I was attempting to write a password-protect page in php
<?php
$pass = $_POST['pass'];
if(password_verify($user, '$argon2i$v=19$m=2048,t=4,p=3$Y3NGc25QQ1k1cTBkTHZNRg$skaHiTZAiAYB2bwme/KBhRujlJNXWd7jkji4vP5t5zM')) //hash is Admin
{
header("Location: secure.html");
exit();
}
else
{
if(isset($_POST))
{?>
<form method="POST" action="index.php">
Pass <input type="password" name="pass"></input><br/>
<input type="submit" name="submit" value="Go"></input>
</form>
<?}
}
?>
However, I keep getting the error:
PHP Parse error: Unclosed '{' on line 15 in /home/cody/Desktop/code/Web/secureSignIn/index.php on line 25
This error was not present when working with PHP on Replit. Can anyone explain why this error is showing?
I tried replacing <? with <?php, adding <? php error_reporting(0); ?>, and using echo to run the HTML (Which only printed it to console and did not execute.
This should work:
put the <?php starttag in a seperate line
start again with <?php and not only <?
<?php
$pass = $_POST['pass'];
if(password_verify($user, '$argon2i$v=19$m=2048,t=4,p=3$Y3NGc25QQ1k1cTBkTHZNRg$skaHiTZAiAYB2bwme/KBhRujlJNXWd7jkji4vP5t5zM')) //hash is Admin
{
header("Location: secure.html");
exit();
}
else
{
if(isset($_POST))
{?>
<form method="POST" action="index.php">
Pass <input type="password" name="pass"></input><br/>
<input type="submit" name="submit" value="Go"></input>
</form>
<?php
}
}
?>
Related
but some how the page is not showing any error message. also it is not redirecting to the page where i want to redirect it after successful login. i want the login page to be redirected at home page and show the message and when the logout link is clicked the page again come back to the login page
<?php
session_start();
error_reporting(E_ALL ^ E_NOTICE);
?>
<?php
if($_REQUEST["logout"]=='yes'){
unset($_SESSION["login"]);
}
?>
<html>
<body>
<form action="" method="post">
<label>Username</label><input type="text" name="unametxt" value="<?php echo $_post["unametxt"]; ?>" />
<label>Password</label><input type="password" value="<?php echo $_post["password"]; ?>" />
<input type="submit" name="sbt" value="Login">
</form>
<?php
if(isset($_post["sbt"]))
{
if($_post["unametxt"]== "debarun" && $_post["password"]=="1234")
{
$_SESSION["login"]="yes";
$_SESSION["uname"]=$_post["unametxt"];
$_SESSION["passwd"]=$_post["password"];
header('location:home.php');
}
else
{
echo "Please enter correct credentials";
}
}
?>
</body>
</html>
and it is my home page script:
<?php
session_start();
if(!isset($_SESSION["login"])){
session_destroy();
header('location:login.php');
}
else{
echo "Welcome".$_SESSION["uname"]."<br/>"."your password is".$_SESSION["passwd"];
}
?>
<html>
<body>
<form action="" method="post">
Logout
</form>
</body>
</html>
please
tell me why it is not working??
Add name attribute in your password element. Because of this, it cannot fetch from $_POST array and your condition will always fail.
Try this,
<label>Password</label><input type="password" name="password" value="<?php echo $_post["password"]; ?>" />
First thing $_post must be up letter case like this $_POST then you forgot to specify name="password" to password input field
take a look
<?php
session_start();
error_reporting(E_ALL ^ E_NOTICE);
?>
<?php
if($_REQUEST["logout"]=='yes'){
unset($_SESSION["login"]);
}
?>
<html>
<body>
<form action="" method="post">
<label>Username</label><input type="text" name="unametxt" value="<?php echo $_POST["unametxt"]; ?>" />
<label>Password</label><input type="password" name="password" value="<?php echo $_POST["password"]; ?>" />
<input type="submit" name="sbt" value="Login">
</form>
<?php
if(isset($_POST["sbt"]))
{
echo $_POST["password"];
if($_POST["unametxt"] == "debarun" and $_POST["password"] == "1234")
{
$_SESSION["login"]="yes";
$_SESSION["uname"]=$_POST["unametxt"];
$_SESSION["passwd"]=$_POST["password"];
header('location:home.php');
}
else
{
echo "Please enter correct credentials";
}
}
?>
</body>
</html>
Put all those validation code at the top. Nothing should be sent to the browser before redirecting. Not even an empty line.
