This question already has answers here:
The 3 different equals
(5 answers)
Closed 2 years ago.
I'm trying to display "active" or "inactive" when a user login with session start with php and mysql.
The problem is that even when I try to login with an account that has an "inactive" state, it keeps showing me that is "active". I already added session_start(); on the start of the page.
Here's a part of my login code:
$sql = "SELECT * FROM `users_tmp` WHERE uidUsers=? OR emailUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)){
header("Location: ..index.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "ss", $mailuid, $password);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = $row['pwdUsers'];
if($pwdCheck == false){
header("Location: ../index.php?error=wrongpwd");
exit();
} else if ($pwdCheck == true) {
session_start();
$_SESSION['userId'] = $row['idTmp'];
$_SESSION['idTmp'] = $row['idTmp'];
$_SESSION['stateUser'] = $row['stateUser'];
header("Location: ../user/perfil.php?login=success");
exit();
}
}
else{
header("Location: ../index.php?error=wrongpwds");
exit();
}
And here's what I'm trying to display:
<?php if(isset($_SESSION['idTmp']) ){
$state = $_SESSION['stateUser'];
if($state = "Active"){
echo $state;}
elseif($state = "Inactive"){
echo $state ;}
}
else{echo'nothing';}?>
$state = "Active" is always true, you need to use == operator instead, in the if.
Related
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
Closed 2 years ago.
i have this user sign in script using php prepared statement, but it is not working i have tried to switch values but still not working sometimes i get a "user does not exit" error sometimes just a blank page with the redirected link.
if(isset($_POST['login'])){
require 'dbh.php';
$mail = $_POST['email'];
$pwd = $_POST['password'];
if (empty($mail) || empty($pwd)) {
header("Location: ../login.php?error=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE id=? OR email=?;";
$stmt = mysqli_stmt_init($db);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../login.php?error=error");
exit();
} else {
mysqli_stmt_bind_param($stmt, "ss", $mail, $pwd);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)){
$pwdCheck = password_verify($pwd, $row['password']);
if($pwdCheck == false) {
header("Location: ../login.php?error=wrongPassword");
exit();
} else if ($pwdCheck == true) {
session_start();
$_SESSION['uId'] = $row['id'];
$_SESSION['username'] = $row['username'];
header("Location: ../profile/index.php?success");
exit();
}
}
}
}
} else {
header("Location: ../login.php");
exit();
} ```
I can see many mistakes in your code.
seems like you have missed entering the id param in the query.
Here you have mentioned id & email, "SELECT * FROM users WHERE id=? OR email=?;"
But here (mysqli_stmt_bind_param($stmt, "ss", $mail, $pwd);) you are binding $mail and password and not id and email.
You have used a extra semi colon ($sql = "SELECT * FROM users WHERE id=? OR email=?;";)
This question already has answers here:
How to check if a row exists in MySQL? (i.e. check if username or email exists in MySQL)
(4 answers)
Closed 2 years ago.
I'm doing an registration form and I'm trying to check if the email that the person inserts in the input is already in another table that has all emails that I allow to be registered. If it is it should register the person. I don't understand where I'm failing. I'm starting now with php. Please help.
