Hello guys I am working on a freelance project and I faced with a problem I added some php codes in order to change paragraph elements visibility. the paragraph element which has to appear when user entered wrong username or password however paragraph element appears all the time
PHP SECTION
<?php
session_start();
require "db.php";
if ( !empty($_POST)) {
extract($_POST) ;
if ( checkUser($id, $pass) ) {
echo '<style>#wrong-password {display:none;margin-bottom: 5%;padding: 5%;width: 280px;font-family: "Montserrat", sans-serif;font-size: 1em;border-radius: 8px;border: 1px solid #ced4da;background-color: rgb(255, 23, 23);color: white;text-align: center;margin-top: 0;}</style>';
// you are authenticated
// session_start() creates a random id called session id.
// and stores in a cookie.
$_SESSION["user"] = getUser($id) ;
if($_SESSION["user"]["userType"]=='normal'){
header("Location: Analyzes.php?id=$id") ;
exit ;
}else {
header("Location: index.php") ;
exit ;
}
}
echo '<style> #wrong-password{visibility:visible; margin-bottom: 5%;padding: 5%;width: 280px;font-family: "Montserrat", sans-serif;font-size: 1em;border-radius: 8px;border: 1px solid #ced4da;background-color: rgb(255, 23, 23);color: white;text-align: center;margin-top: 0;}</style>';
}
HTML SECTION
<div id="form-container">
<h2>Hoşgeldiniz! 😺</h2>
<form action="?" method="POST">
<input type="number" name="id" placeholder="Kullanıcı Numarası">
<br>
<input type="password" name ="pass" placeholder="Parola">
<p id="wrong-password">Kullanıcı Adı veya Parola Hatalı :(</p>
<button type="submit" title="Giriş Yap">Giriş Yap</button>
</form>
</div>
Thanks in advance:)
Related
I have been struggling to figure out the mystery behind this.
Unable to POST form data when I add name to a particular input field. I been starring at the screen for hours to figure out what went wrong.
My Code goes as,
Form Page:
<form action="upload.php" method="POST">
<div class="customer_records">
<div class="customer_records_sub">
<input type="text" list="o_id" name="o_id[]" class="mb-2 mr-sm-2 o_id_input" placeholder="Order ID"
style="width: auto;padding: 10px 50px;display: inline-block;font-size: 16px;
border: 1px solid lightgray;border-radius:5px;vertical-align: text-bottom;background: none;">
<datalist id="o_id">
<?php
$sql_o_id = "SELECT DISTINCT(o_id) FROM quotes";
$result_o_id = $conn->query($sql_o_id);
if ($result_o_id->num_rows > 0) {
while($row_o_id = $result_o_id->fetch_assoc()) {
$o_id = $row_o_id["o_id"];
?>
<option value="<?= $o_id; ?>">
<?php } } else { } ?>
</datalist>
<div class="asins_visible_input mb-2 mr-sm-2"
style="width: auto;padding: 10px 50px;display: inline-block;font-size: 16px;
border: 1px solid lightgray;border-radius:5px;vertical-align: text-bottom;
background: none;height: 45px;min-width: 300px;" >
</div>
<br/>
<div class="asins_list" style="display:none;height: auto;overflow: auto;width: auto;
border: 1px solid lightgray;padding: 2%;border-radius: 5px;
margin-left: 24%;min-width: 400px;">
<?php
$sql_asin_id = "SELECT * FROM quotespos";
$result_asin_id = $conn->query($sql_asin_id);
if ($result_asin_id->num_rows > 0) {
while($row_asin_id = $result_asin_id->fetch_assoc()) {
$asin_id = $row_asin_id["id"];
$asin_p_id = $row_asin_id["p_id"];
$asin_o_id = $row_asin_id["o_id"];
if($asin_p_id == '' || $asin_p_id == NULL) {
$asin_p_id = '(BLANK)';
} else {
$asin_p_id = $asin_p_id;
}
?>
<div class="asin_id indi_asin_<?= $asin_o_id; ?>" style="display:none;padding-left:10px;">
<input type="checkbox" class="asins_input_checkbox" data-id="<?= $asin_id; ?>" data-pid="<?= $asin_p_id; ?>" style="display:inline-block;width: 20px;height: 20px;" />
<p style="display:inline-block;padding-top: 2px;font-size: 16px;vertical-align: super;"><?= $asin_p_id; ?></p>
<div class="asins_div_percentile"
style="diplay:inline-block;float:right;display:none;">
<i class="fa fa-chevron-right" aria-hidden="true"
