How do i make an success message when form is submitted
here is the code:
server.php
<?php
session_start();
$username = "";
$errors = array();
$db = mysqli_connect('localhost', 'root', '', 'reg_user');
// REGISTER USER
if (isset($_POST['reg_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
$user_check_query = "SELECT * FROM users WHERE username='$username' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
}
if (count($errors) == 0) {
$password = md5($password_1);
$query = "INSERT INTO users (username, password)
VALUES('$username', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: register.php');
}
}
index.php
<div class="card-body">
<p><?php include('errors.php'); ?></p>
<form method="POST" action="register.php" class="needs-validation" novalidate="">
<div class="form-group">
<label for="username">Username</label>
<input id="username" type="username" class="form-control" name="username" tabindex="1" required autofocus>
</div>
here is the code of error.php which it pops up a error message when username is taken
error.php
<?php if (count($errors) > 0) : ?>
<div class="alert alert-danger alert-dismissible show fade">
<div class="alert-body">
<button class="close" data-dismiss="alert">
<span>×</span>
</button>
<?php foreach ($errors as $error) : ?>
<p><center><b><?php echo $error ?></center></b></p>
<?php endforeach ?>
</div>
</div>
<?php endif ?>
I want to add success message just like the error.php but what is the code to perform an success message?
You can do it like:
if (!$errors)
{
header("Location: success.php");
exit;
}
or modify this part from your code:
if (count($errors) == 0) {
$password = md5($password_1);
$query = "INSERT INTO users (username, password)
VALUES('$username', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = TRUE;
header('location: success.php'); exit;
}
Are you looking for something like this?
<?php if($_SESSION['success'] != '' ) : ?>
<label> <?php include('success.php'); ?></label>
<?php endif; ?>
Related
I am creating a login form for a website that should redirect the user to the index page after they log in. The problem I'm having is that when I enter the details for logging in, it runs the error part of the code and I can't seem to figure out where I went wrong. I have gone through my code and even physically compared both the passwords and username and they match. Please help me with where I went wrong.
config.php
<?php
session_start();
$host = 'localhost';
$host_user = 'root';
$host_pass = '';
$db_name = 'the_dms_db';
$conn = mysqli_connect($host, $host_user, $host_pass, $db_name);
if (!$conn) {
echo 'Could not connect to the database';
}
$name = '';
$surname = '';
$username = '';
$email = '';
$errors = array();
if (isset($_POST['register_user'])) {
// receive inputs
$name = mysqli_real_escape_string($conn, $_POST['name']);
$surname = mysqli_real_escape_string($conn, $_POST['surname']);
$username = mysqli_real_escape_string($conn, $_POST['username']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$c_password = mysqli_real_escape_string($conn, $_POST['c_password']);
// form validation that it is filled correctly
if (empty($name)) {
array_push($errors, "Name is required");
}
if (empty($surname)) {
array_push($errors, "Surname is required");
}
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($email)) {
array_push($errors, "Email is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if ($password != $c_password) {
array_push($errors, "Passwords to not match");
}
// check database to see if user exists
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email = '$email' LIMIT 1";
$result = mysqli_query($conn, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) {
if ($user['username'] === $username) {
array_push($errors, 'Username already exists');
}
if ($user['email'] === $email) {
array_push($errors, 'Email already exists');
}
}
// register user if no errors
$pass_hash = password_hash($password, PASSWORD_BCRYPT);
if (count($errors) == 0) {
$query = "INSERT INTO users (name, surname, username, email, password) VALUES ('$name', '$surname', '$username', '$email', '$pass_hash')";
mysqli_query($conn, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = 'You are now logged in!';
header('location: ./index.php');
}
}
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
if (empty($username)) {
array_push($errors, 'Username is required');
}
if (empty($password)) {
array_push($errors, 'Password is required');
}
if (count($errors) == 0) {
$password = password_hash($password, PASSWORD_BCRYPT);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($conn, $query);
if (mysqli_num_rows($results) == 0) {
$_SESSION['username'] = $username;
$_SESSION['success'] = 'You are now logged in!';
header('location: ./index.php');
} else {
array_push($errors, 'Wrong username/password');
}
}
}
signin.php
<?php
require_once './header.php';
include_once './config.php';
?>
<link rel="stylesheet" href="/assets/css/style.css">
<section class="sign-in-section">
<div class="container">
<div class="form-area ">
<h1>Sign In</h1>
<form action="./signin.php" class="signin-form" method="POST">
<?php include './errors.php'; ?>
<section class="input-sections">
<input type="text" class="inputs form-control" name="username" id="username" placeholder="Username or Email">
<input type="password" class="inputs form-control" name="password" id="password" placeholder="Password">
<button type="submit" class="btn-form btn signin-btn" name="login_user" id="login_user">Sign in</button>
</section>
</form>
Not yet a member? Register here!
