Trying to make a login form become hidden once a successful login has happened within the form, so that the form cannot be seen by the user once they are logged in, but I still need a success message to be displayed when a successful login has happened.
I have the form and the login sorted and it displayed a success message when a successful login has been made but I cant hide the form upon successful login.
i have an if statement set up using isset but that's as far as I got I don't know what needs to go inside the if statement for me to hide the form.
This is the PHP code for my login page -
<?php
require('includes/application_top.php');
$page_title='Login!';
if (isset($_POST['action'])) {
$username_input = $_POST['username'];
$password_input = $_POST['password'];
$login_ok = login($username_input, $password_input);
}
require('includes/site_header.php');
?>
<style>
<?php
require('css/login.css');
?>
</style>
<br>
<br>
<br>
<?php
if (isset($login_ok)) {
?>
<div class="row">
<div class="col-sm-12">
<?php
if ( ! $login_ok) {
?>
<div class="alert alert-danger">
<p>Your credentials were invalid</p>
</div>
<?php
} else {
?>
<div class="alert alert-success">
<p>Login successful</p>
</div>
<?php
}
?>
</div>
</div>
<?php
}
?>
<!-- This is the if statement I mention -->
<?php
if !isset($login_okay){
?>
<div class="wrapper dafswInDown" hidden>
}
?>
<div class="wrapper fadeInDown">
<div id="formContent">
<!-- Icon -->
<div class="fadeIn first">
<br>
<img src="images/Head1.jpg" style="height: 40%; width: 60%;" id="icon" alt="User Icon" />
<br>
<h3> Login! </h3>
</div>
<br>
<!-- Login Form -->
<form id="login_form" action="login_page.php" method="post">
<input type="text" class="fadeIn second" id="username" name="username" placeholder="Username" value="<?= isset($_POST['username']) ? htmlspecialchars($_POST['username']) : '' ?>" maxlength="100" />
<input type="password" class="form-control" id="password" name="password" placeholder="Password" value="" />
<input type="submit" class="fadeIn fourth" name="action" value="Login"/>
</form>
<!-- Remind Passowrd -->
<div id="formFooter">
<a class="underlineHover" href="#">Forgot Password?</a>
</div>
</div>
</div>
<?php
require('includes/application_bottom.php');
require('includes/site_footer.php');
?>
There are a number of different ways you can approach this problem, but i think the best way to do this is with a session variable. Make your login function create a session variable that will follow the logged in user around throughout the website, then its just a matter of checking for the value and either displaying or hiding the form based on that. Here is a simplified example:
<?php function login($username_input=false, $password_input=false){
// Do all your verification here
// If logged in then:
session_start();
$_SESSION["user"] = true;
}
// Then on the form side just do this:
if(!$_SESSION["user"]){ ?>
FORM HERE
<?php } ?>
Related
I am working on a verification for my sign in using php for a side project. Right now I have one user which is the admin and the password is just 123. If the user enter the wrong password or username, it will throw a message saying Wrong Password or Wrong Username. At the moment it doesn't do either and I am trying to figure out why. I will post the html and php down below.
Update: I have added the method = post. Not sure where to go from here.
<?php
$uname = $_POST['uname'];
$passwd = $_POST['psw'];
$error = "";
$success ="";
if(isset($_POST['submit'])){
if($uname == 'admin'){
if($passwd == '123'){
$error = "";
$success = "Welcome Admin";
}
else{
$error = " Wrong Password!!";
$success = "";
}
}
else{
$error = " Wrong Username!";
$success = "";
}
}
?>
<html lang="en">
<head>
<title>Hangman Home Page</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-
width, initial-scale=1">
<link rel="stylesheet" type="text/css"
href="home.css">
</head>
<body>
<div class="header">
<div class="a">Hangman</div>
<br>
<br>
<br>
<!--column start here -->
<div class="hi">
<table id="leader">
<tr>
<th><img src="crown.gif"></th>
</tr>
<tr>
<td>Leader Board</td>
</tr>
<tr>
<td>1st. John : 4 guess</td>
</tr>
<tr>
<td>2nd. Smith : 6 Guesses</td>
</tr>
<tr>
<td>3rd. Tom : 7 Guesses</td>
</tr>
<tr>
<td>4th. Allen : 8 Guesses</td>
</tr>
</table>
</div>
<!-- form start here -->
<br><br>
<div class="b">Think You Can Beat #1 ?</div>
<center><button
onclick=
"document.getElementById('id01').