<?php
if(isset($_POST['signup-submit'])){
require 'dbh.inc.php';
$username = mysqli_real_escape_string($conn, $_POST['uid']);
$email = mysqli_real_escape_string($conn,$_POST['mail']);
$password = mysqli_real_escape_string($conn,$_POST['pwd']);
$passwordRepeat = mysqli_real_escape_string($conn, $_POST['pwd-repeat']);
$check1 = $_POST['check1'];
$check2 = $_POST['check2'];
if(empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) {
header ("Location: ../header.php?error=emptyfields&uid=".$username."&mail=".$email);
exit();
}
else if (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-z0-9]*$/", $username)){
header("Location: ../header.php?error=invalidadmail&uid=");
exit();
}
else if (!filter_var($email, FILTER_VALIDATE_EMAIL)){
header("Location: ../header.php?error=invalidadmail&uid=".$username);
exit();
}
else if (!preg_match("/^[a-zA-z0-9]*$/", $username)){
header("Location: ../header.php?error=invalidaduid&mail=".$email);
exit();
}
elseif($password !== $passwordRepeat){
header("Location: ../header.php?error=passwordcheck&uid=".$username."&mail=".$email);
exit();
}
elseif((!isset($check1)) || (!isset($check2))){
echo"<script>alert('É necessário confirmar as duas opções :(');
window.location.href='../header.php'</script>";
exit();
}
This is the part of the code that is not working
$sql2 = "SELECT * FROM emails WHERE (email_socio = '$email')";
$res = mysqli_query($conn, $sql2);
if (mysqli_num_rows($res) < 0) {
echo "FAIL";
}
These are other validations and where it will insert the data into final table
else{
$sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)){
header("Location: ../header.php?error=sqlerror");
exit();
}
else{
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if($resultCheck > 0){
header("Location: ../header.php?error=usertaken&mail=".$email);
exit();
}
else {
$sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)){
header("Location: ../header.php?error=sqlerror");
exit();
} else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);
mysqli_stmt_execute($stmt);
$sql ="SELECT * FROM users WHERE uidUsers='$username' AND emailUsers='$email'";
$result = mysqli_query($conn, $sql);
if(mysqli_num_rows($result)>0){
while($row = mysqli_fetch_assoc($result)){
$userid = $row['idUsers'];
$sql = "INSERT INTO profileimg (userid, status) VALUES ('$userid', 1)";
mysqli_query($conn, $sql);
}
}
header("Location: ../header.php?signup=success");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
else {
header("Location: ../header.php");
exit();
}
Your condition is wrong:
if (mysqli_num_rows($res) < 0) {
echo "FAIL";
}
You're checking for less than zero, when in fact it should be less than one.
So, change it to either of the two:
if (mysqli_num_rows($res) === 0) // it logically cannot contain negative values
if (mysqli_num_rows($res) < 1)
This question already has answers here:
How do I get PHP errors to display?
(27 answers)
Reference - What does this error mean in PHP?
(38 answers)
Closed 3 years ago.
I just finished my login script on my website and I'm using sessions. I've set the variables but only the id and not the name and email is set in the cookie. I've tried multiple things but I'm learning and I can't get it fixed
<?php
if (isset($_POST['login'])) {
require 'db.inc.php';
$email = $_POST['email'];
$password = $_POST['password'];
if (empty($email) || empty($password)) {
header("Location: ../index.php?error=emptyfields&mailuid=".$email);
exit();
}
else {
$sql = "SELECT * FROM users WHERE name=? OR email=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../index.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "ss", $email, $email);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$hash = password_verify($password, $row['password']);
if ($hash == false) {
header("Location: ../index.php?error=wrongpwd");
exit();
}
else if ($hash == true) {
session_start();
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['name'];
$_SESSION['email'] = $row['email'];
header("Location: ../index.php?login=success");
exit();
}
}
else {
header("Location: ../index.php?login=wrongpassoremail");
exit();
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
else {
header("Location: ../diajsdians.php");
exit();
}
After this script I am logged in and theres a cookie there but no valuable info (session name is set to PHPSESSID with a value of c4ujtetrrn7k8d6b9ui2a7b2o7
I had to make the following changes:
was
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['name'];
$_SESSION['email'] = $row['email'];
fix
$_SESSION['id'] = $row['id'];
$_SESSION['user'] = $row['name'];
$_SESSION['email'] = $row['email'];
This question already has answers here:
How to fix "Headers already sent" error in PHP
(11 answers)
Closed 4 years ago.
When I attempt login using the data from MyPHPAdmin the login does work, but the output gives me "You are logged out!" instead of the intended output "You are logged in!"
Note I have not worked on my logged-out script yet so that is missing.
