phpmyadmin I cannot delete an user - php

I wrote a code when a user clicks "delete" but it doesn't delete the account, only logs out, I tried searching on internet but nothing was found that helped me.
Here's the code:
<?php include('server.php');
session_start();
if (isset($_GET['delete'])) {
$query = "DELETE FROM `users` WHERE `username` = '$username', `password`='$password'";
mysqli_query($db, $query);
session_destroy();
unset($_SESSION['username']);
unset($_SESSION['password']);
unset($_SESSION['money']);
header("location: login.php");
}
?>
Is there any solutions to this code? should I use AND instead of comma, because it didn't work that way, maybe there's an mistake.
$query has the same code that was used on phpmyadmin and it was successful there.
Sorry about the server.php
Here is the code of it:
Also using md5 for encrypting passwords is not good idea, I probably need to change it.
Here is login.php where the first code came from (the register button is not programmed properly):
<?php include('server.php');
session_start();
if (isset($_GET['delete'])) {
$stmt = $db->prepare('DELETE FROM users WHERE username = ? AND password = ?');
$stmt->bind_param('ss', $_SESSION['username'], $_SESSION['password']); // 's' specifies the variable type => 'string'
$stmt->execute();
session_destroy();
unset($_SESSION['username']);
unset($_SESSION['password']);
unset($_SESSION['money']);
header("location: login.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<link rel="stylesheet" type="text/css" href="style.css">
<script>
function register() {
header("location: register.php");
}
</script>
</head>
<body>
</br>
</br>
</br>
</br>
</br>
</br>
</br>
</br>
<form method="post" action="login.php" align="center">
<?php include('errors.php'); ?>
<div class="input-group">
<label>Username</label>
<input type="text" name="username" >
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password">
</div>
<br/>
<div class="input-group">
<button type="submit" class="btn" name="login_user">Login</button>
</div>
<p></p></br>
<p>
<small class="input-group"> Not yet a member? </small> <button type="button" class="btn2" onclick="register()" name="register">Register</button>
</p>
</form>
</body>
</html>
This is register.php:
<?php include('server.php') ?>
<!DOCTYPE html>
<html>
<head>
<title>Registration system PHP and MySQL</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
</br></br></br></br></br></br></br>
<div class="header">
<h2>Register</h2>
</div>
<form method="post" action="register.php">
<?php include('errors.php'); ?>
<div class="input-group">
<label>Username</label>
<input type="text" name="username" value="<?php echo $username; ?>">
</div>
<div class="input-group">
<label>Email</label>
<input type="email" name="email" value="<?php echo $email; ?>">
</div>
<div class="input-group">
<label>Password</label>
<input type="password" name="password_1">
</div>
<div class="input-group">
<label>Confirm password</label>
<input type="password" name="password_2">
</div>
<div class="input-group">
<button type="submit" class="btn" name="reg_user">Register</button>
</div>
<p>
Already a member? Sign in
</p>
</form>
</body>
</html>
This is errors.php:
<?php if (count($errors) > 0) : ?>
<div class="error">
<?php foreach ($errors as $error) : ?>
<p><?php echo $error ?></p>
<?php endforeach ?>
</div>
<?php endif ?>
This is index.php:
<?php
session_start();
if (!isset($_SESSION['username'])) {
$_SESSION['msg'] = "You must log in first";
header('location: login.php');
}
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['username']);
unset($_SESSION['password']);
unset($_SESSION['money']);
header("location: login.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Home</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="content">
<!-- notification message -->
<?php if (isset($_SESSION['success'])) : ?>
<div class="error success" >
<h3>
<?php
echo $_SESSION['success'];
unset($_SESSION['success']);
?>
</h3>
</div>
<?php endif ?>
<!-- logged in user information -->
<?php if (isset($_SESSION['username'])) : ?>
<p>Welcome <strong><?php echo $_SESSION['username']; ?></strong></p>
<p> logout </p>
<p> delete </p>
<?php endif ?>
</div>
</body>
</html>

Without knowing what the content of server.php is, I can see a few error. First, your code is vulnerable for SQL Injections. There are several topics about this on SO, rather read that one here.
Starting with your code - $db,$username, $password are undefined. Guessing from the next lines, it has to be $_SESSION['username'] and $_SESSION['password'] instead.
Also, the SQL doesn't look valid to me, but that's one thing I am not sure about - according to my brain it should be
$stmt = $db->prepare('DELETE FROM users WHERE username = ? AND password = ?');
$stmt->bind_param('ss', $_SESSION['username'], $_SESSION['password']); // 's' specifies the variable type => 'string'
$stmt->execute();
Also I hope you don't store passwords in plaintext.