style="margin-top: 9px;margin-left: 8px;font-size: 14px;"></i>
<input class="asins_div_percentile_input" name="tada"
style="width: 50px;margin-left: 30px;vertical-align: top;
border: 1px solid gray;font-size: 16px;
border-radius:5px;border:1px solid gray;text-align:center;"
type="text" placeholder="%" />
</div>
<br/>
</div>
<?php $sl++; } } else { } ?>
<input type="hidden" name="asins[]" class="asins_hidden_input" />
</div>
</div>
</div>
<input type="hidden" name="bywhom" value="0" />
<input type="hidden" name="date" value="06/12/201" />
<button type="submit" name="submit" class="btn btn-primary mb-2 expense_form_btn"
style="margin-top: 0.8%;font-size:16px;">Submit</button>
</form>
Upload.php page:
$date = $_POST["date"];
$bywhom = $_POST["bywhom"];
echo $bywhom;
In the above form page, forget the array and all, they all work perfectly fine the moment i remove the name tag from the input tag with class asins_div_percentile_input, But the moment I keep something inside the name tag of that asins_div_percentile_input input, form gets submitted but none of the values gets posted. not even the normal input tag values like date mentioned above.
I don't understand what went wrong. Hope I was clear.
Any help is greatly appreciated.
After thinking a bit, I found a way around. Instead of forcing it to send all the empty fields and then take only the fields which have values, I removed the empty fields from DOM at the time of submission.
$(".form_submit_btn").click(function() {
$(".form_submit_btn").prop("disabled", true);
$('.main_parent').find('.asins_input_checkbox').each(function () {
if($(this).prop("checked")) { } else {
$(this).parent().remove();
}
});
$("#add_expense_form").submit();
});
Works fine. Thanks to all who literally taught me a lot through this query. Appreciate your time.
I am setting 2 session variables and then called the header function.
(SecurityCheck.php)
$_SESSION['danger'] = "true";
$_SESSION['priviledgeError'] = "You do not have access";
header('Location: index.php');
However, when the header re-directs to the proper page, only one of the sessions retains its value, even though I never called any type of session unset method.
(index.php)
echo 'line 63 index.php';
echo "<br>danger session is: " . isset($_SESSION['danger']);
echo "<br>priviledge session is: " . isset($_SESSION['priviledgeError']);
line 63 index.php
danger session is:
priviledge session is: 1
I have checked through all relevant files for any places I may have called an unset function, and made sure session_start() is appended to the top of both pages.
I expect that both sessions will return "1" and not just one of them.
Entire Index.php file:
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Sign-Up/Login Form</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="css/style2.css">
<style>
#userPass
{
padding; 20px;
}
#logIn
{
padding: 20px;
position:relative;
border-style: solid;
margin:auto;
background-color: white;
width: 390px;
height: 160px;
}
#log-in-header
{
position: absolute;
left:46%;
font-size: 35px;
color:black;
}
#submitButton
{
position: relative;
top: 83px;
width: 347px;
}
td
{
padding: 20px;
}
</style>
</head>
<!--ONLY runs when user has clicked LOG-IN-->
<body>
<div id='container'>
<?php
echo 'line 63 index.php';
echo "<br>danger session is: " . isset($_SESSION['danger']);
echo "<br>priviledge session is: " .
isset($_SESSION['priviledgeError']);
// die;
require 'header.php';
require 'messages.php';
?>
<br>
<p id='log-in-header'>
Log-In
</p>
<hr><br><br><br>
<form method="post" action="login.php">
<div id='logIn'>
<!-- <div id='userPass'>-->
<table style = "position: relative; bottom:
40px;">
<tr>
<td style='font-size: 20px'>Username:</td>
<td><input type="text" style='color:
black' name="userName" id='user' ></td>
</tr>
<tr>
<td style='font-size: 20px'>Password:</td>
<td><input type="password" style='color:
black' name="password" id='pass' ></td>
</tr?
