I have a form that I am trying to use to reset passwords. I can get it to send the email out and I can click the link, but when I click the link all I get is the header. My form is not showing. I am extremely new to all of this. Any help will be much appreciated. I did search through some other posts, but none of them seemed to get me any closer to the right answer. Everything seems to work as it should, I just can't get my form to display so that I can enter the information.
<!DOCTYPE html>
<html lang="en">
<head>
<title>Reset Password Form</title>
</head>
<body>
<div class="container"><h2>Reset New Password Here</h2>
<?php
if($_GET['email'] && $_GET['token']) {
$conn = mysqli_connect("localhost", "root", "", "user");
// Check connection
if($conn === false){
die("ERROR: Could not connect. "
. mysqli_connect_error());
}
$email = $_GET['email'];
$token = $_GET['token'];
$query = mysqli_query("SELECT * FROM `customers` WHERE `reset_link_token`='".$token."' and `emailaddress`='".$email."';");
$current_date = date("Y-m-d H:i:s");
if (mysqli_num_rows($query) > 0) {
$row = mysqli_fetch_array($query);
if($row['expiry_date'] <= $current_date) { ?>
<form action="update-password.php" method="post">
<input name="email" type="hidden" value="<?php echo $email; ?>" />
<input name="reset_link_token" type="hidden" value="<?php echo $token; ?>" />
<div class="form-group"><label for="new-password">Password</label>
<input id="new-password" name="password" type="password" /></div>
<div class="form-group"><label for="confirm-password">Confirm Password</label>
<input id="confirm-password" name="confirm_password" type="password" /></div>
<input class="submit-btn" name="submit" type="submit" />
</form>
<?php }
} else {
echo "This forget password link has been expired";
}
}
?>
</div>
</body>
</html>
Related
Edit to my previous edit:
So i thought changing the isset(), would work, but my form is still not working. I have no clue why..
Edit:
I found my error. isset($_POST['password_repeatr']) is supposed to be isset($_POST['repeat_passwordr']).
Okay so i am trying to create a simple scheduling website. I wanted to try to use OOP for this program. So the registering aspect of this isn't working, and basically just refreshes the page. Nothing gets placed into the SQL database, and doesn't even set the 'user_id' session. I also get no errors. I will copy and paste the code. The most important files are, register.php, and scheduleApp.class.php.
index.php:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<link rel="stylesheet" type="text/css" href="css/normalize.css"/>
<link rel="stylesheet" type="text/css" href="css/style.css"/>
<link rel="stylesheet" type="text/css" href="css/jquery-ui.css"/>
<link rel="stylesheet" type="text/css" href="css/jquery-ui.theme.css"/>
<script type="text/javascript" src="js/jquery.min.js"></script>
<script type="text/javascript" src="js/jquery-ui.js"></script>
<script type="text/javascript" src="js/jQuery.js"></script>
<?php
require_once('core/core.php');
require_once('core/navbar.php');
require_once('core/config.php');
require_once('core/scheduleApp.class.php');
?>
<title></title>
</head>
<body>
<div class="categories">
<div></div>
</div>
</body>
</html>
register.php:
<?php
if(isset($_POST['namer']) && isset($_POST['emailr']) && isset($_POST['usernamer']) && isset($_POST['passwordr']) && isset($_POST['password_repeatr']) && isset($_POST['employee_manager'])){
$namer = $_POST['namer'];
$emailr = $_POST['emailr'];
$usernamer = $_POST['usernamer'];
$passwordr = $_POST['passwordr'];
$repeat_passwordr = $_POST['repeat_passwordr'];
$e_or_m = $_POST['employee_manager'];
$user = new ScheduleApp();
$user->createUser($namer, $emailr, $usernamer, $passwordr, $repeat_passwordr, $e_or_m);
}
?>
<form action='<?php echo $current_file;?>' method='post'>
Full Name <br/> <input type="text" name="namer" required="required" minlength="5" maxlength="50"/>
Email <br/> <input type="email" name="emailr" required="required" minlength="5" maxlength="100"/>
