']); $sql = "SELECT * FROM login_users WHERE username_email = '$myusername'"; $result = mysqli_query($db, $sql); $count = mysqli_num_rows($result); if($count == 1) { while($data = mysqli_fetch_array($result)) { if (password_verify($_POST['password'], $data['password'])) { if ($data['IsAdmin'] == $test2) { $_SESSION['admin'] = $_POST['email']; include("header.php"); include("admin_page.php"); header('Location: https://www.ramiwahdan.org/main.php'); } else { $_SESSION['user'] = $_POST['email']; include("header.php"); include("welcome.php"); } } else { echo "error!"; } }

@mac_gyver champion this fixed it JS; echo <<<'JS' <script> function openEditQuantityPopup(quoteItemId, quoteId) { const width = 400; const height = 200; console.log("Opening popup for quoteItemId:", quoteItemId, "quoteId:", quoteId); const left = (window.innerWidth - width) / 2; const top = (window.innerHeight - height) / 2; window.open( `Quotes/Edit_Quote_Quantity.php?quote_item_id=${quoteItemId}&quote_id=${quoteId}`, "EditQuoteQuantity", `width=${width},height=${height},top=${top},left=${left},resizable=no,scrollbars=no` ); } </script> JS;

so, i found the problem, with the help of php's error reporting, though the problem is in javascript. you are echoing blocks of static html/javescript using php's heredoc syntax. when I made the test page i used, the javascript was simply in-line. you are using template literals with embedded expressions in the javascript, e.g. ${some_var}. however, in php's heredoc syntax, this is the syntax for a php variable. so, php is putting the last value for any of its variables with the some_var name into the echoed javascript. how i found this is that the embedded expressions in the openUpdateTotalsPopup() javascrpt, for ${width}, ... produced undefined php variable errors. the simplest fix would be to use php's nowdoc syntax. the correct solution would be to NOT echo blocks of static html/javascript, which I see i wrote about in one of your previous threads.

i haven't looked that the code yet, but in Quotes/Edit_Quote_Quantity.php, log the $_GET variables so that you can see how many requests are made to it and what the inputs are - file_put_contents('log.txt',print_r($_GET,true),FILE_APPEND);

Further to this I added the console.log the quoteItemId value inside the openEditQuantityPopup() and got this result. inspect shows correct value however popup is defiantly wrong item.

<?php function renderQuoteTopButtons() { echo <<<HTML <div style="margin-bottom: 20px;"> <button onclick="startNewQuote()">📝 New Quote</button> <button onclick="loadTemplateQuote()">📄 Quote from Template</button> <button onclick="cloneQuote()">📋 Clone Quote</button> </div> HTML; } function renderNewQuoteFormWithClientSearch() { echo <<<HTML <div id="newQuoteForm" style="display: block; margin-top: 20px;"> <h3>New Quote Details</h3> <form method="POST" action="Quotes.php?action=create_quote"> <label for="clientSearch">Search Customer:</label><br> <input type="text" id="clientSearch" name="clientSearch" oninput="getSuggestions(this.value)" autocomplete="off" required> <input type="hidden" name="selectedCustomerId" id="selectedCustomerId"> <div id="suggestions"></div><br> <label for="quoteTitle">Quote Title:</label><br> <input type="text" id="quoteTitle" name="quoteTitle" required><br><br> <label for="quoteDate">Quote Date:</label><br> <input type="date" id="quoteDate" name="quoteDate" required><br><br> <label for="quoteNotes">Notes (Optional):</label><br> <textarea id="quoteNotes" name="quoteNotes" rows="4" cols="50"></textarea><br><br> <button type="submit">Create Quote</button> </form> </div> HTML; // JavaScript for showing the form and handling customer selection echo <<<JS <script> function startNewQuote() { document.getElementById('newQuoteForm').style.display = 'block'; } function getSuggestions(query) { if (query.length === 0) { document.getElementById("suggestions").innerHTML = ""; return; } var xhttp = new XMLHttpRequest(); xhttp.onreadystatechange = function() { if (this.readyState == 4 && this.status == 200) { document.getElementById("suggestions").innerHTML = this.responseText; } }; xhttp.open("GET", "Functions/get_customer_suggestions.php?q=" + encodeURIComponent(query), true); xhttp.send(); } function selectSuggestion(id, name) { document.getElementById("clientSearch").value = name; document.getElementById("selectedCustomerId").value = id; document.getElementById("suggestions").innerHTML = ""; } </script> JS; } function renderEditQuoteForm($pdo, $quoteId) { // Fetch quote and customer data $stmt = $pdo->prepare("SELECT q.