I have written This PHP code to for a login and a register page but, I don't know how it doesn't seem logical but it's not accepting some email it's while its accepting others. I don't know how is this even possible. I don't think is the apache server that I'm using because It wouldn't have accepted the other mails it accepted, I also tried restarting the server, Trying a different browser, I tried all that is to try. Please help.
<?php
session_start();
require_once "connect.php"
$con=#new mysqli($hn,$un,$pw,$db);
if($con->connect_error) die("Failed to connect to the database");
if (isset($_POST['register']))
{
$nam=$_POST['name'];
$sur=$_POST['sur'];
$email=$_POST['email'];
$pass=$_POST['pass'];
$cpass=$_POST['cpass'];
if ($nam!="" && $sur!="" && $email!="" && $pass!="" && $cpass!="")
{
if ($pass==$cpass)
{
$userinfo=sanitise($nam,$sur,$email,$pass);
if (validate($userinfo[0],$userinfo[1],$userinfo[2],$userinfo[3]))
{
if(dataentry($userinfo[0],$userinfo[1],$userinfo[2],$userinfo[3]))
{
echo "Account Create Successfully";
}
else
{
echo "Failed to Create the account, Please try again After Some Time";
}
}
}
else
{
echo "The Entered Password do not Match";
}
}
else
{
echo "Please fill all the fields";
}
}
if (isset($_POST['login']))
{
$id=$_POST['email'];
$pin=$_POST['lpass'];
$id=ucfirst(strtolower(stripslashes(strip_tags(htmlentities($id)))));
$pin=stripcslashes(strip_tags(htmlentities($pin)));
$pin=hash('ripemd128', $pin);
if (isuser($id))
{
if (verify($id,$pin))
{
$_SESSION['email']=$id;
header("Location:homepage.php");
}
else
{
echo "The Password And Email Do not Match";
}
}
else
{
echo "The Email Id is Not Registered";
}
}
function verify($email,$pass)
{
global $con;
$query="SELECT * FROM users WHERE email='$email' AND password='$pass'";
$result=$con->query($query);
$rows=$result->num_rows;
if ($rows==1)
{
return 1;
}
else
{
return 0;
}
}
function isuser($email)
{
global $con;
$query="SELECT * FROM users WHERE Email='$email'";
$result=$con->query($query);
$rows=$result->num_rows;
if ($rows==1)
{
return 1;
}
else
{
return 0;
}
}
function sanitise($name,$surname,$email,$password)
{
$name=ucfirst(strtolower(stripslashes(strip_tags(htmlentities($name)))));
$surname=ucfirst(strtolower(stripslashes(strip_tags(htmlentities($surname)))));
$email=ucfirst(strtolower(stripslashes(strip_tags(htmlentities($email)))));
$password=stripcslashes(strip_tags(htmlentities($password)));
$password=hash('ripemd128',$password);
return array($name,$surname,$email,$password);
}
function validate($name,$surname,$email,$password)
{
global $con;
$query="SELECT * FROM users WHERE email='$email'";
$result=$con->query($query);
$rows=$result->num_rows;
if ($rows==0)
{
return 1;
}
else
{
echo "Email Address is already in use";
}
}
function dataentry($name,$surname,$email,$password)
{
global $con;
$query="INSERT INTO users (Name,Surname,Email,Password) VALUES ('$name','$surname','$email','$password')";
$result=$con->query($query);
if ($result)
{
return 1;
}
else
{
return 0;
}
}
?>
Hey there is no Reason for some email Ids to get accepted and some not, try restarting your apache server that might help.
Also read more about SQL Injection, I know you must be working locally and not deploying this, but still its good to know about it.Peace
Related
Hi i need help to make a login check thourght db working anyone can say to me where is the error?
This is the code
if (!empty($_POST['user']) && !empty($_POST['password']))
{
$user=stripslashes(trim($_POST['user']));
$password=stripslashes(trim($_POST['password']));
mysql_connect("localhost","root","");
mysql_select_db("project");
$check=mysql_query("SELECT * FROM utenti WHERE nome='$user' AND password='$password'");
if(mysql_num_rows($check)!0)
{
$details=mysql_fetch_array($check);
$_SESSION['display_name']=$details[0];
$_SESSION['username']=$details[1];
$_SESSION['password']=$details[2];
print "Login succesful. <p> Level access: " . $details["type"] ;
}
else
{
print "Error";
}
}
else
{
print "Not all fields are compiled" ;
}
if ($details["type"] == "admin" )
{
$admn = 1;
}
else
{
$admn = 0;
}
I've no clue why is not working. Thanks in advance.