Also, make the L in location capital
header("Location: home.php");
I've got an if statement to check if a variable within the $_SESSION is active and set, and if it is then a message is returned to the user. Here's my header.php:
<?php
$conn = HIDDEN;
session_start();
$username = '';
$_SESSION['username'] = $username;
?>
<header>
<!DOCTYPE html>
<link rel="stylesheet" type="text/css" href="style/main.css">
<title>webshop</title>
</header>
<div id="LogIn">
<?php
if (isset($_SESSION['username']))
{
echo "its working";
} else {
?><form class="form1" method="post" action="" id="form1">
<fieldset>
<ul>
<p>Please enter your username to continue to the webshop.</p>
<label for="name">User Name:</label><span><input type="text" name="username" placeholder="User Name" class="required" role="input" aria-required="true"/></span>
<input class="submit .transparentButton" value="Next" type="submit" name="Submit"/>
</ul>
<br/>
</fieldset>
</form>
<?php } ?>
</div>
<?php
if (isset($_POST['Submit'])) {
$_SESSION['username'] = $_POST['username'];
}
?>
<?php
if (isset($_POST['Submit'])) {
$_SESSION['username'] = $_POST['username'];
// Use the following code to print out the variables.
echo 'Session: '.$_SESSION['username'];
echo '<br>';
echo 'POST: '.$_POST['username'];
}
?>
The first time running, or before the user logs out (to be implemented later), the site should prompt for a username to be entered and then upon refreshing the page the welcome message should be display.
As of right now the code simply returns "it's working" despite no variable in $username existing. The code:
<?php
if (isset($_POST['Submit'])) {
$_SESSION['username'] = $_POST['username'];
// Use the following code to print out the variables.
echo 'Session: '.$_SESSION['username'];
echo '<br>';
echo 'POST: '.$_POST['username'];
}
?>
should print out the variable underneath the welcome message, or nothing at all if it's empty. As of right now, the welcome message "it's working" is displayed always but no variables are in $username. Can anyone tell me why?
Thanks in advance.
$_SESSION['username'] is SET/NULL but is EMPTY you should try !empty() instead if isset(). See below.
<?php
if (!empty($_SESSION['username']))
{
echo "its working";
} else {
?><form class="form1" method="post" action="" id="form1">
<fieldset>
<ul>
<p>Please enter your username to continue to the webshop.</p>
<label for="name">User Name:</label><span><input type="text" name="username" placeholder="User Name" class="required" role="input" aria-required="true"/></span>
<input class="submit .transparentButton" value="Next" type="submit" name="Submit"/>
</ul>
<br/>
</fieldset>
</form>
<?php } ?>
EDIT 2
As to the comment.
IF statement needed to tell if there was a submit if there was don't display the form else display the form. See below Code
<?php
$conn = ""; //HIDDEN kept throwing error whilst I was testing
session_start();
$username = '';
$_SESSION['username'] = $username;
?>
<header>
<!DOCTYPE html>
<link rel="stylesheet" type="text/css" href="style/main.css">
<title>webshop</title>
</header>
<div id="LogIn">
<?php
if (isset($_POST['Submit'])) {
$_SESSION['username'] = $_POST['username'];
$_SESSION['username'] = $_POST['username'];
// Use the following code to print out the variables.
echo 'Session: '.$_SESSION['username'];
echo '<br>';
echo 'POST: '.$_POST['username'];
} else {
if (!empty($_SESSION['username']))
{
echo "its working";
} else {
?><form class="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']?>" id="form1">
<fieldset>
<ul>
<p>Please enter your username to continue to the webshop.</p>
<label for="name">User Name:</label><span><input type="text" name="username" placeholder="User Name" class="required" role="input" aria-required="true"/></span>
<input class="submit transparentButton" value="Next" type="submit" name="Submit"/> //removed css selector .
