I ran into another problem with my website that I can't get around.
I'm trying to make it so when the admin logs in he will be taken to the admin page but for some reason when I enter the correct details into the log in and press the submit button it just brings me back to the admin log in page again.
Here is a Gyazo of my problem
https://gyazo.com/34f133fea4b20ec285ee7ff491053145
<!DOCTYPE html>
<html lang="en" class="no-js">
<head>
<meta charset="UTF-8">
<title>Login</title>
<script src="https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js" type="text/javascript"></script>
<link href='https://fonts.googleapis.com/css?family=Ubuntu:400,700' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="https://s3-us-west-2.amazonaws.com/s.cdpn.io/148866/reset.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css">
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<body>
<main id="cd-main-content">
<section id="cd-intro">
<h1>Admin Log In</h1>
<header class="cd-header">
<?php
require('db.php');
session_start();
// If form submitted, insert values into the database.
if (isset($_POST['username'])){
// removes backslashes
$adminusername = stripslashes($_REQUEST['adminusername']);
//escapes special characters in a string
$adminusername = mysqli_real_escape_string($con,$adminusername);
$adminpassword = stripslashes($_REQUEST['adminpassword']);
$adminpassword = mysqli_real_escape_string($con,$adminpassword);
//Checking is user existing in the database or not
$query = "SELECT * FROM `admin` WHERE username='$adminusername'
and password='".md5($adminpassword)."'";
$result = mysqli_query($con,$query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if($rows==1){
$_SESSION['username'] = $adminusername;
// Redirect user to admin page /////////////////////////////////////////////////////////////////////
header("Location: adminpage.php");
}else{
echo "<div class='form'>
<h3>Username/password is incorrect.</h3>
<br/>Click here to <a href='admin.php'>Login</a></div>";
}
}else{
?>
<div class="form">
<form action="" method="post" name="login">
<input type="text" name="adminusername" placeholder="Username" required />
<input type="password" name="adminpassword" placeholder="Password" required />
<input name="submit" type="submit" value="Login" />
</form>
</div>
<?php } ?>
<a class="cd-menu-trigger" href="#main-nav">Menu<span></span></a>
</header>
<div class="cd-blurred-bg"></div>
</section> <!-- cd-intro -->
</main>
<div class="cd-shadow-layer"></div>
<nav id="main-nav">
<ul>
<li><span>Login</span></li>
<li><span>What's On</span></li>
<li><span>Favourites</span></li>
<li><span>About</span></li>
<li><span>Admin</span></li>
</ul>
Close<span></span>
</nav>
</body>
<script src='js/jquery.min.js'></script>
<script src="js/index.js"></script>
</body>
</html>
You are doing:
if (isset($_POST['username'])) {
//...
}
Try this
if (isset($_POST['adminusername'])) {
//...
}
As a note, I suggest you to try use a framework, like laravel.
first I would debug by var_dump($_POST) and see what you get. I would bet that since you dont have an ID set for the input value name it is not working. If anything checking for ISSET($_POST['username']) would never work because you do not have a vairable set for that name.
var_dump($_POST) and see what you get. If not add an ID='username' to the input
try this :-
if (isset($_POST['submit'])){
// rest of code...
}
Related
index.php
<?php session_start(); ?>
<?php include('dbcon.php'); ?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="form-wrapper">
<form action="#" method="post">
<h3>Login here</h3>
<div class="form-item">
<input type="text" name="user" required="required" placeholder="Username" autofocus required></input>
</div>
<div class="form-item">
<input type="password" name="pass" required="required" placeholder="Password" required></input>
</div>
<div class="button-panel">
<input type="submit" class="button" title="Log In" name="login" value="Login"></input>
</div>
</form>
<?php
if (isset($_POST['login']))
{
$username = mysqli_real_escape_string($con, $_POST['user']);
$password = mysqli_real_escape_string($con, $_POST['pass']);
$query = mysqli_query($con, "SELECT * FROM users WHERE password='$password' and username='$username'");
$row = mysqli_fetch_array($query);
$num_row = mysqli_num_rows($query);
if ($num_row > 0)
{
$_SESSION['user_id']=$row['user_id'];
header('location:home.php');
}
else
{
echo 'Invalid Username and Password Combination';
}
}
?>
</div>
</body>
</html>
Here is my page for login the system. When the username and password is then it will go to home pages. It work properly. but if I write in browser after log out.
