A new client who has a WordPress site needed to access his administration from which he was locked out by the person who setup the site. He only had FTP access so I had to create a script to connect to the DB and run a password change query. (yes I did confirm that he was truly the owner).
Because the file must be deleted after use, I placed unlink(__FILE__); at the end of the process, but the file remained.
The code (hopefully not considered unethical)
<?php
if( file_exists(dirname(__FILE__).'/wp-config.php') )
{
include 'wp-config.php';
$dbconnect = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$usertbl = $table_prefix.'users';
$usermeta = $table_prefix.'usermeta';
$userlvl = $table_prefix.'user_level';
$users = "
SELECT ID, user_login, user_email
FROM $usertbl
LEFT JOIN $usermeta
ON $usertbl.ID = $usermeta.user_id
WHERE meta_key = '$userlvl'
AND meta_value = 10
";
$res = $dbconnect->query($users);
$usr= $optname='';
if( $res->num_rows > 0 ) {
while($row = $res->fetch_assoc()) {
$usr .= '<ul><li>'.$row['user_login'].'</li><li>'.$row['user_email'].'</li></ul>';
$optname .= '<option value="'.$row['user_login'].'">'.$row['user_login'].'</option>';
}
}
if( $dbconnect->connect_error ) {
echo '<p style="color:red">DB connection failed: ('.$dbconnect->connect_errno.') '.$dbconnect->connect_error.'<br>Database connection was blocked</p>';
exit();
}
// Run password update
$result='';
if( isset($_POST['username']) && isset($_POST['pwset']) )
{
$password = '"'.MD5($_POST['pwset']).'"';
$username = '"'.$_POST['username'].'"';
$query = "UPDATE $usertbl SET user_pass = $password WHERE user_login = $username";
$admin = str_replace($_SERVER['SCRIPT_NAME'],'',$_SERVER['SCRIPT_URI']).'/wp-admin';
if( $dbconnect->query($query) === TRUE )
{
$result = '<p class="success">The password update ran successfully.</p>';
$result .= '<p class="success">Now redirecting to admin...</p>';
// redirect to admin login in 7 seconds
echo '<meta http-equiv="refresh" content="7; URL='.$admin.'" />';
// file self delete
unlink(__FILE__);
}
}
} ?>
<!DOCTYPE html>
<html>
<head>
<title>Reset</title>
<style>
body {font-family: verdana; font-size: 13px; padding: 0 50px 50px;}
a {text-decoration: none; color: #b22525; font-weight: 900;}
input, select {display: block; border: 1px solid #bbb; padding: 4px; margin-bottom: 5px;}
.notice {background: #ddf7ff; padding: 8px;}
.notice-alert {background: #ffdde1; padding: 8px; font-size: 28px; text-align: center; color: #ce0100; font-weight: 900;}
.success {background: #f1ffdb; padding: 8px;}
input[type="submit"] {cursor: pointer;}
input[type="text"] {font-family: courier; padding: 3px;}
.footnote {text-align: center; background: #f2f2f2; padding: 5px;}
.list {margin: 20px 0;}
.list ul {list-style: none; padding: 0; margin: 0; overflow: hidden;}
.list li {float: left; padding: 5px; border: 1px solid #eee; width: 50%; box-sizing: border-box;}
.list .th {background: #ddd; font-weight: 900;}
</style>
</head>
<body>
<?php if( !file_exists(dirname(__FILE__).'/wp-config.php') ) {
echo '
<p class="notice-alert">
This file must be in the WordPress root directory where the wp-config.php file is located.
</p>
';
}else{
if( !empty($dbconnect->stat) )
echo '<p class="notice">database connection OK</p>';
?>
<form method="post" action="">
<h3>Admin Password Reset</h3>
<p class="notice-alert">Be sure to delete this file once done</p>
Select the user name to update*<br />
<select name="username" required="required">
<option value="">Select</option>
<?php echo $optname; ?>
</select>
Set new password*<br />
<input type="text" name="pwset" value="" required="required" />
<input type="submit" name="pwsend" value="Reset Password" />
<?php echo $result; ?>
</form>
<div class="list">
<h4>List of Administrators Found In User Database</h4>
<ul class="th"><li>Username</li><li>Email</li></ul>
<?php echo $usr; ?>
</div>
<?php } ?>
</body>
</html>
The output
What's missing in the process to get the self delete to run?
