i want a create a congrats page ('congrats page')where users should be redirected to after submitting the form , even if they know the link to the 'congrats page' and they try accessing it without signning it should take them to a signup page
//signup.php (signup page)
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width
,initial-scale=1.0">
<link rel="stylesheet" type="text/css"
href="../css/signup.css">
<title></title>
</head>
<body>
<div id="container"> <!---------------------------- red------------------------------------------->
<div class="headerdiv">
<div class="imagediv">
</div>
</div>
<div id ="main">
<form action="../include/signup.inc.php" method="POST">
<input type="text" name="fname" placeholder="firstname">
<br>
<input type="text" name="lname" placeholder="lastname">
<br>
<input type="text" name="uname" placeholder="username">
<br>
<input type="email" name="email" placeholder="email">
<br>
<input type="password" name="pwd" placeholder="password">
<br>
<button type="submit" name="submit">submit</button>
</form>
</div>
</div>
</body>
</html>
<?php
if(isset($_POST['submit'])) {
include_once 'connect.php';
$fname = mysqli_real_escape_string($conn, $_POST['fname']);
$lname = mysqli_real_escape_string($conn, $_POST['lname']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$uname = mysqli_real_escape_string($conn, $_POST['uname']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
header("Location: ../php/signup.php?signup=email");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uname='$uname'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck > 0) {
header("Location: ../php/signup.php?signup=usertaken");
exit();
} else {
// hashing the password
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//Insert the user into the database
$sql = "INSERT INTO user (fname, lname, email, uname, pwd) VALUES ('$fname',
'$lname', '$email', '$uname', '$hashedPwd');";
mysqli_query($conn, $sql);
header("Location: ../php/congrats.php");
exit();
}
}
}
}
} else {
header("Location: ../php/signup.php");
exit();
}
//////////////////////////////
/// the congrats page ('congrats.php')
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width
,initial-scale=1.0">
<link rel="stylesheet" type="text/css"
href="../css/congrats.css">
<title></title>
</head>
<body>
<p>REGISTRATION SUCCESS</p>
</body>
</html>
<?php
//connection to data base
$servername = 'localhost';
$username = 'root';
$password = 'root';
$database = 'webz';
$conn = mysqli_connect($servername, $username, $password, $database);
i want a create a congrats page ('congrats page')where users should be redirected to after submitting the form , even if they know the link to the 'congrats page' and they try accessing it without signning it should take them to a signup page
Try PHP $_SESSION, which is an associative array contains all the session variables available to the current script. Set the session variable whenever user successfully logged into the application and check it where you want to restrict the user to access the page without login.
<?php
session_start();
// to set the session variable // for e.g; user_id
$_SESSION['user_id'] = ''; // valid user_id.
// check the session variable // for congrats page
if(!empty($_SESSION['user_id'])){
// congrats page
}else{
header('Location: http://www.example.com/signup');
}
// session_destroy(); // use when user logs out.
You may use $_SESSION to do the job.
After the user signs up, you store something to the $_SESSION variable.
e.g.
session_start();
//after sign up
$_SESSION['signedup']=1;
And at the congrats page, check the variable
session_start();
if($_SESSION['signedup']){
//show the page
}else{
header('Location: http://www.example.com/signup');
}
Related
I can't redirect to index.php page after login.
This happens on the website that I have deployed, but it doesn't happen on localhost (Can redirect to index.php).
I deploy website to Microsoft Azure and deploy database to freemysqlhosting.net(free).
I have tried the solutions here and here, but still can't redirect.
And here's the code login.php:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<title>Variant'C - Your Covid Solutions</title>
<link rel="icon" href="../images/logo.ico" type="image/x-icon">
<link rel="stylesheet" href="style.css"/>
</head>
<body>
<?php
require('db.php');
session_start();
// When form submitted, check and create user session.
