i have a server.php file witch handle the registration form.
The server.php looks like:
<?php
session_start();
// initializing variables
$username = "";
$email = "";
$ig_name = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'secret', 'secret', 'test');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$ig_name = mysqli_real_escape_string($db, $_POST['ig_name']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($username)) { array_push($errors, "A Felhasználónév mező nem lehet üres."); }
if (empty($ig_name)) { array_push($errors, "Az IG név mező nem lehet üres."); }
if (empty($password_1)) { array_push($errors, "A Jelszó mező nem lehet üres."); }
if ($password_1 != $password_2) {
array_push($errors, "A két jelszó nem egyezik.");
}
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR ig_name='$ig_name' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "A felhasználónév már regiszrálva van.");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (username, ig_name, password)
VALUES('$username', '$ig_name', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "Sikeresen bejelentkeztél.";
$_SESSION['ig_name'] = $user['ig_name'];
header('location: index.php');
}
}
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$ig_name = mysqli_real_escape_string($db, $_POST['ig_name']);
if (empty($username)) {
array_push($errors, "A Felhasználó mező nem lehet üres");
}
if (empty($password)) {
array_push($errors, "A Jelszó mező nem lehet üres.");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "Sikeresen bejelentkeztél.";
header('location: index.php');
}else {
array_push($errors, "Hibás adatot adtál meg.");
}
}
}
?>
i wanna get the $ig_name variable as value from SQL the the rows name is "ig_name" then use it in settings.php
my settings.php looks like:
<?php
session_start();
if (!isset($_SESSION['username'])) {
$_SESSION['msg'] = "You must log in first";
header('location: login.php');
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['username']);
header("location: login.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>CDS - Adatbázis</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<span style="margin-left:30px;top:10px;position:relative;font-size:30px;cursor:pointer;color:white;" onclick="openNav()">☰ open</span>
<div id="mySidenav" class="sidenav">
×
Főoldal
<div w3-include-html="content.html"></div>
Keresett személy / Jármű
Ismert rendszámok
Beállítások
Kijelentkezés
</div>
<script>
function openNav() {
document.getElementById("mySidenav").style.width = "250px";
}
function closeNav() {
document.getElementById("mySidenav").style.width = "0";
}
$(function(){
$("#includedContent").load("b.html");
});
</script>
<div class="header">
<h2>Beállítások</h2>
</div>
<div class="content">
<!-- notification message -->
<?php if (isset($_SESSION['success'])) : ?>
<div class="error success" >
<h3>
<?php
echo $_SESSION['success'];
unset($_SESSION['success']);
?>
</h3>
</div>
<?php endif ?>
<!-- logged in user information -->
<?php if (isset($_SESSION['username'])) : ?>
<?php include('server.php') ?>
<div>
<table style="width: 60%;" border="0" cellpadding="5">
<tbody>
<tr>
<td> Felhasználónév:</td>
<td> <strong><?php echo $_SESSION['username']; ?></strong></td>
</tr>
<tr>
<td> IG neved:</td>
<td> <strong><?php $ig_name =$_GET['ig_name']; echo $ig_name; ?></strong></td>
<td> </td>
</tr>
<tr>
<td> Jelszó:</td>
<td> </td>
<td> </td>
</tr>
</tbody>
</table>
</div>
<?php endif ?>
</div>
</body>
</html>
Some html string is hungarian, so dont care of it.
How should i get, then send the "ig_name" rows in settings? i dont wanna use a new sql connection, just in server.php
You have already made a session of $ig_name in your server.php on this line $_SESSION['ig_name'] = $user['ig_name']; so you only need to replace
<?php $ig_name =$_GET['ig_name']; echo $ig_name; ?>
with
<?php echo $_SESSION['ig_name']; ?>
in your settings.php
Include your server.php file at the top of settings.php file
include "server.php"
now you can access the "ig_name" variable
Related
I have a login.php, loginer.php, registration.php, register.php, logout.php, logouter.php, dashboard.php and menu.php file as well. The menu.html is included into my dashboard.php because the menu.html contains the button which I have to click on if I would like log out.
I have the folder of the project of mine in htdocs. Inside the project's folder I have a 'hu' folder because the website is in hungarian language at the moment. Inside this 'hu' folder I have all the mentioned .php files apart from dashboard.php and menu.html because these 2 files are in the 'registered' folder which is also inside the 'hu' folder.
I have a registration-login system. But when I log in I do not need to sign out forward to get to login.php because I just have to click on the "back" button.
