I have searched and tried all the suggestions but no luck. Can you help someone who has come back to php, found php7 and is a little confused?
I have code for a simple login; I have a confirmed connection to MySQL and have (finally) eradicated all errors - but when I complete the fields I get nothing: no error message, not a message saying my password is either wrong or not recognized, not a message to say the email is in the wrong format - nothing. I should get a print saying, "You are logged in. Please click here" with a hyperlink.
This is my code:
<?php
{
include_once 'mysqlconnect.php';
include_once 'functions.php';
$error = $user = $pass = "";
$query = "SELECT user,pass FROM password
WHERE user='$user' AND pass='$pass'";
if (mysqli_num_rows(queryMysqli($query)) == 0)
{
$error = "Username/Password invalid<br />";
}
else
{
echo ("You are now logged in. Please
<a href='C:\xampp/htdocs//xxxx/xxxc_member.php?view=$user'>click here</a>.");
}
}
?>
<form action='valid.php' method='POST'>
<fieldset>
<legend>Enter a password and email address</legend>
<p>Password : <input type='password' name='pass'></p>
<p>Email Address : <input type='text' name='user'></p>
</fieldset>
<p><input type='submit' ></p>
</form>
And this is the relevant function:
function querymysqli($query)
{
$con = #mysqli_connect('localhost', 'xxxxxx', '', 'xxxxxx');
{
$result = mysqli_query($con, $query) or die(mysqli_error());
return $result;
}
}
From this I am not getting any result. If someone could explain my error I would be very grateful - thank you.
It must be mysqli_query and not queryMysqli.
Related
I am learning PHP, and I'm busy with this tutorial over here:
https://www.youtube.com/watch?v=kebwxI1Bw88
I did everything according to the video and went over it 3 times, but my script isn't working... and I was wondering if anyone can help me figure out why? My code seems to be exactly like the guy's code on the video.
The video is about creating the login functionality for a forum. What happens with my script is.... It does what it's supposed to when I type in the WRONG user/pass combination (showing the message that it's supposed to show). But, when I type in the RIGHT user/pass combination... The file redirects to the index like it's supposed to... but it's still displaying the login form and not showing the "You are logged in as _ " message.
My Login Form on the index page:
if (!isset($_SESSION['uid'])) {
echo "<form action='login_parse.php' method='post'>
Username: <input type='text' name='username' />
Password: <input type='password' name='password' />
<input type='submit' name='submit' value='Log In'>
";
} else {
echo "<p>You are logged in as ".$_SESSION['username']." $bull; <a href='logout_parse.php'>Logout</a>";
}
My login_parse.php file:
session_start();
include_once("connect.php");
if (isset($_POST['username'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username='".$username."' AND password='".$password."' LIMIT 1";
$res = mysql_query($sql) or die (mysql_error());
if (mysql_num_rows($res) == 1) {
$row = mysql_fetch_assoc($res);
$_SESSION['uid'] = $row['id'];
$_SESSION['username'] = $row['username'];
header("Location: index.php");
exit ();
} else {
echo "Invalid login information. Please return to the previous page. ";
exit ();
}
}
Check if $_SESSION['uid'] has a value.
print_r($_SESSION);
to see all the values
This script below is what I'm using to check to see if the user name and password is in my database. This is fine, what I want is now to stay within the row that username and password is found in. In the same row under different columns is more information about the user. I would like to display some of this information in various divs. Not all of it. Examples of the columns other than Password and Email would be "FirstName" and "LastName"
There is also an "Id" column it would be great to be able to do something like "you are logged in, you are Id 10101 and then display FirstName and LastName from current Id.
<?
