$con = mysqli_connect('localhost', 'login', '*mypass*', 'login');
$check = "SELECT * FROM users";
$rs = mysqli_query($con, $check);
if(isset($_POST['submit'])) {
$username = strtolower($_POST['username']);
$password = hash('sha512', $_POST['password']);
if($username && $password){
while($data = mysqli_fetch_array($rs)){
if($username == $data[1]){
if($password == $data[2]){
session_start();
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
$exp = time() + (60*60*24*365);
setcookie('user', $username, $exp);
echo "test";
header("location: dash.php");
exit();
} else {
error("Incorrect Password");
}
}
}
} else {
error("Please insert your username and password");
}
}
In this code, the content of the if statement ( if($password == $data[2]) ) doesn't run correctly: only the echo function works, all the other doesn't!
Is there a solution to this issue?
I use PHP 7.0
POST:
echo "test"; was added only for testings purposes, the code doesn't work with or without it.
Looking at this part:
if($username && $password){
while($data = mysqli_fetch_array($rs)){
if($username == $data[1]){
if($password == $data[2]){
You should be careful when reading $data. Put simply, the $data array is indexed on a per-row basis starting from 0, so $data[1] and $data[2] refer to the entire second and third resultset rows, but you're not actually reading any result fields.
The right and cleaner way would be:
if($username && $password){
$data = mysqli_fetch_array($rs);
foreach ($data as $row)
{
$username = $row['field_name_with_username];
$password = $row['field_name_with_password];
... then whatever you need to do afterwards with those variables
}
If you rather stay away from the foreach looping, you can use while or for, but you need to define an interation counter (i.e. $i = 0; before entering the loop and $i++; just before the end of each iteration) and on each pass access $data[$i]['field_name_with_username'] and $data[$i]['field_name_with_password']
This is not an answer but something to try to check sessions are working.
Place the following code in its own file:
<?php
session_start();
if(isset($_SESSION['test_counter'])) {
$_SESSION['test_counter']++;
} else {
$_SESSION['test_counter'] = 1;
}
echo $_SESSION['test_counter'];
It should first display 1, and then increment the integer upon refresh.
Related
I'm taking the data from my database and trying to put them into the cookie using mysqli_fetch_assoc($result).
At the end the setcookie function doesn't work.
Here's my code:
<?php
if(!isset($_POST['remember']) && !isset($_COOKIE['ProfileData']))
{
session_start();
}
else if(isset($_POST['remember']))
{
$remember = $_POST['remember'];
}
if (!isset($_SESSION['ProfileData']) && !isset($_COOKIE['ProfileData']))
{
$username = $_POST['username'];
$password = $_POST['password'];
}
$birthday = "DATE_FORMAT(Birthday, '%d/%m/%Y')";
if (!isset($username) && !isset($_SESSION['ProfileData']) && !isset($_COOKIE['ProfileData']))
{
header("location: /login.php");
}
else if(isset($username))
{
$con = mysqli_connect('localhost','root','root','Signum','3306');
$sql = "SELECT Id, Name, Surname, $birthday, Genre, Username FROM MyTable WHERE Username = '$username' and Password = '$password'";
$result = mysqli_query($con,$sql);
if(isset($remember))
{
setcookie("ProfileData", mysqli_fetch_assoc($result), time()+(60*60*24*365));
}
else
{
$_SESSION['ProfileData'] = mysqli_fetch_assoc($result);
}
}
?>
You may serialize it using serialize function. Here is the line code changed:
setcookie("ProfileData", serialize(mysqli_fetch_assoc($result)), time()+(60*60*24*365));
When getting this value from cookie, you need use the unserialize function to convert to an array again.
this is the code that have 3 user, the code just running for 2 user,it's in condition idLogin=1 and idLogin=2, i don't know why in condition idLogin=3 it does't work .
<?php
error_reporting(E_ALL ^ (E_NOTICE | E_WARNING));
$username = $_POST['username'];
$password = $_POST['password'];
$login = $_POST['login'];
if (isset($login)) {
$mysqli = new mysqli("localhost", "root", "", "loginda");
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: " . $mysqli->connect_error;
}
$res = $mysqli->query("SELECT * FROM login where username='$username' and password='$password'");
$row = $res->fetch_assoc();
$idLogin = $row['id_login'];
$user = $row['username'];
$pass = $row['password'];
$type = $row['type_login'];
if ($user == $username && $pass = $password) {
session_start();
if ($idLogin == "1") {
$_SESSION['mysesi'] = $user;
$_SESSION['myid'] = $idLogin;
echo "<script>window.location.assign('admin.php')</script>";
} elseif ($idLogin == "2") {
$_SESSION['mysesi'] = $user;
$_SESSION['myid'] = $idLogin;
echo "<script>window.location.assign('index.php')</script>";
} elseif ($idLogin == "3") {
$_SESSION['mysesi'] = $user;
$_SESSION['myid'] = $idLogin;
echo "<script>window.location.assign('index2.php')</script>";
} else {
?>
this is code for index2.php
<?php
session_start();
if (!isset($_SESSION['mysesi']) && !isset($_SESSION['myid'])=='3')
{
echo "<script>window.location.assign('login.php')</script>";
}
?>
<!DOCTYPE html>
<html lang="en">
..........
</html>
I think error may be here...
if($user==$username && $pass=$password) // here is single `=` sign
It should be like as:
if($user==$username && $pass==$password) // double `==` for comparasion
I might be wrong, but I don't think that you can check bool isset for $S_SESSION['myid'], while checking its contents within the same if statement. I think you might have to check that the sessions are set first, then check the value of $_SESSION['myid'].