localhost/logg/home.php it is automatically go to that pages it not asking for login. So How to make proper login page where it asking log or automatically it will go login panned for all the pages is that is connected with home page.
home.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Client Management System</title>
<link rel="stylesheet" type="text/css" href="css/style_entry.css" />
<link rel="stylesheet" type="text/css" href="css/home_menu.css" />
<link rel="stylesheet" type="text/css" href="css/container.css" />
</head>
<body style="background-color:gray"/>
<div class="container">
<div class="dropdown">
<button class="dropbtn">Entry</button>
<div class="dropdown-content">
Market Information
bank Information
Client Information
</div>
</div>
Edit
Bill Process
Bill Print
Bill Posting
Report
Admin
Help
Help
<li style="float:right"><a class="active" href="logout.php">Logout</a></li>
</body>
logout.php
<?php
session_start();
session_destroy();
header('location:index.php');
?>
How can I secure it ?? how can I set if I write the url in browser then it will automatically go to the login page.
1st : On top of every page you need to check session is exists or not . if session exists allow user to see the page otherwise redirect the page to login page .
if(!isset($_SESSION['user_id'])){
header('Location:login.php');
exit();
}
Note : Session is globally accessible variable . Based on that you need to make logic .
make a file 'login_check.php'
<?php
if(isset($_SESSION['user_id'])){
}else{
header("location:login.php");
}
?>
include this file in those pages which should only be accessible to logged in user.
index.php
<?php
require 'linessystem/connection.php';
$msg = "";
if (isset($_SESSION['username']) && !empty($_SESSION['username'])) {
if ($_SESSION['level']=='admin' or $_SESSION['level']=='user') {
header("location:linessystem/administrative/index.php");
}
if ($_SESSION['level']=='agent' && !empty($_SESSION['lang'])) {
if ($_SESSION['lang']=='ar') {header("location:linessystem/agent/ar/index.php");}
if ($_SESSION['lang']=='hr') {header("location:linessystem/agent/hr/index.php");}
if ($_SESSION['lang']=='en') {header("location:linessystem/agent/en/index.php");}
}
}
if (isset($_POST['username']) && !empty($_POST['username'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$query="select * from users where username='$username' AND password='$password'";
$result = mysqli_query($conn,$query) or die(mysql_error($conn));
$login = mysqli_num_rows($result);
$row = mysqli_fetch_assoc($result);
if($login>0){
$_SESSION['username'] = $username;
$_SESSION['lang']=$row['language'];
$_SESSION['agent_id']=$row['agent_id'];
$_SESSION['level']=$row['level'];
if (isset($_SESSION['username']) && !empty($_SESSION['username'])) {
if ($_SESSION['level']=='admin' or $_SESSION['level']=='user') {
header("location:linessystem/administrative/index.php");
}
if ($_SESSION['level']=='agent' && !empty($_SESSION['lang'])) {
if ($_SESSION['lang']=='ar') {header("location:linessystem/agent/ar/index.php");}
if ($_SESSION['lang']=='hr') {header("location:linessystem/agent/hr/index.php");}
if ($_SESSION['lang']=='en') {header("location:linessystem/agent/en/index.php");}
}
}
}else{$msg= ' <div align="center" style="color:red;font-weight: bold;font-size:15px;"> wrong username or password </div><br>';
}}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<!-- Bootstrap -->
<link href="assets/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="assets/css/login-style.css">
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div class="login-page">
<div class="form" align="center" >
<form class="login-form" method="post" action="index.php" id="loginid" >
<input type="text" name="username" required="" placeholder="username"
autocomplete="off">
<input type="password" name="password" required="" placeholder="password"
autocomplete="off ">
<p class="message"><?php echo $msg; ?></p>
<button>login</button>
</form>
</div>
</div>
</body>
</html>
I have an error in the server code of above one. I bought adomain and hosting and wh web siter is run already in other server but in this new hosting isnt run when it reserve the value but don't redirect me to the main page and the url of new hosting is http://www.quicklineltd.com.
where is the problem that I could not make it ?
User name is 2 and pass is 2.
Do you even make it into the if statement? Try an echo instead of header.
And did you use a session_start(); at the beginning of your php file?
Or did you include the file above inside another file wich already echo'd some output, because then header wont work either.
Or you should have to put a slash in front of the path, or even use a full url as in http://
Please use session_start(); at the beginning of the file. Without starting the session, the sessions used in the file will not work.
I am new to PHP and I am trying to develop a simple login system where it echoes a success message and redirects to a secure page and when details are wrong, it echoes an error message and reloads the login form.