session_start();
//then do rest of the stuffs//
?>
<?php
if (!isset($_POST['submit'])){
?>
<!-- The HTML login form -->
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
Email: <input type="text" name="Email" /><br />
Password: <input type="password" name="Password" /><br />
<input type="submit" name="submit" value="Login" />
</form>
<?php
} else {
require_once("db_const.php");
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
# check connection
if ($mysqli->connect_errno) {
echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
exit();
}
$Email = $_POST['Email'];
$Password = $_POST['Password'];
$sql = "SELECT * from stores_db WHERE Email = '{$Email}' AND Password = '{$Password}' LIMIT 1";
$result = $mysqli->query($sql);
if (!$result->num_rows == 1)
{
echo "<p>Invalid Email or Password combination</p>";
}
else
{
$recordset = mysqli_fetch_array($result);
$temp_firstname=$recordset['FirstName'];
$temp_lasttname=$recordset['LastName'];
$temp_id=$recordset['Id'];
$_SESSION['user_id']=$temp_id;
header("location:homepage.php"); // direct to your page to show
}
}
?>
Code on homepage.php
<?php
session_start(); echo $_SESSION['user_id']; //to display the id of the logged in user
?>
$sql = "SELECT * from stores_db WHERE Email LIKE '{$Email}' AND Password LIKE '{$Password}' LIMIT 1";
$result = $mysqli->query($sql);
if (!$result->num_rows == 1)
{
echo "<p>Invalid username/password combination</p>";
}
else
{
echo "<p>Logged in successfully</p>";
$recordset = mysqli_fetch_array($result);
$temp_firstname=$recordset['FirstName'];
// storing firstname on a variable
$temp_lasttname=$recordset['LastName'];
$temp_id=$recordset['id'];
$_SESSION['user_id']=$temp_id;
header("location:homepage.php"); // direct to your page to show
}
After Doing this,
write
session_start();
echo $_SESSION['user_id']; //to diplay the id of the logged in user
in the page to be foolowed
"Headers already sent" means that your PHP script already sent the HTTP headers, and as such it can't make modifications to them now.Check that you don't send ANY content before calling session_start. Better yet, just make session_start the first thing you do in your PHP file (so put it at the absolute beginning, before all HTML etc).
<?
session_start();//at the top most
//then do rest of the stuffs//
?>
<?
session_start();
if (!isset($_POST['submit'])){
?>
<!-- The HTML login form -->
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
Email: <input type="text" name="Email" /><br />
Password: <input type="password" name="Password" /><br />
<input type="submit" name="submit" value="Login" onclick="" />
</form>
<?php
} else {
require_once("db_const.php");
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
# check connection
if ($mysqli->connect_errno) {
echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error} </p>";
exit();
}
$Email = $_POST['Email'];
$Password = $_POST['Password'];
$sql = "SELECT * from stores_db WHERE Email = '{$Email}' AND Password = '{$Password}' LIMIT 1";
$result = $mysqli->query($sql);
if (!$result->num_rows == 1)
{
echo "<p>Invalid Email or Password combination</p>";
}
else
{
$recordset = mysqli_fetch_array($result);
$temp_firstname=$recordset['FirstName'];
$temp_lasttname=$recordset['LastName'];
$temp_id=$recordset['Id'];
$_SESSION['user_id']=$temp_id;
$_SESSION['lastname']=$temp_lasttname;
$_SESSION['firstname']=$temp_firstname;
header("location:homepage.php"); // direct to your page to show
}
}
?>
Code on homepage.php
<?php
session_start(); echo $_SESSION['user_id']; //to display the id of the logged in user
?>
I am trying to make a log in page for my website and it's not letting me log in.
When I use the correct details, it just tells me that I'm using wrong username or password.
Why does this not log me in?
from common.inc.php
function logUserIn($username, $password) {
global $db, $site;
$out = false;
$sql = sprintf("SELECT * FROM wt_users WHERE username = :u");
$res = $db->prepare($sql);
if ($res->execute(array(':u'=> $username))) { // MySQL OK
$details = $res->fetch();
if ($details) { // Good username
if (md5($password) == $details['password']) { // good password - we're in!
$_SESSION['user'] = $details; // Overwrites whatever was there before, which is good
$_SESSION['user']['status'] = 'loggedin';
$out = true;
}
}
}
return $out;
}
from login.php
switch (#$_REQUEST['login']) {
case 'logout':
logUserOut();
$status = "You have successfully logged out";
break;
case 'Login':
if (logUserIn($_REQUEST['username'],$_REQUEST['password'])) {
$show = 'welcome';
} else {
$errors['username'] = 'Either your username or password was incorrect. Please try again';
$details['username'] = $_REQUEST['username'];
$details['password'] = $_REQUEST['password'];
}
break;
...
from the form
if ('form' == $show){
?>
<h3>Please log in</h3>
<form method='post' action='<?php echo $site['self']; ?>'>
<?php echo $errorBlock ?>
<table>
<tr><th>Username</th><td><input name='username' value='<?php echo $details['username'] ?>'/></td></tr>
<tr><th>Password</th><td><input name='password' type='password' value='<? php echo $details['password'] ?>'/></td></tr>
</table>
<input type='submit' name='login' value='Login'/>
<input type='submit' name='login' value='Cancel'/>
</form>
I can't see any errors at all. But it is not letting me log in, and it is the correct details from the database I'm using. I know md5 is totally insecure, but I'm just trying to go to basics to get it working. Anyone see any errors off the cuff though?
