When I press the submit button "login" I want my page to go to "frontPage.php", but it goes instead to "login.php" even though I have specified
header("location: frontPage.php");
in my login.php.
login.php
if (isset($_POST['login'])) {
if (empty($_POST["username"]) || empty($_POST["password"])) {
echo "Please fill all fields";
} else {
$usernameinput = filter_input(INPUT_POST, "username", FILTER_SANITIZE_STRING);
$passwordinput = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING);
$query = "SELECT * FROM users WHERE username = :username";
$stmt = $conn->prepare($query);
$stmt->execute(array(
'username' => $usernameinput
));
$count = $stmt->rowCount();
if ($count > 0) {
while ($result = $stmt->fetch(PDO::FETCH_ASSOC)) {
if (password_verify($passwordinput, $result["password"])) {
$_SESSION["username"] = $usernameinput;
break;
}
}
header("location: frontPage.php");
} else {
header("location: index.php");
}
}
}
<body>
<div class="container">
<form id="form" class="form" method="POST" action="login.php">
<h2>Log In</h2>
<div class="form-control">
<label for="username">Username:</label>
<input type="text" id="username" placeholder="Enter Username">
</div>
<div class="form-control">
<label for="password">Password:</label>
<input type="password" id="password" placeholder="Enter Password">
</div>
<button id="login">Submit</button>
</form>
</div>
</body>
you are missing the attribute name of all inputs
try this
<body>
<div class="container">
<form id="form" class="form" method="POST" action="login.php">
<h2>Log In</h2>
<div class="form-control">
<label for="username">Username:</label>
<input type="text" id="username" name="username" placeholder="Enter Username">
</div>
<div class="form-control">
<label for="password">Password:</label>
<input type="password" id="password" name="password" placeholder="Enter Password">
</div>
<button id="login" type="submit" name="login">Submit</button>
</form>
</div>
</body>
You are missing the name attribute on the submit button. It should have an attribute of name=“login”.
All of your inputs are also missing the name attribute. Copy what you have for id attributes for the missing name attributes.
Related
My login table has Username and Password fields. I want to display the user's full name rather than their username when they log in with their username and password. Instead of saying Welcome USERNAME on the next page, I want to say Welcome FULLNAME.
Here is the index.php or the login page in html:
<form action="" method="POST">
<div class="rows grid">
<div class="row">
<label for="username">User Name</label>
<input type="text" id="username" name="userName" placeholder="Enter Username" required>
</div>
<!--Password-->
<div class="row">
<label for="password">Password</label>
<input type="password" id="password" name="passWord" placeholder="Enter Password" required>
</div>
<!--Submit Button-->
<div class="row">
<input type="submit" id="submitBtn" name="submit" value="Login" required>
<!--Register Link-->
<span class="registerLink">Don't have an account? Register</span>
</div>
</div>
</form>
</div>
</div>
Here is the php:
<?php
// Submit
if(isset($_POST['submit'])){
// Store the names, password, email, number
$userName = $_POST['userName'];
$passWord = $_POST['passWord'];
// Selecting from database
$sql = "SELECT * FROM admin WHERE
usernames = '$userName' AND
passwords = '$passWord'";
// Exceute the query
$result = mysqli_query($conn, $sql);
// Count the number of the account of the same username and password
$count = mysqli_num_rows($result);
// Counts the results into arrys
$row = mysqli_fetch_assoc($result);
// Check if theres account in database
if ($count == 1){
$_SESSION['loginMessage'] = '<span class = "success">Welcome '.$userName.'</span>';
header('location:' .SITEURL. 'dashboard.php');
exit();
}
else{
$_SESSION['noAdmin'] = '<span class = "fail">Please check your username and password and try again.</span>';
header('location:' .SITEURL. 'index.php');
exit();
}
}
?>
Here is the register.php or register link:
<form action="" method="POST">
<div class="rows grid">
<!--Full Name-->
<div class="row">
<label for="fullname">Full Name</label>
<input type="text" id="fullname" name="fullName" placeholder="Enter Full Name" required>
</div>
<!--Username-->
<div class="row">
<label for="username">User Name</label>
<input type="text" id="username" name="userName" placeholder="Enter Username" required>
</div>
<!--Email-->
<div class="row">
<label for="email">Email</label>
<input type="email" id="email" name="emaiL" placeholder="Enter Email" required>
</div>
<!--Mobile Number-->
<div class="row">
<label for="number">Mobile Number</label>
<input type="number" id="number" name="numbeR" placeholder="Enter Mobile Number" required>
</div>
<!--Password-->
<div class="row">
<label for="password">Password</label>
<input type="password" id="password" name="passWord" placeholder="Enter Password" required>
</div>
<!--Submit Button-->
<div class="row">
<input type="submit" id="submitBtn" name="submit" value="Register" required>
<!--Try ko aban aban uni idelete-->
<span class="registerLink">Have an account already? Login</span>
</div>
</div>
</form>
Note: I want to display the input fullname in the welcome dashboard.