Username <br/> <input type="text" name="usernamer" required="required" minlength="2" maxlength="50"/>
Password <br/> <input type="password" name="passwordr" required="required" minlength="6" maxlength="100"/>
Repeat Password <br/> <input type="password" name="repeat_passwordr" required="required"/>
<div class="enm_buttons">
<div><label for="employee">Employee</label> <input type="radio" value="1" id="employee" name="employee_manager" required="required"/> </div>
<hr />
<div><label for="manager"> Manager</label> <input type="radio" value="2" id="manager" name="employee_manager" required="required"/> </div>
</div>
<button id="register_submit">Register</button>
<br/><span>OR</span><br/>
</form>
<button class="login_button" onclick="navBarSlide('.login_button', '#register_div', '#login_div')">Login</button>
scheduleApp.class.php:
<?php
class ScheduleApp{
private $mysqli;
function __construct(){
$this->mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE);
}
function __destruct(){
$this->mysqli->close();
}
public function createUser($name, $email, $username, $password, $repeat_password, $e_or_m){
if(!empty($name) && !empty($email) && !empty($username) && !empty($password) && !empty($repeat_password) && !empty($e_or_m)){
$query = "SELECT username FROM users WHERE username='".$this->mysqli->real_escape_string($username)."'";
if($result = $this->mysqli->query($query)){
$count_row = $result->num_rows;
if($count_row == 0){
$query = "SELECT email FROM users WHERE email='".$this->mysqli->real_escape_string($email)."'";
if($result = $this->mysqli->query($query)){
$count_row = $result->num_rows;
if($count_row == 0){
if($password != $repeat_password){
return "Passwords do not match";
}else{
$query = "INSERT INTO users VALUES('', '"
.$this->mysqli->real_escape_string($name)."', '"
.$this->mysqli->real_escape_string($email)."', '"
.$this->mysqli->real_escape_string($username)."', '"
.$this->mysqli->real_escape_string($password)."', '"
.$this->mysqli->real_escape_string($e_or_m)."')";
if($result = $this->mysqli->query($query)){
$query = "SELECT id FROM users WHERE username='".$this->mysqli->real_escape_string($username)."'
AND password='".$this->mysqli->real_escape_string($password)."'";
if($result = $this->mysqli->query($query)){
if($result->num_rows){
while($row = $result->fetch_array($result)){
$_SESSION["user_id"] = $row['id'];
header("Location: index.php");
}
}
}
}
}
}else{
return "That email is already in use.";
}
}
}else{
return "That username is already taken";
}
}
}else{
return "Please fill out all fields.";
}
}
}
?>
core.php:
<?php
ob_start();
session_start();
$current_file = $_SERVER['SCRIPT_NAME'];
function isloggedin(){
if(isset($_SESSION['user_id']) && !empty($_SESSION['user_id'])){
return true;
}else{
return false;
}
}
?>
navbar.php
<?php
?>
<div id="navbar_spacer"></div>
<div id="navbar">
<?php
$directory = "";
?>
<?php
if(!isloggedin()){
?>
<div id="lnr_buttons">
<button class="login_button" onclick="navBarSlide('.login_button', '#lnr_buttons', '#login_div')">Login</button><br/>
<button class="register_button" onclick="navBarSlide('.register_button', '#lnr_buttons', '#register_div')">Register</button>
</div>
<div id="login_div">
<h1>Login</h1>
<?php require_once($directory."login_register/login.php");?>
</div>
<div id="register_div">
<h1>Register</h1>
<?php require_once($directory."login_register/register.php");?>
</div>
<?php
}
?>
</div>
Few suggestions:
You have added code if the registration is successful, there is not error handling.
Form method should be kept blank if you are submitting the form to same file.
The button should have type submit.
Change
<button id="register_submit">Register</button>
to
<button id="register_submit" type="submit">Register</button>
Also, no need to fire 2 queries checking if username or email exists.
Add or condition for both.
So, your SQL should be:
$query = "SELECT username FROM users WHERE username='".$this->mysqli->real_escape_string($username)."' OR email='".$this->mysqli->real_escape_string($email)."'
Please try all these and let me know your registration form works.