Thanks in advance.
So, I have the following code which is supposed to work as a login system. When I enter the details that are supposed to be entered, it still comes up with "Wrong details. Please try again". This is probably a stupid basic bug but I am not that fluent with PHP yet.
<?php
$dbc = mysqli_connect("hostaddress","user","pass") or
die("Could not connect to server". mysqli_connect_error());
mysqli_select_db($dbc, "dbname") or die("could not connect to the database");
//Check if the login form has been submitted;
if(isset($_POST["go"])) {
$addr = mysqli_real_escape_string($dbc, htmlentities($_POST["e_address"]));
$psw = SHA1 ($_POST["u_pass"]); //Using sha1() to encrypt passwords
//query to check if the email address and password match;
$q = "SELECT * FROM users WHERE address='$addr' AND pass='$psw'";
//run the query and store result;
$res = mysqli_query($dbc, $q);
//Make sure we have a positive result;
if($res = mysqli_query($dbc, $q)) {
//Start a session;
session_start();
//Creating a log session variable that will persist through pages;
$_SESSION["log"] = "in";
//Redirecting to restricted page;
header("location: restricted.php");
} else {
//Create an error message;
$error = "Wrong details. Please try again";
}
} //End isset go
?>
<form method="post" action="#">
<p><label for="e_address">Email Address:</label></p>
<p><input type="text" name="e_address" value="" placeholder="Email Address" maxlength="30"></p>
<p><label for="u_pass">Password:</label></p>
<p><input type="password" name="u_pass" value="" placeholder="Password" maxlength="12"></p>
<p><button type="submit" name="go">Log me in</button></p>
</form>
<!-- Error Displayer -->
<p><strong><?php if(isset($error)) { echo $error; } ?></strong></p>
try to start with session_start(); at first line
and try add after the query or die(__LINE__." ".mysqli_error($dbc))
and U can use the query without the password and check the password then with php
PLEASE dont comment on here telling me about my SQL injections, I already know :)...
Every time I use my login.html page (which is linked to the login.php file) the code generates the following message: 'Please enter a valid username and a password!'
The code was working fine earlier so i'm not sure what i have done wrong ...
The code is below :
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if ($username&&$password)
{
$connect = mysql_connect("localhost","user_ben","password") or die ("Couldn't Connect!");
mysql_select_db("user_phplogin"); //select database
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
if(mysql_num_rows($query))
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
// check to see if they match
if ($username==$dbusername&&$password==$dbpassword)
{
echo "Youre in! <a href='members.php'> Visit your user profile! </a>";
}
else
{
echo "Incorrect Password! <a href='login.html'> Return to login page</a>";
}
}
else
{
die("That user doesnt exist! <a href='login.html'> Return to login page</a>");
}
}
else
{
die("Please enter a valid username and a password! <a href='login.html'> Return to login page</a>");
}
?>
This is my form code...
<form action='login.php' method='submit'>
Username: <input type='text' name='username'/><br>
Password: <input type='password' name='password'/><br>
<input type='submit' value='Log In'/>
</form>
check like
if(!empty($username) && !empty($password))
it will check not empty also username and password is set
and
<form action='login.php' method='POST'>
since it default is GET (it mean if you dont type method it will be GET)
also you are using method="submit" there isn't any submit method
method (GET|POST) GET -- HTTP method used to submit the form--
w3 form:17.3 The FORM element
change
<form action='login.php' method='submit'>
to
<form action='login.php' method='POST'>
change
<form action='login.php' method='submit'>
to
<form action='login.php' method='POST'>
start login.php with this lines and answer:
<?php print_r($_POST);
and see what in the post