LOGINPAGE.html:
This is where the user will input their username and password. PHP method is POST.
<html>
<head>
<title>
LOG IN
</title>
<style>
body {
text-align: center;
}
</style>
</head>
<body>
<form action = "loginDatabase.php" method = "POST">
<label>User name:</label>
<input type="text" id="userNameID" name="userNameName" required>
<br />
<label>Password:</label>
<input type="password" id="passwordID" name="passwordName" required>
<br />
<input type="submit" id="submitLoginID" name="submitLoginName">
</form>
</body>
</html>
LOGINDATABASE.php:
This is the processing part where the mysql query will reference the record to be displayed on ADMINPAGE.php based on the username given on LOGINPAGE.php. I cannot figure out want went wrong in line 7 since I always get an error Notice: Undefined index: userNameName in /opt/lampp/htdocs/UsersDatabaseProgram/loginDatabase.php on line 7
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
include('connect.php');
session_start();
$result = mysqli_query($con, "SELECT * FROM addUsers WHERE userName = '" . $_GET['userNameName'] . "'");
if ($_SERVER ["REQUEST_METHOD"] == "POST") {
$userName = $_POST['userNameName'];
$password = $_POST['passwordName'];
/*
This doesnt work
$email = $row['email'];
$userlevel = $row['userLevel'];
*/
$sql = "SELECT * FROM addUsers WHERE userName = '".$userName."' AND password = '".$password."'";
$result = mysqli_query($con, $sql);
$row = mysqli_fetch_array($result);
$count = mysqli_num_rows($result);
if ($row["userLevel"] == "user") {
$_SESSION["userName"] = $userName;
header('location: userPage.php');
} elseif ($row["userLevel"] == "admin") {
$_SESSION["userName"] = $userName;
header('location: adminPage.php');
} else {
echo "<h1> Login failed. Invalid username or password.</h1>";
}
}
?>
ADMINPAGE.php:
This is where the name of the user, user level, and user status will be displayed.
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
include('connect.php');
include('loginDatabase.php');
?>
<html>
<head>
<style>
body {
text-align: center;
}
</style>
</head>
<body>
<h2>Admin</h2>
Log-out <br />
View records <br />
Add Record <br />
<label>Welcome</label><br />
<?php echo $_SESSION["userName"] ?>
<br />
<label>User level: </label>
<?php
while ($row = mysqli_fetch_array($result)) {
?>
<input type = "text" name = "userLevelName" value = " <?php echo $row['userLevel']; ?>"> <br />
<label>Email: </label>
<input type = "text" name = "userEmailName" value = " <?php echo $row['email']; ?>">
<?php
}
?>
<br />
</body>
</html>
You're sending the data as a POST then trying to access it as GET (then retrieving it again on line 11 !!).
Change it to something like this:-
if ($_SERVER ["REQUEST_METHOD"] == "POST") {
$userName = $_POST['userNameName'];
$password = $_POST['passwordName'];
}
$result = mysqli_query($con, "SELECT * FROM addUsers WHERE userName = '$userName'");
Related
I am new to PHP coding. I have created two forms. One is for signing up and the other for logging in. Unfortunately both fail to work due to some issues in the queries. I also searched and went through similar posts on this site but none solved my problem. I want to verify whether a user with the same id exists in the database "Users.db" at the time of signing up if any user enters the same id he should be notified to enter a valid id.
When I run my "sign in.php" code, it displays the following message on the screen without even waiting for the user to press the submit button/ sign up button.. "Number of rows found: 1 .This id is not available. Please enter a valid id." This message gets displayed even if the user enters a unique id that doesnt exist in the database before. Nothing gets stored in my database even if the id is unique by pressing the sign up button.
Secondly while logging in, the id and password entered by the user must be verified and matched with those stored in the database. He should be directed to the "index.html" page after successfully login in and only if he has signed up before. He should also be able to view his search history that is stored in "Search" table in the same database. This table contains two columns. One for the User id and the other for saving his search results.
The Search table looks like:
Id | History
nl23 Grand Hayat Hotel
Pearls Residencia Hotels
I am getting this error after running my code for login form "Unable to prepare statement: 1, near "AND": syntax error in D:\log in.php on line 54".
