I'm trying to make admin panel, but in login page when username and password are submitted it just redirects me to the php where it is checking the data, it won't reconnect to the admin panel.. Here is the code:
This is where you input username and password (connection and session are included in head of the document):
<header>
<div class="body" style="padding-top: 150px;">
<div class="border rounded shadow login-center">
<form action="provjera.php" method="POST" style="padding-top: 32px;">
<div class="form-group text-center"><img class="img-fluid" style="width: 100px;" src="../assets/img/logo.png"></div>
<div class="form-group d-flex justify-content-center"><input class="form-control" type="text" name="ime" style="width: 200px;" placeholder="Korisničko ime"></div>
<div class="form-group d-flex justify-content-center"><input class="form-control" type="password" name="sifra" style="width: 200px;" placeholder="Šifra"></div>
<div class="form-group d-flex justify-content-center"><input class="btn btn-dark" style="width: 200px;" type="submit"></div>
</form>
</div>
</div>
and this is the "provjera.php" that is checking the data:
<?php
session_start();
$konekcija = mysqli_connect('localhost', 'root','' );
if($konekcija){
echo "conenction successful";
}else{
echo "no connection";
}
$baza=mysqli_select_db($konekcija,'hotel');
if(isset($_POST['submit'])){
$username = $_POST['ime'];
$password = $_POST['sifra'];
$sql = " select * from korisnik where ime='$username' and sifra='$password' ";
$query = mysqli_query($konekcija,$sql);
$row = mysqli_num_rows($query);
if($row == 1){
echo "login successful";
$_SESSION['ime'] = $username;
header('location:panel.php');
}else{
echo "login failed";
header('location:odjava.php');
}
}
?>
Related
I am making a simple PHP login with POST. However, every time I load the page, the function gets fired before I even hit submit on the html form. I have tried the method below and isset($_POST['submit']) but both ways are firing every single time I load the page. How do I stop this from occuring? Thank you.
//PHP CODE ABOVE HTML
<?php
$serverName = "localhost";
$dBUserame = "blake";
$dBPassword = "password";
$dBName = "database";
session_start();
$conn = mysqli_connect($serverName, $dBUserame, $dBPassword, $dBName);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn ,$_POST['password']);
$sql = "SELECT * FROM users WHERE email = '$email' AND password = '$password'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
$_SESSION['useremail'] = $email;
header('Location: https://allevohealth.com/admin/newsletter/contacts.php');
// output data of each row
while ($row = $result->fetch_assoc()) {
$_SESSION['name'] = $row["fullname"];
$_SESSION['email'] = $row["email"];
$_SESSION['useridid'] = $row["id"];
echo "<br> Full Name: ". $row["fullname"]. " - Email: ". $row["email"]. " " . $row["passsword"] . "<br>";
}
} else {
echo "0 results";
}
$conn->close();
}
?>
//HTML CODE BELOW PHP
<div class="col-lg-12 row justify-content-center">
<div class="col-lg-4 col-md-8 col-sm-9 mb-5">
<div class="p-5" style="border-radius: 20px !important; background-color: #161621">
<form id="myform" method="post">
<h2 class="h4 text-white mb-5">ACCOUNT LOGIN</h2>
<div class="row form-group">
<div class="col-md-9">
<label class="text-white" for="email">EMAIL</label>
<input type="email" id="input-email" name="email" class="form-control rounded-0">
<p id="result" style="padding-top: 2%; font-weight: bold;"></p>
</div>
</div>
<div class="row form-group">
<div class="col-md-7 mb-3 mb-md-0">
<label class="text-white" for="password">PASSWORD</label>