style.display='block'"
style="width:auto;">Play Now!!!
</button></center>
<div id="id01" class="modal">
<form class="modal-content animate" action="/action_page.php">
<div class="imgcontainer">
<span onclick="document.getElementById('id01').style.display='none'" class="close" title="Close Modal">×</span>
<img src="hang1.gif" alt="logo" class="avatar">
</div>
<div class="container">
<p class="error">
<?php echo 'error'; ?>
</p>
<p class="success">
<?php echo 'success'; ?>
</p>
<label for="uname"><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="uname" required>
<label for="psw"><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="psw" required>
<button type="submit">Login</button>
<label>
<input type="checkbox" checked="checked" name="remember"> Remember me
</label>
</div>
<div class="container" style="background-color:#f1f1f1">
<button type="button" onclick="document.getElementById('id01').style.display='none'" class="cancelbtn">Cancel</button>
<span class="psw">Forgot password?</span>
</div>
</form>
There's some mistakes at your script. First, let's check your form:
<form action="/action_page.php">
<input type="text" placeholder="Enter Username" name="uname" required>
<input type="password" placeholder="Enter Password" name="psw" required>
<button type="submit">Login</button>
<input type="checkbox" checked="checked" name="remember"> Remember me
</form>
This code when filled and submitted, will result at those variables at your PHP script:
$_GET["uname"], $_GET["psw"] and $_GET["remember"].
You're trying to reach the data using $_POST, but this will happen only when you add the attribute method="post" at your <form> tag.
You can also reach the mixed $_GET and $_POST arrays using $_REQUEST.
Another mistake it's the way you check if data has been submitted at the top of the code. There's no variable $_POST["submit"] (neither $_GET["submit"] or $_REQUEST["submit"]), because there's no variable with this name at the form, and you're probably thinking about submit button. To check if the form was submitted, the best way is to check if the username and password was not empty.
Also, you're echoing 'error' and 'success' at the form, and you're probably trying to echo the result of $error and $success.
Cause you don't display either the error message or the success message. Here a code that should resolve your problem:
..............
<!-- in your form tag add attribute method="POST" -->
<!-- Your code -->
<!-- in your div class="container"> -->
<?php if($success) { ?>
<p class="success"><?php echo $success; ?></p>
<?php } else if ($error) { ?>
<p class="error">
<?php echo $error; ?>
</p>
<!-- Your code -->
Happy coding ;)
you are echoing a string called success and error <?php echo 'success'; ?> what you should do is to echo the variables:
<?php echo $error; ?>
and:
<?php echo $success; ?>
Sorry about the title. Didn't really know how to put it. But I'm open for suggestions so people who have a similar issue can find this topic easy.
I've made a simple login/registration script in php. The issue that I'm having is that "user messages" don't get displayed and I can't figure out what I'm doing wrong.
When I user registers he/she needs to confirm his/her email address.