Related
I was making a review form in which a review will be taken from a textbox and inserted into the database. But the problem is that when I try running the code it gives the following error:
Warning: mysqli::query(): Couldn't fetch mysqli in C:\wamp64\path\to\file on line 12
The code that I wrote for doing the same is given below:
<?php
require_once('data.php');
require_once('connect.php');
$personName = $_GET['name'];
$value = $_POST['review'] ?? '';
echo "<p>".$personName;
echo "<p>".$value;
$sql = "INSERT INTO reviews (name, review) VALUES ('$personName', '$value')";
if($connection->query($sql) === TRUE) {
echo "Inserted";
} else {
echo "Not inserted";
}
?>
<!DOCTYPE html>
<html>
<head>
<style>
input[type=text], select {
width: 100%;
padding: 12px 20px;
margin: 8px 0;
display: inline-block;
border: 1px solid #ccc;
border-radius: 4px;
box-sizing: border-box;
}
button[type=submit] {
width: 100%;
background-color: #4CAF50;
color: white;
padding: 14px 20px;
margin: 8px 0;
border: none;
border-radius: 4px;
cursor: pointer;
}
input[type=submit]:hover {
background-color: #45a049;
}
</style>
</head>
<body>
<form class="" method="post" >
<label for="form-element"></label>
<input type="text" name="review" class="form-control" id="review" placeholder="Enter anonymous review">
<button type="submit" class="menu">Submit</button>
</form>
</div>
</body>
</html>
It is interesting to note that everything that is stored in $personName and $value are being echoed correctly. But the problem appears when I try inserting the data stored in the variable into the database. This seems pretty disgusting topic. I tried to solve it the whole previous day but failed. Any help will be highly appreciated.
Also, I haven't added prepared statements feature for the time being but I will add the same to prevent it from mysql injection attacks as soon as this problem is solved.
[P.S.: I am still a beginner in PHP, So there are high chances that my mistakes are silly. Pardon if it is so. ]
connect.php:
<?php
$connection = mysqli_connect('localhost','root','');
if(!$connection) {
die("Failed to connect" . mysqli_error($connection));
}
else {
echo "";
}
$select_db = mysqli_select_db($connection, 'db2');
if(!$select_db) {
die("Database selection failed" . mysqli_error($connection));
}
else {
echo "";
}
?>
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "invoice";
$personName = "Bhaskar";
if(isset($_POST['submit'])){
$value = $_POST['review'];
echo "<p>".$personName;
echo "<p>".$value;
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql ="INSERT INTO tbl_review (name, review) VALUES ('$personName', '$value')";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
?>
<!DOCTYPE html>
<html>
<head>
<style>
input[type=text], select {
width: 100%;
padding: 12px 20px;
margin: 8px 0;
display: inline-block;
border: 1px solid #ccc;
border-radius: 4px;
box-sizing: border-box;
}
button[type=submit] {
width: 100%;
background-color: #4CAF50;
color: white;
padding: 14px 20px;
margin: 8px 0;
border: none;
border-radius: 4px;
cursor: pointer;
}
input[type=submit]:hover {
background-color: #45a049;
}
</style>
</head>
<body>
<form class="" method="post" action="" >
<label for="form-element"></label>
<input type="text" name="review" class="form-control" id="review" placeholder="Enter anonymous review">
<button type="submit" name="submit" class="menu">Submit</button>
</form>
</div>
</body>
</html>
I'm trying to align the items in the center of the page. I'm using display: flex however, this causes the text to be split up into different columns but I don't want that, I want the text to be normal, you know. When the session is set, the text will show; you can see the forms are aligned in the center, but the text isn't.
* {
margin: 0;
padding: 0;
font-family: Arial, Helvetica, sans-serif;
font-size: 14px;
letter-spacing: -0.5px;
}
html,
body {
height: 100%;
width: 100%;
background: #fff;
}
.content-container {
width: 100%;
height: auto;
padding: 10pt;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
margin: 0 auto;
margin-top: 30pt;
display: flex;
justify-content: center;
}
.header {
top: 0;
position: fixed;
height: 30pt;
width: 100%;
background: rgba(255, 255, 255, 0.50);
border-bottom: 1.5px solid #0047FF;
}
.header-content {
width: 100%;
height: inherit;
margin: 0 auto;
white-space: nowrap;
line-height: 30pt;
padding: 0 5pt;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
}
.header-menu {
border-right: 1px solid #0047FF;
margin-right: 10pt;
width: auto;
height: inherit;
float: left;
padding: 0 5pt 0 0;
}
.header-menu ul li {
list-style: none;
float: left;
}
.header-menu ul li a {
color: #555;
text-decoration: none;
padding: 0 3pt;
float: left;
}
.logout-form__ button {
background: none;
cursor: pointer;
border: none;
outline: none;
color: #555;
}
.logout-form__ button:hover {
color: #888
}
.header-menu ul li a:after {
content: "/";
padding: 0 0 0 5pt
}
.header-menu ul li:last-child a:after {
content: "";
padding: 0;
}
.header-menu ul li a:hover {
color: #888;
}
.header-menu ul li a:hover:after {
color: #555
}
.header-search form input {