My PHP code to check if a valid user logged in.
if (isset($_POST['login-submit'])){
require 'dbh.inc.php';
$mailuid = $_POST['mailuid'];
$password = $_POST['pwd'];
if (empty($mailuid) || empty($password)){
header("Location: ../PresenceLogin.php?error=emptyfields");
exit();
}
else {
$sql = "SELECT * FROM users WHERE uidUsers=? OR emailUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../PresenceLogin.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "ss", $mailuid, $mailuid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../PresenceLogin.php?error=wrongpwd");
exit();
}
else if ($pwdCheck == true) {
session_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
header("Location: ../Logged.php");
exit();
}
else {
header("Location: ../PresenceLogin.php?error=wrongpwd");
exit();
}
}
else {
header("Location: ../PresenceLogin.php?error=nouser");
exit();
}
}
}
}
else {
header("Location: ../PresenceLogin.php");
}
my PHP code for output if a registered user logged in
<?php
require "PresenceNavbar.php"
?>
<link href="css/Logged.css" rel="stylesheet" type="text/css">
<main>
<div>
<section class="Logging" id="Logging">
<?php
if (isset($_SESSION['userId']))
{
echo '<h1 class ="Logged">You are logged in!</h1>';
}
else
{
echo '<h1 class ="Logged">You are logged out!</h1>';
}
?>
</section>
</div>
</main>
<?php
require "footer.php";
?>
Found my problem, I put my session_start(); after my require statement and it screwed up my coding
I am trying to make a login system with php but i cant figure out why my form is just redirecting me to the script file when i click on my login button. it works fine on my sign up form. everything seems to work exept its redirecting me to the script file. My php file that contains my form: https://codepen.io/hubbe-andersson/pen/yGOPoM
EDIT: I have put my phpscript into my header.php instead and now im getting ERR_TOO_MANY_REDIRECTS in chrome what is caussing this?
<?php
if(isset($_POST['login-sub'])) {
require 'databash.php';
$username = $_POST['mailname'];
$password = $_POST{'pwd'};
if(empty($username) || empty($password)) {
header("Location: index.php?error=tommarutor");
exit();
} else {
$sql = "SELECT * FROM USERS WHERE uidUsers=? OR emailUsers=?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: index.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_parem($stmt, "ss", $username, $username);
mysqli_stmt_execute($stmt);
$resultat = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($resultat)) {
$checkpwd = password_verify($password, $row['pwdUsers']);
if($checkpwd == false) {
header("Location: index.php?error=fellosenord");
exit();
}
else if ($checkpwd == true) {
seassion_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
header("Location: index.php?login=lyckades");
exit();
}
else {
header("Location: index.php?error=fellosenord");
exit();
}
}
else {
header("Location: index.php?error=ingenanvandare");
exit();
}
}
}
} else {
header("Location: index.php");
exit();
}
line 6 error: use [...] instead of {...}
Look at the middle code block. Everything inside that focuses on determining which error the results will return, so establish that in your $_SESSION data and then redirect header("Location.... once. Most mistakes are little ones like the line 6 error, make a habit of adding // comments to your code so that it's easier to sort out the lines and sections of your code.
<?php
if(isset($_POST['login-sub'])) {
require 'databash.php';
$username = $_POST['mailname'];
$password = $_POST['pwd'];
if(empty($username) || empty($password)) {
header("Location: index.php?error=tommarutor");
exit();
} else {
$sql = "SELECT * FROM USERS WHERE uidUsers=? OR emailUsers=?";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: index.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_parem($stmt, "ss", $username, $username);
mysqli_stmt_execute($stmt);
$resultat = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($resultat)) {
$checkpwd = password_verify($password, $row['pwdUsers']);
if($checkpwd == false) {
session_start();
$_SESSION['error']="fellosenord";
} else if ($checkpwd == true) {
seassion_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
$_SESSION['login']="lyckades");
} else {
session_start();
$_SESSION['error']="fellosenord";
} //end checkpwd
} else { // if fetch fails, send error
session_start();
$_SESSION['error']="ingenanvandare";
} // end fetch
header("Location: index.php");
} // end if stmt exists
} // end not empty input
} else { // if isset isn't set...
header("Location: index.php");
exit();
} // end isset
php database mysqli
Your index.php page need to start off by looking for the query string passed via $_SESSIONS to prevent people from trying to access the page without the related form.
session_start();
if ( empty($_SESSION['id']) ) { // no session info...
...
} else {
...
}
Ask your teacher to explain finding errors and solving problems so you can learn what to look for.