</table>
<!-- </div>-->
<div id='submitButton'>
<input type="submit" class="btn btn-default"
style='color: black; font-size: 20px' value="Log In">
</div>
</div>
</form>
</div>
<!-- LOG-IN form ENDS -->
<!-- JS scrips-->
<script src="js/index.js"></script>-->
</body>
</html>`
UPDATE: added a new session entry, as well as a session deleteion to SecurityCheck.php
$_SESSION['danger'] = "true";
$_SESSION['priviledgeError'] = "You do not have access
unset($_SESSION['priviledgeError']);
$_SESSION['newSession'] = "hi";
header('Location: index.php');
Here is code in index.php:
echo 'line 63 index.php';
echo "<br>danger session is: " . isset($_SESSION['danger']);
echo "<br>priviledge session is: " .
isset($_SESSION['priviledgeError']);
echo "<br>new session is: " . $_SESSION['newSession'];
Here is result:
line 63 index.php
danger session is:
priviledge session is:
new session is: hi
Showing Error
Warning: session_start() [function.session-start]: Cannot send session cookie -
headers already sent by (output started at
/home/content/82/11942882/html/praveen/Allyface/index.php:8) in
/home/content/82/11942882/html/praveen/Allyface/index.php on line 11
Warning: session_start() [function.session-start]: Cannot send session cache limiter - >headers already sent (output started at >/home/content/82/11942882/html/praveen/Allyface/index.php:8) in >/home/content/82/11942882/html/praveen/Allyface/index.php on line 11
index.php
<?php
//simple PHP login script using Session
//start the session * this is important
session_start();
//login script
if(isset($_REQUEST['ch']) && $_REQUEST['ch'] == 'login'){
//give your login credentials here
if($_REQUEST['uname'] != '' && $_REQUEST['pass'] != '')
{
$email=$_REQUEST['uname'];
$pass=$_REQUEST['pass'];
//echo $email.$pass;
include("db.php");
mysql_query("select * from users where email='$email' and pass='$pass' ");
if(mysql_affected_rows()>0)
{
$_SESSION['login_user'] = $email;
}
else
{
$_SESSION['login_msg'] = 1;
}
}
else
$_SESSION['login_msg'] = 1;
}
//get the page name where to redirect
if(isset($_REQUEST['pagename']))
$pagename = $_REQUEST['pagename'];
//logout script
if(isset($_REQUEST['ch']) && $_REQUEST['ch'] == 'logout'){
unset($_SESSION['login_user']);
header('Location:index.php');
}
if(isset($_SESSION['login_user'])){
if(isset($_REQUEST['pagename']))
{
?>
//header('Location:'.$pagename.'.php');
<script type="text/javascript">
self.location='<?php echo $pagename.'.php'; ?>';
</script>
<?php
}
else
{
$email=$_REQUEST['uname'];
?>
<script type="text/javascript">
self.location='<?php echo 'home.php'; ?>';
</script>
<?php
}
//header('Location:home.php');
}else{
?>
<form id="" name="form1" method="post" action="">
<table width="452" border="0">
<tr>
<td width="172"> <input name="uname" type="text" style="margin-top:15px; width:150px; height:22px; border:1px solid #CCCCCC; padding-left:30px;" placeholder="Email or Phone" />
</td>
<td width="177"> <input name="pass" type="password" style=" margin-top:15px; width:150px; height:22px; border:1px solid #CCCCCC; padding-left:30px;" placeholder="Password" />
</td>
<td width="81"><input name="login" type="submit" style=" margin-top:15px; background-color:#FFFF00;background-color: #fdd922; margin-left:30px;
border: 1px solid #e0bc27; font-weight:bold;
border-radius: 2px 2px 2px 2px; height:25px; font-family:Verdana, Arial, Helvetica, sans-serif; font-size:12px; color: #565656;" placeholder="login" value="Login" /></td>
</tr>
<tr>
<td colspan="3"><?php
//display the error msg if the login credentials are wrong!
if(isset($_SESSION['login_msg'])){
echo '<div style="font-family:Verdana, Arial, Helvetica, sans-serif; font-size:12px; color:#F00;">Wrong username and password !</div>';
unset($_SESSION['login_msg']);
}
?> </td>
</tr>
</table>
<input type="hidden" name="ch" value="login">
</form>
</div>
<?php }
?>
home.php
<?php
session_start();
//check logged in or not!