border: none;
background: rgba(255, 255, 255, 0.50);
outline: none;
padding: 5pt;
border-top: 1px solid #eee;
width: 250pt;
display: inline-block;
color: #555
}
.header-search form input:focus {
border-color: #ccc;
background: rgba(255, 255, 255, 0.80)
}
.header-search form button {
background: rgba(255, 255, 255, 0.50);
border: none;
outline: none;
border-top: 1px solid #eee;
padding: 5pt;
cursor: pointer;
color: #555
}
.header-search form button:hover {
border-color: #ccc;
background: rgba(255, 255, 255, 0.60);
}
.same-form-styling {
float: left;
padding: 10pt 0;
border-bottom: 1px solid #ccc;
width: auto;
width: 400pt
}
.forms-title {
border-bottom: 1px solid #ccc;
padding: 0 0 10pt 0;
margin-bottom: 10pt
}
.forms-title span {
font-size: 16px;
}
.same-form-styling form input {
width: 100%;
display: block;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
padding: 10pt 0;
border: none;
outline: none;
border-bottom: 1px solid #eee;
}
.same-form-styling form button {
border: none;
outline: none;
padding: 10pt;
border-left: 1px solid #eee;
float: left;
background: none;
border-right: 1px solid #eee;
width: 150pt;
}
<?php
include_once './Private/Backend/Database/conn.php';
if(isset($_POST['logout'])) {
session_destroy();
unset($_SESSION['id']);
unset($_SESSION['username']);
unset($_SESSION['email']);
header("location: index.php?a=login");
}
/* ### */
if(isset($_POST['login-btn'])) {
$l_email = mysqli_real_escape_string($main, $_POST['l-email']);
$l_email = stripcslashes($l_email);
$l_pass = mysqli_real_escape_string($main, $_POST['l-pass']);
$l_pass = stripcslashes($l_pass);
if(filter_var($l_email, FILTER_VALIDATE_EMAIL)) {
$hashed = md5(sha1(md5(sha1($l_pass))));
$sql = "SELECT * FROM accounts WHERE email='$l_email' and password='$hashed'";
$result = mysqli_query($main, $sql);
if(mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['email'] = $row['email'];
header("location: index.php");
}
} else {
header("location: index.php?a=login&loginErr=wrong&email=$l_email");
}
} else {
header("location: index.php?a=login&loginErr=invalidEmail&email=$l_email");
}
}
if(isset($_POST['reg-btn'])) {
$username = mysqli_real_escape_string($main, $_POST['reg-uname']);
$username = stripcslashes($username);
$username = strip_tags($username);
$email = mysqli_real_escape_string($main, $_POST['reg-email']);
$email = stripcslashes($email);
$email = strip_tags($email);
$email_c = mysqli_real_escape_string($main, $_POST['reg-c-email']);
$email_c = stripcslashes($email_c);
$pass = mysqli_real_escape_string($main, $_POST['reg-pass']);
$pass = stripcslashes($pass);
$pass_c = mysqli_real_escape_string($main, $_POST['reg-c-pass']);
$pass_c = stripcslashes($pass_c);
if(!empty($username && $email && $email_c && $pass && $pass_c)) {
$sql = "SELECT * FROM accounts WHERE username='$username'";
$result = mysqli_query($main, $sql);
if(mysqli_num_rows($result) > 0 ){
header("location: index.php?a=register®isterErr=userTaken&username=$username&email=$email&cEmail=$email_c");
} else {
if(filter_var($email, FILTER_VALIDATE_EMAIL)) {
if($email == $email_c) {
$sql = "SELECT * FROM accounts WHERE email='$email'";
$result = mysqli_query($main, $sql);
if(mysqli_num_rows($result) > 0) {
header("location: index.php?a=register®isterErr=emailTaken&username=$username&email=$email&cEmail=$email_c");
} else {
if(strlen($pass) >= 6) {
if($pass == $pass_c) {
$hashedBrown = md5(sha1(md5(sha1($pass))));
$sql = "INSERT INTO accounts (username, account_type, first_name, last_name, gender, bio, email, password) VALUES ('$username', 'Regular User' , '', '', '', '','$email', '$hashedBrown')";
$result = mysqli_query($main, $sql);
$sql = "SELECT * FROM accounts WHERE username='$username' and email='$email'";
$result = mysqli_query($main, $sql);
$row = mysqli_fetch_assoc($result);
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['email'] = $row['email'];
header("location: index.php");
} else {
header("location: index.php?a=register®isterErr=passwordsDoNotMatch&username=$username&email=$email&cEmail=$email_c");
}
} else {
header("location: index.php?a=register®isterErr=passwordLen&username=$username&email=$email&cEmail=$email_c");
}
}
} else {
header("location: index.php?a=register®isterErr=emailsDoNotMatch&username=$username&email=$email&cEmail=$email_c");
}
} else {
header("location: index.php?a=register®isterErr=username=$username&email=$email&cEmail=$email_c");
}
}
} else {
header("location: index.php?a=register®isterErr=allEmpty");
}
}
?>
<!DOCTYPE html>
<html lang="en" style="overflow-x: hidden;">
<head>
<meta charset="UTF-8" />
<title>ICode Foundation</title>
<link rel="stylesheet" type="text/css" href="./Public/CSS/Beta/all.css" />
</head>
<body>
<div class="header">
<div class="header-content">
<div class="header-menu">
<ul>
<?php if(!isset($_SESSION['id'])) { ?><li>Register</li><?php } ?>
<?php if(!isset($_SESSION['id'])) { ?><li>Login</li><?php } ?>
<?php if(isset($_SESSION['id'])) { ?><li>Home</li><?php } ?>
<?php if(isset($_SESSION['id'])) { ?><li>You <span>(<strong><?php echo $_SESSION['username']; ?></strong>)</span></li><?php } ?>