Please change your select query to parameterized prepared statement to avoid SQL injection attacks
To display the "fullname", just fetch the db record say into an associative array say $row and use $row["fullname"] (or $row["fullName"] if the field name is actually fullName)
Hence, change the block:
/// other code
$sql = "SELECT * FROM admin WHERE
usernames = '$userName' AND
passwords = '$passWord'";
// Exceute the query
$result = mysqli_query($conn, $sql);
// Count the number of the account of the same username and password
$count = mysqli_num_rows($result);
// Counts the results into arrys
$row = mysqli_fetch_assoc($result);
// Check if theres account in database
if ($count == 1){
$_SESSION['loginMessage'] = '<span class = "success">Welcome '.$userName.'</span>';
header('location:' .SITEURL. 'dashboard.php');
exit();
}
/// other code
to
<?php
/// other code
$sql = "SELECT * FROM admin WHERE usernames = ? AND passwords = ?";
$query = $conn->prepare($sql);
$query->bind_param("ss", $userName,$passWord );
$query->execute();
$result = $query->get_result();
$num = $result->num_rows;
if ($num == 1){
$row = $result->fetch_assoc();
$_SESSION['loginMessage'] = '<span class = "success">Welcome '.$row["fullname"].'</span>';
header('location:' .SITEURL. 'dashboard.php');
exit();
}
/// other code
?>
I want user login with username password and 4 digit pin code and code is in my db. Here is my code sample. If any one here can help me I would very much appreciate it:
<?php
if (isset($_POST['login'])) {
$user = $_POST['user'];
$pass = $_POST['pass'];
$pincode = $_POST['pincode'];
if (empty($user) OR empty($pincode)) {
echo "<script>alert('Please Fill All Required Field')</script>";
} else {
$select_user = "select * from users WHERE Username = '$user' AND Password ='$pass' pin-code ='?' ";
$run_user_sql = mysqli_query($conn, $select_user);
$check_customer = mysqli_num_rows($run_user_sql);
if ($check_customer ==false) {
echo "<script>alert('Username/Password Wrong')</script>";
exit();
}
if ($check_customer == true) {
$_SESSION['user'] = $user;
echo "<script>alert('You Are Logged In')</script>";
echo "<script>window.open('index.php?dashboard','_self')</script>";
}
}
}
?>
<form action="" method="post">
<div class="form-group">
<div class="form-label-group">
<input type="text" class="form-control" name="user" placeholder="Username" >
<label">Username</label>
</div>
</div>
<div class="form-group">
<div class="form-label-group">
<input type="password" class="form-control" name="pass" placeholder="Password" >
<label >Password</label>
</div>
</div>
<div class="form-group">
<div class="form-label-group">
<input type="text" class="form-control" name="pincode" placeholder="4-Digit Pin Code" >
<label >4-Digit Pin Code</label>
</div>
</div>
<div class="form-group">
<div class="checkbox">
<label>
<input type="checkbox" value="remember-me">
Remember Password
</label>
</div>
</div>
<input type="submit" class="btn btn-primary btn-block" name="login" value="Login">
</form>
Your code seems to be okay, but with a lot of security risks. However, your SQL command is wrong. Change it to the following:
$select_user = "select * from users WHERE Username = '$user' AND Password ='$pass' AND `pin-code` ='{$pincode}'";
I have a problem with a Registration/LogIn form submission.
I have two forms in my main php as follows:
<form role="form" action="profile.php" onsubmit="return validateForm1()" method="post" class="login-form" name="form1" id="form1">
<div class="form-group">
<label class="sr-only" for="form-username">Username</label>
<input type="text" name="form-username" placeholder="Username..." class="form-username form-control" id="form-username">
</div>
<div class="form-group">
<label class="sr-only" for="form-password">Password</label>
<input type="password" name="form-password" placeholder="Password..." class="form-password form-control" id="form-password">
</div>
<button type="submit" class="btn" id="btn1" name="btn1">Sign in!</button>
</form>
and
<form role="form" action="profile.php" onsubmit="return validateForm2()" method="post" class="registration-form" name="form2" id="form2">
<div class="form-group">
<label class="sr-only" for="form-first-name">Username</label>
<input type="text" name="form-first-name" placeholder="Username..." class="form-first-name form-control" id="form-username-2">
</div>
<div class="form-group">
<label class="sr-only" for="form-last-name">Email</label>
<input type="text" name="form-last-name" placeholder="Email..." class="form-last-name form-control" id="form-email">
</div>
<div class="form-group">
<label class="sr-only" for="form-email">Password</label>
<input type="password" name="form-email" placeholder="Password..." class="form-email form-control" id="form-password-2">
</div>
<div class="form-group">
<label class="sr-only" for="form-about-yourself">Confirm Password</label>
<input type="password" name="form-confirm-pass" placeholder="Confirm Password..." class="form-email form-control" id="form-password-3">
</div>
<button type="submit" class="btn" name="btn2" id="btn2">Sign me up!</button>
</form>
Then I have the profile.php as follows:
<?php
if (isset($_POST['btn2'])) {
$usr = $_POST['form-username-2'];
$pass = $_POST['form-password-2'];
$email = $_POST['form-email'];
echo $usr;
echo $pass;
echo $email;
}
?>
As far as I tried I can't get the values echoed right on the other side, there is nothing printed
I'm trying to get the values only if I press the register button.