I was trying to create a login page, but it doesn't seem to work. When I enter details and click login. Nothing happens. I try to login again, still nothing happens. I want to happen is when i login a popup window will appear and i will be directed to the homepage
<?php
$con = mysqli_connect("localhost","root","","onlineshop");
if (!$con) {
die("Connection failed: " . mysqli_connect_error());
}
?>
<div class = "boxlog1"
<form method="post" action="" enctype="multipart/form-data">
<input type="text" name="uname" placeholder="Username"class="username" required />
<input type="text" name="lpass" placeholder="Password" class="passwordl" required />
<input type="submit" value="Log In" class="log" name="log"/>
</form>
<p class="forget">Forget password</p>
</div>
<?php
if (isset($_POST['log'])){
$c_email = $_POST['uname'];
$c_pass = $_POST['lpass'];
$sel_c = "select * from customers where customer_pass='$c_pass' AND customer_email='$c_email'";
$run_c = mysqli_query($con, $sel_c);
$check_customer = mysqli_num_rows($run_c);
if($check_customer == 0){
echo "<script>alert('Password or Email is incorrect!')</script>";
exit();
}
else{
$_SESSION['customer_email']=$c_email;
echo "<script>alert('login!')</script>";
echo "<script>window.open('paymnet.php','_self')</script>";
}
}
?>
Add the page to the form action
For example:
<form action"login.php">
Or use
<form action"<?php echo $_SERVER['PHP_SELF']; ?>">
And close your div tag with '>', so
<div class="boxlog1">
Working example
<?php
if (!isset($_SESSION)) { session_start(); }
$con = mysqli_connect("localhost","root","","onlineshop");
if (!$con) {
die("Connection failed: " . mysqli_connect_error());
}
?>
<div class="boxlog1">
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data">
<input type="text" name="uname" placeholder="Username"class="username" required />
<input type="text" name="lpass" placeholder="Password" class="passwordl" required />
<input type="submit" value="Log In" class="log" name="log"/>
</form>
<p class="forget">Forget password</p>
</div>
<?php
if (isset($_POST['log'])){
$c_email = $_POST['uname'];
$c_pass = $_POST['lpass'];
$sel_c = "select * from customers where customer_pass='$c_pass' AND customer_email='$c_email'";
$run_c = mysqli_query($con, $sel_c);
$check_customer = mysqli_num_rows($run_c);
if($check_customer == 0){
echo "<script>alert('Password or Email is incorrect!')</script>";
exit();
} else {
$_SESSION['customer_email']=$c_email;
echo "<script>alert('login!')</script>";
echo "<script>window.open('paymnet.php','_self')</script>";
}
}
?>
And here with updated security against SQL Injection. Dont forget to encrypt your password so it cannot be stolen
<?php
if (!isset($_SESSION)) { session_start(); }
$con = mysqli_connect("localhost","root","","onlineshop");
if (!$con) {
die("Connection failed: " . mysqli_connect_error());
}
?>
<div class="boxlog1">
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data">
<input type="text" name="uname" placeholder="Username"class="username" required />
<input type="text" name="lpass" placeholder="Password" class="passwordl" required />
<input type="submit" value="Log In" class="log" name="log"/>
</form>
<p class="forget">Forget password</p>
</div>
<?php
if (isset($_POST['log']) && isset($_POST['uname']) && isset($_POST['lpass'])){
$c_email = bin2hex(htmlspecialchars($_POST['uname']));
$c_pass = bin2hex(htmlspecialchars($_POST['lpass']));
$sel_c = "SELECT * FROM customers WHERE customer_pass=UNHEX('$c_pass') AND customer_email=UNHEX('$c_email')";
$run_c = mysqli_query($con, $sel_c);
$check_customer = mysqli_num_rows($run_c);
if($check_customer === 0){
echo "<script>alert('Password or Email is incorrect!')</script>";
exit();
} else {
$_SESSION['customer_email']=$c_email;
echo "<script>alert('login!')</script>";
echo "<script>window.open('paymnet.php','_self')</script>";
}
}
?>
I did'nt changed really much. Just closed your div tag correctly and added an action. However, it does work without the action filled in.