Once this is done and the user login he/she should be redirected to the profile page...profile.php
But for some reason this doesn't work. Anyone knows why?
index.php
<?php
/* Main page with two forms: sign up and log in */
require 'db.php';
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Sign-Up/Login Form</title>
<?php include 'css/css.html'; ?>
</head>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
if (isset($_POST['login'])) { //user logging in
require 'login.php';
}
elseif (isset($_POST['register'])) { //user registering
require 'register.php';
}
}
?>
<body>
<div class="form">
<ul class="tab-group">
<li class="tab">Sign Up</li>
<li class="tab active">Log In</li>
</ul>
<div class="tab-content">
<div id="login">
<h1>Welcome Back!</h1>
<form action="index.php" method="post" autocomplete="off">
<div class="field-wrap">
<label>
Email Address<span class="req">*</span>
</label>
<input type="email" required autocomplete="off" name="email"/>
</div>
<div class="field-wrap">
<label>
Password<span class="req">*</span>
</label>
<input type="password" required autocomplete="off" name="password"/>
</div>
<p class="forgot">Forgot Password?</p>
<button class="button button-block" name="login" />Log In</button>
</form>
</div>
<div id="signup">
<h1>Sign Up for Free</h1>
<form action="index.php" method="post" autocomplete="off">
<div class="top-row">
<div class="field-wrap">
<label>
First Name<span class="req">*</span>
</label>
<input type="text" required autocomplete="off" name='firstname' />
</div>
<div class="field-wrap">
<label>
Last Name<span class="req">*</span>
</label>
<input type="text"required autocomplete="off" name='lastname' />
</div>
</div>
<div class="field-wrap">
<label>
Email Address<span class="req">*</span>
</label>
<input type="email"required autocomplete="off" name='email' />
</div>
<div class="field-wrap">
<label>
Set A Password<span class="req">*</span>
</label>
<input type="password"required autocomplete="off" name='password'/>
</div>
<button type="submit" class="button button-block" name="register" />Register</button>
</form>
</div>
</div><!-- tab-content -->
</div> <!-- /form -->
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script src="js/index.js"></script>
</body>
</html>
Login.php
<?php
/* User login process, checks if user exists and password is correct */
// Escape email to protect against SQL injections
$email = $mysqli->escape_string($_POST['email']);
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'");
if ( $result->num_rows == 0 ){ // User doesn't exist
$_SESSION['message'] = "User with that email doesn't exist!";
header("location: error.php");
}
else { // User exists
$user = $result->fetch_assoc();
if ( password_verify($_POST['password'], $user['password']) ) {
$_SESSION['email'] = $user['email'];
$_SESSION['first_name'] = $user['first_name'];
$_SESSION['last_name'] = $user['last_name'];
$_SESSION['active'] = $user['active'];
// This is how we'll know the user is logged in
$_SESSION['logged_in'] = true;
header("location: profile.php");
}
else {
$_SESSION['message'] = "You have entered wrong password, try again!";
header("location: error.php");
}
}
profile.php
<?php
/* Displays user information and some useful messages */
session_start();
// Check if user is logged in using the session variable
if ( $_SESSION['logged_in'] != 1 ) {
$_SESSION['message'] = "You must log in before viewing your profile page!";
header("location: error.php");
}
else {
// Makes it easier to read
$first_name = $_SESSION['first_name'];
$last_name = $_SESSION['last_name'];
$email = $_SESSION['email'];
$active = $_SESSION['active'];
}
?>
<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>Welcome <?= $first_name.' '.$last_name ?></title>
<?php include 'css/css.html'; ?>
</head>
<body>
<div class="form">
<h1>Welcome</h1>
<p>
<?php
// Display message about account verification link only once
if ( isset($_SESSION['message']) )
{
echo $_SESSION['message'];
// Don't annoy the user with more messages upon page refresh
unset( $_SESSION['message'] );
}
?>
</p>
<?php
// Keep reminding the user this account is not active, until they activate
if ( !$active ){
echo
'<div class="info">
Account is unverified, please confirm your email by clicking
on the email link!