I have been trying to for a while now and cannot figure it out, even though I have some functionality in terms of it directing to the correct page.
My database on PhpMyAdmin is correctly configured. Also, any help on sessions would be greatly appreciated.
PHP CODE:
<?php
$servername = "localhost";
$username = "root";
$password = "cornwall";
$con=mysqli_connect('localhost','root','cornwall','ibill');
// This code creates a connection to the MySQL database in PHPMyAdmin named 'ibill':
$username = $_POST['username'];
$password = $_POST['password'];
//These are the different PHP variables that store my posted data.
$login="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result=mysqli_query($con, $login);
$count=mysqli_num_rows($result);
//This is the query that will be sent to the MySQL server.
if($count==1)
{
header('Location: http://localhost/projects/ibill_v3/html/main.html#home');
exit();
}
//This checks the 'user_details' database for correct user registration details and if successful, directs to home page.
else {
header('Location: http://localhost/projects/ibill_v3/html/loginform.html');
echo "Wrong details";
exit();
}
//If login details are incorrect
/** Error reporting */
error_reporting(E_ALL);
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
?>
HMTL CODE
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1; minimum-scale=1;">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="stylesheet" href="http://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.min.css">
<link href="/projects/ibill_v3/css/mainstyles.css" rel="StyleSheet"/>
<link href="/projects/ibill_v3/css/loginform.css" rel="StyleSheet"/>
<script src="http://code.jquery.com/jquery-1.11.3.min.js"></script>
<script src="http://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.min.js"></script>
<script src="script.js"></script>
<script type='text/javascript' src="http://ajax.aspnetcdn.com/ajax/jquery.validate/1.11.1/jquery.validate.min.js"></script>
<script type='text/javascript'>
$(document).on('pageinit', function(){
$('.loginform').validate({ // initialize the plugin
// rules & options
});
});
</script>
</head>
<body>
<!--********************************LOGIN FORM PAGE**********************************************-->
<!--****************************************************************************************-->
<!--********************************HEADER**********************************************-->
<div data-role="page" id="loginform">
<div data-role="header" data-id="foo1" data-position="fixed">
<h1>Register</h1>
</div>
<!--********************************HEADER**********************************************-->
<!--********************************MAIN**********************************************-->
<div data-role="main" class="ui-content">
<img class="mainlogo" src="/projects/ibill_v3/img/ibill logo.png" alt="iBill Logo" width="250" height="190">
<h2>Sign in</h2>
<section class="loginform">
<form data-ajax="false" method="POST" action="loginform.php" >
<ul>
<li>
<label for="username">Username</label>
<input type="text" name="username" id="username" class="required" minlength="5" placeholder="enter username (min-5 characters)">
</li>
<li>
<label for="password">Password</label>
<input type="password" name="password" placeholder="enter password" minlength="6">
</li>
<div id="loginformbutton">
<button class='active' type='submit' value='submit'>Sign in</button>
</div>
<p>Don't have an account? Sign up!</p>
<div id="registerbutton">
Register
</div>
</ul>
</form>
</section>
</div>
<!--********************************MAIN**********************************************-->
<!--********************************FOOTER**********************************************-->
<div data-role="footer">
<footer class="footer">
<p>awilliams©</p>
</footer>
</div>
</div>
<!--********************************END OF LOGIN FORM PAGE**********************************************-->
<!--****************************************************************************************-->
</body>
...
else
{
header('Location: http://localhost/projects/ibill_v3/html/loginform.html');
echo "Wrong details";
exit();
}
The above is going to redirect before your echo statement is reached, so nothing will be displayed.
Secondly, the following line:
<form data-ajax="false" method="POST" action="loginform.php" > will not send any data back to your file containing the form if you're using echo statements. It is going to redirect to the loginform.php and will stay there if you do not explicitly redirect back the page with your form.
Instead, use:
<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?> as your form's action. And then include your loginform.php somewhere before the form in your HTML.
