PHP prepare-statement User Change password - php

This is the html code for the change password page. When I click change password from the user registration table, it bring me here and it works perfectly but when you use the option of the user change password which leads you directly to this place, saving it doesn't work. I believe it's got to deal with the User ID as key since from the table is selected via ID. But when i use setting - user change password, it doesn't do anything after saving password change, it doesn't reflect anything
<div class="col-lg-6">
<div class="col-sm-12">
<br/>
<h3 class="page-title">Change Password</h3>
</div>
<div class="card-box">
<div class="form-group">
<label for="userName">User Name</label>
<input type="text" name="uname" parsley-trigger="change" required placeholder="Enter user name" class="form-control" id="uname" name="uname" value="<?php echo $actordetails->ACT_USERNAME;?>" readonly >
</div>
<div class="form-group">
<label for="pass1">New Password<span style="color:#F00">*</span></label>
<input id="pass1" type="password" placeholder="Password" name="inputpassword" required class="form-control">
</div>
<div class="form-group">
<label for="passWord2">Confirm New Password <span style="color:#F00">*</span></label>
<input data-parsley-equalto="#pass1" type="password" required placeholder="Password" class="form-control" id="password2">
</div>
<div class="form-group text-right m-b-0">
<button class="btn btn-success waves-effect waves-light" type="submit" onclick="document.getElementById('viewpage').value='savepwd';document.getElementById('view').value='';document.getElementById('fdsearch').value='';document.myform.submit()">
Save
</button>
<button class="btn btn-default waves-effect waves-light m-l-5" onclick="document.getElementById('view').value='';document.getElementById('viewpage').value='';document.myform.submit()">
Cancel
</button>
</div>
</div>
</div>
</form >
and this is the controller code to process the information. The encryption uses username and password with salt for your information.. Any help would be appreciated
<?php
$crypt = new cryptCls();
switch(strtolower($viewpage)) {
case "changepwd":
print_r($_POST);
$stmt = $sql->Execute($sql->Prepare("
SELECT ACT_USERNAME,ACT_ID
FROM gm_actors
WHERE ACT_ID=".$sql->Param('a')),array($keys));
print $sql->ErrorMsg();
if($stmt->RecordCount()>0){
$editobj = $stmt->FetchNextObject();
$uname = $actordetails->ACT_USERNAME;
}
break;
case "savepwd":
print_r($_POST);
$duplicatekeeper = $session->get("post_key");
if($action_key != $duplicatekeeper){
$session->set("post_key",$action_key);
if(!empty($inputpassword) && !empty($keys) ) {
$inputpassword = $crypt->loginPassword($uname,$inputpassword);
$stmt = $sql->Execute($sql->Prepare("
UPDATE gm_actors
SET ACT_USERPASSWORD=".$sql->Param('b')."
WHERE ACT_ID=".$sql->Param('d')." "),
array($inputpassword,$actordetails->ACT_ID));
$msg = "Password has been changed successfully.";
$status = "success";
// $activity = ' Agent'.$keys.' password changed .';
// $engine->setEventLog("032",$activity);
}else if($inputpassword!==$confirmpassword){
$msgs="Sorry! Passwords Do not Match.";
$target ='changepwd';
} else {
$msg = "Unsuccessfully: All fields are required.";
$status = "error";
$view ="changepwd";
}
}
break;
}
$stmtusers = $sql->Execute($sql->Prepare("
SELECT ACT_SURNAME,ACT_ID,ACT_OTHERNAMES,
ACT_USERNAME,ACT_STATUS,ACT_EMAIL,ACT_PHONE,
ACT_ACCESS_LEVEL,ACL_NAME
FROM gm_actors
left join gm_actors_level on ACT_ACCESS_LEVEL=ACL_NUMBER
WHERE ACT_ACCESS_LEVEL !='1'
AND ACT_STATUS !='4'
ORDER BY ACT_SURNAME "));
print $sql->ErrorMsg();
include("model/js.php");
include('public/alertmessage/message.php');
?>

Related

how can i write inside a tag in html from php in different files?