</div>
</div>
</section>
signup.php
<?php
include './config.php';
require_once './header.php';
?>
<link rel="stylesheet" href="/assets/css/style.css">
<section class="sign-in-section">
<div class="container">
<div class="form-area ">
<h1>Sign up</h1>
<form action="signup.php" class="signup-form" method="post">
<?php include './errors.php' ?>
<section class="input-sections">
<input type="text" class="inputs form-control" name="name" id="name" placeholder="Name" value="<?php echo $name ?>">
<input type="text" class="inputs form-control" name="surname" id="surname" placeholder="Surname" value="<?php echo $surname ?>">
<input type="text" class="inputs form-control" name="username" id="username" placeholder="Username" value="<?php echo $username ?>">
<input type="text" class="inputs form-control" name="email" id="email" placeholder="Email" value="<?php echo $email ?>">
<input type="password" class="inputs form-control" name="password" id="password" placeholder="Password">
<input type="password" class="inputs form-control" name="c_password" id="c_password" placeholder="Confirm Password">
<button type="submit" class="btn-form btn register-btn" name="register_user" id="register">Register</button>
</section>
</form>
Already have an account? Sing in here!
</div>
</div>
</section>
errors.php
<?php if (count($errors) > 0) : ?>
<div class="error">
<?php foreach ($errors as $error) : ?>
<p><?php echo $error ?></p>
<?php endforeach ?>
</div>
<?php endif ?>
Shouldn't the returned result have 1 row rather than 0 rows, if it's a match?
Change this
if (mysqli_num_rows($results) == 0)
To this
if (mysqli_num_rows($results) >= 1)
If you ignore the vulnerabilities within the sql statements you should analyse the following to see where you were going astray with the approach above. Using password_hash will generate a new hash on each invocation - so the hashed password will never ( hopefully ) match a newly generated hash. You need to use password_verify instead.
define('BR','<br />');
$password=$_POST['password'];
$query = "SELECT `password` FROM `users` WHERE `username`='$username' LIMIT 1";
$results = mysqli_query( $conn, $query );
$rs=mysqli_fetch_assoc( $results );
if( password_verify( $password, $rs['password'] ) ){
/* OK - The user supplied a good username/password combo */
}else{
/* Bad Foo!!! The supplied password did not verify against the stored hash */
}
If you consider
$pwd='banana';
echo password_hash($pwd,PASSWORD_DEFAULT) . BR;
echo password_hash($pwd,PASSWORD_DEFAULT) . BR;
echo password_hash($pwd,PASSWORD_DEFAULT) . BR;
you will likely see results similar to:
$2y$10$7a4Cvzn51eYa3EJKary8zemJn4/GiFA.2fqYQrwd6QrRORIk552Wm
$2y$10$E5.28SSkQo2lZv11zilkBO1L35umAFzr5Zr2yKScX4nDgFkN.kTbK
$2y$10$HEzHOFT/7V972XDEB9uzRuU/dxHxRnSXs64wu1qdahJs2CSp3wwD6
As you can see they are all different...
i have a website for users to login and register, the website was working fine when login and register was in 2 different pages, now i have made them both in the same page, the html code is like below:
<h2>Login</h2>
</div>
<form method="post" class="form-detail" action="index.php">
<?php include('errors.php'); ?>
<div style="padding-right: 20px; margin-left: -40px;" class="input-group">
<label>Username</label>
<input type="text" name="username" >
</div>
<div style="padding-right: 20px; margin-left: -40px;" class="input-group">
<label>Password</label>
<input type="password" name="password">
</div>
<div class="input-group">
<button type="submit" class="btn" name="login_user">Login</button>
</div>
</form>
</div>
<form class="form-detail" method="post" action="index.php">
<div class="header">
<h2>Register Now</h2>
</div>
<?php include('errors.php'); ?>
<div class="input-group">
<label>Username</label>
<input type="text" name="username" value="<?php echo $username; ?>">
</div>
<div class="input-group">
<label>Email</label>
<input type="email" name="email" value="<?php echo $email; ?>">
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm password</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<button type="submit" class="btn" name="reg_user">Register</button>
</div>
the server.php file which does the functionality is like:
<?php
session_start();
// initializing variables
$username = "";
$email = "";
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', '', 'teia');
// REGISTER USER
if (isset($_POST['reg_user'])) {
// receive all input values from the form
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// form validation: ensure that the form is correctly filled ...