My log in form code is below:
log in.php
<body>
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
label{display:inline-block;width:100px;margin-bottom:10px;}
</style>
</head>
<body>
<h2>Log in page</h2>
<form method="post" action="">
Id: <input type="text" name="Id">
<br><br>
Password: <input type="text" name="Password">
<br><br>
<input type="submit" name="submit" value="Log In" >
</form>
<?php
class MyDB extends SQLite3
{
function __construct()
{
$this->open('Users Data.db');
}
}
$db = new MyDB();
if(!$db){
echo $db->lastErrorMsg();
} else {
}
$id=null;
$pass=null;
$id_exists=null;
if (isset($_POST['uid'])) {
$id = $_POST['uid'];
}
if (isset($_POST['passid'])) {
$pass = $_POST['passid'];
}
$sql= " SELECT * FROM Users WHERE ID = '" .$id. "' AND PASSWORD = '" .$pass. "';";
$ret = $db->query($sql);
$rows = count($sql);
if ($rows > 0)
{
$id_exists = true;
echo "You entered a valid id and password. ";
$sql= "SELECT History FROM Search WHERE Id= " .$id. ";";
$ret = $db->query($sql);
//header("location:index.html");
}
else
{
echo "Please enter a valid id and password. ";
}
?>
</body>
</html>
My sign in form is below:
sign in.php
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
label{display:inline-block;width:100px;margin-bottom:10px;}
</style>
</head>
<body>
<h2>Sign in page</h2>
<form method="post" action="">
Id: <input type="text" name="Id">
<br><br>
Password: <input type="text" name="Password">
<br><br>
Email: <input type="text" name="Email">
<input type="submit" name="submit" value="Sign Up" >
</form>
<?php
class MyDB extends SQLite3
{
function __construct()
{
$this->open('Users Data.db');
}
}
$db = new MyDB();
if(!$db){
echo $db->lastErrorMsg();
} else {
}
$id=null;
$password=null;
$email=null;
$id_exists=false;
$sql=null;
$result=null;
$rows=null;
$ret=null;
if (isset($_POST['Id'])) {
$id = $_POST['Id'];
}
if (isset($_POST['Password'])) {
$password = $_POST['Password'];
}
if (isset($_POST['Email'])) {
$email = $_POST['Email'];
}
$result= "SELECT * FROM Users WHERE ID = " .$id. ";";
// $ret = $db->query($result);
//$ret = $db->exec($sql);
echo "<p> The result query is ".$result ."</p>";
$rows = count($result);
echo "<p> Number of rows found: ".$rows ."</p>";
if ($rows > 0)
{
$id_exists = true;
echo "This id is not available. Please enter a valid id. ";
}
else
{
$sql= "INSERT INTO Users (ID,PASSWORD, EMAIL)
VALUES ('$id','$password','$email');" ;
$ret = $db->query($sql);
//$ret = $db->exec($sql);
// header("location:index.html");
}
if(!$ret){
echo $db->lastErrorMsg();
} else {
}
$db->close();
?>
</body>
</html>
Please guide me as i am stuck in both these codes.
What you are missing is checking if $_POST is set or is not empty. Only then you want to process user input. One more thing is that you should wrap $pass in quotes as it is a string and will be interpreted as column name if not surrounded with quotes.
Here's code:
log in.php
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
label{display:inline-block;width:100px;margin-bottom:10px;}
</style>
</head>
<body>
<h2>Log in page</h2>
<form method="post" action="">
Id: <input type="text" name="Id">
<br><br>
Password: <input type="text" name="Password">
<br><br>
<input type="submit" name="submit" value="Log In" >
</form>
<?php
if(!empty($_POST)) {
class MyDB extends SQLite3
{
function __construct()
{
$this->open('Users Data.db');
}
}
$db = new MyDB();
if(!$db){
echo $db->lastErrorMsg();
} else {
}
$id=null;
$pass=null;
$id_exists=null;
if (isset($_POST['Id'])) {
$id = $_POST['Id'];
}
if (isset($_POST['Password'])) {
$pass = $_POST['Password'];
}
$sql= " SELECT * FROM Users WHERE ID = '" .$id. "' AND PASSWORD = '" .$pass. "';";
$ret = $db->query($sql);
$rows = count($sql);
if ($rows > 0)
{
$id_exists = true;
echo "You entered a valid id and password. ";
$sql= "SELECT History FROM Search WHERE Id= " .$id. ";";
$ret = $db->query($sql);
//header("location:index.html");
}
else
{
echo "Please enter a valid id and password. ";
}
}
?>
</body>
</html>
sign in.php:
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
label{display:inline-block;width:100px;margin-bottom:10px;}
</style>
</head>
<body>
<h2>Sign in page</h2>
<form method="post" action="">
Id: <input type="text" name="Id">
<br><br>
Password: <input type="text" name="Password">
<br><br>
Email: <input type="text" name="Email">
<input type="submit" name="submit" value="Sign Up" >
</form>
<?php
if(!empty($_POST)) {
class MyDB extends SQLite3
{
function __construct()
{
$this->open('Users Data.db');
}
}
$db = new MyDB();
if(!$db){
echo $db->lastErrorMsg();
} else {
}
$id=null;
$password=null;
$email=null;
$id_exists=false;
$sql=null;
$result=null;
$rows=null;
$ret=null;
if (isset($_POST['Id'])) {
$id = $_POST['Id'];
}
if (isset($_POST['Password'])) {
$password = $_POST['Password'];
}
if (isset($_POST['Email'])) {
$email = $_POST['Email'];
}
$result= "SELECT * FROM Users WHERE ID = " .$id. ";";
echo "<p> The result query is ".$result ."</p>";
$rows = count($result);
echo "<p> Number of rows found: ".$rows ."</p>";
if ($rows > 0)
{
$id_exists = true;
echo "This id is not available. Please enter a valid id. ";
}
else
{
$sql= "INSERT INTO Users (ID,PASSWORD, EMAIL)
VALUES ('$id','$password','$email');" ;
$ret = $db->query($sql);
//$ret = $db->exec($sql);
// header("location:index.html");
}
if(!$ret){
echo $db->lastErrorMsg();
} else {
}
$db->close();
}
?>
</body>
</html>
I have been making/learning some PHP, and I successfully made a login form. When I have tried to replicate this, it doesn't work at all.