Why is it happening?
I have already tried to write "session_destroy();" to almost everywhere. I did not work.
This is how login.php looks like:
<!DOCTYPE html>
<html>
<head>
<title>Bejelentkezés | LASOW Projekt</title>
<link rel="stylesheet" href="css/login.css">
</head>
<body>
<?php
include 'navbar.html';
?>
<div class="main">
<h1>Bejelentkezés</h1>
<form action="loginer.php" method="POST">
<label for="">Email:</label><br>
<input type="text" name="emailaddress"><br>
<label for="Jelszó:">Jelszó:</label><br>
<input type="password" name="password"><br>
<input name="login" type="submit" value="Belépek">
</form>
</div>
</body>
</html>
This is how loginer.php looks like:
<?php
session_start();
include '../connect.php';
$error = ""; //Variable for storing our errors.
if(isset($_POST["login"]))
{
if(empty($_POST["emailaddress"]) || empty($_POST["password"]))
{
$error = "Mindkét mező kitöltése kötelező!";
}else
{
// Define $username and $password
$emailaddress=$_POST['emailaddress'];
$password=$_POST['password'];
// To protect from MySQL injection
$emailaddress = stripslashes($emailaddress);
$password = stripslashes($password);
$emailaddress = mysqli_real_escape_string($conn, $emailaddress);
$password = mysqli_real_escape_string($conn, $password);
$password = md5($password);
//Check username and password from database
$sql="SELECT id,emailaddress,password FROM users WHERE emailaddress='$emailaddress' and password='$password'";
$result=mysqli_query($conn,$sql);
//$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
//email és jelszó létezése esetén folytatódik a folyamat
//Otherwise echo error.
if(mysqli_num_rows($result) == 1)
{
$_SESSION['emailaddress'] = $emailaddress; // Initializing Session
header("location: registered/dashboard.php"); // átirányítás a login.php-re
}else
{
$error = "Helytelen email vagy jelszó";
}
}
}
?>
This is how register.php looks like:
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<?php
if(isset($_POST["register"])){
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "lasowcompany";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
mysqli_set_charset($conn,"utf8");
//nem $POST hanem $_POST a htmlspecialchars nem enged javasrcipt kódot be írni az adatbázisba
$surname = htmlspecialchars($_POST['surname']);
$firstname = htmlspecialchars($_POST['firstname']);
$emailaddress = htmlspecialchars($_POST['emailaddress']);
$phonenumber = htmlspecialchars($_POST['phonenumber']);
$password = md5($_POST['password']);
$passwordconfirm = md5($_POST['passwordconfirm']);
if(empty($surname))
{
echo "A vezetéknevet meg kell adnod!";
}
elseif(empty($firstname))
{
echo "A keresztnevet meg kell adnod";
}
elseif(empty($emailaddress))
{
echo "Az email címet meg kell adnod";
}
elseif($password != $passwordconfirm)
{
echo "A megadott jelszavak nem egyeznek";
}
elseif(strlen($password) < 6)
{
echo "Minimum 6 karakteres lehet a jelszó";
}
elseif(empty($password))
{
echo "A kívánt jelszót meg kell adnod";
}else{
$sql = "INSERT
INTO
users
(surname,
firstname,
emailaddress,
phonenumber,
password)
VALUES
('".$surname."',
'".$firstname."',
'".$emailaddress."',
'".$phonenumber."',
'".$password."')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
header('Location: dashboard.php');
}
}
/*$sql = "INSERT INTO users (surname, firstname, emailaddress, phonenumber, password, passwordconfirm)
VALUES ('".$_POST["surname"]."','".$_POST["firstname"]."','".$_POST["emailaddress"]."','".$_POST["phonenumber"]."','".$_POST["password"]."','".$_POST["passwordconfirm"]."')";
*/
?>
</body>
</html>
logout.php:
<?php
session_start();
unset($_SESSION['emailaddress']);
header("Location: logouter.php");
?>
dashboard.php:
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<style>
h2 { text-align: center; }
</style>
</head>
<body>
<?php
if(isset($_SESSION['emailaddress'])){
include 'menu.html';
}else{
header("Location: ../logout.php");
exit();
}
?>
<h2>Üdv a LASOW rendszerében</h2>
</body>
</html>
menu.html:
<ul>
<li><span style="font-size:30px;cursor:pointer" onclick="openNav()">☰</span></li>
<li><a class="active" href="#home">Főoldal</a></li>
</ul>
<div id="mySidenav" class="sidenav">
×
Főoldal
Tudás
Profil
Kilépés
</div>
<script>
function openNav() {
document.getElementById("mySidenav").style.width = "30%";
}
function closeNav() {
document.getElementById("mySidenav").style.width = "0";
}
</script>
Do not let user to go back to login.php if user did not log out.