<?php if(isset($_SESSION['id'])) { ?><li><a href="#">
<form action="index.php" method="POST" class="logout-form__">
<button type="submit" name="logout">
Logout
</button>
</form>
</a></li><?php } ?>
</ul>
</div>
<div class="header-search">
<form action="#" method="GET">
<input type="text" placeholder="Search" name="q" autocomplete="off" /><button type="submit" name="search-btn">Search</button>
</form>
</div>
</div>
</div>
<div class="content-container">
<?php if(!isset($_SESSION['id'])) { ?>
<?php if(isset($_GET['a'])) { ?>
<?php if($_GET['a']=="register") { ?>
<div class="register same-form-styling">
<div class="forms-title"><span>Register</span></div>
<form action="index.php" method="POST">
<input type="text" name="reg-uname" placeholder="Username" <?php if(isset($_GET['username'])) { echo 'value="' . $_GET['username'] . '"'; } ?> />
<input type="text" name="reg-email" placeholder="Email Address" <?php if(isset($_GET['email'])) { echo 'value="' . $_GET['email'] . '"'; } ?> />
<input type="text" name="reg-c-email" placeholder="Confirm Email" <?php if(isset($_GET['cEmail'])) { echo 'value="' . $_GET['cEmail'] . '"'; } ?> />
<input type="password" name="reg-pass" placeholder="Password" />
<input type="password" name="reg-c-pass" placeholder="Confirm Password" />
<button type="submit" name="reg-btn">Register</button>
</form>
<div class="register-info" style="clear:both;border-top: 1px solid #ccc;padding: 10pt 0 0 0;">You are not hindered to a specific array of characters to inlude in your password therefore, ensure your password is strong and memorable. Hindering users on what characters they can use in their password is an idiotic move hence, we don't include such feature nor endorse this practice. It is solely your fault and responsibility if your password is easily guessable.</div>
</div>
<?php } elseif($_GET['a']=="login") { ?>
<div class="login same-form-styling">
<div class="forms-title"><span>Login</span></div>
<form action="index.php" method="POST">
<input type="text" placeholder="Email" name="l-email" <?php if(isset($_GET['email'])) { echo 'value="' . $_GET['email'] . '"'; } ?> />
<input type="password" placeholder="Password" name="l-pass" />
<button type="text" name="login-btn">Login</button>
</form>
</div>
<?php } else { ?>
<div class="unknown">
Unknown operation; it's either login or register.
</div>
<?php } ?>
<?php } ?>
<?php } else { ?>
<h1>Welcome</h1>
<p>All you can do is log in, edit your profile can search, view other profiles. Functionality such as blogging is an intended feature to soon be implemented. This site will go through major updates to ensure full reliability and user usability. Other major implementations such as code integrations to advance the site's functionality is desirable however, this site shouldn't be too advanced which could lead to hindrances thinking of new concepts for future updates.</p>
<p>This site will be powered by volunteers; voluntary developers, graphic designers and other skills that are beneficially suggestive towards this project. Your skills must include an array of professional and impeccable knowledge of a broad range of subjects and that bring in a diverse array of talent of knowledge to this project to grow and enlarge the project in many different ways. If you're interested in developing the site, email the lead developer at adamhope470#gmail.com. </p>
<p>You must lay your email out in a way that is comprehensible and professional. Ensure that you include your skills and how you will benefit the project in an innovative and intuitive manner. Include your programming skills and what programming languages do you know etc. Any other things that may help the project in different ways.</p>
<p>Skills like legal and business is helpful alongside impeccable English language skills. These skills will eventually contribute to administration and communicating with users to provide support wherever mandatory. You account role will fluctuate the features that you have access to; do not ask nor request roles of high rank, trusted members will be granted administration whereas moderators will be nominated based on the contributions they have made like translations etc. This is a for-profit project however, this will be a non-profitable project for the time being. </p>
<p>If you have any inquiries, questions or reports, you can contact the site's lead developer here or you can contact another administrator here.</p>
<p><strong>Your account could be susceptible to a susepnsion or a perminate ban if you're ever witnessed infringing our community guidelines. Review them here. These guidelines will ensure that the tranquility is persistant throughput, which will ensure that this service is safe for everyone to use. With that stated, before pursuing, you agree that you're 13 years or older.</strong></p>
<?php } ?>
</div>
<div class="footer-wrap">
</div>
</body>
</html>
When you set display: flex on an element it automatically applies flex-direction: row and flex-wrap: nowrap on the children (flex items).
This means that the items will line up horizontally and cannot wrap.