I tried the SERVER option but it works with both buttons, but I want it to work with the second.
Could you please help me out with this?
Thank you very much (sorry if my English is not good in advance...)
EDIT:
I provide you the Javascript code as I figured out without it it works... Please tell me whats wrong with the javascript validations...
<script>
function validateForm1()
{
var name = document.forms["form1"]["form-username"].value;
var pass = document.forms["form1"]["form-password"].value;
var format = /[!##$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]+/;
if (pass.length < 7){
alert("Please enter at least 7 character password");
return false;
}
if (!format.test(pass)){
alert("Please enter at a symbol in password");
return false;
}
return true;
}
</script>
<script>
function validateForm2()
{
var name = document.forms["form2"]["form-username-2"].value;
var mail = document.forms["form2"]["form-last-name"].value;
var pass1 = document.forms["form2"]["form-password-2"].value;
var pass2 = document.forms["form2"]["form-password-3"].value;
var passformat = /[!##$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]+/;
var mailformat = /^([a-zA-Z0-9_\.\-])+\#(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
if (pass1 != pass2){
alert("Confirmation password doesn't match");
return false;
}
if (pass1.length < 7){
alert("Please enter at least 7 character password");
return false;
}
if (!passformat.test(pass1)){
alert("Please enter at a symbol in password");
return false;
}
if (!mailformat.test(mail)){
alert("Please enter a valid email");
return false;
}
return true;
}
</script>
you just need to add double test :
if (isset($_POST['btn1'])) {
...
} elseif(isset($_POST['btn2'])) {
...
}
Try this :
$.validate({
lang: 'en',
modules : 'security'
});
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js"></script>
<form role="form" action="profile.php" method="post" class="login-form" name="form1" id="form1">
<div class="form-group">
<label class="sr-only" for="form-username">Username</label>
<input data-validation="length" data-validation-length="min4" type="text" name="form-username" placeholder="Username..." class="form-username form-control" id="form-username">
</div>
<div class="form-group">
<label class="sr-only" for="form-password">Password</label>
<input data-validation="length" data-validation-length="min8" type="password" name="form-password" placeholder="Password..." class="form-password form-control" id="form-password">
</div>
<button type="submit" class="btn" id="btn1" name="btn1">Sign in!</button>
</form>
<form role="form" action="profile.php" method="post" class="registration-form" name="form2" id="form2">
<div class="form-group">
<label class="sr-only" for="form-username-2">Username</label>
<input data-validation="length" data-validation-length="min4" type="text" name="form-username" placeholder="Username..." class="form-username form-control" id="form-username-2">
</div>
<div class="form-group">
<label class="sr-only" for="form-email">Email</label>
<input data-validation="email" type="text" name="form-email" placeholder="Email..." class="form-email form-control" id="form-email">
</div>
<div class="form-group">
<label class="sr-only" for="form-password-2">Password</label>
<input data-validation="confirmation length" data-validation-length="min8" type="password" name="form-password" placeholder="Password..." class="form-password form-control" id="form-password-2">
</div>
<div class="form-group">
<label class="sr-only" for="form-confirm-pass">Confirm Password</label>
<input type="password" name="form-password_confirmation" placeholder="Confirm Password..." class="form-password form-control" id="form-confirm-pass">
</div>
<button type="submit" class="btn" name="btn2" id="btn2">Sign me up!</button>
</form>
profile.php
<?php
if (isset($_POST['btn1'])) {
$username = $_POST['form-username'];
$password = $_POST['form-password'];
echo $username;
echo $password;
} elseif(isset($_POST['btn2'])) {
$username = $_POST['form-username'];
$email = $_POST['form-email'];
$password = $_POST['form-password'];
echo $username;
echo $email;
echo $password;
}
?>
$_POST will not contain the "submit" button value "bt1" when you submit the 2nd form, and vice-versa.
