As the title suggests I am trying to use the same .php page and have it display something new upon being redirected from a particular location.
In context...
I have a login which upon successful login redirects to a home page but if unsuccessful, redirects to the index. Is there a way that I can tell my index page to display an "Error logging in" message when it has been redirected from my login page?
Here is my login code...
<?php
session_start();
include('conn.php');
$query = "SELECT * FROM User";
$result = mysqli_query($conn, $query) or die(mysqli_error($conn));
if (isset($_POST["submit"])) {
$logEmail = $conn->real_escape_string($_POST['logEmail']);
$logPass = $conn->real_escape_string($_POST['logPass']);
$checkuser = "SELECT * FROM User WHERE Email='$logEmail' AND UserPassword=AES_ENCRYPT('$logPass', 'MyKey')";
$userresult = mysqli_query($conn, $checkuser) or die(mysqli_error($conn));
$loginsucc = (mysqli_num_rows($userresult) > 0);
if (mysqli_num_rows($userresult) > 0) {
while ($row = mysqli_fetch_assoc($userresult)) {
$userPriKey = $row['UserID'];
$userid = $row['Email'];
$accounttype = $row['IsAdmin'];
$firstname = $row['FirstName'];
$surname = $row['LastName'];
$_SESSION['userPriKey'] = $userPriKey;
$_SESSION['name'] = $firstname;
$_SESSION['surname'] = $surname;
$_SESSION['Email'] = $userid;
$_SESSION['IsAdmin'] = $accounttype;
if($accounttype == '1'){
header("Location: home.php");
}else if ($accounttype == '0'||$accounttype == NULL ) {
header("Location: userhome.php");
}
}
} else {
header("Location: index.php");
}
}
?>
Before you call header() set a session variable like so
$_SESSION['msg'] = 'success you are logged in';
header('Location: page.php');
exit;
Then in page.php,
session_start();
if (isset($_SESSION['msg'])) {
echo $_SESSION['msg'];
unset($_SESSION['msg']);
}
Also FYI, you should be using prepared statements. Your code is not totally safe
Related
I want to redirect on the same page after login, but I need conditions like if username and password come from index.php then page will redirect to dashboard.php, else it will redirect on the same page (exmple.php).
login.php:
<?php
include ('include/connection.php');
if (isset($_POST['loginform'])) {
session_start();
$email = trim(mysql_escape_string($_POST['email']));
$passwords = trim(mysql_escape_string($_POST['pwd']));
$password = md5($passwords);
$verify_query = "SELECT * FROM end_user WHERE (email='$email' AND password='$password')";
verify_result = mysqli_query($con, $verify_query);
if(!$verify_result){
echo '<h2>Couldnot Process your request Please try to login after some time. </h2>';
}
if (#mysqli_num_rows($verify_result) == 1) {
$_SESSION = mysqli_fetch_array($verify_result, MYSQLI_ASSOC);
header("Location: dashboard.php");
}
else {
echo '<h2 style="color:#CC3300;">Incorrect Credentials, You need to register Here</h2>';
}
mysqli_close($con);
}
?>
index.php:
session_start(); // starts the session
$_SESSION['url'] = $_SERVER['REQUEST_URI'];
And I used the same code in example.php, so that I can get the URL in $_SESSION.
From Your index.php login form pass an hidden field like
<input type="hidden" name="extrafield" value="fromindex">
Then
<?php
include ('include/connection.php');
if (isset($_POST['loginform'])) {
session_start();
$email = trim(mysql_escape_string($_POST['email']));
$passwords = trim(mysql_escape_string($_POST['pwd']));
$password = md5($passwords);
$verify_query = "SELECT * FROM end_user WHERE (email='$email' AND password='$password')";
$verify_result = mysqli_query($con, $verify_query);
if(!$verify_result){
?>
<?php
echo '<h2>Couldnot Process your request Please try to login after some time. </h2>';
}
if (#mysqli_num_rows($verify_result) == 1)
{
$_SESSION = mysqli_fetch_array($verify_result, MYSQLI_ASSOC);
if(isset($_POST['extrafield']) == 'fromindex'){
header("Location: dashboard.php");
} else {
header("Location: exmple.php");
}
}else
{
?>
<?php echo '<h2 style="color:#CC3300;">Incorrect Credentials, You need to register Here </h2>';
}
mysqli_close($con);
}
?>
I am trying to extract other user info when I log in. I have managed to enable myself to login using my email address and password but I am struggling to show my first/last name etc.