// by adding (array_push()) corresponding error unto $errors array
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// first check the database to make sure
// a user does not already exist with the same username and/or email
$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user) { // if user exists
if ($user['username'] === $username) {
array_push($errors, "Username already exists");
}
if ($user['email'] === $email) {
array_push($errors, "email already exists");
}
}
// Finally, register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (username, email, password)
VALUES('$username', '$email', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: profile.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>
and finally the error.php is below
<?php if (count($errors) > 0) : ?>
<div class="error">
<?php foreach ($errors as $error) : ?>
<p><?php echo $error ?></p>
<?php endforeach ?>
</div>
<?php endif ?>
earlier it was working completely fine, now when i added both login and register in same pages, both login and register not working, instead simply loading the page, as i am new to php, can anyone please tell me whats wrong with my code
You can use switch statement for your solutions with different submit button value like below
<button type="submit" class="btn" value="login">Login</button>
<button type="submit" class="btn" value="register">Register</button>
<?php
switch($_POST['submit']) {
case 'login':
//...
break;
case 'register':
//...
break;
}
?>
The problem is that both your form actions point to index.php which isn't where the functionality is.
<form method="post" class="form-detail" action="server.php">
Change both forms to this. That should solve your problem.
Edit:
To display the errors, you'll need access to the $errors variable you defined. One way to do this is to move the code in error.php like so:
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
$query = "INSERT INTO users (username, email, password)
VALUES('$username', '$email', '$password')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
} else {
include('errors.php');
}
Are you sure; you are adding this <?php include('server.php'); ?> at the top of the index.php page?
Well, on my small site, which I use for practice I created pages where I saved my data from tables from the database, also, I have normal users and admin. I created admin through my sql and I can create a normal user through a registration form on the page. What I want to do is, As I said I have a page where I saved my data from tables, I want to make so user cant see that page while admin can see that page. I just want to make those restrictions. However, I don't know how to start with that in code, I will post here the code that I think you will need for helping me, so, If you need something more, I'm here!
login.php: `
<?php include('functions.php') ?>
<!DOCTYPE html>
<html>
<head>
<title>Prijavi se</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="header">
<h2>Prijavi se</h2>
</div>
<form method="post" action="login.php">
<?php echo display_error(); ?>
<div class="input-group">
<label>Korisnicko ime</label>
<input type="text" name="username" >
</div>
<div class="input-group">
<label>Lozinka</label>
<input type="password" name="password">
</div>
<div class="input-group">
<button type="submit" class="btn" name="login_btn">Prijavi se</button>
</div>
<p>
Jos uvek nemate nalog? Registruj se
</p>
</form>
`
functions.php: `
$db = mysqli_connect('localhost', 'root', '', 'it210projekat');
$username = "";
$email = "";
$errors = array();
if (isset($_POST['register_btn'])) {
register();
}
if (isset($_POST['login_btn'])) {
login();
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['user']);
header("location: ../login.php");
}
function register(){
global $db, $errors;
$username = e($_POST['username']);
$email = e($_POST['email']);
$password_1 = e($_POST['password_1']);
$password_2 = e($_POST['password_2']);
if (empty($username)) {
array_push($errors, "Unesite ime");
}
if (empty($email)) {
array_push($errors, "Unesite email");
}
if (empty($password_1)) {
array_push($errors, "Unesite lozinku");
}
if ($password_1 != $password_2) {
array_push($errors, "Lozinke se ne poklapaju");
}
if (count($errors) == 0) {
$password = md5($password_1);
if (isset($_POST['user_type'])) {
$user_type = e($_POST['user_type']);
$query = "INSERT INTO users (username, email, user_type, password)
VALUES('$username', '$email', '$user_type', '$password')";
mysqli_query($db, $query);
$_SESSION['success'] = "Uspesno ste napravili nalog!!";
header('location: login.php');
}else{
$query = "INSERT INTO users (username, email, user_type, password)
VALUES('$username', '$email', 'user', '$password')";
mysqli_query($db, $query);
$logged_in_user_id = mysqli_insert_id($db);
$_SESSION['user'] = getUserById($logged_in_user_id);
$_SESSION['success'] = "Uspesno ste se prijavili";
header('location: login.php');
}
}
}
function getUserById($id){
global $db;
$query = "SELECT * FROM users WHERE id=" . $id;
$result = mysqli_query($db, $query);
$user = mysqli_fetch_assoc($result);
return $user;
}
function login(){
global $db, $username, $errors;
$username = e($_POST['username']);
$password = e($_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$logged_in_user = mysqli_fetch_assoc($results);
if ($logged_in_user['user_type'] == 'admin') {
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "Uspesno ste se prijavili";