Related

I am beginner in PHP. I created a Database. How to display the data from database in PHP page?

I have created a Register.php page with name, email, password, gender, image and login page with name. When user registers it's getting successfully inserted to database. When user logins it just shows Welcome Username.
Now i want to get whole the registered data like name, email, password, gender, image to be displayed in the welcome.php page after user logins. How can i do it?
Following is my code.
Register.php
<?php
if(isset($_REQUEST['name']))
{
$con = mysqli_connect("localhost","root","","userdb");
$target= "images/".basename($_FILES['image']['name']);
$name= stripslashes($_REQUEST['name']);
$name= mysqli_real_escape_string($con,$name);
$email= stripslashes($_REQUEST['email']);
$email= mysqli_real_escape_string($con,$email);
$password= stripslashes($_REQUEST['password']);
$password= mysqli_real_escape_string($con,$password);
$gender= stripslashes($_REQUEST['gender']);
$gender= mysqli_real_escape_string($con,$gender);
$image= $_FILES['image']['name'];
$query= "INSERT INTO regtab(name,email,password,gender,image)VALUES('$name','$email','$password','$gender','$image')";
$result= mysqli_query($con,$query);
if($result){
echo"<div class = 'form'>Registered sucessfully.Click here to <a href = 'login.php'>Login</a></div>";
}
}
else
{
?>
<!DOCTYPE html>
<head>
<title>reg page</title>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<!-- jQuery library -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<!-- Latest compiled JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<div class="row top_margin">
<div class="col-xs-6 col-xs-offset-3">
<div class="panel panel-primary">
<div class="panel-heading">User Registration</div>
<div class="panel-body">
<form method="POST" action="" enctype="multipart/form-data">
<div class="form-group">
<label for="name"> Name</label>
<input type="text" class="form-control" id="name" name="name">
</div>
<div class="form-group">
<label for="email">Email</label>
<input type="email" class="form-control" id="email" name="email">
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" class="form-control" id="password" name="password">
</div>
<div class="form-group">
<label for="gender">Gender</label>
<input type="radio" id="gender" name="gender" value="male">Male
<input type="radio" id="gender" name="gender" value="female">Female
</div>
<div class="form-group">
<label for="email">Image</label>
<input type="file" class="" id="image" name="image">
</div>
<button type="submit" class="btn btn-primary" value=”registration_submit”>Submit</button>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
<?php
}
?>
</html>
login.php
<?php
if(isset($_REQUEST['name']))
{
session_start();
$con = mysqli_connect("localhost", "root", "", "userdb");
$name = stripslashes($_REQUEST['name']);
$name = mysqli_real_escape_string($con,$name);
$query = "SELECT * FROM `regtab` WHERE name='$name'";
$result = mysqli_query($con,$query);
$rows = mysqli_num_rows($result);
if($rows==1)
{
$name = $_SESSION['name'];
header("Location: welcome.php");
}
else
{
echo "<div class_class=form>username entered is wrong.Please enter correct name.<br><br>Click here to <a href ='login.php'>LOGIN</a><br> Click here to <a href ='test.php'>REGISTER</a></div>";
}
}
else
{
?>
<!DOCTYPE html>
<head>
<title>reg page</title>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<!-- jQuery library -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<!-- Latest compiled JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<div class="container">
<div class="row top_margin">
<div class="col-xs-6 col-xs-offset-3">
<div class="panel panel-primary">
<div class="panel-heading">User Login</div>