you have to use the sessions in every pages that you want to be tracked
Well, on my small site, which I use for practice I created pages where I saved my data from tables from the database, also, I have normal users and admin. I created admin through my sql and I can create a normal user through a registration form on the page. What I want to do is, As I said I have a page where I saved my data from tables, I want to make so user cant see that page while admin can see that page. I just want to make those restrictions. However, I don't know how to start with that in code, I will post here the code that I think you will need for helping me, so, If you need something more, I'm here!
login.php: `
<?php include('functions.php') ?>
<!DOCTYPE html>
<html>
<head>
<title>Prijavi se</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="header">
<h2>Prijavi se</h2>
</div>
<form method="post" action="login.php">
<?php echo display_error(); ?>
<div class="input-group">
<label>Korisnicko ime</label>
<input type="text" name="username" >
</div>
<div class="input-group">
<label>Lozinka</label>
<input type="password" name="password">
</div>
<div class="input-group">
<button type="submit" class="btn" name="login_btn">Prijavi se</button>
</div>
<p>
Jos uvek nemate nalog? Registruj se
</p>
</form>
`
functions.php: `
$db = mysqli_connect('localhost', 'root', '', 'it210projekat');
$username = "";
$email = "";
$errors = array();
if (isset($_POST['register_btn'])) {
register();
}
if (isset($_POST['login_btn'])) {
login();
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['user']);
header("location: ../login.php");
}
function register(){
global $db, $errors;
$username = e($_POST['username']);
$email = e($_POST['email']);
$password_1 = e($_POST['password_1']);
$password_2 = e($_POST['password_2']);
if (empty($username)) {
array_push($errors, "Unesite ime");
}
if (empty($email)) {
array_push($errors, "Unesite email");
}
if (empty($password_1)) {
array_push($errors, "Unesite lozinku");
}
if ($password_1 != $password_2) {
array_push($errors, "Lozinke se ne poklapaju");
}
if (count($errors) == 0) {
$password = md5($password_1);
if (isset($_POST['user_type'])) {
$user_type = e($_POST['user_type']);
$query = "INSERT INTO users (username, email, user_type, password)
VALUES('$username', '$email', '$user_type', '$password')";
mysqli_query($db, $query);
$_SESSION['success'] = "Uspesno ste napravili nalog!!";
header('location: login.php');
}else{
$query = "INSERT INTO users (username, email, user_type, password)
VALUES('$username', '$email', 'user', '$password')";
mysqli_query($db, $query);
$logged_in_user_id = mysqli_insert_id($db);
$_SESSION['user'] = getUserById($logged_in_user_id);
$_SESSION['success'] = "Uspesno ste se prijavili";
header('location: login.php');
}
}
}
function getUserById($id){
global $db;
$query = "SELECT * FROM users WHERE id=" . $id;
$result = mysqli_query($db, $query);
$user = mysqli_fetch_assoc($result);
return $user;
}
function login(){
global $db, $username, $errors;
$username = e($_POST['username']);
$password = e($_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$logged_in_user = mysqli_fetch_assoc($results);
if ($logged_in_user['user_type'] == 'admin') {
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "Uspesno ste se prijavili";
header('location: pocetna.php');
}else{
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "Uspesno ste se prijavili";
header('location: pocetna.php');
}
}else {
array_push($errors, "Pogresno korisnicko ime ili lozinka");
}
}
}
function isLoggedIn()
{
if (isset($_SESSION['user'])) {
return true;
}else{
return false;
}
}
function isAdmin()
{
if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin' ) {
return true;
}else{
return false;
}
}
function e($val){
global $db;
return mysqli_real_escape_string($db, trim($val));
}
function display_error() {
global $errors;
if (count($errors) > 0){
echo '<div class="error">';
foreach ($errors as $error){
echo $error .'<br>';
}
echo '</div>';
}
}
?>`
I have this on top of page where I want to make restrict for normal users:
<?php if (isset($_SESSION['success'])) : ?>
<div class="error success" >
<h3>
<?php
echo $_SESSION['success'];
unset($_SESSION['success']);
?>
</h3>
</div>
<?php endif ?>
<div class="profile_info">
<div>
<?php if (isset($_SESSION['user'])) : ?>
<strong><?php echo $_SESSION['user']['username']; ?></strong>
<?php endif ?>
</div>
</div>
</div>
In your functions file, you are setting $_SESSION['user'] to the data from the database row for the user; this means you just have to check if $_SESSION['user']['user_type'] is admin or not.