</div>';
}
?>
<h2><?php echo $first_name.' '.$last_name; ?></h2>
<p><?= $email ?></p>
<button class="button button-block" name="logout"/>Log Out</button>
</div>
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script src="js/index.js"></script>
</body>
</html>
error.php
<?php
/* Displays all error messages */
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Error</title>
<?php include 'css/css.html'; ?>
</head>
<body>
<div class="form">
<h1>Error</h1>
<p>
<?php
if( isset($_SESSION['message']) AND !empty($_SESSION['message']) ):
echo $_SESSION['message'];
else:
header( "location: index.php" );
endif;
?>
</p>
<button class="button button-block"/>Home</button>
</div>
</body>
</html>
Use ob_start(); before outputting anything on your script. It looks like you become a victim of filled up output jars.
<?php
ob_start();
//Make sure you use ob_start() before any outputting anything.
//Rest of your code
?>
Suggestions: As mentioned in the comment too Please define a type of login button like type="submit" and last thing escape_string() won't save you from sql injection. Either use PDO or Prepared statement.
Here is how my admin login page should work:
1.For a valid login:
login.php>admin.php>adminpanel.php
2. For non valid login:
login.php>admin.php>login.php
Facts:
1. db is connected
2. db fields are "userid" "username" " password"
3. password is encrypted
Problem is :
Login page redirecting me to admin.php page and no error is showing .
//login.php
<form action = "admin.php" role="form" method="post">
<div class="form-group input-group">
<span class="input-group-addon">Name</span>
<input type="text" class="form-control" placeholder="Enter Super Admin Name">
</div>
<div class="form-group input-group">
<span class="input-group-addon">Password</span>
<input type="text" class="form-control" placeholder="Enter Super Admin Password">
</div>
<?php
if (isset($_GET['error'])){
echo "Hay Dude!!! Are You Lost? call 911!!";
}?>
<button type="submit" class="btn btn-lg btn-primary">login</button>
</form>
//admin.php
<?php
include ("dbconnect.php");
session_start();
if (isset($_POST['logout'])){
unset($_session['admin']);
}
if (isset($_POST['login'])){
$login_sqli= "SELECT * FROM user WHERE Name ='".$_POST['username']."'AND Password='".sha1($_POST['password'])."'";
$login_query = mysqli_query($dbconnect,$login_sqli);
if (mysqli_num_rows($login_query)>0){
$login_rs= mysqli_fetch_assoc($login_query);
$_session['admin']=$login_rs['username'];
}else
header ("location:admin.php?error=login");
}
<body>
<div class="col-lg-12 text-center">
<div class="jumbotron">
<h1>Hay Dude! You Lost?? Try Again or Call 911!!</h1>
<?php
if (!isset($_session['admin'])){
include ("login.php");
}else{
include ("adminpanel.php");
}
?>
</div>
</div>
</body>
I am redirecting a user to a page named "forgot_pass" in such a way
"forgot_pass.php?code='$code'&username='$hidden_username'>".
But when user clicks on link for redirection the url seems like this
http://localhost/Validation/forgot_pass.php?code=
and there is no any page displayed.
The variables passed in url have values as i have already checked it. But they are not displaying when sent in url.
Help me in solving this issue.