Change this:
if(mysql_num_rows($check)!0)
To This:
if(mysql_num_rows($check) != 0)
Our php Side full work in my localserver (Xamp-apach-5.5.6)
but hosting side no work(apach-5.2.17)
Please help me.
public function login($username,$password)
{
session_start();
if($username==!NULL AND $password==!NULL)
{
global $pdo;
$password=md5($password);
$query = $pdo->prepare("SELECT * FROM employee_list WHERE username='$username' AND userpass='$password'");
$query->execute();
$row=$query->rowCount();
if($row==0)
{
$this->massage->loginmass("<span class='text-danger'>YOUR USERNAME AND PASSWORD NO MATCH.</span>");
}
else
{
$result = $query->fetch();
if($result['active_enactive']=="Active")
{
$_SESSION['mafizusernamerahman'] = $result['username'];
$_SESSION['mafizuserpassrahman'] =$result['userpass'];
$_SESSION['mafizaccess_permissionrahman'] = $result['access_permission'];
$_SESSION['mafizactive_enactiverahman'] = $result['active_enactive'];
$_SESSION['mafiznamerahman'] = $result['name'];
$_SESSION['mafizemployment_idrahman'] = $result['employment_id'];
$_SESSION['mafizfather_namerahman'] = $result['father_name'];
$_SESSION['developer'] = "Mafizur";
if($_SESSION['mafizaccess_permissionrahman']=="Admin")
header("location:all-employee.php");
elseif($_SESSION['mafizaccess_permissionrahman']=="User")
{
if (empty($result['defaltpass'])) {
header("location:user-profile.php");
}
else
header("location:defaltchange-password.php");
}
}
else
$this->massage->loginmass("<span class='text-danger'>YOUR ACCOUNT SUSPEND.</span>");
}
}
else
$this->massage->loginmass("<span class='text-danger'>PLEASE FILL UP YOURUSER NAME AND PASSWORD.</span>");
}
You need to be careful while using relative URLs in Location redirects.
So, it will be better if you print absolute URLs in the headers instead of relative URLs.
https://en.wikipedia.org/wiki/HTTP_location
I have a CMS, I am creating a forgotten password page, the page will require a user to enter an email address and the code will find it in the database and send them an email, in my database, i have multiple users accounts assigned to one email address.
I want it so that if the user enters an email address and it was more than one account assigned to it, to error a message saying please contact your admin, but atm, it is not doing this. Any suggestions?
Here is my forgotten password page code:
if ($lookup) {
$user->sendPasswordResetEmail();
echo"sent email";
} elseif ($lookup) {
echo "please contact your admin";
}else{
$echo"Can't find user";
}
}
}else{
echo "please enter an email address";
}
}
I take the information from a different file, here is the snippet for the code where I take the database:
$resetsystem = $db->query($qry);
if ($resetsystem && $resetsystem->num_rows == 1) {
$that->setUserData($rs->fetch_assoc());
return true;
}
if ($resetsystem && $resetsystem->num_rows > 1) {
return;
}
return false;
}
update following code:
function lookupByEmail($userID) {
global $db;
$this->id = $userID; $qry = " SELECT user_id, user_first_name, user_last_name, user_username, user_email, user_suspended FROM cms_users WHERE user_email = " . $db->SQLString($this->id) . " AND user_deleted
= 0;";
$rs = $db->query($qry);
if ($rs && $rs->num_rows == 1) {
$this->setUserData($rs->fetch_assoc());
return 1;
}
if ($rs && $rs->num_rows > 1) {
return 2;
}
return 0;
}
and then where you are checking the $found variable do these updates
if ((int)$found == 1) {
$user->sendPasswordResetEmail();
$str_Message = '<div class="success_message">User found, an email has been dispatched to you.</div>';
} elseif ((int)$found > 1) {
$errors->defineError("too_many_users", "please contact your admin", array());
}else{
$errors->defineError("user_not_found", "The specified user could not be found. Please try again.", array());
}
I've to check whether the end user is admin or not, I've done right (I hope) but it fails to check. Here is what I'm using;
function checked_already($pid,$input)
{
global $db;
if ($mybb->user['usergroup'] != "4")
{
error_no_permission();
}
$query = $db->simple_select("users", "username", "uid='{$input}' OR username='{$input}'");
$user = $db->fetch_array($query);
if (!$user['username'])
{
echo "Nothing found!!";
exit;
}
}
But it fails to check if the end user is admin. :/ No error at all. What is missing here?
You've not used $mybb in global. Try this;
function checked_already($pid,$input)
{
global $db, $mybb;
if ($mybb->user['usergroup'] != "4")
{
error_no_permission();
}
$query = $db->simple_select("users", "username", "uid='{$input}' OR username='{$input}'");
$user = $db->fetch_array($query);
if (!$user['username'])
{
echo "Nothing found!!";
exit;
}
}
I know there are already quite a few articles on SE about "Warning: Missing argument 2 for" questions, although I couldn't really seem to find an answer (even after looking over all of the other questions several times).