</ul>
<br/>
</fieldset>
</form>
<?php } } ?>
</div>
The isset() checks only whether the variable is set or not and it returns true since it is initialized to null string. Here you have to use !empty().
if (isset($_SESSION['username']) && !empty($_SESSION['username'])) {
}
Just a quick solution is to change
if (isset($_SESSION['username']))
to
if (strlen($_SESSION['username']) > 0)
That will work. Im guessing it because technically u did set username so it isset but if u check the length u know its not empty
Working on echoing the users questions out so far I can insert the values and this is working thru the php admin but its not working thru , the form on the users profile page?
The error says ,"Call to a member function query() on a non-object in profile.php on line 82" The php code on this line is as follows
$query1=$db->query("SELECT id,title,question,username FROM QnA WHERE username='$dbusername'");
The rest of profile.php is below
<?php
session_start();
$dusername=$_GET['username'];
if (isset($dusername)){
require('connect.php');
$userquery =$db->query("SELECT id,firstname,username,lastname,email FROM users WHERE username = '".$dusername."'");
while ($row =$userquery->fetch()){
$id=$row["id"];
$dbusername =$row["username"];
$dfirstname = $row["firstname"];
$demail =$row["email"];
$dlastname =$row["lastname"];
}
}
?>
<html>
<head><title><?php echo $dfirstname;?></title>
<link rel="stylesheet" href="stylesheets/profile.css" type="text/css">
</head>
<body>
<div id="container">
<?php
echo'
<div id="qform"><center>
<form action="ask.php" method="post">
<b>Title</b>
<br/>
<input type ="text" name="title"/>
<br/>
<b>Question</b>
<br/>
<textarea name="question"></textarea>
<br/>
<b>This is to make sure your not a robot 2+2=</b>
<input type="text" name="plus"/>
<br/>
<input type="submit" value="Submit"name="submit"/>
</form></center>
</div>
';
?>
<div id="questions">
<?php
$query1=$db->query("SELECT id,title,question,username FROM QnA WHERE username='$dbusername'");
//$query2=$db->query("SELECT * FROM answers");
while($asked=$query1->fetch()){
if($asked['username']==$dbusername){
echo '<div class="asked"><b>Title</b><br/><b> ',$asked['title'],'</b> <hr/><br/><b>Question</b><br/><b>',$asked['question'],'</b></div><br/><br/>';
}
else if(!$asked['username']==$dbusername){
error_reporting(E_ALL);
echo 'No questions have been asked';
}
}
?>
</div>
</div>
</center>
</body>
</html>
The form is in the profile.php the action for the form is in a separate file named ask.php which is below.
<?php
//form action below
require('profile.php');
session_start();
require('connect.php');
$plus=$_POST['plus'];
$title=$_POST['title'];
$question=$_POST['question'];
$dusername=$_SESSION['username'];
if(isset($_POST['submit'])){
if(!empty($_POST['title']) && !empty($_POST['question'])&& $plus==4){
$query="INSERT INTO `QnA` (id,title,question,username) VALUES (?,?,?,?)";
$query=$db->prepare($query);
$query->execute(array(' ',$title,$question,$dusername));
echo'succes';
header("Location: profile.php");
}
else{
error_reporting(E_ALL);
echo " Fill in all Slots or you gave the wrong answer to the security question";
}
}
?>
The below code is not returning True at all :
if(isset($_POST['username'])){
that's why it is going in else statement.