<div class="panel-body">
<form method="POST" action="" enctype="multipart/form-data">
<div class="form-group">
<label for="first_name"> Name</label>
<input type="text" class="form-control" id="name" name="name">
</div>
<button type="submit" class="btn btn-primary" value=”submit”>Submit</button>
</form>
</div>
</div>
</div>
</div>
</div>
<?php
}
?>
</body>
</html>
welcome.php
<?php
session_start();
$con = mysqli_connect( "localhost", "root", "", "userdb")or die(mysqli_error($con));
$query = "SELECT * FROM regtab" ;
$result = mysqli_query($con , $query)or die(mysqli_error($con));
$num = mysqli_num_rows($result);
echo "Welcome ";
echo $_SESSION['name'];
?>
You need to modify your code in the below way to get complete users data in welcome.php page but you need to modify your code to make it more secure. You need to use MD5 for storing your password. And you need to login with username and password instead of name. Most importantly, you need to gain more knowledge to make your code better. In the mean time, update below code that will help you getting data in welcome.php page.
login.php :
<?php
if(isset($_REQUEST['name']))
{
session_start();
$con = mysqli_connect("localhost", "root", "", "userdb");
$name = stripslashes($_REQUEST['name']);
$name = mysqli_real_escape_string($con,$name);
$query = "SELECT * FROM `regtab` WHERE name='$name'";
$result = mysqli_query($con,$query);
$rows = mysqli_num_rows($result);
if($rows==1)
{
$_SESSION['name'] = $name;
header("Location: welcome.php");
}
else
{
echo "<div class_class=form>username entered is wrong.Please
enter correct name.<br><br>Click here to <a href ='login.php'>LOGIN</a><br>
Click here to <a href ='test.php'>REGISTER</a></div>";
}
}
else
{
?>
<!DOCTYPE html>
<head>
<title>reg page</title>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href =
"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<!-- jQuery library -->
<script
src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js">
</script>
<!-- Latest compiled JavaScript -->
<script
src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js">
</script>
</head>
<div class="container">
<div class="row top_margin">
<div class="col-xs-6 col-xs-offset-3">
<div class="panel panel-primary">
<div class="panel-heading">User Login</div>
<div class="panel-body">
<form method="POST" action="" enctype="multipart/form-data">
<div class="form-group">
<label for="first_name"> Name</label>
<input type="text" class="form-control" id="name"
name="name">
</div>
<button type="submit" class="btn btn-primary"
value=”submit”>Submit</button>
</form>
</div>
</div>
</div>
</div>
</div>
<?php
}
?>
</body>
</html>
welcome.php :
<?php
session_start();
$con = mysqli_connect( "localhost", "root", "", "userdb")or
die(mysqli_error($con));
$query = "SELECT * FROM regtab where name = '".$_SESSION['name']."'" ;
$result = mysqli_query($con , $query)or die(mysqli_error($con));
$row = mysqli_fetch_assoc($result);
echo "Welcome ";
echo $_SESSION['name'];
echo "<br>";
echo "Email:".$row['email'];
echo "<br>";
echo "Password:".$row['password'];
echo "<br>";
echo "Gender:".$row['gender'];
echo "<br>";
echo "Image: <img src='images/".$row['image']."'>";
?>
Replace login.php and welcome.php with the above code, your users data will then start displaying in welcome.php page. But you need to follow standard to improve your code. Hope it helps!
In your login.php put the below code instead of $name=$_SESSION['name'];
$_SESSION['name']=$name;
Then on your welcome.php, you can access the current user by $_SESSION['name']. Now you have the current user and you can retrieve all the data of the current user from the db by using $query = "SELECT * FROM regtab where name = '".$_SESSION['name']."'" ;