So, it's simple, on the page you only want admins to see (at the top, below your functions.php call), do this:
if($_SESSION['user']['user_type'] != 'Admin') {
//could redirect page here
die('This page is not available to non-administrators.');
}
I noticed a couple of other issues in your login/register code.
1) NEVER use md5() for passwords, it's considered just as bad as plaintext. Instead, use password_hash() and password_verify() PHP functions.
2) Your mysql queries are at risk of SQL Injection attacks, you should convert these to parameterized queries.
How do i make an success message when form is submitted
here is the code:
server.php
<?php
session_start();
$username = "";
$errors = array();
$db = mysqli_connect('localhost', 'root', '', 'reg_user');
// REGISTER USER
if (isset($_POST['reg_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
$user_check_query = "SELECT * FROM users WHERE username='$username' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
}
if (count($errors) == 0) {
$password = md5($password_1);
$query = "INSERT INTO users (username, password)
VALUES('$username', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: register.php');
}
}
index.php
<div class="card-body">
<p><?php include('errors.php'); ?></p>
<form method="POST" action="register.php" class="needs-validation" novalidate="">
<div class="form-group">
<label for="username">Username</label>
<input id="username" type="username" class="form-control" name="username" tabindex="1" required autofocus>
</div>
here is the code of error.php which it pops up a error message when username is taken
error.php
<?php if (count($errors) > 0) : ?>
<div class="alert alert-danger alert-dismissible show fade">
<div class="alert-body">
<button class="close" data-dismiss="alert">
<span>×</span>
</button>
<?php foreach ($errors as $error) : ?>
<p><center><b><?php echo $error ?></center></b></p>
<?php endforeach ?>
</div>
</div>
<?php endif ?>
I want to add success message just like the error.php but what is the code to perform an success message?
You can do it like:
if (!$errors)
{
header("Location: success.php");
exit;
}
or modify this part from your code:
if (count($errors) == 0) {
$password = md5($password_1);
$query = "INSERT INTO users (username, password)
VALUES('$username', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = TRUE;
header('location: success.php'); exit;
}
Are you looking for something like this?
<?php if($_SESSION['success'] != '' ) : ?>
<label> <?php include('success.php'); ?></label>
<?php endif; ?>
PHP saying theres nothing in the boxes when I put stuff in.
Tried putting var_dump($_POST); die(); at the top of register.php and it showed what I put in the boxes
Not sure what's going on here.
Any help is appreciated. Thanks in advance.
I've spent a while trying to figure this out.
Will login work aswell?
Thanks,
Jon
functions.php
<?php
session_start();
// connect to database
$db = mysqli_connect(:-));
// variable declaration
$username = "";
$email = "";
$errors = array();
// call the register() function if register_btn is clicked
if (isset($_POST['register_btn'])) {
register();
}
// REGISTER USER
function register(){
// call these variables with the global keyword to make them available in function
global $db, $errors, $username, $email;
// receive all input values from the form. Call the e() function
// defined below to escape form values
$username = e($_POST['username']);
$email = e($_POST['email']);
$password_1 = e($_POST['password_1']);
$password_2 = e($_POST['password_2']);
// form validation: ensure that the form is correctly filled
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($email)) {
array_push($errors, "Email is required");
}
if (empty($password_1)) {
array_push($errors, "Password is required");
}
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
if (isset($_POST['user_type'])) {
$user_type = e($_POST['user_type']);
$query = "INSERT INTO users (username, email, user_type, password)
VALUES('$username', '$email', '$user_type', '$password')";
mysqli_query($db, $query);
$_SESSION['success'] = "New user successfully created!!";
header('location: home.php');
}else{
$query = "INSERT INTO users (username, email, user_type, password)
VALUES('$username', '$email', 'user', '$password')";
mysqli_query($db, $query);
// get id of the created user
$logged_in_user_id = mysqli_insert_id($db);
$_SESSION['user'] = getUserById($logged_in_user_id); // put logged in user in session
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}
}
// return user array from their id
function getUserById($id){
global $db;
$query = "SELECT * FROM users WHERE id=" . $id;
$result = mysqli_query($db, $query);
$user = mysqli_fetch_assoc($result);
return $user;
}
// escape string
function e($val){
global $db;
return mysqli_real_escape_string($db, trim($val));
}
function display_error() {
global $errors;
if (count($errors) > 0){
echo '<div class="error">';
foreach ($errors as $error){
echo $error .'<br>';
}
echo '</div>';
}
}
function isLoggedIn()
{
if (isset($_SESSION['user'])) {
return true;
}else{
return false;
}
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['user']);
header("location: login.php");
}
if (isset($_POST['login_btn'])) {
login();
}
// LOGIN USER
function login(){
global $db, $username, $errors;
// grap form values
$username = e($_POST['username']);
$password = e($_POST['password']);
// make sure form is filled properly
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
// attempt login if no errors on form
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) { // user found
// check if user is admin or user
$logged_in_user = mysqli_fetch_assoc($results);
if ($logged_in_user['user_type'] == 'admin') {
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "You are now logged in";
header('location: admin/home.php');
}else{
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
// ...
