I Have login page that i would like to add log file to it, meaning when user logs in it inserts user details to the database.
the first code is my working page
the second code is the statement that I want to insert in my code, but anywhere i add that code my page stops working or no data is passed to database
I would appreciate any help, thank you in advance.
<?php //http://bootsnipp.com/snippets/56A0W - shource code for login page.
require("includes/config/config.php");
$submitted_username = '';
if(!empty($_POST)){
$query = "SELECT id, username, password, salt, email FROM susers WHERE username = :username";
$query_params = array(':username' => $_POST['username']);
try{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); }
$login_ok = false;
$row = $stmt->fetch();
if($row){
$check_password = hash('sha256', $_POST['password'] . $row['salt']);
for($round = 0; $round < 65536; $round++){
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password === $row['password']){
$login_ok = true;
}
}
if($login_ok)
{
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
header ("Location: includes/Sales/".$_POST["username"]."/".$_POST["username"].".php");
die("Redirecting to: sales.php");
}
else {$err[]='Wrong username and/or password!'; //1
header("Location: sales.php"); //2
} if($err) //3
$_SESSION['msg']['login-err'] = implode('<br />',$err); // 1 and 2 and 3 http://tutorialzine.com/2009/10/cool-login-system-php-jquery/ - source code for Error message
exit;
} ?>
second code
$query = "INSERT INTO suserlog (username) VALUES ( :username)";
I believe the code should go somewhere in
if($login_ok)
figured it out, thanks
<?php
require("includes/config/config.php");
$submitted_username = '';
if(!empty($_POST)){
$query = "SELECT id, username, password, salt, email FROM susers WHERE username = :username;";
$query .= "INSERT INTO suserlog (username) VALUES ( :username)";
Related
i have created a register page which works perfectly fine, the information is inserted into the mysql, however when i want to login, it does not direct me to account.php for some reason. It says "Redirecting to: account.php can someone please help me with the code. I have put the whats in login.php and account.php
Thanks
login.php
$submitted_username = '';
if(!empty($_POST))
{
$query = "
SELECT
id,
forename,
surname,
Studentid,
username,
salt,
password,
email
FROM users
WHERE
username = :username
";
$query_params = array(
':username' => $_POST['username']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
not.
switch it to true.
$login_ok = false;
$row = $stmt->fetch();
if($row)
{
$check_password = hash('sha256', $_POST['password'] . $row['salt']);
for($round = 0; $round < 65536; $round++)
{
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password === $row['password'])
{
$login_ok = true;
}
}
members-only page
// again
if($login_ok)
{
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
// Redirect the user to the private members-only page.
header("Location: account.php");
die("Redirecting to: account.php");
}
else
{
print("Login Failed.");
$submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
}
}
account.php
<?php
require("common.php");
if(empty($_SESSION['user']))
{
header("Location: Login.php");
die("Redirecting to Login.php");
}
?>
Hello <?php echo htmlentities($_SESSION['user']['username'], ENT_QUOTES, 'UTF-8'); ?>, secret content!<br />
Edit Account<br />
Logout
First know what is die()
http://php.net/manual/en/function.die.php
You might want to use JavaScript redirect to do that since you want to display a message.
Put a JS on you page with a redirect script in set_timeout() of 3 seconds or what ever you want.
I have a login form and it works fine when users enter the correct username and password but nothing happens when the wrong information is entered. How would I get an error message to appear. I have "Login failed" as shown below but this doesnt work for some reason. Any help much appreciated.
<?php
require("config.php");
$submitted_username = '';
if(!empty($_POST)){
$query = "SELECT
id,
username,
password,
salt,
email
FROM users
WHERE
username = :username";
$query_params = array(
':username' => $_POST['username']
);
try{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); }
$login_ok = false;
$row = $stmt->fetch();
if($row){
$check_password = hash('sha256', $_POST['password'] . $row['salt']);
for($round = 0; $round < 65536; $round++){
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password === $row['password']){
$login_ok = true;
}
}
if($login_ok){
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
header("Location: secret.php");
die("Redirecting to: secret.php");
}
else{
print("Login Failed.");
$submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
}
}
?>
I am creating a website for a university assignment and i have run into a snag while writing some PHP for email address and password change and this error has come up and i can't for the life of me figure out what the issue is.