You have this:
.content-container {
display: flex;
justify-content: center;
}
jsfiddle demo
Instead, set the container to a vertical direction and then center the items:
.content-container {
display: flex;
flex-direction: column;
align-items: center;
}
jsfiddle demo
I wanted to get the login time of the user when he logs in I don't know if I'm putting the update syntax in proper place or not? Here's my code
<!DOCTYPE html>
<?php
session_start ();
unset ($_SESSION['username']);
?>
<html>
<style type="text/css">
body{
float: right;
padding-top: 150px;
padding-right: 200px;
}
form{
padding-top: 60px;
padding-left: 50px;
width: 300px;
}
#login_wrap{
background-color: #a1bdb8;
padding-top: 10px;
height: 300px;
width: 400px;
border-radius: 17px 17px 17px 17px;
-moz-border-radius: 17px 17px 17px 17px;
-webkit-border-radius: 17px 17px 17px 17px;
border: 0px solid #000000;
-webkit-box-shadow: 0px 0px 20px -1px rgba(0,0,0,0.75);
-moz-box-shadow: 0px 0px 20px -1px rgba(0,0,0,0.75);
box-shadow: 0px 0px 20px -1px rgba(0,0,0,0.75);
}
</style>
<head>
<link rel="shortcut icon" href="image/favicon.ico">
<link href="css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="css/bootstrap-responsive.min.css">
</head>
<body>
<main id="login_wrap">
<div id="login">
<form name="login" role="form" method="post">
<input class="form-control" name="username" type="text" placeholder="Username" required><br>
<input class="form-control" name="password" type="password" placeholder="Password" required><br>
<button type="submit" class="btn btn-success" name="button">Log-in</button>
</form>
</div>
</main>
</body>
<?php
$conn = new mysqli('localhost','root',' ','dole_transac_system') or die ('connection error');
if(isset($_SESSION['username'])){
header('Location:check_maker.php');
}else{
}
if(isset($_POST['button'])){
$user = isset($_POST['username']) ? $_POST['username'] : '';
$pass = isset($_POST['password']) ? $_POST['password'] : '';
$query = mysqli_query($conn,"SELECT * FROM login_info WHERE username = '$user' and password = '$pass'");
$row = mysqli_num_rows($query);
if ($row == 1) {
date_default_timezone_set('Asia/Singapore');
$dateTime = date('Y-m-d');
$loginTime = mysqli_query($conn,"UPDATE login_info SET dateTime = '$dateTime' WHERE username = '$username'");
$_SESSION['username'] = $_POST['username'];
header('Location:check_maker.php');
}else{
echo "<br><font color='red'>Error</font>";
}
}
?>
<script type="text/javascript">
function submitForm() {
$("#login").reset();
return false;
}
</script>
</html>
i can not get my Login script to login... i have an index.php with a register form and a login form, the register form works perfectly, but it seems like the login form does not get the information from the database when you enter the "login" button, when logging in you is redirectet to "home.php" which wil show your username with help of sessions. but i get this error "Notice: Undefined variable: username in home.php on line 12"... I think its because its not logging in and the session gets an undefined variabel. I just cant find where the problem is
i have a database named "thesozializer"
and the sql for the table is:
CREATE TABLE IF NOT EXISTS users (
id int(11) NOT NULL,
username varchar(255) NOT NULL,
first_name varchar(255) NOT NULL,
last_name varchar(255) NOT NULL,
email varchar(255) NOT NULL,
password varchar(32) NOT NULL,
sign_up_date date NOT NULL,
activated enum('0','1') NOT NULL
) ENGINE=InnoDB AUTO_INCREMENT=14 DEFAULT CHARSET=latin1;
index.php looks like this:
<?php
mysql_connect("localhost","root","") or die("couldn't connect to database.");
mysql_select_db("thesocializer") or die("couldn't select database");
$reg = #$_POST['reg'];
//declaring variables to prevent errors
$fn = ""; //First Name
$ln = ""; //Last Name
$un = ""; //Username
$em = ""; //Email
$em2 = ""; //Email 2
$pswd = ""; //Password
$pswd2 = ""; // Password 2
$d = ""; // Sign up Date
$u_check = ""; // Check if username exists
//registration form
$fn = strip_tags(#$_POST['fname']);
$ln = strip_tags(#$_POST['lname']);
$un = strip_tags(#$_POST['username']);
$em = strip_tags(#$_POST['email']);
$em2 = strip_tags(#$_POST['email2']);
$pswd = strip_tags(#$_POST['password']);
$pswd2 = strip_tags(#$_POST['password2']);
$d = date("Y-m-d"); // Year - month - day
if ($reg) {
if ($em==$em2) {
// Check if user already exists
$u_check = mysql_query("SELECT username FROM users WHERE username='$un'");
// Count the amount of rows where username = $un
$check = mysql_num_rows($u_check);
//Check whether Email already exists in the database
$e_check = mysql_query("SELECT email FROM users WHERE email='$em'");
//Count the number of rows returned
$email_check = mysql_num_rows($e_check);
if ($check == 0) {
