I just want to display the username from database in my UserHome.php page. But it's displaying nothing. Here is the code below that I used to display the name.
server.php :
$host = "localhost";
$user = "root";
$password = '';
$db_name = "hawkeye_portfolio";
$db = mysqli_connect($host, $user, $password, $db_name);
$name = "";
if (isset($_POST['edit_user'])) {
$name = mysqli_real_escape_string($db, $_POST['name']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$query = "SELECT * FROM edituser";
$results = mysqli_query($db, $query);
if (count($results) == 1 ) {
$n = mysqli_fetch_array($results);
$name = $n['name'];
}
}
UserHome.php :
ul class="address-text">
<li><b>Name : </b></li>
<li><?php echo $name; ?> </li>
</ul>
So here I want to display the name, But it's not displaying the name imge
Notice :
I have also used this code
if (mysqli_num_rows($results) == 1) {
$_SESSION['name'] = $name;
}
<?php echo $_SESSION['name']; ?>
But these are not working too. Please someone help me.
Check this
$name = mysqli_real_escape_string($db, $_POST['name']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$query = "SELECT * FROM edituser WHERE name='$name' AND email='$email'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) === 1) {
while ($row = mysqli_fetch_assoc($results))
{
$_SESSION['name'] = $row['name'];
echo $_SESSION['name'];
}
} else {
// Show an error message
// multiple results found
}
Related
I'm working on a project which is a user, admin dashboard . first I have a page where is tell user/admin to signup in that i have email, passowrd, cpassword, department, schemes (both are select option field) and designation(like, collector, SdM, ETC) ,and role(user, admin). now then user/admin signup its detail fill in database and then he go to login page and write its email and password and he redirected to login page where also department and schemes select option field .
my question is that what should be logic that when a user/admin signup , the details which he enter and select from select filed that should be displayed to index page .
like he select department(education and its scheme ) so that scheme only display on index page no other department and scheme
i said again my signin and index page is same like 10department and there 50 schemes each of them. user select and he only see on index page that is fill in signin page
just tell me logic
thankyou
code
signin.php
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Connection Established
$server = "localhost";
$username = "root";
$password = "";
$database = "registration";
$conn = mysqli_connect($server, $username, $password, $database);
if (!$conn){
// echo "success";
// }
// else{
die("Error". mysqli_connect_error());
}
$Email = $_POST["Email"];
$password = $_POST["password"];
$cpassword = $_POST["cpassword"];
$department = $_POST["department"];
$schemes = $_POST["schemes"];
$designation = $_POST["designation"];
$Role = $_POST["Role"];
// $exists=false;
$existSql = "SELECT * FROM `usertable` WHERE Email = '$Email'";
$result = mysqli_query($conn, $existSql);
mysqli_set_charset($conn,'utf8'); // for hindi font language issue
$numExistRows = mysqli_num_rows($result);
if($numExistRows > 0){
// $exists = true;
$showError = "Email Already Exists";
}
else{
// $exists = false;
if(($password == $cpassword)){
$hash = password_hash($password, PASSWORD_DEFAULT);
$sql = "INSERT INTO `usertable` (`Email`,`password`,`department`,`schemes`,`designation`,`Role`, `dt`) VALUES ('$Email', '$hash','$department','$schemes','$designation','$Role', current_timestamp())";
$result = mysqli_query($conn, $sql);
if ($result){
$showAlert = true;
}
}
else{
$showError = "Passwords do not match";
}
}
}
// login.php
<?php
$login = false;
$showError = false;
// db Connection
if($_SERVER["REQUEST_METHOD"] == "POST"){
$server = "localhost";
$username = "root";
$password = "";
$database = "Registration";
$conn = mysqli_connect($server, $username, $password, $database);
if (!$conn){
// echo "success";
// }
// else{
die("Error". mysqli_connect_error());
}
$Email = $_POST["Email"];
$password = $_POST["password"];
// $sql = "Select * from users where username='$username' AND password='$password'";
$sql = "Select * from usertable where Email='$Email'";
$result = mysqli_query($conn, $sql);
$num = mysqli_num_rows($result);
if ($num == 1){
while($row = mysqli_fetch_assoc($result)){
if (password_verify($password, $row['password'])){
$login = true;
session_start();
$_SESSION['loggedin'] = true;
$_SESSION['Email'] = $Email;
header("location: index.php");
}
else{
$showError = "Invalid Email";
}
}
}
else{
$showError = "Invalid Email Or Password";
}
}
?>
This php code for login form validation. Why it always returns 'Wrong user data' (Грешни данни!). $name & $pass1 come from the login form which is in other file.