reset.php
<?php
ini_set("display_errors", TRUE);
require_once './include/db_connection.php';
$pass = $_POST['pass'];
$pass1 = $_POST['pass1'];
$code = $_GET['code'];
$hidden_username = $_POST['username'];
if($pass == $pass1)
{
echo 'Password Changed !';
}
else
{
echo "Passowrd must match
<a href='forgot_pass.php?code='$code'&username='$hidden_username'>Try Again</a>
";
}
forgot_pass.php
<?php
ini_set("display_errors", TRUE);
require_once './include/db_connection.php';
if(isset($_GET['code']))
{
$get_code = (isset($_GET['code'])? $_GET['code'] : null);
$get_username =(isset($_GET['username']) ? $_GET['username'] : null);
$match_code = mysqli_query($link, "select * from signup where username='$get_username'");
if(mysqli_num_rows($match_code) > 0)
{
while($row = mysqli_fetch_assoc($match_code))
{
$db_username = $row['username'];
$db_code = $row['paareset'];
}
}
if($get_username == $db_username && $get_code == $db_code)
{ ?>
<html>
<head>
<meta charset="UTF-8">
<title>Change Password</title>
</head>
<body>
<div class="container">
<div class="row">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-body">
<div class="text-center">
<h3><i class="fa fa-pencil fa-4x"></i></h3>
<h2 class="text-center">New Password?</h2>
<div class="panel-body">
<form class="form" method="post"
action= "reset_pass.php?code=<?php echo $get_code ?>"
<fieldset>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-pencil color-blue"></i></span>
<input name="pass" placeholder="New Password" class="form-control" type="password" required="">
</div>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-pencil color-blue"></i></span>
<input name="pass1" placeholder="Re-type Password" class="form-control" type="password" required="">
<input type="hidden" name="username" value="<?php echo $db_username ?>">
</div>
</div>
<div class="form-group">
<input class="btn btn-lg btn-primary btn-block" name="send" value="Change Password" type="submit">
</div>
<div class="form-group">
<span style="color: red"><?php if(isset($message['mail'])) {echo $message['mail']; } ?></span>
</div>
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
}
} // End if (isset['code'])
if(!isset($_GET['code']))
{
?>
<html>
<head>
</head>
<body>
// Here i am displaying another form that gets email address and sends email
</body>
</html>
<?php
}
Remove single-quotes around the arguments, you are using them to delimit the URL so don't use them inside the URL (or at least escape them) :
echo "Password must match <a href='forgot_pass.php?code=$code&username=$hidden_username'>Try Again</a>";
Try with this way
echo "Passowrd must match
Try Again"
you have mismatch in columns
try to change your code to
echo "Passowrd must match
<a href='forgot_pass.php?code=".$code."&username=".$hidden_username".'>Try Again</a>
"
Please check if your filenames are correct.
You named: reset.php and forgot_pass.php
In forgot_pass.php your action goes towards reset_pass.php
remove single quote
"forgot_pass.php?code=$code&username=$hidden_username>"
I have a member form that requires a password to gain access to it.
Once the user has entered the password they may then enter in their details in the form.
However the problem is that when the user submits the form they are getting logged out of the session.
I would like the user to remain logged in when they hit submit and then be directed to a second member form further down the same page.
Here is the code I am using for the password login:
`
<?php
//encrypted password here - example is 'hello'
$password = 'aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d';
session_start();
session_unset();
session_destroy();
if (!isset($_SESSION['loggedIn'])) {
$_SESSION['loggedIn'] = false;
}
if (isset($_POST['password'])) {
if (sha1($_POST['password']) == $password) {
$_SESSION['loggedIn'] = true;
} else {
header ("Location: error.php");
exit();
}
}
if (!$_SESSION['loggedIn']): ?>
<html>
<head><title>Login Page</title></head>
<body>
<form method="post" action="registration/signup.php">
Password: <input type="password" name="password"> <br />
<input type="submit" name="submit" value="Login">
</form>
</body>
</html>
`
Here is the code I am using at the top of the password protected page (Member Form Page):
<?php
require('../access.php');
?>
And this is the form on the password protected page (Member Form Page):
<form action="#sky-form2" method="post" enctype="multipart/form-data" id="sky-form" class="sky-form">
<fieldset>
<div class="row">
<div class="col-md-4" align="left">
<label class="input">
<input type="text" name="name" placeholder="Name">
<b class="tooltip tooltip-bottom-left">Enter you full name</b>
</label>
</div>
<div class="col-md-4" align="left">
<label class="input">
<input type="email" name="email" placeholder="E-mail">
<b class="tooltip tooltip-bottom-left">Enter a valid email address</b>
</label>
</div>
</div>
</fieldset>
<div class="row">
<div class="col-md-4" align="left">
<button type="submit" button class="border-button">NEXT</button>
</div>
</div>
</form>
I know that the password method above is not the most secure, however I really dont require it to be. I just want the member form to be available to everyone who has been given a password for it.
Huge thank you to anyone who can help me out with this.