if (isset($_POST['username'])) {
$username = stripslashes($_REQUEST['username']); // removes backslashes
$username = mysqli_real_escape_string($con, $username);
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($con, $password);
// Check user is exist in the database
$query = "SELECT * FROM `users` WHERE username='$username'
AND password='" . md5($password) . "'";
$result = mysqli_query($con, $query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if ($rows == 1) {
$_SESSION['username'] = $username;
// Redirect to user dashboard page
header("Location: index.php");
} else {
echo "<div class='form'>
<h3>Incorrect Username/password.</h3><br/>
<p class='link'>Click here to <a href='login.php'>Login</a> again.</p>
</div>";
}
} else {
?>
<form class="form" method="post" name="login">
<h1 class="login-title">Login</h1>
<input type="text" class="login-input" name="username" placeholder="Username" autofocus="true"/>
<input type="password" class="login-input" name="password" placeholder="Password"/>
<input type="submit" value="Login" name="submit" class="login-button"/>
<p class="link">New Registration</p>
</form>
<?php
}
?>
</body>
</html>
What's wrong? Is it the code or is it from the deployment?
Thank you in advance :)
I am new to PHP and was following a login_registration script the registration process works fine and the user is added to the database, however, when I try to log in it shows error I checked php.error log on wamp server and it says this,
PHP 1. {main}() C:\wamp64\www\php\login_register_system\login.php:0
Here is my code
connect.inc.php
<?php
//$conn_error = "could not connect";
$mysql_host= "localhost";
$mysql_user = "root";
$mysql_pass ="";
$mysql_db ="a_database";
$conn = mysqli_connect($mysql_host,$mysql_user,$mysql_pass,$mysql_db);
/*if(!mysqli_connect($mysql_host,$mysql_user,$mysql_pass) && !mysqli_select_db($mysql_db)){
die($conn_error);
}
*/
if(!$conn){
die("Connection failed: ". mysqli_connect_error());
}
?>
registration.php
<!DOCTYPE html>
<html>
<head>
<meta charset ="utf-8">
<title>Registartion</title>
<link rel ="stylesheet"href="style.css"/>
</head>
<body>
<?php
require "connect.inc.php";
if(isset($_REQUEST["username"])){
$username =stripslashes($_REQUEST["username"]);
$username =mysqli_real_escape_string($conn,$username);
$email =stripslashes($_REQUEST["email"]);
$email =mysqli_real_escape_string($conn,$email);
$password =stripslashes($_REQUEST["password"]);
$password =mysqli_real_escape_string($conn,$password);
$trn_date = date("Y-m-d H:i:s");
$query ="INSERT INTO `users2` (username,password,email,trn_date) VALUES('$username','".md5($password)."','$email','$trn_date')";
$result =mysqli_query($conn,$query);
if($result){
echo "<div class='form'>
<h3>You are registered succesfully</h3><br>
Click here to <a href='login.php'>Log in</a>
</div>";
}
}else{
?>
<div class="form">
<h1>Registration</h1>
<form name="registration" action ="registration.php" method="post">
<input type="text" name ="username" placeholder ="Username" required/>
<input type="text" name ="email" placeholder ="Email" required/>
<input type="password" name ="password" placeholder ="password" required/>
<input type="submit" type="submit" value="Register"/>
</form>
</div><!--form-->
<?php } ?>
</body>
</html>
login.php
<!DOCTYPE html>
<html>
<head>
<meta charset ="utf-8">
<title>Login</title>
<link rel ="stylesheet"href="style.css"/>
</head>
<body>
<?php
//ini_set('display_errors','1');
//error_reporting(E_ALL);
require "connect.inc.php";
session_start();
if(isset($_POST["username"])){
$username = stripslashes($_REQUEST["username"]);
$username = mysqli_real_connect($conn,$username);
$username = mysqli_real_escape_string($conn,$password);
$query ="SELECT * FROM `users` WHERE username ='$username' and password ='".md5($password)."' ";
$result =mysqli_query($conn,$query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if($rows==1){
$_SESSION["username"] = $username;
header("Location: index.php");
}else{
echo "<div class='form'>
<h3>Username/password is incorrect</h3><br>
Click here to <a href='login.php'>Login</a>
</div>";
}
}else{
?>
<div class="form">
<h1>Login </h1>
<form action="login.php" method="post" name="login">
<input type="text" name ="username" placeholder ="Username" required/>
<input type="passowrd" name ="password" placeholder ="password" required/>
<input type="submit" type="submit" value="Login"/>
</form>
</div>
<?php } ?>
</body>
</html>
logout.php
<?php
session_start();
if(session_destroy()){
header("Location: login.php");
}
?>
index.php
<?php
include("auth.php");
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Welcome home</title>
</head>
<body>
<div class="form">
<p>Welcome <?php echo $_SESSION["username"];?></p>
<p>This is secure area</p>
Logout
</div>
</body>
</html>
Any help will be highly appreciated. Thanks.