*, c.CompanyName FROM Quote q JOIN Customer c ON q.CustomerID = c.CustomerID WHERE q.QuoteID = ?"); $stmt->execute([$quoteId]); $quote = $stmt->fetch(PDO::FETCH_ASSOC); if (!$quote) { echo "<p>❌ Quote not found.</p>"; return; } // 💰 Calculate total profit and margin $totalProfit = $quote['QuoteEXTotal'] - $quote['QuoteOurBuytotalEx']; $profitMargin = $quote['QuoteEXTotal'] > 0 ? round(($totalProfit / $quote['QuoteEXTotal']) * 100, 2) : 0; // Fetch contacts for dropdown $contacts = $pdo->prepare("SELECT ContactID, FirstName, LastName FROM Contact WHERE CustomerID = ?"); $contacts->execute([$quote['CustomerID']]); // Fetch sales people $techs = $pdo->query("SELECT TechnicianID, FirstName, LastName FROM Technician")->fetchAll(PDO::FETCH_ASSOC); // Fetch statuses $statuses = $pdo->query("SELECT QuoteStatusID, StatusDescription FROM QuoteStatus")->fetchAll(PDO::FETCH_ASSOC); echo "<br><br>"; echo "<form method='POST' action='Quotes.php?action=update_quote&id={$quoteId}'>"; // 🌟 Header layout (3 columns) echo <<<HTML <br><br> <div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 20px;"> <!-- Customer name (left) --> <div style="flex: 1; text-align: left;"> <strong>Customer:</strong> {$quote['CompanyName']} </div> <!-- Quote Title (center-left) --> <div style="flex: 1; text-align: center;"> <span>{$quote['QuoteTitle']}</span> <button type="button" onclick="openQuoteTitlePopup({$quote['QuoteID']})" style="border: none; background: none; cursor: pointer;">✏️</button> </div> <!-- Contact (center-right) --> <div style="flex: 1; text-align: center;"> <label><strong>Contact:</strong></label> <span> HTML; // Close heredoc to insert PHP logic $contactName = ''; $contactStmt = $pdo->prepare("SELECT FirstName, LastName FROM Contact WHERE ContactID = ?"); $contactStmt->execute([$quote['QuotecontactID']]); if ($contactRow = $contactStmt->fetch(PDO::FETCH_ASSOC)) { $contactName = htmlspecialchars($contactRow['FirstName'] . ' ' . $contactRow['LastName']); } echo $contactName ?: "<em>No Contact Selected</em>"; echo " <button type='button' onclick='openContactEditPopup({$quoteId})' title='Edit Contact' style='margin-left: 6px; font-size: 14px; border: none; background: none; cursor: pointer;'>👤</button>"; echo "</span><br><label><strong>Sales Person:</strong></label> <span>"; // Insert PHP logic for Sales Person $salesPersonName = ''; $salesStmt = $pdo->prepare("SELECT FirstName, LastName FROM Technician WHERE TechnicianID = ?"); $salesStmt->execute([$quote['SalesPerson']]); if ($salesRow = $salesStmt->fetch(PDO::FETCH_ASSOC)) { $salesPersonName = htmlspecialchars($salesRow['FirstName'] . ' ' . $salesRow['LastName']); } echo $salesPersonName ?: "<em>Not Assigned</em>"; echo " <button type='button' onclick='openSalesPersonEditPopup({$quoteId})' title='Edit Sales Person' style='margin-left: 6px; font-size: 14px; border: none; background: none; cursor: pointer;'>👤</button>"; echo "</span>"; // Resume heredoc echo <<<HTML </span> HTML; $escapedNotes = htmlspecialchars($quote['Notes']); // Close previous heredoc and resume HTML echo <<<HTML </select> </div> <!-- Quote ID and Date Created (right) --> <div style="flex: 1; text-align: right;"> <strong>Quote #{$quote['QuoteID']}</strong><br> <small> <strong>Date Created:</strong> {$quote['DateCreated']} <button type="button" onclick="openDateEditPopup({$quote['QuoteID']})" style="border: none; background: none; cursor: pointer;"> 📅 </button> </small> <div style="margin-top: 6px;"> <small> <strong>Quote Expiry Date:</strong> {$quote['QuoteExpireyDate']} <button type="button" onclick="openExpiryEditPopup({$quote['QuoteID']})" style="border: none; background: none; cursor: pointer;"> 📅 </button> </small> </div> <div style="margin-top: 8px;"> <label style="font-size: 13px;"><strong>Quote Notes:</strong></label> <button type="button" onclick="openNotesPopup({$quote['QuoteID']})" title="View & Edit Notes" style="border: none; background: none; cursor: pointer;">🔍</button> </div> <!