You are using isset function for username field, but you should check for Submit button. Try replacing following lines :
<input type="submit" value="Log In" />
to
<input type="submit" value="Log In" name="submitbtn" />
AND
if(isset($_POST['username'])){
to
if(isset($_POST['submitbtn'])){
It should work then :)
You have error in you query add space between ANDpassword=', maybe this should work
$query="SELECT * FROM users WHERE username='".$username."' AND password='".$password."' LIMIT 1" ;
to debug you error try
$res = mysql_query($query) or die(mysql_error());
Take note this query is vulnerable in SQL Injection, maybe you should try using mysqli or PDO for security purposes.
How can I prevent SQL injection in PHP?
Try this :
<form action="login.php" method="post" >
<table>
<tr>
<td>Username: </td><td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password: </td><td><input type="password" name="password" id ="password"/></td>
</tr>
</table>
<input type="submit" value="Log In" />
<input type="button" value="Register" onClick="location.href='register.php'" />
</form>
</body>
</html>
<?php
require('connect.php');
session_start();
if ($_SESSION['username'])
{
header("Location: home.php");
}
else{
if(isset($_POST['username'])){
require('connect.php');
//According to user's input
$username=$_POST['username'];
$password=$_POST['password'];
$query="SELECT * FROM users WHERE username='".$username."'AND password='".$password."'";
$res = mysql_query($query);
//check username and password for match
if (mysql_num_rows($res) > 0){
//Sets username to the comment session so no username has to be input
$_SESSION['username']=$username;
// jumps to secure page
header ("Location: home.php");
}
As above mentioned you are getting 0 rows values, there may be space or some thing else in you query so do below.
echo this query
SELECT * FROM users WHERE username='".$username."' AND password='".$password."'
and execute this query manually in database and see what is happening with this query. And correct your query accordingly.
I am new using PHP and I am trying to build a content management site.
I started developing the login pages and at the start the SESSION variables were kept as normal and were working without any issues when using redirect to another page after login was confirmed.
But 2 days ago i tried to develop the forgot password functionality as well and since then and by only changing the output buffering which i just enabled I have an issue.
The SESSION variables are not carried over to the redirected page and thus the login doesn't work.
My code is below:
<?php include("../includes/session.php"); ?>
<?php require_once("../includes/db_connection.php"); ?>
<?php require_once("../includes/functions.php"); ?>
<?php require_once("../includes/validation_functions.php"); ?>
<?php
$username = "";
if (isset($_POST['submit'])) {
// Process the form
// validations
$required_fields = array("username", "password");
validate_presences($required_fields);
if (empty($errors)) {
// Attempt Login
$username = $_POST["username"];
$password = $_POST["password"];
$found_admin = attempt_login($username, $password);
//print_r($found_admin);
if ($found_admin) {
// Success
// Mark user as logged in
$_SESSION["admin_id"] = $found_admin["usr_serno"];
$_SESSION["username"] = $found_admin["username"];
redirect_to("admin.php");
} else {
// Failure
$_SESSION["message"] = "Username/password not found.";
}
}
}else if(isset($_POST['forgot'])) {
redirect_to("forgotPassword.php");
}
?>
<?php $layout_context = "admin"; ?>
<?php include("../includes/layouts/header.php"); ?>
<div id="main">
<div id="navigation">
</div>
<div id="page">
<?php echo message(); ?>
<?php echo form_errors($errors); ?>
<h2>Login</h2>
<form action="login.php" method="post">
<p>Username:
<input type="text" name="username" value="<?php echo htmlentities($username); ?>" />
</p>
<p>Password:
<input type="password" name="password" value="" />
</p>
<input type="submit" name="submit" value="Submit" />
<input type="submit" name="forgot" value="Forgot Password" />
</form>
</div>
</div>
<?php include("../includes/layouts/footer.php"); ?>
the session.php starts the session
and the admin.php will just check if the SESSION[admin_id] isset then it will show the page or else it will redirect again to login.php page, which is what happens.
Any advise or help please?
i've a problem with php session handling that i can't explain to myself.