This is going to send data back to the form's file and replaces special characters to HTML entities (for security), it also allows you to use echo's or variables to return messages to the user.
loginform.php will need to check if specific inputs are posted:
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if($_POST['username'] && $_POST['password'])
{
//do work
}
}
Here is a basic php form tutorial to start you off: php tutorial
I think it's because your redirecting to the same page with no post. I didn't look through all the code, that is just my first stab at it
This will not appear on loginform.html:
echo "Wrong details";
Use something like:
$_SESSION['errorMessage'] = "Wrong details";
header('Location: http://localhost/projects/ibill_v3/html/loginform.html');
exit();
And then on loginform.html, add this code to display the error message:
if(isset( $_SESSION['errorMessage'])) echo $_SESSION['errorMessage'];
I'm currently using jQuery Mobile for my project. In my login page, I need to get the username and the password that the user input but every time i'm going to click the login button, it will display nothing. But when i tried to remove the cdn from jQuery mobile it works well, but the design is different.
Here's my code for my login page:
<!DOCTYPE html>
<?php
session_start();
?>
<html>
<head>
<!--CDN FROM JQUERY MOBILE-->
<meta name="viewport" content="width=device-width, initial-scale=1" charset="UTF-8">
<link rel="stylesheet" href="jquery.mobile-1.4.5.css">
<script src="jquery-1.11.2.js"></script>
<script src="jquery.mobile-1.4.5.js"></script>
<!--END-->
<title>Inhand Pinagkaisahan</title>
</head>
<body>
<div data-role="page">
<div data-role="header">
<h1>Inhand Pinagkaisahan</h1>
</div>
<div data-role="main" class="ui-content">
<form method="post" action="get.php">
<input type="text" name="uname" placeholder="Username" />
<input type="password" name="pword" placeholder="Password" />
<center><input type="submit">Login</center>
<center>Forgot Password</center>
<center><p>No account? Sign up or Learn more.</p></center>
</form>
</div>
<div data-role="footer">
<h1></h1>
</div>
</div>
</div>
</body>
</html>
I'm receiving this error:
Notice: Undefined index: uname in C:\xampp\htdocs\InhandPinagkaisahan\get.php on line 6
Notice: Undefined index: pword in C:\xampp\htdocs\InhandPinagkaisahan\get.php on line 7
And here is my php:
<?php
$con=mysql_connect('localhost','root','ADMIN') or die(mysql_error());
mysql_select_db('inhand') or die("cannot select DB");
<!--This is the part not is not working when ever i'm going to use the cdn, but when i comment out the cdn, it works properly.-->
$uname=$_POST['uname'];
$pword=$_POST['pword'];
<!--END-->
$query=mysql_query("SELECT * FROM user WHERE uname='$uname' AND pword='$pword'");
$numrows=mysql_num_rows($query);
if($numrows!=0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['uname'];
$dbpassword=$row['pword'];
}
if($uname == $dbusername && $pword == $dbpassword)
{
session_start();
$_SESSION['sess_user']=$uname;
/* Redirect browser */
header("Location: newsfeed.php");
} else {
echo "Invalid username or password!";
}
}
?>
I have a page which loads completely when it is on a local server i uploaded the site on the server and some of my pages won't load here is the example of my pages
should i do something more when it is on server?what is the common problems in this situations?
<?php include("includes/manager_session.php");?>
<?php require_once("includes/connection.php");?>
<?php
$message="";
if(isset($_POST['submit'])){
$uname= mysqli_real_escape_string($cnn,$_POST['uname']);
$pass= mysqli_real_escape_string($cnn,$_POST['pass']);
$hashed_pass=sha1($pass);
function redirect_to($location){
header('Location:'.$location);}
//checking for available users
$query="select manager_id,uname,hashed_pass from manager where uname='{$uname}' and hashed_pass='{$hashed_pass}'";
$result=mysqli_query($cnn,$query);
//if query returns a thing
if($result){
$num_rows = mysqli_num_rows($result);
//agar user peida shod
if($num_rows == 1){
$found_user=mysqli_fetch_array($result);
$_SESSION['manager_id']=$found_user['manager_id'];
$_SESSION['manager_pass']=$found_user['hashed_pass'];
redirect_to("manager_profile.php");
}
//useri peida nashod
else{
echo "can not find user";
redirect_to("manager_login.php");
}
}else{echo mysqli_error($cnn);}
}
?>
<html lang='fa'>
<head>
<meta charset="utf-8">
<title>
کیمیافکر
</title>
<link rel="stylesheet" type="text/css" href="stylesheets/login-form.css" />
</head>
<body>
<div id="wrapper">
<form name="login-form" class="login-form" action="" method="post">
<input type="text" name="uname"/>
<input type="pass" name="pass"/>
</div>
</body>
</html>
<?php
mysqli_close($cnn);
?>
all pages that has the session part comes up with nothing in it (on of the sessions) when it is online so what is the problem her am i missing something ?