I am learning to program in PHP and I have a problem, I want to write in a html tag from php in different files, but I don't get how to do it. This is my code:
index.php
<form action="back_end_files/ControllerUsuarios.php" method="post">
<div class="input-group form-group">
<input type="email" class="form-control" id="loginEmail" placeholder="Email"
onfocusout="validatesLogin()" name="vEmail" required/>
</div>
<div class="input-group form-group">
<input type="password" class="form-control " id="loginPassword" placeholder="Password"
name="vPass" required>
</div>
<div>
<p id="status"></p>
</div>
<div class="alert">
<?php echo isset($alert) ? $alert : ''; ?>
</div>
<div class="form-group">
<button class="btn btn-primary btn-sm float-right" type="submit" name="submitLogin">
Login
</button>
</div>
<div class="form-group">
</div>
</form>
Here i want to write the message
<div>
<p id="status"></p>
</div>
controllerUsuarios.php
function loginCase(){
require 'DAOUsuarios.php';
$connection = new DAOUsuarios();
$connection->connectDB();
$username = $_POST['vEmail'];
$pass = $_POST['vPass'];
if($connection->login($username,$pass, $connection) == true){
session_start();
$_SESSION['active'] = true;
$_SESSION['email'] = $username;
header("Location: https://localhost/logged.php");
}
else{
$alert = "Email or password incorrect";
}
}
basically. post to the same index file is easiest, redirect if authenticated, otherwise just show the form again.
index.php
<?php
// include your login functions...
require 'back_end_files/controllerUsuarios.php';
if(logged_in()) {
// already logged in.
header("Location: https://localhost/logged.php");
} else {
// this will redirect if authenticated.
loginCase();
}
?>
<form action="index.php" method="post">
<div class="input-group form-group">
<input type="email" class="form-control" id="loginEmail" placeholder="Email" onfocusout="validatesLogin()" name="vEmail" required/>
</div>
<div class="input-group form-group">
<input type="password" class="form-control " id="loginPassword" placeholder="Password"
name="vPass" required>
</div>
<div>
<p id="status"></p>
</div>
<div class="alert">
<?php echo isset($alert) ? $alert : ''; ?>
</div>
<div class="form-group">
<button class="btn btn-primary btn-sm float-right" type="submit" name="submitLogin">
Login
</button>
</div>
<div class="form-group">
</div>
</form>
back_end_files/controllerUsuarios.php
/**
* check logged in now
*
* #return boolean if logged in.
**/
function logged_in() {
session_start();
return !empty($_SESSION['active']);
}
/**
* log in the user and goto the next page or show form again.
*
* #return void
**/
function loginCase(){
require 'DAOUsuarios.php';
$connection = new DAOUsuarios();
$connection->connectDB();
// only try to authenticate if the data is set.
if(!empty($_POST['vEmail']) && !empty($_POST['vPass'])) {
$username = $_POST['vEmail'];
$pass = $_POST['vPass'];
if($connection->login($username,$pass, $connection) == true){
$_SESSION['active'] = true;
$_SESSION['email'] = $username;
header("Location: https://localhost/logged.php");
}
}
// did not authenticate, so show the form again.
return false;
}

Allow user to login with a username & password & 4-digit pin code

I want user login with username password and 4 digit pin code and code is in my db. Here is my code sample. If any one here can help me I would very much appreciate it:
<?php
if (isset($_POST['login'])) {
$user = $_POST['user'];
$pass = $_POST['pass'];
$pincode = $_POST['pincode'];
if (empty($user) OR empty($pincode)) {
echo "<script>alert('Please Fill All Required Field')</script>";
} else {
$select_user = "select * from users WHERE Username = '$user' AND Password ='$pass' pin-code ='?' ";
$run_user_sql = mysqli_query($conn, $select_user);
$check_customer = mysqli_num_rows($run_user_sql);
if ($check_customer ==false) {
echo "<script>alert('Username/Password Wrong')</script>";
exit();
}
if ($check_customer == true) {
$_SESSION['user'] = $user;
echo "<script>alert('You Are Logged In')</script>";
echo "<script>window.open('index.php?dashboard','_self')</script>";
}
}
}
?>
<form action="" method="post">
<div class="form-group">
<div class="form-label-group">
<input type="text" class="form-control" name="user" placeholder="Username" >
<label">Username</label>
</div>
</div>
<div class="form-group">
<div class="form-label-group">
<input type="password" class="form-control" name="pass" placeholder="Password" >
<label >Password</label>
</div>
</div>
<div class="form-group">
<div class="form-label-group">
<input type="text" class="form-control" name="pincode" placeholder="4-Digit Pin Code" >
<label >4-Digit Pin Code</label>
</div>
</div>
<div class="form-group">
<div class="checkbox">
<label>
<input type="checkbox" value="remember-me">
Remember Password
</label>
</div>
</div>
<input type="submit" class="btn btn-primary btn-block" name="login" value="Login">
</form>
Your code seems to be okay, but with a lot of security risks. However, your SQL command is wrong. Change it to the following:
$select_user = "select * from users WHERE Username = '$user' AND Password ='$pass' AND `pin-code` ='{$pincode}'";