--MY HTML--
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
</head>
<body>
<form method="post" action="login.php">
<input type="text" name="usrname" placeholder=" Username">
<br />
<br />
<input type="password" name="passwd" placeholder=" Password">
<br />
<br />
<input type="password" name="pin" placeholder=" PIN #">
<br />
<br />
<input type="submit" value="Login">
</form>
</body>
</html>
--LOGIN.PHP--
<?php
session_start();
include('php/db.php');
$usrname = $_POST['usrname'];
$passwd = $_POST['passwd'];
$pin = $_POST['pin'];
$sql = "SELECT * FROM users WHERE usrname = 'usrname'";
$query = mysql_query($sql);
$row = mysql_fetch_array($query);
$usrnameFromDB = $row['usrname'];
$passwdFromDB = $row['passwd'];
$pinFromDB = $row['pin'];
if($usrnameFromDB == $usrname && $passwdFromDB == $passwd && $pinFromDB == $pin) {
echo "Correct";
} else {
echo "noooooo";
}
?>
<!DOCTYPE html>
<html>
<head>
<title>trhhytrh</title>
</head>
<body>
</body>
</html>
P.S. When comparing the codes, there is no major difference apart from the names. Also, the code provided is the one that isn't working. Thanks in advance! :)
As I stated in comments:
WHERE usrname = 'usrname'"; it should read as WHERE usrname = '$usrname'";
You're presently looking/querying for the string literal of "usrname" in your database, rather than the POST array's variable.
Heed the warnings about SQL injection. You should use a prepared statement and a safe password hashing function when your site does go live, such as password_hash().
You should not put that much trust in people.
References:
http://php.net/manual/en/function.password-hash.php
https://en.wikipedia.org/wiki/Prepared_statement
https://en.wikipedia.org/wiki/SQL_injection
Try this:
Change this in html
<input type="submit" name="submit" value="Login">
Then in php
<?php
session_start();
include('php/db.php');
if(isset $_POST['submit']){
$usrname = $_POST['usrname'];
$passwd = $_POST['passwd'];
$pin = $_POST['pin'];
$sql = "SELECT * FROM users WHERE usrname = '$usrname'";
$query = mysql_query($sql);
$row = mysql_fetch_array($query);
$usrnameFromDB = $row['usrname'];
$passwdFromDB = $row['passwd'];
$pinFromDB = $row['pin'];
if($usrnameFromDB == $usrname && $passwdFromDB == $passwd && $pinFromDB == $pin) {
echo "Correct";
} else {
echo "noooooo";
}
}//End of if
else
{
echo "Form is not submitted";
}
?>
You have not submitted the form. PS you have commited a mistake in your query. You were not using variable there
I cannot get $userLabel ($_SESSION['nickname']) to print. I am using phpmyadmin with apache on a localhost.
I cannot seem to figure out to problem. I have the row made in phpmyadmin and I know it is in row 4. Could it be a wrong method or something? I am new to PHP and trying to best to figure it out. Any solutions or addition help would be great! Thank you!
login:
if($_POST['submit']) {
include_once("connection.php");
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$sql = "SELECT id, username, password, nickname FROM users WHERE username = '$username' AND activated = '1' LIMIT 1";
$query = mysqli_query($connect, $sql);
if ($query) {
$row = mysqli_fetch_row($query);
$userId = $row[0];
$dbUsername = $row[1];
$dbPassword = $row[2];
$userLabel = $row[4];
}
if ($username == $dbUsername && $password == $dbPassword) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $userId;
$_SESSION['nickname'] = $userLabel;
header('Location: user.php');
}
else {
echo "Error: password mismatch.";
}
}
?>
<html>
<head>
</head>
<body>
<form action="index.php" method="post">
<li>
<input type="text" name="username" placeholder="Username">
</li>
<li>
<input type="password" name="password" placeholder="Password">
</li>
<li>
<input type="submit" name="submit" value="Sign In">
</li>
</form>
</body>
<html>
webpage:
if (isset($_SESSION['id'])) {
$userId = $_SESSION['id'];
$username = $_SESSION['username'];
$userLabel = $_SESSION['nickname'];
}
else {
header('Locaion: index.php');
die();
}
?>
<html>
<head>
</head>
<body>
<p><font color="white">Hello <?php echo $userLabel; ?>.</font></
</body>
<html>
<?php $userLabel = $row[3]; ?>
<p><font>Hello <?php echo $userLabel; ?>.</font></p>
Can anyone see the error in this code as the code is only giving me back :
the name does not exist
It was all working fine now it does not.