-- Hidden field to keep existing notes in form --> <input type="hidden" name="Notes" value="{$escapedNotes}"> HTML; // ✅ Determine current status text $currentStatusText = ''; foreach ($statuses as $status) { if ($status['QuoteStatusID'] == $quote['StatusID']) { $currentStatusText = htmlspecialchars($status['StatusDescription']); break; } } // ✅ Output status row echo <<<HTML <div style="margin-top: 8px;"> <label style="font-size: 13px;"><strong>Status:</strong></label> <span style="margin-left: 6px; font-weight: bold;">{$currentStatusText}</span> <button type="button" onclick="openStatusEditPopup({$quote['QuoteID']})" title="Edit Status" style="border: none; background: none; cursor: pointer;">✏️</button> </div> </div> </div> HTML; // 🔍 Quote Notes with popup button //$escapedNotes = htmlspecialchars($quote['Notes']); //echo <<<HTML //<div style="margin-bottom: 10px;"> // <label><strong>Quote Notes:</strong></label> // <button type="button" onclick="openNotesPopup({$quote['QuoteID']})" title="View & Edit Notes" style="margin-left: 8px; font-size: 16px;">🔍</button> //</div> //<!-- Hidden field to keep existing notes in form --> //<input type="hidden" name="Notes" value="{$escapedNotes}"> //HTML; // echo "</select><br><br>"; // 🧾 Quote Items Header and Add Button echo <<<HTML <hr style="margin: 20px 0;"> <div style="display: flex; justify-content: space-between; align-items: center;"> <h4 style="margin: 0;">Quote Items</h4> <button type="button" onclick="openAddItemPopup({$quote['QuoteID']})" title="Add Item" style="font-size: 16px; cursor: pointer;"> ➕ Add Item </button> </div> <table border="1" cellpadding="6" cellspacing="0" width="100%" style="margin-top: 10px; text-align: left;"> <thead> <tr> <th>Product Name</th> <th>Description</th> <th>Quantity</th> <th>WS Ex Per Unit</th> <th>Sell Ex Per Unit</th> <th>Sell Tot Ex</th> <th>Sell Tot Inc</th> <th>GST</th> <th>Del</th> </tr> </thead> <tbody> HTML; // Fetch quote items // Fetch quote items $itemsStmt = $pdo->prepare(" SELECT qi.quote_item_id, qi.product_id, qi.service_id, qi.WSExPerUnit, qi.SellExPerUnit, qi.SellTotalEx, qi.SellTotalInc, qi.quantity, qi.discount, qi.GSTAmount, qi.custom_description, qi.is_custom_item, p.product_name, p.description FROM QuoteItems qi LEFT JOIN Products p ON qi.product_id = p.product_id WHERE qi.quote_id = ? "); $itemsStmt->execute([$quoteId]); $quoteItems = $itemsStmt->fetchAll(PDO::FETCH_ASSOC); // Loop if (count($quoteItems) > 0) { echo "<!-- Entering quoteItems loop -->"; foreach ($quoteItems as $item) { echo "<!-- Looping item: quote_item_id = {$item['quote_item_id']} -->"; echo "<!-- DEBUG quote_item_id: {$item['quote_item_id']} -->"; // 🔍 Debug line $isCustom = $item['is_custom_item'] ?? 0; $productName = $isCustom ? 'Custom Item' : ($item['product_name'] ?? '—'); $description = $isCustom ? ($item['custom_description'] ?? '—') : ($item['description'] ?? '—'); echo "<tr>"; echo "<td>" . htmlspecialchars($productName) . "</td>"; echo "<td>" . htmlspecialchars($description) . "</td>"; // Quantity with 🛠 button $quoteItemId = (int)$item['quote_item_id']; echo "<td>" . htmlspecialchars($item['quantity']) . ""; echo "<button type=\"button\" onclick=\"openEditQuantityPopup(" . (int)$item['quote_item_id'] . ", " . (int)$quoteId . ")\" title=\"Edit Quantity\" style=\"border: none; background: none; cursor: pointer; font-size: 14px;\"> 🛠 </button>"; echo "</td>"; echo "<td>" . number_format((float)$item['WSExPerUnit'], 2) . "</td>"; echo "<td>" . number_format((float)$item['SellExPerUnit'], 2) . "</td>"; echo "<td>" . number_format((float)$item['SellTotalEx'], 2) . "</td>"; echo "<td>" . number_format((float)$item['SellTotalInc'], 2) . "</td>"; echo "<td>" . number_format((float)$item['GSTAmount'], 2) . "</td>"; // Delete button echo "<td style='text-align: center;'> <form method='POST' action='Quotes.php?action=edit_quote&id=" . (int)$quoteId . "' onsubmit=\"return confirm('Are you sure you want to delete this item?');\" style='display:inline;'> <input type='hidden' name='delete_item_id' value='" . (int)$item['quote_item_id'] . "'> <button type='submit' style='border:none; background:none; color:red; font-size:16px;'>❌</button> </form> </td>"; echo "</tr>"; } } else { echo "<tr><td colspan='9' style='text-align:center;'><em>No items added yet.</em></td></tr>"; } // Resume heredoc echo <<<HTML </tbody> </table> HTML; // 💰 Totals (read-only) echo "<br><label>Ex. Total:</label> {$quote['QuoteEXTotal']}<br>"; echo "<label>Tax Total:</label> {$quote['QuoteTaxTotal']}<br>"; echo "<label>Inc. Total:</label> {$quote['QuoteIncTotal']}<br>"; echo "<label>Our Buy Total (Ex):</label> {$quote['QuoteOurBuytotalEx']}<br><br>"; //echo "<button type='button' onclick='openUpdateTotalsPopup({$quoteId})'>📊 Update Totals</button>"; echo "<button type=\"button\" onclick=\"openUpdateTotalsPopup({$quoteId})\">📊 Update Totals</button>"; echo "<br><br><label><strong>Total Profit (Ex GST):</strong></label> \$" . number_format($totalProfit, 2) . "<br>"; echo "<label><strong>Profit Margin:</strong></label> {$profitMargin}%<br><br>"; echo "</form>"; echo <<<JS <script> function openNotesPopup(quoteId) { const width = 800; const height = 400; const dualScreenLeft = window.screenLeft !