I am logging in like so:
$query = "SELECT * FROM users WHERE user_email = '". $email ."' AND user_password = '". $password ."'" ;
$result = mysqli_query($con, $query);
if (mysqli_num_rows($result) == 1) {
$_SESSION['user_email'] = $email;
header('Location: dashboard.php');
} else {
echo 'fail!';
}
Then in my header I have:
session_start();
if( !isset($_SESSION['user_email']) ){
header('Location: index.php');
exit();
} else{
$email = $_SESSION['user_email'];
echo 'Logged in';
}
But fi I try to echo out user_firstname or user_lastname it fails of course I am just not sure where this gets set?
You need to use read a row from the query, then set session variables from that.
if (mysqli_num_rows($result) == 1) {
$_SESSION['user_email'] = $email;
$row = mysqli_fetch_assoc($result);
$_SESSION['user_firstname'] = $row['user_firstname'];
$_SESSION['user_lastname'] = $row['user_lastname'];
header('Location: dashboard.php');
} else {
echo 'fail!';
}
You can print the session variables in the header.
session_start();
if( !isset($_SESSION['user_email']) ){
header('Location: index.php');
exit();
} else{
$email = $_SESSION['user_email'];
echo 'Hello, ' . $_SESSION['user_firstname'];
}
You could also just put the entire row into the session:
$_SESSION['user_data'] = $row;
Then you can use $_SESSION['user_data']['user_firstname'] to get specific fields.
I have recently used a tutorial from http://tutsforweb.blogspot.co.uk/2012/05/registration-system-with-email.html. I have added a new field in my user table called 'com_code' as stated and defined the default as NULL.
Both confirm.php and registeraction.php work as the passkey variable is inserted into the com_code field in the database when a user registers, and when they click on the verify link in the email they have been sent, the com_code field is then set to NULL.
My problem is when this user logs in, a blank page appears ( with the url stuck at loginaction.php where I process the form). Any ideas where I have gone wrong in my loginaction.php code? I am new to PHP so as much explanation as possible would be great!!
loginaction.php
<?php require 'config/init.php';
// Get the data collected from the user and database
$email = trim($_POST["email"]);
$password = trim($_POST["password"]);
//Check for errors
if (empty($email) or empty($password)) {
$_SESSION["message"] = "Must enter Email and Password ";
header("Location: login.php"); //Redirection information
exit ;//Ends the script
}
$email = strip_tags($email);
$password = strip_tags($password);
$pwd = $_POST["password"];
$sql = "SELECT * FROM user WHERE email='$email' AND com_code is NULL";
$result = mysqli_query($mysqli,$sql)or die(mysqli_error());
if ($result->num_rows === 1) {
$row = $result->fetch_array(MYSQLI_ASSOC);
if (password_verify($pwd, $row['password'])) {
$_SESSION["authenticatedUserEmail"] = $email;
$_SESSION["unauthenticatedAdmin"] = $_SESSION['usertype'] == '0';
//We could also use information drawn from the database eg ID
$_SESSION['id'] = $row['id'];
$_SESSION['first_name'] = $row['first_name'];
$_SESSION['last_name'] = $row['last_name'];
$_SESSION['password'] = $row['password'];
$_SESSION['username'] = $row['username'];
$_SESSION['usertype'] = $row['usertype'];
$_SESSION['email'] = $row['email'];
if ($_SESSION['usertype'] == '1') {
header("Location: admin.php");
} else {
header("Location: profile.php");
}
}
else {
//Login was unsuccessful
$_SESSION["message"] = "Could not login as $email";
header("Location: login.php"); //Go back to the login pages
}
}//End else
?>
I'm trying to fix my login page...
It works fine on the login.php with redirecting but on the index it doesn't redirect even if the session is empty. Any pointers? I'm new to this, so forgive me if it's really obvious.