I'm studying php from scratch, and i can't figure out how to mantain a session live:
This is my index page, where a user can login or register to the database visiting the right page, and then come back to see if he's logged in:
Code:
Index
<?php session_start(); ?>
Register
Login
<?php
if(isset($_SESSION['login']))
{
echo "Logged as: ".$_SESSION['nlogin'];
?>
<form method="post" action="<?php unset($_SESSION['login']) ?>">
<input type="button" name="logOut" value="LogOut" />
</form>
<?php
}
else
{
echo "Please Register or Login";
}
?>
In fact this work, because when i come back from login.php it says, "Logged as: Admin"
But when i click on the link to get the login page, or register page again from the index page, i should get the same message, "Logged as...", but the session appear to be closed instead. :(
here's login.php:
<?php
session_start();
include "dbConnect.php";
if(isset($_SESSION['login']))
{
echo "Logged as: ".$_SESSION['nlogin']; // IT NEVER SHOW THIS MESSAGE
}
if(isset($_POST['submit']) &&(trim($_POST['submit']) == "Login"))
{
if(!isset($_POST['user']) || $_POST['user']=="")
{
echo "Attenzione inserire l'username.";
}
elseif(!isset($_POST['pwd'])||$_POST['pwd']=="")
{
echo "Attenzione inserire la password.";
}
else
{
$u = trim(filter_var($_POST['user'], FILTER_SANITIZE_STRING));
$u = str_replace(" ","_",$u);
$p = trim(filter_var($_POST['pwd'], FILTER_SANITIZE_STRING));
$p = sha1($p);
$istance = new dbHandle;
$istance->connect();
$data = $istance->query("SELECT * FROM login WHERE username_login = '$u' AND password_login = '$p'");
if(mysql_num_rows($data) == 0)
{
echo "Failed";
echo "<a href='index.php' target='_self'> Go Back </a>";
}
else
{
echo "Logged";
$res = $istance->getdata($data);
$_SESSION['login'] = $res->id_login;
$_SESSION['nlogin'] = $res->username_login;
echo "<a href='index.php' target='_self'> Go Back </a>";
}
}
}
else
{
?>
Login
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
...
<input name="user" type="text" size="20" required="required"/>
...
<input name="pwd" type="password" size="20" required="required"/>
...
<input type="submit" name="submit" value="Login"/>
</form>
<form method="post" action="<?php unset($_SESSION['login']) ?>">
<input type="button" name="logOut" value="LogOut" />
</form>
<?php
}
$istance->disconnect();
?>
When i come back using the link above "Go Back" to the index page, it shows Logged as...
but when i come back here again, it does not.
So i assume my session were destroyed automatically? but why?
Thanks, i appreciate your help.
I forget to say that PHP.ini has
session.cookie_lifetime
set to "0"
Thanks
You are calling unset($_SESSION['login']) many times. It removes your login:
<form method="post" action="<?php unset($_SESSION['login']) ?>">
Try this:
<form method="post" action="index.php">
<input type="button" name="logOut" value="LogOut" />
</form>
<? if (isset($_REQUEST['logOut'])){ session_destroy(); } ?>
unset the session like below
if(isset($_REQUEST['logOut']))
{
unset($_SESSION['login']);
}
You check for if(isset($_SESSION['login'])).
If that results in true, you do <form method="post" action="<?php unset($_SESSION['login']) ?>">
Note the unset($_SESSION['login']) part - after that, if(isset($_SESSION['login'])) will return false.
Session overview :
<?php
// Always Start our session
session_start();
$_SESSION['username'] = 'Saurabh Singh';
$username = $_SESSION['username'];
echo $username;
if(isset($_SESSION['username']))
{
Do your action
}
else
{
echo "Please Register or Login";
}
I don't think the session has been destroyed!
I would start by first removing all the empty lines between the opening tags for php and the
session_start().
Test it again and you could add the line
error_reporting(E_ALL);
below the session_start to see if any error messages are echo(ed) back to you.
In your PHP.ini what
session.cookie_lifetime = 0
means is that the session remain active so long as the browser stays open. It's only destroyed when the browser is closed.
I hope this helps