if ($email_check == 0) {
//check all of the fields have been filed in
if ($fn&&$ln&&$un&&$em&&$em2&&$pswd&&$pswd2) {
// check that passwords match
if ($pswd==$pswd2) {
// check the maximum length of username/first name/last name does not exceed 25 characters
if (strlen($un)>25||strlen($fn)>25||strlen($ln)>25) {
echo "maximum length of username/first name/last name is 25 characters!";
}
else
{
// check the maximum length of password does not exceed 25 characters and is not less than 5 characters
if (strlen($pswd)>30||strlen($pswd)<5) {
echo "Password must be between 5 and 25 characters!";
}
else
{
//encrypt password and password 2 using md5 before sending to database
$pswd = md5($pswd);
$pswd2 = md5($pswd2);
$query = mysql_query("INSERT INTO users VALUES ('','$un','$fn','$ln','$em','$pswd','$d','0')");
die("<h2>welcome to The Socializer!</h2>Login to get started");
}
}
}
else {
echo "your passwords is incorrect";
}
}
else
{
echo "fill in all fields";
}
}
else
{
echo "email already in use";
}
}
else
{
echo "username already in use";
}
}
else {
echo "The emails is not alike!";
}
}
//User Login Code
if (isset($_POST["user_login"]) && isset($_POST["password_login"])) {
$user_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["user_login"]);
$password_login = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password_login"]);
$password_login_md5 = md5($password_login);
$sql = mysql_query("SELECT id FROM users WHERE username='$user_login' AND password='$password_login_md5' LIMIT 1");
//Check for their existance
$userCount = mysql_num_rows($sql); //Count the number of rows returned
if ($userCount == 1) {
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["user_login"] = $user_login;
header("location: home.php");
exit();
}
else {
echo 'username or password is incorrect';
exit();
}
}
session_start();
if (!isset($_SESSION["user_login"])) {
}
else
{
$username = $_SESSION["user_login"];
}
?>
<!DOCTYPE html>
<html>
<head>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<script>
$(document).ready(function(){
$("#registrer-deg").click(function(){
$("#registrerdeg").show();
});
$("#registrer-deg").click(function(){
$("#logginn").hide();
});
$("#logg-inn").click(function(){
$("#logginn").show();
});
$("#logg-inn").click(function(){
$("#registrerdeg").hide();
});
});
</script>
<link rel="stylesheet" type="text/css" href="main.css"/>
<title>The Socializer</title>
</head>
<body>
<div id="sidebarLeft">
<div id="logo"></div>
<ul>
<li>Login</li>
<li>Register</li>
<li>About</li>
<li>Contact</li>
</ul>
</div>
<div id="timeline">
<div id="registrering">
<form id="registrerdeg" action="index.php" method="POST" style="display: none;">
<input type="text" name="fname" size="10" placeholder="First name"><br/>
<input type="text" name="lname" size="10" placeholder="Last name"><br/>
<input type="text" name="username" size="10" placeholder="Username"><br/>
<input type="text" name="email" size="10" placeholder="Email"><br/>
<input type="text" name="email2" size="10" placeholder="Confirm email"><br/>
<input type="text" name="password" size="10" placeholder="Password"><br/>
<input type="text" name="password2" size="10" placeholder="Confirm Password"><br/>
<input type="submit" name="reg" value="Registrer!">
</form>
</div>
<div id="logg_inn">
<form id="logginn" action="index.php" method="POST" style="display: none;">
<input type="text" name="user_login" size="10" placeholder="Username"><br/>
<input type="text" name="password_login" size="10" placeholder="Password"><br/>
<input type="submit" name="login" value="Logg inn!">
</form>
</div>
</div>
</body>
</html>
* {
background-color: #2C3E50;
font-family: Arial, Helvetica, Sans-serif;
font-size: 16px;
color: #AFEEEE;
}
#sidebarLeft {
width: 220px;
height: 550px;
top: 0;
left: 0;
margin-top: 50px;
margin-left: 0px;
margin-bottom: 50px;
position: fixed;
}
#sidebarRight {
width: 220px;
height: 550px;
right: 0;
top: 0;
margin-top: 50px;
margin-right: 0px;
margin-bottom: 50px;
position: fixed;
}
ul {
width: 220px;
list-style-type: none;
margin: 0px;
padding: 0;
margin-top: 30px;
}
li {
height: 35px;
width: 220px;
list-style-type: none;
margin: 5px;
}
#logo {
width: 150px;
height: 150px;
background-image: url("../img/logo.png");
-moz-border-radius: 75px;
-webkit-border-radius: 750px;
border-radius: 75px;
margin-left: 35px;
margin-top: 25px;
}
#sidebarLeft ul li a {
display: block;
width: 60px;
width: 220px;
height: 16px;
text-align: center;
margin-top: 9px;
text-decoration: none;
color: #AFEEEE;
}
#timeline {
width: 780px;
height: 550px;
margin-top: 50px;
margin-left: 240px;
top: 0;
}
input[type="text"] {
background-color: #FFFFFF;
border: 1px solid #E2E2E2;
color: #000000;
font-size: 15px;
font-weight: bold;
padding: 5px;