Try this:
if ((!isset($_SESSION['mysesi']) && !isset($_SESSION['myid'])) || $_SESSION['myid'] !='3')
{
echo "<script>window.location.assign('login.php')</script>";
}
You should also consider using PDO objects for MySQL interactions. And even more importantly, you need to sanitize your user inputs below using them in your MySQL Query, if you are going to use mysqli the way you that currently do.
Lastly, you should not be storing your passwords in plain text. There are a number of hashing algorithms available to hash passwords before storing them in your database. However PHP5.5 and up includes the password_hash function to make things easier for you.
I have a log in page.First, when the user enters the correct username and password he will move to managing page. But, I want to fetch his database information for another page. I mean I detect the username and password, then get other rows from that.
I know which I can use sessions, but session gives me one value and this is want I do not need.
<?php
if(isset($_POST['username'])){
if(isset($_POST['password'])){
$user_id = $_POST['username'];
$password = $_POST['password'];
$result = mysql_query("SELECT * FROM `users`");
while($row = mysql_fetch_array($result)){
$db_id = $row[0];
$db_user_id = $row["user_id"];
$db_user_pass = $row["user_pass"];
$db_user_type = $row["user_type"];
$db_user_name = $row["user_name"];
if($db_user_id == $user_id && $db_user_pass == $password && $db_user_type == "manager"){
header("Location: manager.php");
$_SESSION['currentmanager'] = $user_id;
}elseif($db_user_id == $user_id && $db_user_pass == $password && $db_user_type == "user"){
$_SESSION['currentuser'] = $user_id;
header("Location: users.php");
}elseif($db_user_id == $user_id && $db_user_pass == $password && $db_user_type == "teacher"){
$_SESSION['currentteacher'] = $user_id;
header("Location: teachers.php");
}
}
}
}
?>
$_SESSION['some_array'] = array(1,3,4);
as #u_mulder said.
Thanks.
im making a social networking website (i will not tell my full idea yet) and i cant get login verification to work.
This is my code:
mysql_connect("AHOST", "MYDATABASE", "PRIVACY");
mysql_select_db("u848966676_users");
$email = $_POST['email'];
$password = $_POST['code'];
$rs = mysql_query("SELECT * from `users` WHERE `email`='$email' LIMIT 1");
if(!$rs) die(mysql_error());
if(mysql_num_rows($rs) > 0) {
$active = 0;
while ($row=mysql_fetch_row($rs)) {
$rp = $row['password'];
$active = $row['active'];
if($password != $rp) {
die("<script>alert(\"Password is incorrect.$rp and $password\");</script>");
}
}
if($active === 0) {
echo "<script>alert(\"Account has not been verified.\");</script>";
} else {
$_SESSION['logged'] = true;
$_SESSION['email'] = $email;
header("Location: index.php");
}
} else {
echo "<script>alert(\"Account does not exist.\");</script>";
}
And my problem is that $rp is ""... its literally empty!
But on phpMyAdmin is shows my password...
:(
mysql_fetch_row returns a numeric array, so you should use mysql_fetch_assoc for an assoziative array.
The mysql_ extension is deprecated and will be removed in the future, you should use mysqli_ or (better) PDO if you dont want to change everything later on.
I replaced my mediocre mysql_* query system with PDO. However, my login script stopped working. It has to be a problem with fetching data, since my username passes, but my password does not.
CODE:
<?php
session_start();
include('config.php');
include('cipher.php');
$usercheck = $_POST["email"];
$passcheck = $_POST["pass"];
$stmt = $pdo->prepare('SELECT * FROM users WHERE email = :usercheck');
$stmt->execute(array(
':usercheck' => $usercheck
));
$num = $stmt->rowCount();
if ($num == 1) {
$bcrypt = new Bcrypt(15);
$record = $stmt->fetchAll();
$hash = $record['password'];
$isGood = $bcrypt->verify($passcheck, $hash);
if ($isGood == 1) {
$_SESSION['fname'] = $record['firstname'];
$_SESSION['lname'] = $record['lastname'];
$_SESSION['email'] = $record['email'];
$_SESSION['user'] = $record['email'];
$_SESSION['uid'] = $record['uid'];
$_SESSION['birthday'] = $record['birthday'];
$_SESSION['type'] = $record['pagetype'];
$_SESSION['backcolor'] = $record['backcolor'];
$_SESSION['barcolor'] = $record['barcolor'];
$_SESSION['activated'] = $record['activated'];
if ($_SESSION['activated'] == 0) {
$_SESSION['newemail'] = $record['email'];
unset($_SESSION['fname']);
unset($_SESSION['lname']);
unset($_SESSION['email']);
unset($_SESSION['user']);
unset($_SESSION['uid']);
unset($_SESSION['birthday']);
unset($_SESSION['type']);
unset($_SESSION['backcolor']);
unset($_SESSION['barcolor']);
header('Location: mustactivate.php');
} else {
if ($_SESSION['type'] == 1) {
header('Location: profile.php');
} else {
if ($_SESSION['type'] == 2) {
header('Location: mypage.php');
} else {
header('Location: setup.php');
}
}
}
} else
header('Location: login.php?error=badpass');
} else
header('Location: login.php?error=bademail');
?>
$record = $stmt->fetchAll();
$hash = $record['password'];
The fetchAll() method returns an array of rows. So there will not be any $record['password'].
Try var_dump($record) to show yourself what's in that variable.
To fix this, you could use $record[0]['password']. Or else you could fetch it with $stmt->fetch() if you just need one row.
Simply because fetchAll will return an array, so use $record[0] instead of $record directly ex: $record[0]['password']
or after $record = $stmt->fetchAll(); add $record = $record[0]; and leave all the rest to $record['field_name']