<?php
require_once('../includes/config.php');
session_start();
if(!isset($_SESSION['loggedin']) && $_SESSION['loggedin']=='no'){
// not logged in
header("location: login.php");
exit();
} else {
$_SESSION['loggedin'] = 'yes';
}
?>
<?php
include("../includes/config.php");
$error = NULL;
$atmpt = 1;
if (!isset($_SESSION)) {
session_start();
}
if(isset($_SESSION['loggedin']) && $_SESSION['loggedin']=='yes'){
// logged in
header("location: index.php");
exit();
}
if(isset($_POST['login']))
{
/* get username and password */
$username = $_POST["username"];
$password = $_POST["password"];
/* MySQL Injection prevention */
$username = mysqli_real_escape_string($mysqli, stripslashes($username));
$password = mysqli_real_escape_string($mysqli, stripslashes($password));
/* check for user in database */
$query = "SELECT * FROM admin_accounts WHERE username = '$username' AND password = '$password'"; // replace "users" with your table name
$result = mysqli_query($mysqli, $query);
$count = $result->num_rows;
if($count > 0){
//successfully logged in
$_SESSION['username']=$username;
$_SESSION['loggedin']='yes';
$error .= "<div class='alert alert-success'>Thanks for logging in! Redirecting you..</div>";
header("refresh:1;url=index.php");
} else {
// Login Failed
$error .= "<div class='alert alert-danger'>Wrong username or password..</div>";
$_SESSION['loggedin']='no';
$atmpt = 2;
}
}
?>
The line
session_start();
should be the very first line in the php script.
Just modify first three lines.
As session_start() should be put before any output has been put on the browser (even space).
<?php
session_start();
require_once('../includes/config.php');
if (empty($_SESSION['loggedin']) && $_SESSION['loggedin']=='no') {
...
I have a login page that allow user to submit a registered email and password and if the data is correct then the system redirect to the profile page and here i face the problem .
when I try to submit the write data the system do not redirect me to the profile page .
but if I echo a confirm message that the data are correct the browser display this message
how to fixx this problem ???
login.php
<?php
session_start();
error_reporting(E_ALL);
require_once('include/connect.php');
$message = "";
if(!empty($_POST['email']))
{
$email = $_POST['email'];
$pass = $_POST['pass'];
$email = strip_tags($email);
$pass = strip_tags($pass);
$email = mysql_real_escape_string($email);
$pass = mysql_real_escape_string($pass);
//$pass = md5($pass);
$sql=mysql_query( "SELECT user_id, email_address, first_name FROM user WHERE email_address='$email'AND password='$pass'LIMIT 1") or die("error in user table");
$login_check = mysql_num_rows($sql);
if($login_check > 0)
{
$row = mysql_fetch_array($sql);
$id = $row['user_id'];
$_SESSION['user_id'] = $id;
$firstname = $row['first_name'];
$_SESSION['first_name']= $firstname;
$email = $row['email_address'];
$_SESSION['email_address']= $email;
mysql_query("UPDATE user SET last_log_date=now() WHERE user_id='$id'");
//$message = "correct email and passworddd!!";
header("Location: profile.php");
}//close if
else
{
$message = "incorrect Email or Password!!";
//exit();
}
}//close if
?>
profile.php
<?php
session_start();
require_once('include/connect.php');
if(isset($_GET['user_id']))
{
$id=$_GET['user_id'];
var_dump($id);
}
elseif(isset($_SESSION['user_id']))
{
$id= $_SESSION['user_id'];
}
else
{
print "Important data are missing";
print_r($_SESSION);
exit();
}
$sql = mysql_query("SELECT * FROM user WHERE user_id='$id'") or die(mysql_error());
$row = mysql_fetch_array($sql);
$firstname=$row['first_name'];
$lastname=$row['last_name'];
$birth_date=$row['birth_date'];
$registered_date=$row['registered_date'];
//***************for upload img*****************//
$check_pic="members/$id/image01.jpg";
$default_pic="members/0/image01.jpg";
if(file_exists($check_pic))
{
$user_pic="<img src=\"$check_pic\"width=\"100px\"/>";
}
else
{
$user_pic="<img src=\"$default_pic\">";
}
echo $id, $firstname, $birth_date;
?>
Easy :) Just put all this code on the top of content and be sure that there is no any content on the page where header("Location: profile.php"); is working, because if there is something it can't be loaded. I also recommend to use exit; after header("Location: profile.php");