Get email id on another page

After submit in signup page my signUp page redirects to info.php where I want to collect additional info of user using email id he gives on signup page but when I tried to get the email id of user through sessions, session return empty value.
THIS IS MY SIGNUP CODE
<?php
session_start();
if(isset($_POST['submit'])){
$name= $_POST['_user'];
$email = $_POST['_email'];
$pass = $_POST['_password'];
//Insert Data
$sql = "INSERT INTO signup(name,email,password)
VALUES('$name','$email','$pass')";
//Data Validation
if(mysqli_query($conn,$sql)){
echo "<script>alert('SignUp Successfull')</script>";
$_SESSION['user_email'] = $email;
header('Location: info.php');
}
else{
echo "<script>window.alert('You are already a user.')</script>";
}
}
mysqli_close($conn);
?>
AND THIS MY INFO.PHP CODE
<?php
session_start();
if(isset($_POST['_submit'])){
if(empty($_POST['_address']) || empty($_POST['_country']) || empty($_POST['_number']) || empty($_POST['_cnic']) || empty($_POST['_passport'])){
echo "<script>window.alert('All fields are required')</script>";
}
else{
$address = $_POST['_address'];
$country = $_POST['_country'];
$number = $_POST['_number'];
$cnic = $_POST['_cnic'];
$passport = $_POST['_passport'];
$email=$_SESSION['user_email'];
$query = "INSERT INTO info(email,address,country,mobile,cnic,passport)
VALUES('$email','$address','$country','$number','$cnic','$passport')";
if(mysqli_query($conn,$query)){
header('Location: ../index.php');
}
else{
echo "<script>window.alert('Error While Entering the data!.')</script>";
}
}
}
mysqli_close($conn);
?>
In addition I use this global session variable for login page and it works fine.
UPDATE
SIGNUP HTML CODE
<div class="outside">
<form class="form-horizontal" role="form" method="post">
<div class="form-group">
<label class="control-label col-sm-3 glyphicon glyphicon-user" for="name"></label>
<div class="control-label col-sm-8">
<input type="text" name="_user" class="form-control" id="name" placeholder="Full Name">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-3" for="email">
<img class="glyphicon1" src="../assests/at-sign.png">
</label>
<div class="control-label col-sm-8">
<input type="email" name="_email" class="form-control" id="email" placeholder="Enter Email">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-3 glyphicon glyphicon-lock" for="password"></label>
<div class="control-label col-sm-8">
<input type="password" name="_password" class="form-control" id="password" placeholder="Enter Password">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-3 col-sm-3">
<button name="submit" id="submit" value="Upload" type="submit" class="btn btn-default">Confirm SignUp</button>
</div>
</div>
<p>Already a User? LogIn</p>
</form>
</div>
Use this for Returns the auto generated id used in the last query
mysqli_insert_id($link)

Multiple form authentication in the same domain

I have a website with two form authentication in different pages, have different input name and link to different pages . The problem is that when I save my authentication to a browser (chrome) of a form , the browser fill in the fields with the same data in the other form . How is it possible?
First form
<form action="" method="POST" enctype="multipart/form-data">
<div class="form-group">
<label for="exampleInputEmail1">Email</label>
<input type="email" name="private_email" class="form-control" id="email1" value="" placeholder="Enter email" required>
</div>
<div class="form-group">
<label for="exampleInputPassword1">Password</label>
<input type="password" class="form-control" name="private_password" value="" id="password1" placeholder="Password" required>
</div>
<input type="submit" name="login" class="btn btn-default" value="Login">
</form>
Second Form (It is a form of a cms)
<form action="http://escuolainsieme.it/shop/login" method="post" id="login_form" class="box">
<h3 class="page-subheading">Sei giĆ  registrato?</h3>
<div class="form_content clearfix">
<div class="form-group form-ok">
<label for="email">Indirizzo email</label>
<input class="is_required validate account_input form-control" data-validate="isEmail" type="text" id="email" name="email" value="">
</div>
<div class="form-group">
<label for="passwd">Password</label>
<span><input class="is_required validate account_input form-control" type="password" data-validate="isPasswd" id="passwd" name="passwd" value=""></span>
</div>
<p class="lost_password form-group">Hai dimenticato la password?</p>
<p class="submit">
<input type="hidden" class="hidden" name="back" value="my-account"> <button type="submit" id="SubmitLogin" name="SubmitLogin" class="button btn btn-default button-medium">
<span>
<i class="icon-lock left"></i>
Entra
</span>
</button>
</p>
</div>
</form>
Login.php
<?php session_start(); // Starting Session
$error = ''; // Variable To Store Error Message
if (isset($_POST['private_login'])) {
if (empty($_POST['private_email']) || empty($_POST['private_password'])) {
$error = "<div class='alert alert-danger'>Compila tutti i campi</div>";
} else {
$email = mysqli_real_escape_string(conn(), $_POST['private_email']);
$password = mysqli_real_escape_string(conn(), $_POST['private_password']);
$cls_utente = new utente();
if ($cls_utente->check_user($email, $password) == 1) {
$_SESSION['login_user'] = $email; // Initializing Session
$_SESSION['is_logged'] = true;
} else {
$error .= "<div class='alert alert-danger'>Email o password errati</div>";
}
}}?>
You can try using autocomplete="false" or autocomplete="off" to disable it, not sure if it will work but give it a try.
As far as i am concerned it's not possible to make the browser 'realize' that they are different forms and they should not be auto-filled with the same data.
Have a look at these 2 answers, answer1 answer2 for more information how browser detects the forms.
You must add another one column in your user table, example if you add type column the value set default super admin,moderator, user. Now you can check the login authentication with this column.If user-name and password and type is equal redirect to particular page.so you can redirect different page depends upon the user type..