<input type="password" name="password" id="input-password" class="form-control rounded-0">
</div>
</div>
<div class="row form-group">
<div class="col-md-12" style="padding-top: 5%">
</div>
</div>
<input type="submit" name="submit" value="LOGIN" style="width: 150px" class="btn btn-primary mr-4 mb-2">
</form>
</div>
</div>
</div>
I have been trying to integrate the remember me option to my login form, using php and Ajax call, but can't seem to find my way around it. Probably messing up with cookies. The login page is working fine, but when the remember me option is checked, the login page just reloads after submission. Below is my current code;
Html form
<!DOCTYPE html>
<?php
session_start();
if( isset($_SESSION['patient_id']) || isset($_COOKIE['username']))
{
header('location: patient-details.php');
}
?>
<html lang="en">
<head>
</head>
<body class="bg-gradient-primary">
<div class="container">
<!-- Outer Row -->
<div class="row justify-content-center">
<div class="col-xl-5 col-lg-3 col-md-3">
<div class="card o-hidden border-0 shadow-lg my-5">
<div class="card-body p-0">
<!-- Nested Row within Card Body -->
<div class="row">
<div class="col-lg-12">
<div class="p-5">
<div class="text-center">
<h1 class="h4 text-gray-900 mb-4">Kabi Medical Records</h1>
<h7 class="h7 text-gray-900 mb-4">Log in to continue.</h7>
</div>
<form class="user" method = "POST" id="loginform"">
<hr>
<div id="loginmessage"></div>
<div class="form-group">
<input type="text" class="form-control form-control-user" id="UserName" aria-describedby="username" placeholder="User Name" name="username" value="">
</div>
<div class="form-group">
<input type="password" class="form-control form-control-user" id="UserPassword" placeholder="Password" name="password" value="">
</div>
<div class="form-group">
<div class="custom-control custom-checkbox small">
<input type="checkbox" class="custom-control-input" id="customCheck" name="remember" value="yes">
<label class="custom-control-label" for="customCheck">Remember Me</label>
</div>
</div>
<button type="submit" id="userloginbtn" class="btn btn-primary btn-user btn-block" name="login">Login</button>
</form>
<hr>
<div class="text-center">
<a class="small" href="#">Forgot Password?</a>
</div>
<div class="text-center">
<a class="small" href="/kabirecords">Back to Home</a>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<script src="vendor/jquery/jquery.min.js"></script>
<script src="assets/js/l.js"></script>
</body>
</html>
Login.php
<?php
//Start session
session_start();
//Connect to the database
$conn = new mysqli("localhost", "root", "", "mydb") or die(mysqli_error());
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$remember = $_POST['remember'];
//Run query: Check combinaton of usernamel & password exists
$sql = "SELECT * FROM tbl_patients WHERE username='$username' && password='$password'";
$result = mysqli_query($conn, $sql) or die(mysqli_error());
if(!empty($username) && !empty($password))
{
//If username & password don't match print error
$count = mysqli_num_rows($result);
if ($count !== 1) {
echo '<div class="alert alert-danger">Wrong Username or Password</div>';
}
else {
//log the user in: Set session variables and Cookies
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
if($remember == "yes") {
setcookie('username', $row['username'] , time()+(60*60*24*7), "");
setcookie('password', $row['password'] , time()+(60*60*24*7), "");
}
else {
$_SESSION['patient_id'] = $row['patient_id'];
$_SESSION['username'] = $row['username'];
}
echo "success";
}
}
else {
echo '<div class="alert alert-danger">Both are Required Fields </div>';
}
?>
Login.js
<script>
$("#loginform").submit(function(event) {