$activated has values 0 || 1 and it is to see if user confirmed registration from email.
<?php
//connection with database
require "db_connect.php";
require "password_compat-master/lib/password.php";
$name = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'name'))));
$pass1 = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'pass1'))));
$errorName = '';
$errorPass1 = '';
$feedback = '';
$mainError = false;
//get hash
$retHash = "SELECT password FROM users WHERE user_name='$name'";
$query_retHash = mysqli_query($conn, $retHash);
$row = mysqli_fetch_array($query_retHash);
$hash = $row['password'];
//get name
$retName = "SELECT user_name FROM users WHERE user_name='$name'";
$query_retName = mysqli_query($conn, $retName);
$row = mysqli_fetch_array($query_retName);
$uname = $row['user_name'];
//get 'activated'
$retAct = "SELECT user_name FROM users WHERE user_name='$name'";
$query_retAct = mysqli_query($conn, $retAct);
$row = mysqli_fetch_array($query_retAct);
$activated = $row['activated'];
if (filter_input_array(INPUT_POST)) {
if ($name !== $uname) {
$mainError = true;
}
if (!password_verify($pass1, $hash)) {
$mainError = true;
}
if ($activated != 1) {
$mainError = true;
}
if (!$mainError) {
$feedback = 'Здравей,' . $name . '!';
} else {
$feedback = 'Грешни данни!';
}
}
?>
As #Rajdeep Answered,
$retAct = "SELECT user_name FROM users WHERE user_name='$name'";
^ it should be activated
Better use one query. Fetch all details.
<?php
//connection with database
require "db_connect.php";
require "password_compat-master/lib/password.php";
$name = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'name'))));
$pass1 = mysqli_real_escape_string($conn, stripslashes(trim(filter_input(INPUT_POST, 'pass1'))));
$errorName = '';
$errorPass1 = '';
$feedback = '';
$mainError = false;
//get hash
$retHash = "SELECT * FROM users WHERE user_name='$name'";
$query_retHash = mysqli_query($conn, $retHash);
$row = mysqli_fetch_array($query_retHash);
$hash = $row['password'];
$uname = $row['user_name'];
$activated = $row['activated'];
if (filter_input_array(INPUT_POST)) {
if ($name !== $uname) {
$mainError = true;
}
if (!password_verify($pass1, $hash)) {
$mainError = true;
}
if ($activated != 1) {
$mainError = true;
}
if (!$mainError) {
$feedback = 'Здравей,' . $name . '!';
} else {
$feedback = 'Грешни данни!';
}
}
?>
Look at this statement here,
//get 'activated'
$retAct = "SELECT user_name FROM users WHERE user_name='$name'";
^ it should be activated
And there's no point running three separate queries. You can achieve the same thing using only one query, like this:
// your code
$query = "SELECT user_name, password, activated FROM users WHERE user_name='$name' LIMIT 1";
$result = mysqli_query($conn, $query);
$row = mysqli_fetch_array($result);
$uname = $row['user_name'];
$hash = $row['password'];
$activated = $row['activated'];
if (filter_input_array(INPUT_POST)) {
// your code
}
I made a simple Login Form there are some errors in the code I guess.
Everything is working fine but I'm struggling with the MySQL(mysqli) Query part.