== undefined ? window.screenLeft : screen.left; const dualScreenTop = window.screenTop !== undefined ? window.screenTop : screen.top; const screenWidth = window.innerWidth ? window.innerWidth : document.documentElement.clientWidth ? document.documentElement.clientWidth : screen.width; const screenHeight = window.innerHeight ? window.innerHeight : document.documentElement.clientHeight ? document.documentElement.clientHeight : screen.height; const left = dualScreenLeft + (screenWidth - width) / 2; const top = dualScreenTop + (screenHeight - height) / 2; window.open( "Quotes/Quote_Notes.php?id=" + quoteId, "QuoteNotes", "width=" + width + ",height=" + height + ",top=" + top + ",left=" + left + ",resizable=yes,scrollbars=yes" ); } function openQuoteTitlePopup(quoteId) { const width = 400; const height = 200; const dualScreenLeft = window.screenLeft !== undefined ? window.screenLeft : screen.left; const dualScreenTop = window.screenTop !== undefined ? window.screenTop : screen.top; const screenWidth = window.innerWidth ? window.innerWidth : document.documentElement.clientWidth ? document.documentElement.clientWidth : screen.width; const screenHeight = window.innerHeight ? window.innerHeight : document.documentElement.clientHeight ? document.documentElement.clientHeight : screen.height; const left = dualScreenLeft + (screenWidth - width) / 2; const top = dualScreenTop + (screenHeight - height) / 2; window.open( "Quotes/Edit_Quote_Title.php?id=" + quoteId, "EditQuoteTitle", "width=" + width + ",height=" + height + ",top=" + top + ",left=" + left + ",resizable=no,scrollbars=no" ); } function openDateEditPopup(quoteId) { const width = 400; const height = 200; const dualScreenLeft = window.screenLeft !== undefined ? window.screenLeft : screen.left; const dualScreenTop = window.screenTop !== undefined ? window.screenTop : screen.top; const screenWidth = window.innerWidth ? window.innerWidth : document.documentElement.clientWidth ? document.documentElement.clientWidth : screen.width; const screenHeight = window.innerHeight ? window.innerHeight : document.documentElement.clientHeight ? document.documentElement.clientHeight : screen.height; const left = dualScreenLeft + (screenWidth - width) / 2; const top = dualScreenTop + (screenHeight - height) / 2; window.open( "Quotes/Edit_Quote_Date.php?id=" + quoteId, "EditQuoteDate", "width=" + width + ",height=" + height + ",top=" + top + ",left=" + left + ",resizable=no,scrollbars=no" ); } function openStatusEditPopup(quoteId) { const width = 400; const height = 250; const dualScreenLeft = window.screenLeft !== undefined ? window.screenLeft : screen.left; const dualScreenTop = window.screenTop !== undefined ? window.screenTop : screen.top; const screenWidth = window.innerWidth || document.documentElement.clientWidth || screen.width; const screenHeight = window.innerHeight || document.documentElement.clientHeight || screen.height; const left = dualScreenLeft + (screenWidth - width) / 2; const top = dualScreenTop + (screenHeight - height) / 2; window.open( "Quotes/Edit_Quote_Status.php?id=" + quoteId, "EditQuoteStatus", "width=" + width + ",height=" + height + ",top=" + top + ",left=" + left + ",resizable=no,scrollbars=no" ); } function openExpiryEditPopup(quoteId) { const width = 400; const height = 200; const dualScreenLeft = window.screenLeft !== undefined ? window.screenLeft : screen.left; const dualScreenTop = window.screenTop !== undefined ? window.screenTop : screen.top; const screenWidth = window.innerWidth || document.documentElement.clientWidth || screen.width; const screenHeight = window.innerHeight || document.documentElement.clientHeight || screen.height; const left = dualScreenLeft + (screenWidth - width) / 2; const top = dualScreenTop + (screenHeight - height) / 2; window.open( "Quotes/Edit_Quote_Expiry.php?id=" + quoteId, "EditQuoteExpiry", "width=" + width + ",height=" + height + ",top=" + top + ",left=" + left + ",resizable=no,scrollbars=no" ); } function openContactEditPopup(quoteId) { const width = 400; const height = 200; const dualScreenLeft = window.screenLeft !== undefined ? window.screenLeft : screen.left; const dualScreenTop = window.screenTop !