//prevent default php processing
event.preventDefault();
//collect user inputs
var datatopost = $(this).serializeArray();
//send them to login.php using AJAX
$.ajax({
url: "login.php",
type: "POST",
data: datatopost,
success: function(data) {
if ($.trim(data) === "success") {
Swal.fire({
icon: 'success',
title: 'Login successful',
});
window.location = "patient-details.php";
} else {
$("#loginmessage").html(data);
}
},
error: function() {
$("#loginmessage").html(
"<div class='alert alert-danger'>There was an error with the Ajax Call. Please try again later.</div>"
);$
}
});
});
</script>
Hi I'm trying to store image into database using session and its successfully done but problem is that its can't display on my webpage when I upload the page and click on save button the previous pic display again but the new pic save into database successfully and I want to store the pic on my folder also the coding is as following
The Html page coding is as following
<form class="form" action="accountsetting.php" method="post" enctype="multipart/form-data">
<div class="row">
<div class="col-12 col-sm-auto mb-3">
<div class="mx-auto" style="width: 140px;">
<div class="rounded-circle avatar avatar-xl mb-3">
<img class="rounded-circle" id="preview_avatar" name="image" src="https://imgbob.com/path/cdn/avatars /zxMvnv1q52hFyNeEGKz0UuPU5fkth5YadkXe3m26S4HODj09An.png"
width="100" height="100">
</div>
</div>
</div>
<div class="col d-flex flex-column flex-sm-row justify-content-between mb-3">
<div class="text-center text-sm-left mb-2 mb-sm-0">
<h4 class="pt-sm-2 pb-1 mb-0 text-nowrap"><?php echo $_SESSION['user']['fullname']; ?></h4>
<p class="mb-0"><?php echo $_SESSION['user']['username']; ?></p>
<div class="form-group mb-2 pt-2">
<input class='input' type='hidden' name='id' value="<?php echo $_SESSION['user']['id']; ?>" />
<input id="avatar" type="file" name="avatar" hidden="" accept="image/png, image/jpeg, image/jpg">
<button id="uploadBtn" type="button" class="btn btn-primary btn-file " >
<i class="fa fa-camera" aria-hidden="true"></i>   Upload Avatar
</button>
</div>
<div class="row">
<div class="col d-flex justify-content-end pr-5">
<button class="btn btn-primary " type="submit" name="profile">Save Changes</button>
</div>
</div>
</div>
</div>
</div>
</form>
The PHP coding is as following
$id = "";
if(isset($_POST['profile'])) {
$id = $_SESSION['user']['id'];
$file=addslashes(file_get_contents($_FILES["avatar"]["tmp_name"]));
$query = "UPDATE users SET avatar = '$file' WHERE id = '$id'";
$query_run = mysqli_query($db,$query);
if($query_run) {
echo '<script type = "text/javascript"> alert("image profile upload")</script>';
} else {
echo '<script type = "text/javascript"> alert("image profile not upload")</script>';
}
}
Session from HTML page side
<?php
include('../functions.php');
if (!isLoggedIn()) {
$_SESSION['msg'] = "You must log in first";
header("location: /uploadimg/loginform.php");
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['user']);
header("location: /uploadimg/loginform.php");
}
if(isset($_SESSION['success']))
{
echo $_SESSION['success'];
unset($_SESSION['success']);
}
if(isset($_SESSION['user']['fullname']))
{
}
?>
Session from PHP page side
<?php
session_start();
function isAdmin()
{
if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin' ) {
return true;
}else{
return false;
}
}
function isLoggedIn()
{
if (isset($_SESSION['user'])) {
return true;
}else{
return false;
}
}
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
Hope someone can help. I have a profile page that I want to display the logged in users details. So far I have this on the Profile page.