header('location: pocetna.php');
}else{
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "Uspesno ste se prijavili";
header('location: pocetna.php');
}
}else {
array_push($errors, "Pogresno korisnicko ime ili lozinka");
}
}
}
function isLoggedIn()
{
if (isset($_SESSION['user'])) {
return true;
}else{
return false;
}
}
function isAdmin()
{
if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin' ) {
return true;
}else{
return false;
}
}
function e($val){
global $db;
return mysqli_real_escape_string($db, trim($val));
}
function display_error() {
global $errors;
if (count($errors) > 0){
echo '<div class="error">';
foreach ($errors as $error){
echo $error .'<br>';
}
echo '</div>';
}
}
?>`
I have this on top of page where I want to make restrict for normal users:
<?php if (isset($_SESSION['success'])) : ?>
<div class="error success" >
<h3>
<?php
echo $_SESSION['success'];
unset($_SESSION['success']);
?>
</h3>
</div>
<?php endif ?>
<div class="profile_info">
<div>
<?php if (isset($_SESSION['user'])) : ?>
<strong><?php echo $_SESSION['user']['username']; ?></strong>
<?php endif ?>
</div>
</div>
</div>
In your functions file, you are setting $_SESSION['user'] to the data from the database row for the user; this means you just have to check if $_SESSION['user']['user_type'] is admin or not.
So, it's simple, on the page you only want admins to see (at the top, below your functions.php call), do this:
if($_SESSION['user']['user_type'] != 'Admin') {
//could redirect page here
die('This page is not available to non-administrators.');
}
I noticed a couple of other issues in your login/register code.
1) NEVER use md5() for passwords, it's considered just as bad as plaintext. Instead, use password_hash() and password_verify() PHP functions.
2) Your mysql queries are at risk of SQL Injection attacks, you should convert these to parameterized queries.
PHP saying theres nothing in the boxes when I put stuff in.
Tried putting var_dump($_POST); die(); at the top of register.php and it showed what I put in the boxes
Not sure what's going on here.
Any help is appreciated. Thanks in advance.
I've spent a while trying to figure this out.
Will login work aswell?
Thanks,
Jon
functions.php
<?php
session_start();
// connect to database
$db = mysqli_connect(:-));
// variable declaration
$username = "";
$email = "";
$errors = array();
// call the register() function if register_btn is clicked
if (isset($_POST['register_btn'])) {
register();
}
// REGISTER USER
function register(){
// call these variables with the global keyword to make them available in function
global $db, $errors, $username, $email;
// receive all input values from the form. Call the e() function
// defined below to escape form values
$username = e($_POST['username']);
$email = e($_POST['email']);
$password_1 = e($_POST['password_1']);
$password_2 = e($_POST['password_2']);
// form validation: ensure that the form is correctly filled
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($email)) {
array_push($errors, "Email is required");
}
if (empty($password_1)) {
array_push($errors, "Password is required");
}
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// register user if there are no errors in the form
if (count($errors) == 0) {
$password = md5($password_1);//encrypt the password before saving in the database
if (isset($_POST['user_type'])) {
$user_type = e($_POST['user_type']);
$query = "INSERT INTO users (username, email, user_type, password)
VALUES('$username', '$email', '$user_type', '$password')";
mysqli_query($db, $query);
$_SESSION['success'] = "New user successfully created!!";
header('location: home.php');
}else{
$query = "INSERT INTO users (username, email, user_type, password)
VALUES('$username', '$email', 'user', '$password')";
mysqli_query($db, $query);
// get id of the created user
$logged_in_user_id = mysqli_insert_id($db);
$_SESSION['user'] = getUserById($logged_in_user_id); // put logged in user in session
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}
}
// return user array from their id
function getUserById($id){
global $db;
$query = "SELECT * FROM users WHERE id=" . $id;
$result = mysqli_query($db, $query);
$user = mysqli_fetch_assoc($result);
return $user;
}
// escape string
function e($val){
global $db;
return mysqli_real_escape_string($db, trim($val));
}
function display_error() {
global $errors;
if (count($errors) > 0){
echo '<div class="error">';
foreach ($errors as $error){
echo $error .'<br>';
}
echo '</div>';
}
}
function isLoggedIn()
{
if (isset($_SESSION['user'])) {
return true;
}else{
return false;
}
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['user']);
header("location: login.php");
}
if (isset($_POST['login_btn'])) {
login();
}
// LOGIN USER
function login(){
global $db, $username, $errors;
// grap form values
$username = e($_POST['username']);
$password = e($_POST['password']);
// make sure form is filled properly
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
// attempt login if no errors on form
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) { // user found
// check if user is admin or user
$logged_in_user = mysqli_fetch_assoc($results);
if ($logged_in_user['user_type'] == 'admin') {
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "You are now logged in";
header('location: admin/home.php');
}else{
$_SESSION['user'] = $logged_in_user;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
// ...