== undefined ? window.screenTop : screen.top; const screenWidth = window.innerWidth || document.documentElement.clientWidth || screen.width; const screenHeight = window.innerHeight || document.documentElement.clientHeight || screen.height; const left = dualScreenLeft + (screenWidth - width) / 2; const top = dualScreenTop + (screenHeight - height) / 2; window.open( "Quotes/Edit_Quote_Contact.php?id=" + quoteId, "EditQuoteContact", "width=" + width + ",height=" + height + ",top=" + top + ",left=" + left + ",resizable=no,scrollbars=no" ); } function openSalesPersonEditPopup(quoteId) { const width = 400; const height = 200; const dualScreenLeft = window.screenLeft !== undefined ? window.screenLeft : screen.left; const dualScreenTop = window.screenTop !== undefined ? window.screenTop : screen.top; const screenWidth = window.innerWidth || document.documentElement.clientWidth || screen.width; const screenHeight = window.innerHeight || document.documentElement.clientHeight || screen.height; const left = dualScreenLeft + (screenWidth - width) / 2; const top = dualScreenTop + (screenHeight - height) / 2; window.open( "Quotes/Edit_Quote_SalesPerson.php?id=" + quoteId, "EditQuoteSalesPerson", "width=" + width + ",height=" + height + ",top=" + top + ",left=" + left + ",resizable=no,scrollbars=no" ); } function openAddItemPopup(quoteId) { const width = 600; const height = 400; const dualScreenLeft = window.screenLeft !== undefined ? window.screenLeft : screen.left; const dualScreenTop = window.screenTop !== undefined ? window.screenTop : screen.top; const screenWidth = window.innerWidth || document.documentElement.clientWidth || screen.width; const screenHeight = window.innerHeight || document.documentElement.clientHeight || screen.height; const left = dualScreenLeft + (screenWidth - width) / 2; const top = dualScreenTop + (screenHeight - height) / 2; window.open( "Quotes/Add_Quote_Item.php?quoteId=" + quoteId, "AddQuoteItem", "width=" + width + ",height=" + height + ",top=" + top + ",left=" + left + ",resizable=no,scrollbars=no" ); } function openUpdateTotalsPopup(quoteId) { const width = 400; const height = 200; const left = (window.innerWidth - width) / 2; const top = (window.innerHeight - height) / 2; window.open( `Quotes/Update_Quote_Totals.php?quoteId=${quoteId}`, 'UpdateQuoteTotals', `width=${width},height=${height},top=${top},left=${left},resizable=no,scrollbars=no` ); } function openEditQuantityPopup(quoteItemId, quoteId) { const width = 400; const height = 200; const dualScreenLeft = window.screenLeft !== undefined ? window.screenLeft : screen.left; const dualScreenTop = window.screenTop !== undefined ? window.screenTop : screen.top; const screenWidth = window.innerWidth || document.documentElement.clientWidth || screen.width; const screenHeight = window.innerHeight || document.documentElement.clientHeight || screen.height; const left = dualScreenLeft + (screenWidth - width) / 2; const top = dualScreenTop + (screenHeight - height) / 2; window.open( `Quotes/Edit_Quote_Quantity.php?quote_item_id=${quoteItemId}&quote_id=${quoteId}`, "EditQuoteQuantity", "width=" + width + ",height=" + height + ",top=" + top + ",left=" + left + ",resizable=no,scrollbars=no" ); } </script> JS; } ?> This is the full Quote_Functions.php code and this is the Quotes.php below that calls the functions. <?php //ini_set('display_errors', 1); //ini_set('display_startup_errors', 1); //error_reporting(E_ALL); session_start(); // Check if the user is logged in if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] !== true) { header("Location: /login.php"); exit(); } // Include necessary files include 'Functions/Common_Functions.php'; include 'Functions/Quote_Functions.php'; include 'Functions/db_con.php'; include 'Functions/Button_Quotes.php'; // Left menu buttons // ✅ Handle Quote Creation BEFORE output // ✅ Handle Quote Creation Before Output if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_GET['action']) && $_GET['action'] === 'create_quote') { $customerId = $_POST['selectedCustomerId'] ?? null; $quoteTitle = $_POST['quoteTitle'] ?? ''; $quoteDate = $_POST['quoteDate'] ?? ''; $quoteNotes = $_POST['quoteNotes'] ?? ''; if ($customerId && $quoteTitle && $quoteDate) { $stmt = $pdo->prepare("INSERT INTO Quote (CustomerID, QuoteTitle, Notes, DateCreated, StatusID, QuoteEXTotal, QuoteIncTotal, QuoteTaxTotal, QuoteOurBuytotalEx) VALUES (?, ?, ?, ?, ?, 0.00, 0.00, 0.00, 0.00)"); $stmt->execute([$customerId, $quoteTitle, $quoteNotes, $quoteDate, 1]); $newQuoteId = $pdo->lastInsertId(); header("Location: Quotes.php?action=edit_quote&id=" . $newQuoteId); exit(); } else { echo "❌ Missing required