<?php
/* This script pulls the existing name input and displays it when the user logs in. */
session_start();
include("db.php"); ?>
<?php include("includes/header.php") ?>
<?php include("includes/nav.php") ?>
<?php
if(logged_in()) {
$result = mysqli_query($link,$query);
$row = mysqli_fetch_array($result);
if (!$_POST['name'] && $_POST['name']=="") $error.="<br />Please enter your name";
if (!$_POST['email'] && $_POST['email']=="") $error.="<br />Please enter your email";
if (!$_POST['DOB'] && $_POST['DOB']=="") $error.="<br />Please enter your date of birth";
if (!$_POST['country'] && $_POST['country']=="") $error.="<br />Please enter your country";
if ($error) {
echo '<div class="alert alert-success alert-dismissable">'.addslashes($error).'</div>';
}
if(isset($_POST['form-control'])) {
move_uploaded_file($_FILES['file']['tmp_name'],"img/".$_FILES['file']['name']);
$query = mysqli_query("UPDATE users SET image = '".$_FILES['file']['name']."'");
}
} else {
redirect("login.php");
}
?>
<Style>
.alert{
display:none;
}
#profileimg {
height: 100px;
width: auto;
}
</Style>
<div class="container">
<h1>Edit Profile</h1>
<hr>
<div class="row">
<!-- left column -->
<div class="col-md-3">
<div class="text-center">
<img src="//placehold.it/100" class="avatar img-circle" alt="avatar" id="profileimg">
<h6>Upload a different photo...</h6>
<input class="form-control" type="file" name="name">
</div>
</div>
<!-- edit form column -->
<div class="col-md-9 personal-info">
<div class="alert alert-success alert-dismissable">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
<strong>Profile updated.</strong>
</div>
<h3>Personal info</h3>
<form class="form-horizontal" role="form" action="edit_profile.php" method="post">
<div class="form-group">
<label class="col-lg-3 control-label name">name:</label>
<div class="col-lg-8">
<input class="form-control" value="<?php echo $row['name'];?>" type="text" name="name" required>
</div>
</div>
<div class="form-group">
<label class="col-lg-3 control-label">Email:</label>
<div class="col-lg-8">
<input class="form-control" value="<?php echo $row['email'];?>" type="text" name="email" required>
</div>
</div>
<div class="form-group">
<label class="col-lg-3 control-label">DOB:</label>
<div class="col-lg-8">
<input class="form-control" value="<?php echo $row['DOB'];?>" type="date" name="DOB" required>
</div>
</div>
<div class="form-group">
<label class="col-lg-3 control-label">Country</label>
<div class="col-lg-8">
<input class="form-control" value="<?php echo $row['country'];?>" type="text" name="country" required>
</div>
</div>
<div class="form-group">
<label class="col-md-3 control-label"></label>
<div class="col-md-8">
<input class="btn btn-primary" value="Save Changes" type="submit">
<span></span>
<input class="btn btn-default" id="updated" value="Cancel" type="reset">
</div>
</div>
</form>
</div>
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<!-- Include all compiled plugins (below), or include individual files as needed -->
<script src="js/bootstrap.min.js"></script>
<script>
$("#updated").click(function(){
$(".alert").hide().show('medium');
</script>
</body>
</html>
I then have another php file for the updating which is this:
<?php
session_start();
include("db.php");
$name = $_POST['name'];
$email = $_POST['email'];
$DOB = $_POST['DOB'];
$country = $_POST['country'];
$password = md5($salt.$_POST['password']);
$query = "UPDATE users SET name = '".$name."', email = '".$email."', DOB = '".$DOB."', country = '".$country."', password = '".$password."'";
$result = mysqli_query($link,$query);
header('Location: profile.php');
?>
So the short is it doesn't display or update and I am not sure why. I am new to PHP so go easy on me if this is simple, I have searched but can't seem to find the answer.
Thanks in advance.
Im also new to this but normally when I check if a SESSION id is active I use
if(isset($_SESSION['id'])) {
$query = "UPDATE users SET name = '".$name."', email = '".$email."', DOB = '".$DOB."', country = '".$country."', password = '".$password."' WHERE id='".$_SESSION['id']."'";
}
You also need to echo back the indexed rows that you are trying to query to display results
$name = row['username'];
echo $name;
There are lots of errors in your code: You are trying to upload a file in the same page whereas you send the form data to another page. How you handle form validation is also a little overhead. What I did change in the form is: I add name="save" in your submit button and added new hidden input for storing your user profile id. I am not sure what login() function did in your code, better stick to if($id){}.