if(!isset($_SESSION['login_user'])){
?>
//header('Location:index.php?pagename='.basename($_SERVER['PHP_SELF'], ".php"));
<script type="text/javascript">
self.location='<?php echo 'index.php?pagename='.basename($_SERVER['PHP_SELF'],".php"); ? >';
</script>
<?php
}
else
{
include("db.php");
$uname=$_SESSION['login_user'];
$q=mysql_query("select * from users where email = '$uname'");
while($r=mysql_fetch_array($q))
{
$uid=$r['fname'];
?>
Please Help me
Thanks in advance
Make sure there is no data sent by the server before dealing with Sessions.
This includes White Spaces, Blank Lines or any type of data.
The point where output started is shown in the error message:
output started at /home/content/82/11942882/html/praveen/Allyface/index.php:8
It seems you have a "dispatcher" index.php, which loads other php files (like login.php). The reason for this error is something being printed in index.php on line 8.
If you see nothing printed on index.php, then there might be a newline at the end of file (if you are using Vi, it leaves a trailing new line on every file)
It's not possible to set cookies (or send any other headers) after output is started. You could add
ob_start()
at line 1 to buffer the output.
I'm creating an online game and I have a problem with updating some fields in database.
Here's the form and the php code.
<form method='post'>
<div style="float: left; width: 630px; color: white;">
<div style="float: left; width: 400px; background: #555; height: 20px;">
<?php
if ($row['Protected'] == 1)
{
?>
<img src="images/pass.png"></img>
<input type="password" name="pass" placeholder="Password" style="height: 18px;" />
<?php
}
echo("<input type='submit' name='enter' style='background: #555; text-decoration: underline;' value='$row[Name]' />");
?>
</div>
<div style="float: right; width: 229px; background: #555; margin-left: 1px; height: 20px;">
<?php
echo($row['NrPlayers']);
echo("/");
echo($row['MaxPlayers']);
echo(" Players");
?>
</div>
<div style="clear: both;">
<?php
echo($row['Descr']);
?>
</div>
<div style="background: #ccc; font-size: 13px; margin-bottom: 2px; color: black;">
<?php
echo($row['FName']);
echo(" ");
echo($row['LName']);
?>
</div>
<input type="hidden" name="id" value="<?php$row['Id_Room']?>" />
<input type="hidden" name="protect" value="<?php$row['Protected']?>" />
<input type="hidden" name="password" value="<?php$row['Pass']?>" />
<input type="hidden" name="nr" value="<?php$row['NrPlayers']?>" />
</div>
</form>
<?php
if (isset($_POST['enter']))
{
if ($_POST['protect'] == 1)
{
if ($_POST['pass'] == $_POST['password'])
{
$nr = $_POST['nr'] + 1;
mysql_query("upadte users set Id_Room = '$_POST[id]' where Id_User = '$_SESSION[id]'");
mysql_query("update rooms set NrPlayers = '$nr' where Id_Room = '$_POST[id]'");
header("Location: game.php");
}
else
{
?>
<span style="color: red; text-align: center;">The password you entered is incorrect.</span>
<?php
}
}
else
if (($_POST['protect'] == 0))
{*/
$nr = $_POST['nr'] + 1;
mysql_query("upadte users set Id_Room = '$_POST[id]' where Id_User = '$_SESSION[id]'");
mysql_query("update rooms set NrPlayers = '$nr' where Id_Room = '$_POST[id]'");
header("Location: game.php");
}
}
?>
There are two updates and one redirect. So, updates don't work but redirect does.
Step 1:
Submit the form to a template, then dump out all your values from the form scope to ensure your getting what you need through from the form.
Step 2:
Using some test values write your queries in a query editor like mysql work bench or php myAdmin so that you have working queries.
Step 3:
Write the code that generates your queries in php, but instead of executing it dump it out to screen. Do this until the outpu looks like the query you designed in the step 2.
Step 4:
Finish the page and execute the query, look out for typos, syntax errors and security holes. then dump out results from the query.