I am trying to detect a form click using if(isset($_POST['appSelecter'])){ however it seems to not be returning true. This might be to do with the fact that my button click returns to the same page which would loose the form data i had just populated. Can someone confirm if my assumption is correct and if so - how would i need to change this?
Thanks
tried to only paste a sample piece of code to not confuse matters - seems i have made things worse - here is the full flow
<?php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--META-->
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Client Portal Login</title>
<!--STYLESHEETS-->
<link href="css/style.css" rel="stylesheet" type="text/css" />
<!--SCRIPTS-->
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
<!--Slider-in icons-->
<script type="text/javascript">
$(document).ready(function() {
$(".username").focus(function() {
$(".user-icon").css("left","-48px");
});
$(".username").blur(function() {
$(".user-icon").css("left","0px");
});
$(".password").focus(function() {
$(".pass-icon").css("left","-48px");
});
$(".password").blur(function() {
$(".pass-icon").css("left","0px");
});
});
</script>
</head>
<body>
<!--WRAPPER-->
<div id="wrapper">
<!--SLIDE-IN ICONS-->
<div class="user-icon"></div>
<div class="pass-icon"></div>
<!--END SLIDE-IN ICONS-->
<!--LOGIN FORM-->
<form name="login-form" class="login-form" action="index.php" method="post">
<!--HEADER-->
<div class="header">
<!--TITLE--><h1>Client Portal Login</h1><!--END TITLE-->
<!--DESCRIPTION--><span>Please login to your client portal</span><!--END DESCRIPTION-->
</div>
<!--END HEADER-->
<!--CONTENT-->
<div class="content">
<!--USERNAME--><input name="username" type="text" class="input username" value="Username" onfocus="this.value=''" /><!--END USERNAME-->
<!--PASSWORD--><input name="password" type="password" class="input password" value="Password" onfocus="this.value=''" /><!--END PASSWORD-->
</div>
<!--END CONTENT-->
<!--FOOTER-->
<div class="footer">
<!--LOGIN BUTTON--><input type="submit" name="submit" value="Login" class="button" /><!--END LOGIN BUTTON-->
<!--REGISTER BUTTON--><input type="submit" name="submit" value="Register" class="register" /><!--END REGISTER BUTTON-->
</div>
<!--END FOOTER-->
</form>
<?php
include("application.php");
if(isset($_POST['submit'])){
$username=$_POST["username"];
$password=$_POST["password"];
$userid = logUserIn($username, $password);
if($userid > 0){
$applicationsForUser = getAppInformation($userid);
printUserApplicationSelectionForm($applicationsForUser);
if(isset($_POST['appSelecter'])) {
echo "this is a test message";
}
}
}
function printUserApplicationSelectionForm($applicationsForUser){
echo "<br/>";
echo "<br/>";
echo "<br/>";
echo "<br/>";
foreach ($applicationsForUser as $app) {
?>
<form action="index.php" method="post">
<input type="hidden" name="userid" value="<?php echo $app->getUserid(); ?>">
<input type="hidden" name="name" value="<?php echo $app->getName(); ?>">
<input type="hidden" name="created" value="<?php echo $app->getDateCreated(); ?>">
<input type="hidden" name="invoice" value="<?php echo $app->getInvoice(); ?>">
<input type="hidden" name="comment" value="<?php echo $app->getComment(); ?>">
<input type="submit" name="appSelecter" value="<?php echo $app->getName(); ?>">
</form>
<?php
}
}
function getAppInformation($userid){
$applicationsForUser = array();
$conn = new mysqli('localhost:3306', 'root', '', 'clientportal');
if ($conn->connect_errno > 0) {
die('Could not connect: ' . mysql_error());
}else{
//we have connected to the database
$sql = "SELECT * FROM application WHERE userid = '$userid'";
if(!$val = $conn->query($sql)){
die('There was an error running the query [' . $db->error . ']');
}else{
$index = 0;
while($row = $val->fetch_assoc()){
$userid = $row['userid'];
$name = $row['name'];
$dateCreated = $row['date'];
$invoice = $row['invoiceid'];
$comment = $row['commentsid'];
$application = new Application($userid, $name, $dateCreated, $invoice, $comment);