function isAdmin()
{
if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin' ) {
return true;
}else{
return false;
}
}
register.php
<?php
include('functions.php');
?>
<!DOCTYPE html>
<html>
<head>
<title>Register | Vex Radio</title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<div class="header">
<h2>Register</h2>
</div>
<form method="post" action="register.php">
<p><?php echo display_error(); ?></p>
<div class="input-group">
<label>Username</label>
<input type="text" name="username" value="<?php echo $username; ?>">
</div>
<div class="input-group">
<label>Email</label>
<input type="email" name="email" value="<?php echo $email; ?>">
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm password</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<button type="submit" class="btn" name="register_btn">Register</button>
</div>
<p>
Already a member? Sign in
</p>
</form>
</body>
</html>
PHP to save the items in a DB and allow me to login
This question already has answers here:
PHP parse/syntax errors; and how to solve them
(20 answers)
Closed 4 years ago.
I'am trying to create register/login system. However, I've faced some problems. I can't understand where's the mistake in my code.
Here's my server.php & register.php. Browser shows that mistake is in line 65. "Parse error: syntax error, unexpected ';'". In my opinion ; must be there.
<?php
session_start();
$username = "";
$email = "";
$errors = array();
// Connect to the database
$db = mysqli_connect('localhost', 'root', '', 'lead2pro');
// If the register button is clicked
if(isset($_POST['register'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db ,$_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
// Ensure that form fields are filled properly
if(empty($username)) {
array_push($errors, "Username is required!");
}
if(empty($email)) {
array_push($errors, "Email is required!");
}
if(empty($password_1)) {
array_push($errors, "Password is required!");
}
if($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}
// If there are no errors, save user to database
if(count($errors) == 0) {
$password = md5($password_1); // Hashin the password before storing in database
$sql = "INSERT INTO users (username, email, password) VALUES('$username', '$email', '$password')";
mysqli_query($db, $sql);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ../system.php'); // Redirect to game location
}
}
// log user in from login page
if(isset($_POST['login'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
// Ensure that form fields are filled properly
if(empty($username)) {
array_push($errors, "Username is required!");
}
if(empty(password)) {
array_push($errors, "Password is required!");
}
if(count($errors) == 0){
$password = md5($password); // Encrypt password before comparing this one with the one in database
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($db, $query);
$if (mysqli_num_rows($result) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ../system.php'); // Redirect to main page location
} else {
array_push($errors, "Wrong username/password combination");
header('location: ../php/login.php');
}
}
}
//logout
if(isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['username']);
header('location: ../php/login.php');
}
?>
Here's my register.php
<?php include('../includes/server.php');?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Manager | Register</title>
<link rel="stylesheet" href="../css/reg.css">
</head>
<body>
<div class="header">
<h2>Register</h2>
</div>
<!-- Display validation errors here! -->
<?php include('../includes/errors.php'); ?>
<form action="register.php" method="post">
<div class="input-group">
<label>Username</label>
<input type="text" name="username" value="<?php echo $username; ?>">
</div>
<div class="input-group">
<label>Email</label>
<input type="text" name="email" value="<?php echo $email; ?>">
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm Password</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<button type="submit" name="register" class="btn">Register</button>
</div>
<p>
Already a member? Sign in
</p>
</form>
</body>
</html>
The problem is on a different line:
$if (mysqli_num_rows($result) == 1) {
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: ../system.php'); // Redirect to main page location
}
That $ should not be there in front of the if.