Things you need to check in your current code:
mysql_query("upadte users set Id_Room = '$_POST[id]' where Id_User = '$_SESSION[id]'");
Typos - 'upadte' , inline substition - Id_Room = '{$_POST['id']}'.
Always walk through thorough debugging steps before posting large amounts of code and asking for help.
Hi I have a "Sticky" form that after successful completion I want to clear the fields
I tried placing the $_POST = array(); in different sections of the IF statements,
This is the entire file, it is a form that get's sent to itself and records what you wrote in a file outside the webroot
Thanks for any help
<!-- BEGIN CHANGABLE CONTENT -->
<?php require('templates/header.html') ?>
<div id="main" role="main">
<h1>Welcome to the site</h1>
<h2>Please fill out the form</h2>
<p>Register and become a member!<br />Members enjoy newsletters and free swag courtesy of Tony Browns Design</p>
<form action="index.php" method='post' id='login_form'>
<legend><h2>Registration Form</h2></legend>
<fieldset>
<div>
<label for="fname">First Name: </label>
<input type="text" name='fname' id='fname' size='20'
value="<?php if (isset($_POST['fname'])){echo htmlspecialchars($_POST['fname']);} ?>" />
</div>
<div>
<label for="lname">Last Name: </label>
<input type="text" name='lname' id='lname' size='20'
value="<?php if(isset($_POST['lname'])){echo htmlspecialchars($_POST['lname']);} ?>" />
</div>
<div>
<label for="email">Email: </label>
<input type="text" name='email' id='email' size='20'
value="<?php if(isset($_POST['fname'])) {echo htmlspecialchars($_POST['email']);} ?>" />
</div>
<div>
<label for="quotes" class='move-top'>Quote: </label>
<textarea name="quotes" id="quote" cols="22" rows="8">Enter your quotation here.</textarea><br />
</div>
<div>
<input type="submit" value='submit' />
</div>
</fieldset>
</form>
<?php
$file = '../quotes_from_users.txt';
//Check if form is submitted
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (empty($_POST['fname']) && (empty($_POST['lname']) && (empty($_POST['email'])))) {
echo '<p style="color: #d00; text-shadow: -1px -1px 0 #200; font-size: 1.4em;">You need to fill in the all the fields!</p>';
}
if (!empty($_POST['quotes']) && ($_POST['quotes'] != 'Enter your quotation here.') ) {
if (is_writable($file)) {
file_put_contents($file, $_POST['quotes'] . PHP_EOL, FILE_APPEND | LOCK_EX);
echo '<p style="color= #cf5 font-size: 1.4em;">Your quote has been stored.</p>';
$_POST = array();
} else {
echo '<p style="color: #d00; text-shadow: -1px -1px 0 #200;">Your quote could not be stored due to a systems error, sorry about that!</p>';
}
} else {
echo '<p style="color: #d00; text-shadow: -1px -1px 0 #200; font-size: 1.4em;">Please enter a quote!</p>';
}
}
?>
<?php require('templates/footer.html'); ?>
</div>
<!-- END CHANGABLE CONTENT -->
Your logic seems flawed, if you only post a quote, it will get saved with this code.
It should be something like:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// the next line has changed
if (empty($_POST['fname']) || (empty($_POST['lname']) || (empty($_POST['email'])))) {
echo '<p style="color: #d00; text-shadow: -1px -1px 0 #200; font-size: 1.4em;">You need to fill in the all the fields!</p>';
}
else // added
{
if (!empty($_POST['quotes']) && ($_POST['quotes'] != 'Enter your quotation here.') ) {
if (is_writable($file)) {
file_put_contents($file, $_POST['quotes'] . PHP_EOL, FILE_APPEND);
echo '<p style="color= #cf5 font-size: 1.4em;">Your quote has been stored.</p>';
// only empty $_POST on a successful submission
$_POST = array();
} else {
echo '<p style="color: #d00; text-shadow: -1px -1px 0 #200;">Your quote could not be stored due to a systems error, sorry about that!</p>';
}
} else {
echo '<p style="color: #d00; text-shadow: -1px -1px 0 #200; font-size: 1.4em;">Please enter a quote!</p>';
}
}
}
That is assuming that your form gets added in templates/footer.html