$applicationsForUser[$index] = $application;
$index++;
}
}
}
$conn -> close();
return $applicationsForUser;
}
function logUserIn($username, $password) {
if(!isset($username) && !isset($password)){
return -1;
}
$result = -1;
//$conn = mysql_connect('localhost', 'web214-admin-ava', 'secondstory');
$conn = new mysqli('localhost:3306', 'root', '', 'clientportal');
if ($conn->connect_errno > 0) {
die('Could not connect: ' . mysql_error());
}else{
//we have connected to the database
$sql = "SELECT * FROM members WHERE username = '$username' AND password = '$password'";
if(!$val = $conn->query($sql)){
die('There was an error running the query [' . $db->error . ']');
}else{
while($row = $val->fetch_assoc()){
$result = $row['id'];
break;
}
}
}
$conn -> close();
return $result;
}
?>
<!--END LOGIN FORM-->
</div>
<!--END WRAPPER-->
<!--GRADIENT--><div class="gradient"></div><!--END GRADIENT-->
</body>
</html>
You have used folowing in the form submit:
onClick="location.href='index.php'" // Making a GET request
This is not submitting the form using POST method. Remove this and it'll work.
Update: There is no submit button with name submit so this condion will not work:
if(isset($_POST['submit']))
Make it:
if(isset($_POST['appSelecter']))
You don't need if(isset($_POST['submit'])) instead use;
if(isset($_POST['appSelecter'])) {
$username=$_POST["username"];
$password=$_POST["password"];
$userid = logUserIn($username, $password);
if($userid > 0){
$applicationsForUser = getAppInformation($userid);
printUserApplicationSelectionForm($applicationsForUser);
}
}
You dont nee this
onClick="location.href='index.php'"
dont do anything , just apply value to button i, i think you have applied already ,
by location.href your request will be send by GET Method in thgis case no form elements sent to the server
if you allow native form submission then all form elements will be sent to server, in case of multiple forms , the only elements sent realted to that submit button form thats it
I am creating and application with PHP and MySQL.
I have created two pages. Index.php and login.php (which holds the script for the user log in)
Every time I enter a user that is on the database to log in, it does return that there was no text entered.
I am new at this and I will really appreciate some help.
Here is my code.
Thanks in advance
index.php
<html>
<head>
<meta charset="UTF-8">
<title>Pet Service Catalogue</title>
</head>
<body>
<h1 style="text-align:center;"><img src="cat's paw.jpg" width="150" height="150" alt="cat's paw"/> Welcome to Pet Service Catalogue</h1>
<p style="text-align:center;">Please enter your Log in Details:</p>
<form style ="text-align:center;" name="LogIN" action="log_in.php" method="POST" enctype="multipart/form-data">
<p style="text-align:center;"> Email: <input type="text" name="user_email" value=""/></p>
<p style="text-align:center;"> Password: <input type="password" name="user_password" value="" /></p>
<input type="submit" value="Log In" name="LogIN" />
</form>
<form style="text-align:center;" name="registerprovider" action="registerprovider.php">
<p style="text-align:center;">Not Registered?:</p>
<input type="submit" value="Register Service Provider" name="Register Service Provider" />
</form>
<form style="text-align:center;" name="registerowner" action="registerowner.php">
<input type="submit" value="Register Pet Owner" name="Registerownerbutton" />
</form>
</body>
</html>
login.php
<html>
<head>
<meta charset="UTF-8">
<title></title>
</head>
<body>
<?php
// Create connection
$con = mysqli_connect('localhost', 'root', 'root', 'PetServiceCatalogue') or die("Failed to connect to database:" . mysqli_error($con));
//Get user details and put them on varaiables
$user_email = mysqli_real_escape_string($_POST['user_email']);
$user_password = mysqli_real_escape_string($POST['user_password']);
if (!empty($user_email) && !empty($user_password))
{
//look up for user details on the database