My PHP signup form not working

I have created a signup form for my php website using Bootstrap but nothing happens when I click on register. Signup form is made in Bootstrap and it is not working.
<div class="container">
<div class="row">
<div class="col-xs-12 col-sm-8 col-md-6 col-sm-offset-2 col-md-offset-3">
<?php
require_once("company-db.php");
if (!isset($_POST['submit'])) {
?>
<form role="form" action="<?=$_SERVER['PHP_SELF']?>" method="post">
<h2>Please Sign Up <small>It's free and always will be.</small></h2>
<hr class="colorgraph">
<div class="row">
<div class="col-xs-12 col-sm-6 col-md-6">
<div class="form-group">
<input type="text" name="username" id="username" class="form-control input-lg" placeholder="Username" tabindex="1">
</div>
</div>
<div class="col-xs-12 col-sm-6 col-md-6">
<div class="form-group">
<input type="password" name="password" id="password" class="form-control input-lg" placeholder="Password" tabindex="2">
</div>
</div>
</div>
<div class="form-group">
<input type="text" name="company_name" id="company_name" class="form-control input-lg" placeholder="Company Name" tabindex="3">
</div>
<div class="form-group">
<input type="text" name="description" id="description" class="form-control input-lg" placeholder="Company Description" tabindex="4">
</div>
<div class="form-group">
<input type="email" name="email" id="email" class="form-control input-lg" placeholder="Email Address" tabindex="4">
</div>
<div class="row">
<div class="col-xs-4 col-sm-3 col-md-3">
<span class="button-checkbox">
<button type="button" class="btn" data-color="info" tabindex="7">I Agree</button>
<input type="checkbox" name="t_and_c" id="t_and_c" class="hidden" value="1">
</span>
</div>
<div class="col-xs-8 col-sm-9 col-md-9">
By clicking <strong class="label label-primary">Register</strong>, you agree to the Terms and Conditions set out by this site, including our Cookie Use.
</div>
</div>
<hr class="colorgraph">
<div class="row">
<div class="col-xs-12 col-md-6"><input type="submit" value="submit" class="btn btn-primary btn-block btn-lg" tabindex="7"></div>
<div class="col-xs-12 col-md-6">Sign In</div>
</div>
</form>
<?php
} else {
## connect mysql server
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
# check connection
if ($mysqli->connect_errno) {
echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
exit();
}
## query database
# prepare data for insertion
$username = $_POST['username'];
$password = $_POST['password'];
$company_name = $_POST['company_name'];
$description = $_POST['description'];
$email = $_POST['email'];
# check if username and email exist else insert
$exists = 0;
$result = $mysqli->query("SELECT username from companies WHERE username = '{$username}' LIMIT 1");
if ($result->num_rows == 1) {
$exists = 1;
$result = $mysqli->query("SELECT email from companies WHERE email = '{$email}' LIMIT 1");
if ($result->num_rows == 1) $exists = 2;
} else {
$result = $mysqli->query("SELECT email from companies WHERE email = '{$email}' LIMIT 1");
if ($result->num_rows == 1) $exists = 3;
}
if ($exists == 1) echo "<p>Username already exists!</p>";
else if ($exists == 2) echo "<p>Username and Email already exists!</p>";
else if ($exists == 3) echo "<p>Email already exists!</p>";
else {
# insert data into mysql database
$sql = "INSERT INTO `companies` (`id`, `username`, `password`, `company_name`, `description`, `email`)
VALUES (NULL, '{$username}', '{$password}', '{$company_name}', '{$description}', '{$email}')";
if ($mysqli->query($sql)) {
//echo "New Record has id ".$mysqli->insert_id;
echo "<p>Registred successfully!</p>";
} else {
echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>";
exit();
}
}
}
?>
</div>
</div>
You don't have a name for your submit button, so this won't get posted.
<input type="submit" value="submit" name="submit"
class="btn btn-primary btn-block btn-lg" tabindex="7">
Give the name attribute and make it set.
Note: You must never rely on Submit button's attribute!
The (!isset($_POST['submit'])) conditional statement depends on the execution of your code.

Categories