data."; exit(); } } // ✅ Display main menu func_header(); menu_items(); // ✅ Begin layout echo "<div class='main-container'>"; // ✅ Left-side menu echo "<div class='side-menu'>"; echo "<h4 style='color: white; text-align: center;'>Quotes</h4>"; renderQuotesButtons(); echo "</div>"; // ✅ Right-side content echo "<div class='right-content'>"; // ✅ Routing by action if (isset($_GET['action'])) { switch ($_GET['action']) { case 'new_quote': echo "<h2 style='text-align: left;'>Create New Quote</h2>"; renderQuoteTopButtons(); renderNewQuoteFormWithClientSearch(); break; case 'all_quotes': echo "<h2 style='text-align: left;'>All Quotes</h2>"; break; case 'pending_quotes': echo "<h2 style='text-align: left;'>Pending Quotes</h2>"; break; case 'approved_quotes': echo "<h2 style='text-align: left;'>Approved Quotes</h2>"; break; case 'rejected_quotes': echo "<h2 style='text-align: left;'>Rejected Quotes</h2>"; break; case 'expired_quotes': echo "<h2 style='text-align: left;'>Expired Quotes</h2>"; break; case 'draft_quotes': echo "<h2 style='text-align: left;'>Draft Quotes</h2>"; break; case 'converted_quotes': echo "<h2 style='text-align: left;'>Converted Quotes</h2>"; break; case 'search_quotes': echo "<h2 style='text-align: left;'>Search Quotes</h2>"; break; case 'customer_quotes': echo "<h2 style='text-align: left;'>Customer Quotes</h2>"; break; case 'quote_reports': echo "<h2 style='text-align: left;'>Quote Reports</h2>"; break; case 'quote_settings': echo "<h2 style='text-align: left;'>Quote Settings</h2>"; echo ' <table border="1"> <tr><th>Feature</th><th>Action</th></tr> <tr> <td>Import/Update Products</td> <td><button id="importProducts">Import</button> <span id="syncStatus"></span></td> </tr> <tr> <td>Sync Contacts</td> <td><button id="syncContacts">Sync</button> <span id="syncContactsStatus"></span></td> </tr> <tr> <td>Update Vendors</td> <td><button id="manageVendors">Manage</button></td> </tr> </table> <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script> <script> $(document).ready(function () { $("#importProducts").click(function () { $("#syncStatus").text("Importing..."); $.post("Functions/Product_Functions.php", { sync_products: true }, function (response) { $("#syncStatus").text(response); }).fail(function () { $("#syncStatus").text("Error importing products."); }); }); $("#syncContacts").click(function () { $("#syncContactsStatus").text("Syncing contacts..."); $.post("Functions/Syncro_Contact_Sync.php", { sync_contacts: true }, function (response) { $("#syncContactsStatus").text(response); }).fail(function () { $("#syncContactsStatus").text("❌ Error syncing contacts."); }); }); $("#manageVendors").click(function () { window.open("Vendors/Manage_Vendors.php", "ManageVendors", "width=600,height=400"); }); }); </script>'; break; case 'edit_quote': $quoteId = $_GET['id'] ?? null; // 👇 Handle delete quote item if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_item_id'])) { $itemIdToDelete = $_POST['delete_item_id']; $deleteStmt = $pdo->prepare("DELETE FROM QuoteItems WHERE quote_item_id = ?"); $deleteStmt->execute([$itemIdToDelete]); } if ($quoteId) { renderEditQuoteForm($pdo, $quoteId); } else { echo "<p>❌ Quote ID is missing.</p>"; } break; default: echo "<h2>Quotes Dashboard</h2><p>Welcome to the Quotes Dashboard. Choose an option from the left menu.</p>"; break; } } else { echo "<h2>Quotes Dashboard</h2><p>Welcome to the Quotes Dashboard. Choose an option from the left menu.</p>"; } echo "</div>"; // End right-content echo "</div>"; // End main-container ?>

a test page works for me (uses the correct quoteItemId matching the clicked button, both in the javascript and in the php code) in chrome, edge, and firefox, but i don't have all the code on your page. the only changes i made to the //loop code is to add a <table> tag before it and comment out the 5 lines with number_format() calls, since i didn't want to make up fake data to loop over for these. do you have some event listener for 'buttons' that could be affecting this? this is acting like some broken markup is causing all those buttons to call the last openEditQuantityPopup(...), instead of the correct one or all the buttons are being clicked and you are seeing the end result from the last such operation. i would console.log the quoteItemId value inside the openEditQuantityPopup() faction, so that you can see how many times it gets called, and with what value as an input. in the end, you will need to post all the code on that page that's necessary to reproduce the problem.