$query = "SELECT * FROM owner, provider WHERE email = '$user_email' AND password = SHA('$user_password') ";
$data = mysqli_query($con, $query);
$result = mysqli_num_rows($data);
printf("Number of rows %d \n", $result);
if ($result == 1) {
//The log in has found the user
$row = mysqli_fetch_array($data);
$user_email = $row('email');
$user_password = $row('password');
header("location: ownerhomepage.php");
} else {
//the user name or password are incorrect
echo "Wrong user email and password";
}
}
else
{
echo ' You must enter the user email and user password';
?>
<form name="back to index" action="index.php">
<input type="submit" value="Back to Log in page" name="Back to Log in page" /> </form>
<?php
}
mysqli_close($con);
?>
</body>
</html>
You have the action: action="log_in.php"but you've written its name is login.php
EDIT
Maybe you should try this as the first if statement:
if (trim($user_email)!="" && $user_password!=""){
//YOUR CODE
}
I'm trying to insert somethig to db and after i write this code i get just a blank page in php. Cam you help me ? if i delete all // i get blank page if it is as now i get imput containers
<?php
function create()
{
if(isset($_POST["submit"]))
{
$db = new mysqli('localhost', 'root', 'root', 'idoctor_db');
$username = $db->real_escape_string($_POST['username']);
$password = $db->real_escape_string($_POST['password']);
$password_conf = $db->real_escape_string($_POST['password_conf']);
$nick = $db->real_escape_string($_POST['nick']);
//create_new_user($username, $password, $password_conf, $nick);
//$db->query
//('
//INSERT INTO `idoctor_db`.`users` (`ID` ,`Login` ,`Password` ,`Name` ,`Level`)
//VALUES ('5 ' , 'kev5', 'roo5', 'kevkev5', ' 3 ' );
//');
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<link rel="stylesheet" href="css/login.css" />
</head>
<body>
<div class="container">
<form action="<?php create(); ?>" method="POST">
<input type="text" name="username" placeholder="Username..." />
<input type="password" name="password" placeholder="Password" />
<input type="password" name="password_conf" placeholder="Confirm password" />
<input type="text" name="nick" placeholder="Nick" />
<input type="submit" value="Create" name="submit"/>
</form>
</div>
</body>
</html>
If there are no errors in running this query, you will see a blank page.
All the work is happening in the background, look at your mysql table to confirm if the insert worked.
If you want to check the outcome of the query... just do the following
$outcome = $db->query
('
INSERT INTO `idoctor_db`.`users` (
`ID` ,
`Login` ,
`Password` ,
`Name` ,
`Level`
)
VALUES
(' 4 ', ' kev4 ', ' root ', ' kevkev4 ', ' 3 ');
');
if($outcome) {
echo 'success';
} else {
echo 'failed';
}
After your edit... I see another problem in your code:
<form action="<?php create(); ?>" method="POST">
<!-- ^ This is not how you submit form data to php...
action is supposed to be a URL.. however if left blank
it will take you to the same page
Try this instead:
<?php
if(isset($_POST["submit"]))
{
$db = new mysqli('localhost', 'root', 'root', 'idoctor_db');
$username = $db->real_escape_string($_POST['username']);
$password = $db->real_escape_string($_POST['password']);
$password_conf = $db->real_escape_string($_POST['password_conf']);
$nick = $db->real_escape_string($_POST['nick']);
//create_new_user($username, $password, $password_conf, $nick);
//$db->query
//('
//INSERT INTO `idoctor_db`.`users` (`ID` ,`Login` ,`Password` ,`Name` ,`Level`)
//VALUES ('5 ' , 'kev5', 'roo5', 'kevkev5', ' 3 ' );
//');
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<link rel="stylesheet" href="css/login.css" />
</head>
<body>
<div class="container">
<form method="POST">
<input type="text" name="username" placeholder="Username..." />
<input type="password" name="password" placeholder="Password" />
<input type="password" name="password_conf" placeholder="Confirm password" />
<input type="text" name="nick" placeholder="Nick" />
<input type="submit" value="Create" name="submit"/>
</form>
</div>
</body>
</html>