If anyone can spot it please and correct me as I am still new to this.
<?php
// see if the form has been completed
include_once("php_includes/check_login_status.php");
include_once("php_includes/db_conx.php");
// Initialize any variables that the page might echo
$username = "";
$firstname = "";
$surname = "";
$gender = "Male";
$country = "";
$weight = "";
$height = "";
if(isset($_GET["u"])){
$username = preg_replace('#[^a-z0-9]#i', '', $_GET['u']);
}
$sql = "SELECT * FROM users WHERE username='$username' AND activated='1' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
// check if the user exists in the database
while ($row = mysqli_fetch_array($user_query, MYSQLI_ASSOC)) {
$username = $row ["username"];
$firstname = $row["firstname"];
$surname = $row["surname"];
$weight = $row["weight"];
$height = $row["height"];
$email = $row["email"];
$gender = $row ["gender"];
}
if (isset($_POST['submit'])){
$username = $_POST['username'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$weight = $_POST['weight'];
$height = $_POST['height'];
$email = $_POST['email'];
$gender = $_POST['gender'];
mysql_connect ("host","****","*****"); mysql_select_db('db_k1003140');
// check if that user exist
$exists = mysql_query ("SELECT * FROM users WHERE firstname='" . $username . "'") or die ("query cant connect");
if (mysql_num_rows ($exists) != 0) {
// update the description in the database
mysql_query("UPDATE users SET firstname='$firstname', surname='$surname', weight='$weight', height='$height' WHERE username='$username'") or die ("update could not be applied");
echo "successful";
} else echo "the name does not exist";
}
?>
Here is the HTML :
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Profile Update: <?php echo $u; ?></title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
<link rel="stylesheet" type="text/css" href="style.css">
<script src="js/main.js"></script>
<script src="js/javascript.js"></script>
<script src="js/ajax.js"></script>
<style type="text/css">
#updateform{
margin-top:24px;
}
#updateform > div {
margin-top: 12px;
}
#updateform > input {
width: 200px;
padding: 3px;
background: #F3F9DD;
}
</style>
</head>
<body>
<?php include_once("template_pageTop.php"); ?>
<div id="pageMiddle">
<div id="usernamecss"> Username: <?php echo $username; ?></div>
<form action="update.php" method="POST" id="updateform">
<div>
<div>First Name: </div>
<input id="firstname" type="text" name="firstname" value="<?php echo $firstname?>" maxlength="16">
<div>Surname: </div>
<input id="surname" type="text" name="surname" value="<?php echo $surname?>" maxlength="16">
<div>Weight: </div>
<input id="weight" type="text" name="weight" value="<?php echo $weight?>" >
<div>Height: </div>
<input id="height" type="text" name="height" value="<?php echo $height?>" >
<p> <input type="submit" name="submit" id="submit" value="Update Description"></p>
Go to Profile
</div>
</form>
</div>
<?php include_once("template_pageBottom.php"); ?>
</body>
</html>
Just a guess you comparing username field with firstname,
SELECT * FROM users WHERE firstname='" . $username . "'";
While it needs to be,
SELECT * FROM users WHERE username='" . $username . "'";
Note: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
I made a login page for my website. The connection to the database is fine, and I am typing in to the login form the correct values that are in the database. I have a md5 on the password in both the database and the code. Yet, when I check to see if any rows come back, there are none. I would just like another set of eyes to look over what is probably a stupid mistake.
<?php
$email = $_POST['email'];
$password = $_POST['password'];
$password = md5($password);
$query = "SELECT * FROM users WHERE password = '$password' AND email='$email' AND activated='1'";
$queryrun = mysql_query($query);
while($row = mysql_fetch_assoc($queryrun)) {
$fname = $row['firstname'];
echo $fname;
}
$logincheck = mysql_num_rows($queryrun);
if ($logincheck > 0) {
echo 'good, you are in our database';
} else {
echo 'sorry, you are not in our database';
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
Login <br />
<form action="login.php" method="POST">
Email: <input type="text" name="email" />
Password: <input type="password" name="password" />
<input type="submit" value="Log in" />
</form>
</body>
</html>