Ok here goes hope i can explain this correctly. Im building an internal quoting system THE PROBLEM: . These buttons 1, 2, and 3 when code is inspected all have the correct quote_item_id However when you click on any change quantity the javascript brings up the popup with the very last line items quote_item_id every time. THE CODE: This bit of code is whats doing the work // Loop if (count($quoteItems) > 0) { echo "<!-- Entering quoteItems loop -->"; foreach ($quoteItems as $item) { echo "<!-- Looping item: quote_item_id = {$item['quote_item_id']} -->"; echo "<!-- DEBUG quote_item_id: {$item['quote_item_id']} -->"; // 🔍 Debug line $isCustom = $item['is_custom_item'] ?? 0; $productName = $isCustom ? 'Custom Item' : ($item['product_name'] ?? '—'); $description = $isCustom ? ($item['custom_description'] ?? '—') : ($item['description'] ?? '—'); echo "<tr>"; echo "<td>" . htmlspecialchars($productName) . "</td>"; echo "<td>" . htmlspecialchars($description) . "</td>"; // Quantity with 🛠 button $quoteItemId = (int)$item['quote_item_id']; echo "<td>" . htmlspecialchars($item['quantity']) . ""; echo "<button type=\"button\" onclick=\"openEditQuantityPopup(" . (int)$item['quote_item_id'] . ", " . (int)$quoteId . ")\" title=\"Edit Quantity\" style=\"border: none; background: none; cursor: pointer; font-size: 14px;\"> 🛠 </button>"; echo "</td>"; echo "<td>" . number_format((float)$item['WSExPerUnit'], 2) . "</td>"; echo "<td>" . number_format((float)$item['SellExPerUnit'], 2) . "</td>"; echo "<td>" . number_format((float)$item['SellTotalEx'], 2) . "</td>"; echo "<td>" . number_format((float)$item['SellTotalInc'], 2) . "</td>"; echo "<td>" . number_format((float)$item['GSTAmount'], 2) . "</td>"; // Delete button echo "<td style='text-align: center;'> <form method='POST' action='Quotes.php?action=edit_quote&id=" . (int)$quoteId . "' onsubmit=\"return confirm('Are you sure you want to delete this item?');\" style='display:inline;'> <input type='hidden' name='delete_item_id' value='" . (int)$item['quote_item_id'] . "'> <button type='submit' style='border:none; background:none; color:red; font-size:16px;'>❌</button> </form> </td>"; echo "</tr>"; } } else { echo "<tr><td colspan='9' style='text-align:center;'><em>No items added yet.</em></td></tr>"; } And this is the javascript calling the popup window function openEditQuantityPopup(quoteItemId, quoteId) { const width = 400; const height = 200; const dualScreenLeft = window.screenLeft !== undefined ? window.screenLeft : screen.left; const dualScreenTop = window.screenTop !== undefined ? window.screenTop : screen.top; const screenWidth = window.innerWidth || document.documentElement.clientWidth || screen.width; const screenHeight = window.innerHeight || document.documentElement.clientHeight || screen.height; const left = dualScreenLeft + (screenWidth - width) / 2; const top = dualScreenTop + (screenHeight - height) / 2; window.open( `Quotes/Edit_Quote_Quantity.php?quote_item_id=${quoteItemId}&quote_id=${quoteId}`, "EditQuoteQuantity", "width=" + width + ",height=" + height + ",top=" + top + ",left=" + left + ",resizable=no,scrollbars=no" ); } and this is the Edit_Quote_Quantity.php that run when button is clicked <?php var_dump($_GET); include '../Functions/db_con.php'; $quoteItemId = $_GET['quote_item_id'] ?? null; $quoteId = $_GET['quote_id'] ?? null; if (!$quoteItemId || !$quoteId) { echo "Missing parameters."; exit; } // Get current quantity $stmt = $pdo->prepare("SELECT quantity FROM QuoteItems WHERE quote_item_id = ?"); $stmt->execute([$quoteItemId]); $item = $stmt->fetch(PDO::FETCH_ASSOC); $currentQty = $item['quantity'] ?? 1; if ($_SERVER['REQUEST_METHOD'] === 'POST') { $newQty = (int)$_POST['quantity']; // Update quantity $update = $pdo->prepare("UPDATE QuoteItems SET quantity = ? WHERE quote_item_id = ?"); $update->execute([$newQty, $quoteItemId]); echo "<script>window.opener.location.reload(); window.close();</script>"; exit; } ?> <!DOCTYPE html> <html> <head> <title>Edit Quantity</title> </head> <body style="font-family: Arial; padding: 20px;"> <h3>Edit Quantity</h3> <form method="POST"> <label>New Quantity:</label><br> <input type="number" name="quantity" value="<?= htmlspecialchars($currentQty) ?>" min="1" required><br><br> <button type="submit">Update</button> </form> </body> </html> The process actually works however it always changes the quantity to the last line item called up in the foreach loop. Been racking my brains for a day on this one trying to work it out.