But here is my code first:
<?php
session_start();
if(isset($_SESSION['acuser']))
{
redirectpage();
}
else
{
if($_POST)
{
if(isset($_POST['button']) && ($_POST['username']) && ($_POST['password']))
{
$db = 'datenbank';
$dbuser = 'root';
$dbpass = '';
$dbhost = 'localhost';
$connection = mysqli_connect($dbhost,$dbuser,$dbpass);
$selection = mysqli_select_db($connection,$db);
$username = mysqli_real_escape_string($connection,(htmlspecialchars($_POST['password'])));
$password = mysqli_real_escape_string($connection, (htmlspecialchars($_POST['password'])));
$password = md5($password);
if($connection)
{
if($selection)
{
$queryuser = "SELECT * FROM main WHERE Username = '$username'";
$result = mysqli_query($connection, $queryuser);
$checkuser = mysqli_num_rows($result);
if($checkuser)
{
$querypass = "SELECT * FROM main WHERE Username = '$username' AND Password ='$password'";
$resultpass = mysqli_query($connection,$querypass);
$checkpass = mysqli_num_rows($resultpass);
if($checkpass)
{
$data = mysqli_fetch_array ($resultpass);
$_SESSION["acID"] = $data["Id"];
$_SESSION["acUSERNAME"] = $data["Username"];
$_SESSION["acPASSWORD"] = $data["Password"];
$_SESSION["acEMAIL"] = $data["Email"];
}
// Some else stuff
?>
I guess there is something wrong with "mysqli_query()" and "mysqli_num_rows()"!
"Mysqli_num_rows()" can't handle the output of "mysqli_query()" somehow!
Maybe i will find an answer here
Not sure if this is the problem:
$username = mysqli_real_escape_string($connection,(htmlspecialchars($_POST['password'])));
is the username the same as the password in the database?
I am trying to update a user password in database with the following code
<?php
session_start();
if( isset($_SESSION['user']) ){
}
else
{
header("location: index.php");
}
$host = "localhost";
$username = "xxxx";
$password = "xxxxx";
$db_name = "auth_db";
$tbl_name = "users";
$link = new mysqli("$host", "$username" , "$password", "$db_name");
if(mysqli_connect_error())
{
die('Connect Error ('.mysqli_connect_errno().')' .msqli_connect_error());
}
$username = $_SESSION['user'];
$pwd = $_POST['oldpass'];
$pwd1 = $_POST['newpass'];
$pwd2 = $_POST['newpass1'];
if($pwd1 !== $pwd2)
{
Print '<script>alert("New Passwords do not match");</script>';
Print '<script>window.location.assign("pwd.php");</script>';
}
$query = mysqli_query($link, "SELECT * from users WHERE username = '$username'");
$user_exist = mysqli_num_rows($query);
$tbl_user = "";
$tbl_password = "";
$password = 0 ;
if($user_exist > 0)
{
while($row = mysqli_fetch_assoc($query))
{
$tbl_user = $row['username'];
$tbl_password = $row['password'];
$password = password_verify($pwd, $tbl_password);
}
if(($username == $tbl_user) && ($password))
{
if($password)
{
$new_hash = password_hash(('$pwd1'), PASSWORD_BCRYPT);
mysqli_query($link, "UPDATE $tbl_name SET password = '$new_hash' WHERE username = '$tbl_user'");
Print '<script>alert("Updated, Please relogin.");</script>';
Print '<script>window,location.assign("logout.php");</script>';
}
}
else
{
Print '<script>alert("Incorrect Password");</script>';
Print '<script>window,location.assign("pwd.php");</script>';
}
}
?>
I am able to generate the hash but it is not getting updated in the database and the page is redirected to the given link. I am thinkinging that there is something worng with my
mysqli_query($link, "UPDATE $tbl_name SET password = '$new_hash' WHERE username = '$tbl_user'");
Any help is appreciated. Thank you.
your code has many syntax errors. i have cited some and put it in comments so you can change it yourself.
<?php
session_start();
if( isset($_SESSION['user']) ){
}
else
{
header("location: index.php");
}
$host = "localhost";
$username = "xxxx";
$password = "xxxxx";
$db_name = "auth_db";
$tbl_name = "users";
$link = new mysqli("$host", "$username" , "$password", "$db_name");
if(mysqli_connect_error())
{
die('Connect Error ('.mysqli_connect_errno().')' .msqli_connect_error());
}
$username = $_SESSION['user'];
$pwd = $_POST['oldpass'];
$pwd1 = $_POST['newpass'];
$pwd2 = $_POST['newpass1'];
if($pwd1 !== $pwd2)
{
Print '<script>alert("New Passwords do not match");</script>';
Print '<script>window.location.assign("pwd.php");</script>';
}
$query = mysqli_query($link, "SELECT * from users WHERE username = '$username'");
$user_exist = mysqli_num_rows($query);
$tbl_user = ""; // instead of reinitializing these as a blank slate just use the unset(); function
$tbl_password = ""; // so its unset($tbl_user); so you can save memory.