function isAdmin()
{
if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin' ) {
return true;
}else{
return false;
}
}
register.php
<?php
include('functions.php');
?>
<!DOCTYPE html>
<html>
<head>
<title>Register | Vex Radio</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<div class="header">
<h2>Register</h2>
</div>
<form method="post" action="register.php">
<p><?php echo display_error(); ?></p>
<div class="input-group">
<label>Username</label>
<input type="text" name="username" value="<?php echo $username; ?>">
</div>
<div class="input-group">
<label>Email</label>
<input type="email" name="email" value="<?php echo $email; ?>">
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm password</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<button type="submit" class="btn" name="register_btn">Register</button>
</div>
<p>
Already a member? Sign in
</p>
</form>
</body>
</html>
PHP to save the items in a DB and allow me to login
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 4 years ago.
I'am trying to create register/login system. However, I've faced some problems. I can't understand where's the mistake in my code.
Here's my server.php & register.php. Browser shows that mistake is in line 65. "Parse error: syntax error, unexpected ';'". In my opinion ; must be there.
<?php
session_start();
$username = "";
$email = "";
$errors = array();
// Connect to the database
$db = mysqli_connect('localhost', 'root', '', 'lead2pro');
// If the register button is clicked
if(isset($_POST['register'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db ,$_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// Ensure that form fields are filled properly
if(empty($username)) {
array_push($errors, "Username is required!");
}
if(empty($email)) {
array_push($errors, "Email is required!");
}
if(empty($password_1)) {
array_push($errors, "Password is required!");
}
if($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// If there are no errors, save user to database
if(count($errors) == 0) {
$password = md5($password_1); // Hashin the password before storing in database
$sql = "INSERT INTO users (username, email, password) VALUES('$username', '$email', '$password')";
mysqli_query($db, $sql);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ../system.php'); // Redirect to game location
}
}
// log user in from login page
if(isset($_POST['login'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
// Ensure that form fields are filled properly
if(empty($username)) {
array_push($errors, "Username is required!");
}
if(empty(password)) {
array_push($errors, "Password is required!");
}
if(count($errors) == 0){
$password = md5($password); // Encrypt password before comparing this one with the one in database
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($db, $query);
$if (mysqli_num_rows($result) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ../system.php'); // Redirect to main page location
} else {
array_push($errors, "Wrong username/password combination");
header('location: ../php/login.php');
}
}
}
//logout
if(isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['username']);
header('location: ../php/login.php');
}
?>
Here's my register.php
<?php include('../includes/server.php');?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Manager | Register</title>
<link rel="stylesheet" href="../css/reg.css">
</head>
<body>
<div class="header">
<h2>Register</h2>
</div>
<!-- Display validation errors here! -->
<?php include('../includes/errors.php'); ?>
<form action="register.php" method="post">
<div class="input-group">
<label>Username</label>
<input type="text" name="username" value="<?php echo $username; ?>">
</div>
<div class="input-group">
<label>Email</label>
<input type="text" name="email" value="<?php echo $email; ?>">
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm Password</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<button type="submit" name="register" class="btn">Register</button>
</div>
<p>
Already a member? Sign in
</p>
</form>
</body>
</html>
The problem is on a different line:
$if (mysqli_num_rows($result) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ../system.php'); // Redirect to main page location
}
That $ should not be there in front of the if.