Try this:
<?php
/* This script pulls the existing name input
and displays it when the user logs in. */
session_start();
include("db.php");
include("includes/header.php");
include("includes/nav.php");
$id = $_SESSION['id'];
if(loginned()) {//you can do if($id){}
$query="SELECT * FROM users WHERE id='$id' LIMIT 1";
$result = mysqli_query($link,$query);
$row = mysqli_fetch_array($result);
?>
<style>
.alert{
display:none;
}
#profileimg {
height: 100px;
width: auto;
}
</style>
<div class="container">
<h1>Edit Profile</h1>
<hr>
<div class="row">
<!-- left column -->
<!-- edit form column -->
<div class="col-md-9 personal-info">
<div class="alert alert-success alert-dismissable">
<button type="button" class="close" data-dismiss="alert"
aria-hidden="true">×</button>
<strong>Profile updated.</strong>
</div>
<h3>Personal info</h3>
<form class="form-horizontal" role="form"
action="edit_profile.php" method="post">
<div class="form-group">
<label class="col-lg-3 control-label name">name:</label>
<div class="col-lg-8">
<input class="form-control" value="<?php echo $row['name'];?>"
type="text" name="name" required>
</div>
</div>
<div class="col-md-3">
<div class="text-center">
<img src="//placehold.it/100" class="avatar
img-circle" alt="avatar" id="profileimg">
<h6>Upload a different photo...</h6>
<input class="form-control" type="file" name="name">
</div>
</div>
<div class="form-group">
<label class="col-lg-3 control-label">Email:</label>
<div class="col-lg-8">
<input class="form-control" value="<?php echo $row['email'];?>"
type="text" name="email" required>
</div>
</div>
<div class="form-group">
<label class="col-lg-3 control-label">DOB:</label>
<div class="col-lg-8">
<input class="form-control" value="<?php echo $row['DOB'];?>"
type="date" name="DOB" required>
</div>
</div>
<div class="form-group">
<label class="col-lg-3 control-label">Country</label>
<div class="col-lg-8">
<input class="form-control" value="<?php echo $row['country'];?>"
type="text" name="country" required>
</div>
</div>
<div class="form-group">
<input type="hidden" name="id" value="<?php echo $row['id'];?>">
<label class="col-md-3 control-label"></label>
<div class="col-md-8">
<input class="btn btn-primary" name="save"
value="Save Changes" type="submit">
<span></span>
<input class="btn btn-default" id="updated"
value="Cancel" type="reset">
</div>
</div>
</form>
</div>
<?php }else{ redirect("login.php"); } ?>
edit_profile.php First we check whether any post with a name of save is there, We validate the posted data. if validation is successful, we proceed to upload your file and then run your update query.
<?php
session_start();
include("db.php");
if(isset($_POST['save'])){
$id = isset($_POST['id'])? $_POST['id']:'';
$name = isset($_POST['name'])? $_POST['name']:'';
$email = isset($_POST['email'])? $_POST['email']:'';
$dob = isset($_POST['DOB'])? $_POST['DOB']:'';
$pass = isset($_POST['passwrd'])? md5($salt.$_POST['password']):'';
$country = isset($_POST['country'])? $_POST['country']:'';
if(empty($name)){
$error = 'Please enter your name';
}elseif(empty($email)){
$error = 'Please enter your email';
}elseif(empty($dob)){
$error = 'Please enter your date of birth';
}elseif(empty($country)){
$error = 'Please enter your country';
}elseif(empty($pass)){
$error = 'Please enter your password';
}else{
move_uploaded_file($_FILES['file']['tmp_name'],"img/".$_FILES['file']['name']);
$query = mysqli_query("UPDATE users SET image = '".$_FILES['file']['name']."'
WHERE id='$id'");
$query = "UPDATE users SET name = '$name', email = '$email',
DOB = '$DOB', country = '$country', password = '$password'
WHERE id='$id'";
$result = mysqli_query($link,$query);
header('Location: profile.php');
}
}
?>
<?php if(!empty($error)){
echo '<div class="alert alert-success
alert-dismissable">'.addslashes($error).'</div>';
}else{
echo '<div class="alert alert-success">Success</div>';
}
?>
I have added a demo here. At least this will help:
I have created a signup form for my php website using Bootstrap but nothing happens when I click on register. Signup form is made in Bootstrap and it is not working.