To avoid sql injection, use prepared statements. In your register page, you don't have call session_start() twice. Also, you should compare admin password in this format: if ($admin_password == "???")

Hi In my registration page I am taking the password as hashed as below: register.php: <?php session_start(); include("header.php"); $user_email = ""; $email_error = ""; $user_password_error = ""; $confirm_password_error = ""; $admin_password_error = ""; $isadmin = 0; if($_SERVER["REQUEST_METHOD"] == "POST") { $user_email = $_POST["email"]; $user_password = $_POST["password"]; $confirm_password = $_POST["confirmpassword"]; $admin_password = $_POST["adminpassword"]; $isadmin = $_POST["isadmin"]; $error = false; $hashedPass = password_hash($user_password, PASSWORD_DEFAULT); include('connect.php'); $sqlSelect = "SELECT username_email FROM login_users where username_email = '$user_email'"; $result = mysqli_query($conn,$sqlSelect); $count = mysqli_num_rows($result); if ($count == 1) { $email_error = "user email is already in use!"; $error = true; } else { if ($isadmin == 1) { if ($admin_password == "???") { $sqlInsert = "INSERT INTO login_users(username_email,password,IsAdmin) VALUES ('$user_email','$hashedPass','$isadmin')"; if(mysqli_query($conn,$sqlInsert)) { session_start(); header('Location: http://www.ramiwahdan.org/login.php', true); } else { die("Something went wrong"); } } else { $admin_password_error = "You entered the wrong Admin Password!"; $error = true; } } else { $sqlInsert = "INSERT INTO login_users(username_email,password,IsAdmin) VALUES ('$user_email','$hashedPass','$isadmin')"; if(mysqli_query($conn,$sqlInsert)) { session_start(); header('Location: http://www.ramiwahdan.org/login.php', true); } else { die("Something went wrong"); } } } } ?> in my login page I am checking if the entered password is the same as the one in my database but I am getting wrong password message, why is that? login.php: $test2 = 1; if($_SERVER["REQUEST_METHOD"] == "POST") { $myusername = mysqli_real_escape_string($db,$_POST['email']); $mypassword = mysqli_real_escape_string($db,$_POST['password']); $sql = "SELECT * FROM login_users WHERE username_email = '$myusername' and IsAdmin = $test2"; $result = mysqli_query($db, $sql); $count = mysqli_num_rows($result); if($count == 1) { // $row['password'] is hashed from the above register.php code while($row = $result->fetch_assoc()) { if (password_verify($mypassword, $row['password'])) { echo 'Password is valid!'; } else { echo 'Invalid password.'; } } exit(); } } Why is that?

This isn't directly related to your question, but you should consider using cloudflare that will give you a free CDN/Edge cache for your site, increasing performance and saving you bandwidth. Going to assume that your app is using PHP Sessions. If so, you need to review this setting as a first step. The only other thing I can suggest is that in a case like this, is that hopefully you have a mac, and can use a cable to connect to the phone and use the safari develop menu. I'd also likely open a tail on the server so I can see the requests coming into the server. You certainly want to question your assumptions as to what is happening as the app runs. The typical complaint in regards to safari is not lack of caching but the opposite -- aggressive caching that makes it hard to unload/clear the cache when developing/testing. Your server environment is also an essential component with different options that can be used to configure the server (apache/nginx/etc) in how it handles different types of files.

So it's something that you put in header.php that you didn't show the code for. You need to understand that when you print something out, the browser sends an HTTP response to the request. Thus the HTTP header is composed and sent. This is not the way to do a redirect -- using meta refresh. You should be doing that in the HTTP header using a location, and that code should be followed by an exit. <?php session_start(); if (!empty($_SESSION['admin'])) { header('Location:/login.php'); exit(); } // This user is admin