Error code:
Failed to run query3: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE username = chris' at line 1
<?php
// First we execute our common code to connection to the database and start the session
require("common.php");
// At the top of the page we check to see whether the user is logged in or not
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
header("Location: login.php");
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
die("Redirecting to login.php");
}
$username = $_SESSION['user']['username'];
if(!empty($_POST))
{
//check for valid email
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
$emailInvalid = true;
$emailInvalidAmmount = 1;
goto here;
}
//Check if the new E-mail matches existing E-mail address, if it does no action is needed
if($_POST['email'] !=$_SESSION['user']['email'])
{
$query = "SELECT 1 FROM users WHERE email = :email";
$query_params = array (':email' => $_POST['email']);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query1: " . $ex->getMessage());
}
//retrieve results and check if new E-mail address exists in the database
$row = $stmt->fetch();
if($row)
{
$emailExists = true;
$emailExistsAmmount = 1;
}
}
$query ="SELECT password, salt FROM users WHERE username = :username";
$query_params = array(':username' => $username);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query2: " . $ex->getMessage());
}
$row = $stmt->fetch();
if($row)
{
$check_password = hash('sha256', $_POST['currentPassword'] . $row['salt']);
for($round = 0; $round < 65536; $round++)
{
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password == $row['password'])
{
$password_ok = true;
}
if($password_ok = true)
{
$newPassword = $_POST['newPassword'];
$confirmPassword = $_POST['confirmPassword'];
if($newPassword == $confirmPassword)
{
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$password = hash('sha256', $_newPassword . $salt);
for($round = 0; $round <65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
$query ="INSERT INTO users (password, salt) VALUES (:password, :salt)";
$query .= "WHERE username = $username";
$query_params = array(':password' => $password, ':salt' => $salt);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query3: " . $ex->getMessage());
}
}
$passwordChanged = true;
}
}
}
?>
Any help would be much appreciated. Thanks
Since this is for an assignment, I'll be vague. Make sure you're properly parameterizing all of the variables you're including in all of your queries.
How can I log a users last login date? I've tried using $query = "UPDATE users SET lastlogindate = NOW() WHERE username = "username" to test it works but nothing unfortunately. I want to obviously ensure I log the date for the authenticated user correctly also.
Where should I put it in this script?
<?php
require("config.php");
$submitted_username = '';
if(!empty($_POST)){
$query = "
SELECT
id,
username,
password,
salt,
email
FROM users
WHERE
username = :username
";
$query_params = array(
':username' => $_POST['username']
);
try{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex){ die("Failed to run query: " . $ex->getMessage()); }
$login_ok = false;
$row = $stmt->fetch();
if($row){
$check_password = hash('sha256', $_POST['password'] . $row['salt']);
for($round = 0; $round < 65536; $round++){
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password === $row['password']){
$login_ok = true;
}
}
if($login_ok){
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
$query = "UPDATE users SET lastlogindate = NOW() WHERE username = "deason";
header("Location: main.php");
die("Redirecting to: main.php");
}
else{
print("Login Failed.");
$submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
}
}
?>
The syntax highlighting gives it away: it's a quoting issue. You're using double quotes for your string and your string value in your query.
$query = "UPDATE users SET lastlogindate = NOW() WHERE username = "deason";
should be:
$query = "UPDATE users SET lastlogindate = NOW() WHERE username = 'deason'";
Normally you have to add quotes:
$query = "UPDATE `users` SET `lastlogindate` = NOW() WHERE `username` = 'deason'";
I have this hashing of password with my php code. I want to redirect users to edit_password.php if they are new users. I made them a default account with their username and the default password is admin. the password is my basis to redirect. But I am confused on how to make it with my code, kindly check my code, thanks.
Here's my code:
<?php
require("common.php");
$submitted_username = '';
if(!empty($_POST))
{
$query = "
SELECT
id,
username,
password,
salt,
email
FROM users
WHERE
username = :username
";
$query_params = array(
':username' => $_POST['username']
);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$login_ok = false;
$row = $stmt->fetch();
if($row)
{
$check_password = hash('sha256', $_POST['password'] . $row['salt']);
for($round = 0; $round < 65536; $round++)
{
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password === $row['password']) // <---- i want to insert some code here like if($check_password === $row['password'] || 'admin') to redirect new users. but i dont know how to.
{
$login_ok = true;
}
if($login_ok)
{
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
header("Location: index.php");
die("Redirecting to: index.php");
}
else
{
echo("<font color=red>Login Failed.</font>");
$submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
}
}
}
?>
Thanks in advance.
if($login_ok)
{
unset($row['salt']);
unset($row['password']);
$_SESSION['user'] = $row;
if($_POST['password'] === "admin")
{
header("");
}
else
{
header("Location: index.php");
die("Redirecting to: index.php");
}
}
A simple condition check once you have verified the user should do the trick.