width: 200px;
height: 12px;
margin-bottom: 3px;
margin-top: 3px;
outline: none;
}
::-webkit-input-placeholder {
font-weight: normal;
}
:-moz-input-placeholder {
font-weight: normal;
}
::-moz-input-placeholder {
font-weight: normal;
}
:-ms-input-placeholder {
font-weight: normal;
}
input[type="submit"] {
border-top: 1px solid #96d1f8;
background: #61a6d4;
background: -webkit-gradient(linear, left top, left bottom, from(#316c94), to(#61a6d4));
background: -webkit-linear-gradient(top, #316c94, #61a6d4);
background: -moz-linear-gradient(top, #316c94, #61a6d4);
background: -ms-linear-gradient(top, #316c94, #61a6d4);
background: -o-linear-gradient(top, #316c94, #61a6d4);
padding: 5px 10px;
-webkit-border-radius: 7px;
-moz-border-radius: 7px;
border-radius: 7px;
-webkit-box-shadow: rgba(0,0,0,1) 0 1px 0;
-moz-box-shadow: rgba(0,0,0,1) 0 1px 0;
box-shadow: rgba(0,0,0,1) 0 1px 0;
text-shadow: rgba(0,0,0,.4) 0 1px 0;
color: #ffffff;
font-size: 12px;
font-family: Helvetica, Arial, Sans-Serif;
text-decoration: none;
vertical-align: middle;
}
input[type="submit"]:hover {
border-top-color: #49718c;
background: #49718c;
color: #ccc;
}
input[type="submit"]:active {
border-top-color: #1b435e;
background: #1b435e;
}
and home.php looks like this:
<?php
mysql_connect("localhost","root","") or die("couldn't connect to database.");
mysql_select_db("thesocializer") or die("couldn't select database");
session_start();
if (!isset($_SESSION["user_login"])) {
}
else
{
$username = $_SESSION["user_login"];
}
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="css/main.css"/>
<title>The Socializer</title>
</head>
<body>
<div id="sidebarLeft">
<div id="logo">
</div>
<ul>
<li>Logg inn</li>
<li>Registrer deg</li>
<li>Om</li>
<li>Kontakt</li>
</ul>
</div>
<div id="timeline">
<?php echo "Hello, ".$username; ?>
</div>
</body>
</html>
* {
background-color: #2C3E50;
font-family: Arial, Helvetica, Sans-serif;
font-size: 16px;
color: #AFEEEE;
}
#sidebarLeft {
width: 220px;
height: 550px;
top: 0;
left: 0;
margin-top: 50px;
margin-left: 0px;
margin-bottom: 50px;
position: fixed;
}
#sidebarRight {
width: 220px;
height: 550px;
right: 0;
top: 0;
margin-top: 50px;
margin-right: 0px;
margin-bottom: 50px;
position: fixed;
}
ul {
width: 220px;
list-style-type: none;
margin: 0px;
padding: 0;
margin-top: 30px;
}
li {
height: 35px;
width: 220px;
list-style-type: none;
margin: 5px;
}
#logo {
width: 150px;
height: 150px;
background-image: url("../img/logo.png");
-moz-border-radius: 75px;
-webkit-border-radius: 750px;
border-radius: 75px;
margin-left: 35px;
margin-top: 25px;
}
#sidebarLeft ul li a {
display: block;
width: 60px;
width: 220px;
height: 16px;
text-align: center;
margin-top: 9px;
text-decoration: none;
color: #AFEEEE;
}
#timeline {
width: 780px;
height: 550px;
margin-top: 50px;
margin-left: 240px;
top: 0;
}
input[type="text"] {
background-color: #FFFFFF;
border: 1px solid #E2E2E2;
color: #000000;
font-size: 15px;
font-weight: bold;
padding: 5px;
width: 200px;
height: 12px;
margin-bottom: 3px;
margin-top: 3px;
outline: none;
}
::-webkit-input-placeholder {
font-weight: normal;
}
:-moz-input-placeholder {
font-weight: normal;
}
::-moz-input-placeholder {
font-weight: normal;
}
:-ms-input-placeholder {
font-weight: normal;
}
input[type="submit"] {
border-top: 1px solid #96d1f8;
background: #61a6d4;
background: -webkit-gradient(linear, left top, left bottom, from(#316c94), to(#61a6d4));
background: -webkit-linear-gradient(top, #316c94, #61a6d4);
background: -moz-linear-gradient(top, #316c94, #61a6d4);
background: -ms-linear-gradient(top, #316c94, #61a6d4);
background: -o-linear-gradient(top, #316c94, #61a6d4);
padding: 5px 10px;
-webkit-border-radius: 7px;
-moz-border-radius: 7px;
border-radius: 7px;
-webkit-box-shadow: rgba(0,0,0,1) 0 1px 0;
-moz-box-shadow: rgba(0,0,0,1) 0 1px 0;
box-shadow: rgba(0,0,0,1) 0 1px 0;
text-shadow: rgba(0,0,0,.4) 0 1px 0;
color: #ffffff;
font-size: 12px;
font-family: Helvetica, Arial, Sans-Serif;
text-decoration: none;
vertical-align: middle;
}
input[type="submit"]:hover {
border-top-color: #49718c;
background: #49718c;
color: #ccc;
}
input[type="submit"]:active {
border-top-color: #1b435e;
background: #1b435e;
}
you have to move the session_start();
in both pages at the begin of your script.
index.php:
<?php
session_start();
mysql_connect("localhost","root","") or die("couldn't connect to database.");
...
home.php:
<?php
session_start();
mysql_connect("localhost","root","") or die("couldn't connect to database.");
...
I have "checks" in here and if something happens, it will echo a phrase like The username you supplied is already in use or whatever. When it DOES display it though, it'll only display it on a blank page with that text. What is wrong here?