Not getting "user error" message in php script

Sorry about the title. Didn't really know how to put it. But I'm open for suggestions so people who have a similar issue can find this topic easy.
I've made a simple login/registration script in php. The issue that I'm having is that "user messages" don't get displayed and I can't figure out what I'm doing wrong.
When I user registers he/she needs to confirm his/her email address.
Once this is done and the user login he/she should be redirected to the profile page...profile.php
But for some reason this doesn't work. Anyone knows why?
index.php
<?php
/* Main page with two forms: sign up and log in */
require 'db.php';
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Sign-Up/Login Form</title>
<?php include 'css/css.html'; ?>
</head>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
if (isset($_POST['login'])) { //user logging in
require 'login.php';
}
elseif (isset($_POST['register'])) { //user registering
require 'register.php';
}
}
?>
<body>
<div class="form">
<ul class="tab-group">
<li class="tab">Sign Up</li>
<li class="tab active">Log In</li>
</ul>
<div class="tab-content">
<div id="login">
<h1>Welcome Back!</h1>
<form action="index.php" method="post" autocomplete="off">
<div class="field-wrap">
<label>
Email Address<span class="req">*</span>
</label>
<input type="email" required autocomplete="off" name="email"/>
</div>
<div class="field-wrap">
<label>
Password<span class="req">*</span>
</label>
<input type="password" required autocomplete="off" name="password"/>
</div>
<p class="forgot">Forgot Password?</p>
<button class="button button-block" name="login" />Log In</button>
</form>
</div>
<div id="signup">
<h1>Sign Up for Free</h1>
<form action="index.php" method="post" autocomplete="off">
<div class="top-row">
<div class="field-wrap">
<label>
First Name<span class="req">*</span>
</label>
<input type="text" required autocomplete="off" name='firstname' />
</div>
<div class="field-wrap">
<label>
Last Name<span class="req">*</span>
</label>
<input type="text"required autocomplete="off" name='lastname' />
</div>
</div>
<div class="field-wrap">
<label>
Email Address<span class="req">*</span>
</label>
<input type="email"required autocomplete="off" name='email' />
</div>
<div class="field-wrap">
<label>
Set A Password<span class="req">*</span>
</label>
<input type="password"required autocomplete="off" name='password'/>
</div>
<button type="submit" class="button button-block" name="register" />Register</button>
</form>
</div>
</div><!-- tab-content -->
</div> <!-- /form -->
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script src="js/index.js"></script>
</body>
</html>
Login.php
<?php
/* User login process, checks if user exists and password is correct */
// Escape email to protect against SQL injections
$email = $mysqli->escape_string($_POST['email']);
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'");
if ( $result->num_rows == 0 ){ // User doesn't exist
$_SESSION['message'] = "User with that email doesn't exist!";
header("location: error.php");
}
else { // User exists
$user = $result->fetch_assoc();
if ( password_verify($_POST['password'], $user['password']) ) {
$_SESSION['email'] = $user['email'];
$_SESSION['first_name'] = $user['first_name'];
$_SESSION['last_name'] = $user['last_name'];
$_SESSION['active'] = $user['active'];
// This is how we'll know the user is logged in
$_SESSION['logged_in'] = true;
header("location: profile.php");
}
else {
$_SESSION['message'] = "You have entered wrong password, try again!";
header("location: error.php");
}
}
profile.php
<?php
/* Displays user information and some useful messages */
session_start();
// Check if user is logged in using the session variable
if ( $_SESSION['logged_in'] != 1 ) {
$_SESSION['message'] = "You must log in before viewing your profile page!";
header("location: error.php");
}
else {
// Makes it easier to read
$first_name = $_SESSION['first_name'];
$last_name = $_SESSION['last_name'];
$email = $_SESSION['email'];
$active = $_SESSION['active'];
}
?>
<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>Welcome <?= $first_name.' '.$last_name ?></title>
<?php include 'css/css.html'; ?>
</head>
<body>
<div class="form">
<h1>Welcome</h1>
<p>
<?php
// Display message about account verification link only once
if ( isset($_SESSION['message']) )
{
echo $_SESSION['message'];
// Don't annoy the user with more messages upon page refresh
unset( $_SESSION['message'] );
}
?>
</p>
<?php
// Keep reminding the user this account is not active, until they activate
if ( !$active ){
echo
'<div class="info">
Account is unverified, please confirm your email by clicking
on the email link!
</div>';
}
?>
<h2><?php echo $first_name.' '.$last_name; ?></h2>
<p><?= $email ?></p>
<button class="button button-block" name="logout"/>Log Out</button>
</div>
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script src="js/index.js"></script>
</body>
</html>
error.php
<?php
/* Displays all error messages */
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Error</title>
<?php include 'css/css.html'; ?>
</head>
<body>
<div class="form">
<h1>Error</h1>
<p>
<?php
if( isset($_SESSION['message']) AND !empty($_SESSION['message']) ):
echo $_SESSION['message'];
else:
header( "location: index.php" );
endif;
?>
</p>
<button class="button button-block"/>Home</button>
</div>
</body>
</html>
Use ob_start(); before outputting anything on your script. It looks like you become a victim of filled up output jars.
<?php
ob_start();
//Make sure you use ob_start() before any outputting anything.
//Rest of your code
?>
Suggestions: As mentioned in the comment too Please define a type of login button like type="submit" and last thing escape_string() won't save you from sql injection. Either use PDO or Prepared statement.