$password = 0 ;
if($user_exist > 0)
{
while($row = mysqli_fetch_assoc($query))
{
$tbl_user = $row['username'];
$tbl_password = $row['password'];
$password = password_verify($pwd, $tbl_password);
}
if(($username == $tbl_user) && ($password))
{
if($password)
{
$new_hash = password_hash(('$pwd1'), PASSWORD_BCRYPT);
mysqli_query($link, "UPDATE $tbl_name SET password = '$new_hash' WHERE username = '$tbl_user'");
Print '<script>alert("Updated, Please relogin.");</script>';
Print '<script>window,location.assign("logout.php");</script>'; //<- window.location.assign();
}
}
else
{
Print '<script>alert("Incorrect Password");</script>';
Print '<script>window,location.assign("pwd.php");</script>'; //<-- window.location.assign();
}
}
?>
Try this
$link = new mysqli($host, $username , $password, $db_name);
mysqli_query($link, "UPDATE $tbl_name SET pasword = ".$new_hash." WHERE username = ".$tbl_user.");
I'm working on my school project and I need a simple login functionality. It was working 20 minutes ago but then I perhaps made some mistake. It doesn't show any error message. The database seems to be alright.
'jmeno' = name, 'heslo' = password
<?php $mysqli = new mysqli("localhost","admin","admin","uzivatele");
if(isset( $_POST['heslo']) && isset($_POST['jmeno'])){
$username = $_POST['heslo'];
$password = $_POST['jmeno'];
/* defends SQL injection */
// $username = stripslashes($username);
//$password = stripslashes($password);
//$password = mysqli_real_escape_string($mysqli, ($_POST['heslo']));
//$username = mysqli_real_escape_string($mysqli, $_POST['jmeno']);
$sqllogin = "SELECT * FROM prihlaseni WHERE jmeno = '".$username."' AND heslo = '".$password."' LIMIT 1";
$result = mysqli_query($mysqli, $sqllogin);
if (!$result) {
die(mysqli_error($mysqli));
}
$count = mysqli_num_rows($result);
if ($count == 1) {
session_start();
$_SESSION['loggedin'] = true;
header('Location: home.php');
}else {
echo "<script language='javascript'>alert('Wrong password!');</script>";
}
}
?>
I think you mixed post values. Try :
$username = $_POST['jmeno'];
$password = $_POST['heslo'];
I suggest debugging as follows:
<?php $mysqli = new mysqli("localhost","admin","admin","uzivatele");
if(isset( $_POST['heslo']) && isset($_POST['jmeno'])){
$username = $_POST['heslo'];
$password = $_POST['jmeno'];
/* defends SQL injection */
// $username = stripslashes($username);
//$password = stripslashes($password);
//$password = mysqli_real_escape_string($mysqli, ($_POST['heslo']));
//$username = mysqli_real_escape_string($mysqli, $_POST['jmeno']);
$sqllogin = "SELECT * FROM prihlaseni WHERE jmeno = '".$username."' AND heslo = '".$password."' LIMIT 1";
echo $sqllogin; //check the sql query string
$result = mysqli_query($mysqli, $sqllogin);
print_r($result);
if (!$result) {
die(mysqli_error($mysqli));
}
$count = mysqli_num_rows($result);
if ($count == 1) {
session_start();
$_SESSION['loggedin'] = true;
header('Location: home.php');
}else {
echo "<script language='javascript'>alert('Wrong password!');</script>";
}
}
?>
If sql string seems correct try querying the database directly and check output.
Probably there its not getting the $_POST vars, and not returning a valid $result.
Also I suggest you to not handle and save passwords like that but using hash functions like md5(string).