PHP
<?php
include('./dbconnect/global.php');
if ($_POST['register']) {
$username = mysql_real_escape_string(strip_tags($_POST['username']));
$password = mysql_real_escape_string(strip_tags($_POST['password']));
$email = mysql_real_escape_string(strip_tags($_POST['email']));
if (!$username||!$password||!$email)
echo "PLease Fill in The Required Fields";
else {
//check if username is taken
$check = mysql_query("SELECT * FROM users WHERE username='$username'");
if (mysql_num_rows($check) >= 1)
echo "The Username you Supplied Is Already in Use! <a href='./register'>Back</a>";
$check2 = mysql_query("SELECT * FROM users WHERE email='$email'");
if (mysql_num_rows($check) >= 1)
echo "The Email you Supplied Is Already in Use! <a href='./register'>Back</a>";
else {
$password2 = md5($password);
$register = mysql_query("value and stuff)") or die(mysql_error());
echo "Thanks for registering, $username! <a href='./index'>Home</a>";
}
}
}
else {
?>
HTML
<html>
<head>
<title>CoreCrafters</title>
<link rel="stylesheet" type="text/css" href="./css/main.css">
</head>
<body>
<?php include('./include/nbar.php') ?>
<div id="main">
<div id="register">
<div id="wrapper">
<form action="register" method="POST">
Username
<br />
<input type="username" name="username">
<br />
Password
<br />
<input type="password" name="password">
<br />
Email
<br />
<input type="email" name="email">
<br /><br />
<input type="submit" name="register" value="Register">
</form>
</div>
</div>
</div>
<?php include('./include/footer.php') ?>
</body>
</html>
Ending PHP (From ELSE at end)
<?php
}
?>
CSS
body {
margin: 0;
padding: 0;
background-color: #EEE;
}
#headerbar {
width: 100%;
background-color: #000;
}
a {
color: #069;
font-weight: bold;
text-decoration: none;
transition: all 0.2s linear;
-o-transition: all 0.2s linear;
-ms-transition: all 0.2s linear;
-moz-transition: all 0.2s linear;
-webkit-transition: all 0.2s linear;
}
a:hover {
color: #c00;
}
#nav {
padding: 0;
width: 100%;
float: left;
list-style: none;
margin: 0 0 3em 0;
background-color: #f2f2f2;
border-top: 1px solid #ccc;
border-bottom: 1px solid #ccc;
}
#nav li {
float: left;
}
#nav li a {
color: #069;
display: block;
font-weight: bold;
padding: 8px 15px;
text-decoration: none;
transition: all 0.2s linear;
border-right: 1px solid #ccc;
-o-transition: all 0.2s linear;
-ms-transition: all 0.2s linear;
-moz-transition: all 0.2s linear;
-webkit-transition: all 0.2s linear;
}
#nav li a:hover {
color: #c00;
background-color: #fff;
}
#footer {
width: 94%;
padding: 10px;
margin-top: 10px;
margin-left: auto;
padding-left: 0px;
text-align: center;
margin-right: auto;
padding-right: 0px;
border: 1px solid #DDD;
background-color: #FFF;
}
#main {
width: 94%;
margin-top: 50px;
min-height: 500px;
margin-left: auto;
margin-right: auto;
border: 1px solid #DDD;
background-color: #FFF;
}
#register {
width: 15%;
margin-top: 20px;
margin-left: auto;
margin-right: auto;
text-align: center;
background-color: #CCC;
border: 1px solid #AAA;
}
#logbar {
width: 150px;
float: right;
min-height: 36px;
padding-left: 5px;
padding-right: 50px;
background-color: #DDD;
}
As requested, I posted most of the page onto here.
Your webpage has no content except that echo, so it is echo-ing it on a blank page because you told it to.
Update: Code
<!DOCTYPE html>
<html class="no-js">
<head>
<meta charset="utf-8"> <!-- UXSS UTF-7 (IE6) prevention -->
<title>CoreCrafters</title>
<link rel="stylesheet" type="text/css" href="./css/main.css">
</head>
<body>
<?php #include('./include/nbar.php'); ?>
<div id="main">
<div id="register">
<div id="wrapper">
<form method="POST">
Username<br /><input type="username" name="username"><br />
Password<br /><input type="password" name="password"><br />
Email<br /><input type="email" name="email"><br /><br />
<input type="submit" name="register" value="Register">
</form>
</div>
<?php
#include('./dbconnect/global.php');
if (isset($_POST['register'])) {
if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['email'])) {
die('Please fill out the required fields.');
} else {
$query = mysql_query("SELECT * FROM users WHERE username = '" . mysql_real_escape_string($_POST['username']) . "'");
if (mysql_num_rows($query)) { die('The username you provided is already in use!'); }
$query = mysql_query("SELECT * FROM users WHERE email = '" . mysql_real_escape_string($_POST['email']) . "'");
if (mysql_num_rows($query)) { die('The email you provided is already in use!'); }
/** Insert values **/
echo 'Thanks for registering, ' . htmlentities($_POST['username'], ENT_QUOTES) . '!'; /** Normal XSS prevention **/
}
}
?>
</div>
</div>
<?php #include('./include/footer.php'); ?>
</body>
</html>
I believe you are missing semicolons for your include statements (inside the HTML block). Such as:
<?php include('./include/footer.php'); ?>
If that doesn't solve it, you should check your error log. A completely blank page is often what you get when the PHP parser was unable to parse your code.