Best practice is to use a hidden field instead to determine what form you are in. For instance, use this inside the 1st form: <input type="hidden" name="which_form" value="form1"/>
and then <input type="hidden" name="which_form" value="form2"/> inside the 2nd form.
Then you can check the value of $_POST['which_form'] to determine what form was posted.
I'm working on a login system. I want when I login at index.php, the include from that page change to another. So in my case the fully header change and the login button disappear.
So I want to change <?php include('header.php'); ?>
to
<?php include('header2.php'); ?>
if logged in
The login:
<div id="loginContainer">
<span>Login</span><em></em>
<div style="clear:both"></div>
<div id="loginBox">
<form id="loginForm" action="login.php" autocomplete="on" method="post">
<fieldset id="body">
<fieldset>
<label for="email">Email Address</label>
<input id="username" name="username" required="required" type="text" placeholder="myusername"/>
</fieldset>
<fieldset>
<label for="password">Password</label>
<input id="password" name="password" required="required" type="password" placeholder="eg. X8df!90EO" />
</fieldset>
<input type="submit" name="login" value="Login" />
<label for="checkbox"><input type="checkbox" id="checkbox" />Remember me</label>
</fieldset>
<span>Forgot your password?</span>
</form>
</div>
</div></
Part of login.php
if($res = $mysqli->query($q))
{
if($res->num_rows > 0)
{
$_SESSION['userName'] = $userName;
//header("Location:welcome.php");
include('header4.php');
exit;
}
else
{
echo'<script>alert("INVALID USERNAME OR PASSWORD");</script>';
header("Location:index.php");
exit;
}
}
Simply check if a session is set, and then include the right file. Something like this.
if (isset($_SESSION['userName']) && !empty($_SESSION['userName'])) {
// If the user is logged in, include this file
include "header2.php";
} else {
// Else, we're not logged in, include this file
include "header.php";
}
I'm having issues with my PHP login. I'm using bootstrap and When ever I click 'Login' nothing is happening. If I am correct it should be submitting me to a blank page.
Any suggestions?
Bootstrap Code:
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Please sign in</h3>
</div>
<div class="panel-body">
<form accept-charset="UTF-8" role="form">
<form action="submit.php" method="post">
<fieldset>
<div class="form-group">
<input class="form-control" placeholder="Username" name="Username" type="text">
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="password" type="password" value="">
</div>
<input class="btn btn-lg btn-primary btn-block" type="submit" value="Login">
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
PHP code:
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if($username&&$password)
{
$connect = mysql_connect("localhost", "sfmin", "password") or die("Error");
mysql_select_db("rothienc_login") or die("error");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if($numrows!=0)
{
}
else
die("That user doesn't exist!");
}
else
die("ERROR");
?>
You defined <form> twice:
<form accept-charset="UTF-8" role="form">
<form action="submit.php" method="post">
Change this to just one element:
<form action="submit.php" method="post" accept-charset="UTF-8" role="form">
Make your username <input> name attribute lowercase:
<input class="form-control" placeholder="Username" name="username" type="text">
Escape your SQL query properly:
$query = mysql_query(
"SELECT * FROM users WHERE username='" . mysql_real_escape_string($username) . "'"
);
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Please sign in</h3>
</div>
<div class="panel-body">
<form action="submit.php" method="post">
<fieldset>
<div class="form-group">
<input class="form-control" placeholder="Username" name="Username" type="text">
</div>
<div class="form-group">
<input class="form-control" placeholder="Password" name="password" type="password" value="">
</div>
<input class="btn btn-lg btn-primary btn-block" type="submit" value="Login" name="submit" >
</fieldset>
</form>
</div>
</div>
</div>
php:
$connect = mysqli_connect("localhost", "sfmin", "password", "rothienc_login") or die("Error");
if(isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = mysqli_query($connect, "SELECT * FROM users");
if($username == $row['username'] && $password == $row['password'])
{
// User exists
$numrows = mysqli_num_rows($connect, $query);
if($numrows!=0)
{
}
else
die("That user doesn't exist!");
}
else
die("ERROR");
} else {
$username = "";
$password = "";
}
?>
this checks if the submit button was clicked if(isset($_POST['submit'])) then it checks for user match database records and then if it is correct it logs the user in also remember to set session variables
If you want a beauty and modern Login whit PHP and this, man! use JQuery Ajax.
In the input button change the type "Submit" for "button" and you need generate a basic ajax whit jquery.
$.ajax({
url: 'URL_PHP_LOGIN.php',
type: "POST",
data: {user: user, pass: pass},
success: function(html){
alert(html)//Alert when the login is correct.
}
});