<div class="container">
<div class="row">
<div class="col-xs-12 col-sm-8 col-md-6 col-sm-offset-2 col-md-offset-3">
<?php
require_once("company-db.php");
if (!isset($_POST['submit'])) {
?>
<form role="form" action="<?=$_SERVER['PHP_SELF']?>" method="post">
<h2>Please Sign Up <small>It's free and always will be.</small></h2>
<hr class="colorgraph">
<div class="row">
<div class="col-xs-12 col-sm-6 col-md-6">
<div class="form-group">
<input type="text" name="username" id="username" class="form-control input-lg" placeholder="Username" tabindex="1">
</div>
</div>
<div class="col-xs-12 col-sm-6 col-md-6">
<div class="form-group">
<input type="password" name="password" id="password" class="form-control input-lg" placeholder="Password" tabindex="2">
</div>
</div>
</div>
<div class="form-group">
<input type="text" name="company_name" id="company_name" class="form-control input-lg" placeholder="Company Name" tabindex="3">
</div>
<div class="form-group">
<input type="text" name="description" id="description" class="form-control input-lg" placeholder="Company Description" tabindex="4">
</div>
<div class="form-group">
<input type="email" name="email" id="email" class="form-control input-lg" placeholder="Email Address" tabindex="4">
</div>
<div class="row">
<div class="col-xs-4 col-sm-3 col-md-3">
<span class="button-checkbox">
<button type="button" class="btn" data-color="info" tabindex="7">I Agree</button>
<input type="checkbox" name="t_and_c" id="t_and_c" class="hidden" value="1">
</span>
</div>
<div class="col-xs-8 col-sm-9 col-md-9">
By clicking <strong class="label label-primary">Register</strong>, you agree to the Terms and Conditions set out by this site, including our Cookie Use.
</div>
</div>
<hr class="colorgraph">
<div class="row">
<div class="col-xs-12 col-md-6"><input type="submit" value="submit" class="btn btn-primary btn-block btn-lg" tabindex="7"></div>
<div class="col-xs-12 col-md-6">Sign In</div>
</div>
</form>
<?php
} else {
## connect mysql server
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
# check connection
if ($mysqli->connect_errno) {
echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
exit();
}
## query database
# prepare data for insertion
$username = $_POST['username'];
$password = $_POST['password'];
$company_name = $_POST['company_name'];
$description = $_POST['description'];
$email = $_POST['email'];
# check if username and email exist else insert
$exists = 0;
$result = $mysqli->query("SELECT username from companies WHERE username = '{$username}' LIMIT 1");
if ($result->num_rows == 1) {
$exists = 1;
$result = $mysqli->query("SELECT email from companies WHERE email = '{$email}' LIMIT 1");
if ($result->num_rows == 1) $exists = 2;
} else {
$result = $mysqli->query("SELECT email from companies WHERE email = '{$email}' LIMIT 1");
if ($result->num_rows == 1) $exists = 3;
}
if ($exists == 1) echo "<p>Username already exists!</p>";
else if ($exists == 2) echo "<p>Username and Email already exists!</p>";
else if ($exists == 3) echo "<p>Email already exists!</p>";
else {
# insert data into mysql database
$sql = "INSERT INTO `companies` (`id`, `username`, `password`, `company_name`, `description`, `email`)
VALUES (NULL, '{$username}', '{$password}', '{$company_name}', '{$description}', '{$email}')";
if ($mysqli->query($sql)) {
//echo "New Record has id ".$mysqli->insert_id;
echo "<p>Registred successfully!</p>";
} else {
echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>";
exit();
}
}
}
?>
</div>
</div>
You don't have a name for your submit button, so this won't get posted.
<input type="submit" value="submit" name="submit"
class="btn btn-primary btn-block btn-lg" tabindex="7">
Give the name attribute and make it set.
Note: You must never rely on Submit button's attribute!
The (!isset($_POST['submit'])) conditional statement depends on the execution of your code.