"Welcome user" on the same page without textboxes

I am very new at php and I'm trying to create a login div on the right side bar. Well it's seems to work but when I login it shows me:
user name [ textbox ]
password [ textbox ]
[ login button ]
welcome new2
Obviously, I'm not intrested of showing the textboxing and the login button because the user is already login.
Here is the code of the home page (templat.php):
<?php
session_start();
$db=mysqli_connect("localhost","root","","mydb");
?>
<!DOCTYPE html>
<html lang="he">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title><?php echo $title; ?></title>
<link rel="stylesheet" type="text/css" href="Styles/Stylesheet2.css" />
</head>
<body dir="rtl">
<div id="wrapper">
<div id="banner">
</div>
<nav id="navigation" dir="rtl">
<ul id="nav">
<li>home</li>
<li>topics</li>
<li>on us</li>
</ul>
</nav>
<!--
<div id="content_area">
<?php
//echo $content; ?>
</div>
-->
<div id="sidebar">
<div id="main-wrapper">
<center><h2>Login Form</h2></center>
<div class="imgcontainer">
<center>
<img src="images/avatar.png" width='60' height='60' alt="Avatar" class="avatar">
</center>
</div>
<form action="Template.php" method="post">
<div class="inner_container">
<label><b>Username</b></label>
<br/>
<input type="text" placeholder="Enter Username" name="username" required>
<br/>
<label><b>Password</b></label>
<br/>
<input type="password" placeholder="Enter Password" name="password" required>
<br/>
<button class="login_button" name="login"
type="submit">Login</button>
</div>
</form>
<?php
if(isset($_POST['login']))
{
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$password=md5($password); //Remember we hashed password before storing last time
$sql="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result=mysqli_query($db,$sql);
$row = mysqli_fetch_array($result);
$num = mysqli_num_rows($result);
if($num==1)
{
$_SESSION['message']="You are now Loggged In";
$_SESSION['username']=$username;
$id=$row['id'];
$_SESSION['id']=$id;
?>
<div id="main-wrapper">
<center><h3>Welcome <?php echo $_SESSION['username']; ?></h3></center>
<form action="Template.php" method="post">
<div class="imgcontainer">
<img src="images/avatar.png" alt="Avatar" width='60' height='60' class="avatar">
</div>
<div class="inner_container">
<button class="logout_button" type="submit">Log Out</button>
</div>
</form>
</div>
<?php
}
else
{
$_SESSION['message']="Username and Password combiation incorrect";
}
}
?>
</br>
</div>
</div>
<footer>
<p>aaa</p>
</footer>
</div>
</body>
</html>
update : logout.php:
<?php
session_start();
session_destroy();
unset($_SESSION['username']);
$_SESSION['message']="You are now logged out";
header("Location:login.php");
?>
You need to check if user is already logged in. You can check if $_SESSION['username'] is empty or not.
Update your login form like that:
<?php if(!isset($_SESSION['username'])) { ?>
<form action="Template.php" method="post">
<div class="inner_container">
<label><b>Username</b></label>
<br/>
<input type="text" placeholder="Enter Username" name="username" required>
<br/>
<label><b>Password</b></label>
<br/>
<input type="password" placeholder="Enter Password" name="password" required>
<br/>
<button class="login_button" name="login"
type="submit">Login
</button>
</div>
</form>
<?php }; ?>