First Error Set: http://i.stack.imgur.com/HTySO.png
Second Error Set: http://i.stack.imgur.com/wDwxm.png
(I tried posting as SE images, but since I'm new it wouldn't let me)
Those are the two errors I'm currently getting 20 times (I have 20 different fields for the database, it's a "profile" section).
I've spent the better half of two hours trying to figure out why it's not working but I'm clueless.
addProfile.php :
<?php
include('../includes/functions.php');
if(isset($_POST['submit'])) {
if(isset($_POST['profile_name'])) {
addProfile($_POST['profile_name']);
} else {
echo "Please Enter A Profile Name!";
include('manage_settings.php');
}
if(isset($_POST['profile_description'])) {
addProfile($_POST['profile_description']);
} else {
echo "Please Enter A Profile Description!";
include('manage_settings.php');
}
if(isset($_POST['first_name'])) {
addProfile($_POST['first_name']);
}
if(isset($_POST['last_name'])) {
addProfile($_POST['last_name']);
}
if(isset($_POST['company'])) {
addProfile($_POST['company']);
}
if(isset($_POST['office_phone'])) {
addProfile($_POST['office_phone']);
}
if(isset($_POST['cell_phone'])) {
addProfile($_POST['cell_phone']);
}
if(isset($_POST['fax_num'])) {
addProfile($_POST['fax_num']);
}
if(isset($_POST['email_addr'])) {
addProfile($_POST['email_addr']);
}
if(isset($_POST['website'])) {
addProfile($_POST['website']);
}
if(isset($_POST['motto'])) {
addProfile($_POST['motto']);
}
if(isset($_POST['street_addr'])) {
addProfile($_POST['street_addr']);
}
if(isset($_POST['city'])) {
addProfile($_POST['city']);
}
if(isset($_POST['state'])) {
addProfile($_POST['state']);
}
if(isset($_POST['zip'])) {
addProfile($_POST['zip']);
}
if(isset($_POST['country'])) {
addProfile($_POST['country']);
}
if(isset($_POST['facebook_url'])) {
addProfile($_POST['facebook_url']);
}
if(isset($_POST['places_url'])) {
addProfile($_POST['places_url']);
}
if(isset($_POST['twitter_url'])) {
addProfile($_POST['twitter_url']);
}
if(isset($_POST['linkedin_url'])) {
addProfile($_POST['linkedin_url']);
}
} else {
header("Location: manage_settings.php");
}
?>
functions.php :
<?php
include('connect.php');
function getProfiles() {
$query = mysql_query("SELECT * FROM global_profiles") or die(mysql_error());
if(mysql_num_rows($query) == 0) {
echo "<center><h3><b><u>No Profiles Currently Available</u></b></h3></center>";
} else {
while($profile = mysql_fetch_assoc($query)) {
echo "<tr><td><input type=\"checkbox\" /></td><td>" . $profile['profile_name'] . "</td><td>Coming Soon</td><td>" . $profile['profile_description'] . "</td><td>" . $profile['pid'] . "</td><td><img src=\"images/pencil.png\" alt=\"Edit\" /> <img src=\"images/cross.png\" alt=\"Delete\" /> <img src=\"images/hammer_screwdriver.png\" alt=\"Duplicate\" /></td></tr>";
}
}
}
function deleteProfile($pid) {
$pid = (int) $pid;
mysql_query("DELETE FROM global_profiles WHERE pid = '$pid'") or die(mysql_error());
header("Location: manage_settings.php");
}
function addProfile($pid, $profile_name, $profile_description, $first_name, $last_name, $company, $office_phone, $cell_phone, $fax_num, $email_addr, $website, $motto, $city, $state, $zip, $country, $facebook_url, $places_url, $twitter_url, $linkedin_url) {
$query = mysql_query("INSERT INTO global_profiles VALUES(null,'$profile_name','$profile_description','$first_name','$last_name','$company','$office_phone','$cell_phone','$fax_num','$email_addr','$website','$motto','$city','$state','$zip','$country','$facebook_url','$places_url','$twitter_url','$linkedin_url')") or die(mysql_error());
}
?>
What I'm trying to do is basically "save" new information to my database. I've been able to manually add it into the database via phpMyAdmin, then display the information inside my admin area.
Any assistance is much appreciated!
Modify your addProfile() to:
function addProfile($post) {
// Here check wether you have certain post array key set and add it to query
}
and use it as :
if(isset($_POST['profile_name'])) {
addProfile($_POST);
}