HTML not showing after PHP

I'm currently trying to finetune a login script, only I have one small issue- the HTML isn't showing. I tried to put the HTML in front of the PHP, but the
session_start(); depends on the fact that it's at the top, so if I put the HTML before the PHP, the HTML renders, but the PHP is invalid. This is normal- however, the fact that the HTML doesn't show isn't.
Just to clarify, this is a .php document.
FULL CODE:
<?php
ob_start();
session_start();
require_once 'dbconnect.php';
// it will never let you open index(login) page if session is set
if ( isset($_SESSION['user'])!="" ) {
header("Location: home.php");
exit;
}
if( isset($_POST['btn-login']) ) {
$email = $_POST['email'];
$upass = $_POST['pass'];
$email = strip_tags(trim($email));
$upass = strip_tags(trim($upass));
$password = hash('sha256', $upass); // password hashing using SHA256
$res=mysql_query("SELECT userId, userName, userPass FROM users WHERE userEmail='$email'");
$row=mysql_fetch_array($res);
$count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row
if( $count == 1 && $row['userPass']==$password ) {
$_SESSION['user'] = $row['userId'];
header("Location: home.php");
} else {
$errMSG = "Wrong Credentials, Try again...";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login & Registration System</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<link rel="stylesheet" href="http://demos.codingcage.com/signup-login/style.css" type="text/css" />
</head>
<body>
<div class="container">
<div id="login-form">
<form method="post" autocomplete="off">
<div class="col-md-12">
<div class="form-group">
<h2 class="">Sign In.</h2>
</div>
<div class="form-group">
<hr />
</div>
<?php
if ( isset($errMSG) ) {
?>
<div class="form-group">
<div class="alert alert-danger">
<span class="glyphicon glyphicon-info-sign"></span> <?php echo $errMSG;
?>
</div>
</div>
<?php
}
?>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span></span>
<input type="email" name="email" class="form-control" placeholder="Your Email" required />
</div>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
<input type="password" name="pass" class="form-control" placeholder="Your Password" required />
</div>
</div>
<div class="form-group">
<hr />
</div>
<div class="form-group">
<button type="submit" class="btn btn-block btn-primary" name="btn-login">Sign In</button>
</div>
<div class="form-group">
<hr />
</div>
<div class="form-group">
Sign Up Here...
</div>
</div>
</form>
</div>
</div>
</body>
</html>
put this at the top..
error_reporting(E_ALL);
ini_set('display_errors', 1);
and it will tell you what the error is so people on stack overflow don't have to guess..
also, mysql_* functions are deprecated. if you want to get hacked, that's cool. if not, maybe look into PDO instead.
EDIT
I can't comment on the other answer yet so I'll just say here that isset returns a boolean. Comparing a boolean to an empty string with == has the exact same effect as comparing it with false ...this is unconventional, but it's not incorrect and it's certainly not causing any kind of error.
Proof: https://3v4l.org/vr8UU
The other answer is wrong.
if (isset($_SESSION['user'])!="" ) { this is not how isset() works.
Use: if (isset($_SESSION['user'])) { instead.
http://php.net/manual/en/function.isset.php
And remove the exit. It isn't necessary at this place.

How to make log in page PHP work with Session.

Okay, So I have this log in page here all I want it to do is log me in and send me too "index.php". I know my email is correct and the password and everything is good. it all works it just stays on the same page though instead of actually sending me to "index.php". Im new to php and it is probably something stupid but any help would be greatly appreciated. Please and Thank you! :)
<link rel="stylesheet" href="styles.css" />
<?php
session_start();
if(isset($_SESSION['usr_id'])!="") {
header("Location: index.php");
}
include_once 'dbconnect.php';
//check if form is submitted
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and password = '" . md5($password) . "'");
if ($row = mysqli_fetch_array($result)) {
$_SESSION['usr_id'] = $row['id'];
$_SESSION['usr_name'] = $row['name'];
header("Location: index.php");
$successmsg = "SWEET YOU'RE IN!";
//echo "success";
} else {
$errormsg = "Incorrect Email or Password!!!";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>PHP Login Script</title>
<meta content="width=device-width, initial-scale=1.0" name="viewport" >
<link rel="stylesheet" href="css/bootstrap.min.css" type="text/css" />
</head>
<body>
<div class="container-fluid">
<!-- add header -->
<div class="navbar-header">
</div>
<!-- menu items -->
<div class="collapse navbar-collapse" id="navbar1">
<ul class="navbar">
<li class="active">Login</li>
<li>Sign Up</li>
</ul>
</div>
</div>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4 well">
<form role="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="loginform">
<fieldset>
<legend>Login</legend>
<div class="form-group">
<label for="name">Email</label>
<input type="text" name="email" placeholder="Your Email" required class="form-control" />
</div>
<div class="form-group">
<label for="name">Password</label>
<input type="password" name="password" placeholder="Your Password" required class="form-control" />
</div>
<div class="form-group">
<input type="submit" name="login" value="Login" class="btn btn-primary" />
</div>
</fieldset>
</form>
<span class="text-danger"><?php if (isset($errormsg)) { echo $errormsg; } ?></span>
<span class="text-success"><?php if (isset($successmsg)) { echo $successmsg; } ?></span>
</div>
</div>
</div>
</body>
</html>
Where you have this:
if(isset($_SESSION['usr_id'])!="") {
You want this:
if(isset($_SESSION['usr_id']) && $_SESSION['usr_id'] != "") {
Note that what's in $_SESSION['usr_id'] will be the id column from your database. It's not clear from context if such a column exists, so perhaps double check that there really is a value there before the initial redirect (i.e., just after checking the credentials).
Side note: don't use MD5() to hash passwords. MD5 isn't as secure as you'd want a password hash to be.

Categories