Do note this is just for learning the purpose. I know there are flaws but please be easy.
Just change this,
$username = stripslashes($_REQUEST["username"]);
$username = mysqli_real_connect($conn,$username);
$password =stripslashes($_REQUEST["password"]);
$password = mysqli_real_escape_string($conn,$password);
to the following,
$username = stripslashes($_REQUEST['username']);
$username = mysqli_real_escape_string($conn, $username);
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($conn, $password);
I hope you have only one user related to the entered credentials in the database. Hope this helps you!
thanks i got it resolved..problem was this line $query ="SELECT * FROM users WHERE username ='$username' and password ='".md5($password)."' "; in login.php..
correct should be this
$query ="SELECT * FROM `users2` WHERE username ='$username' and password ='".md5($password)."' ";
i was checking data in users table whereas i registered in users2 table..as i had many tables that created confusion
I'm trying to help out my friend with a problem consisting PHP and MySQL. It's been about 3-4 months since I've done PHP/MySQL at all, so I need some help identifying the problem. The following code produces the error informing the user that localhost has redirected too many times:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Login
</title>
<link rel="stylesheet" href="css/style.css" />
</head>
<body>
<?php
require('db.php');
session_start();
// If form submitted, insert values into the database.
if (isset($_POST['username'])){
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$username = mysql_real_escape_string($username);
$password = stripslashes($password);
$password = mysql_real_escape_string($password);
//Checking is user existing in the database or not
$md5pass = md5($passowrd);
$query = "SELECT * FROM `users` WHERE username='$username' and password='$md5pass'";
$result = mysql_query($query) or die(mysql_error());
$rows = mysql_num_rows($result);
if($rows==1){
$_SESSION['username'] = $username;
header("Location: index.php"); // Redirect user to index.php
}else{
echo "<div class='form'><h3>Username/password is incorrect.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
}
}else{
?>
<div class="form">
<h1>Log In
</h1>
<form action="" method="post" name="login">
<input type="text" name="username" placeholder="Username" required />
<input type="password" name="password" placeholder="Password" required />
<input name="submit" type="submit" value="Login" />
</form>
<p>Not registered yet?
<a href='registration.php'>Register Here
</a>
</p>
</div>
<?php } ?>
</body>
</html>
Yes, I do realize the security issues about the code. I will inform about those issues to my friend, but for now, I only want to figure out why the code is redirecting many times, while it should be redirecting only once.
I suspect that it's something related to the fact that the header() function is used after multiple outputs, or the php section isn't closed properly.
There was an if statement in index.php that contained a header() function that led back to the login page. It was basically a loop.
When i select my button in the form with the link to the processing page for the login it just returns a server error 500, i have not encountered this before and have had no luck on google.
Here is my HTML markup on the login page
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="styles.css">
<title>Administrator Login</title>
</head>
<body>
<div class="container">
<div class="header"><img src="IMAGES/LOGO.png" alt="Insert Logo Here" name="Insert_logo" width="" height="90" id="Insert_logo" style="background-color: #; display:block;" />
<!-- end .header --></div>
<div class="content">
<form action="loginProcess.php" method="post" class="loginForm">
<input type="text" id="username" name="username" placeholder="Enter Username" required>
<input type="password" id="password" name="password" placeholder="Enter Password" required>
<button type="submit" id="loginBTN" >Login</button>
</form>
</div>
</body>
</html>
And here is the code for my php process
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<?php
error_reporting(E_ALL); ini_set('display_errors', 1);
//stores the search data
$username = $_POST['username'];
$password = $_POST['password'];
//checks to see if it is empty or null
if(isset($username) && !empty($username) && (isset($password) && !empty($password))){
require('includes/dbconx.php');
//escapes all special characters that could break database
$pword = mysqli_real_escape_string($con, $password);
$uname = mysqli_real_escape_string($con, $username);
//searchq stores the cleaned up search data
//create a variable to store a wildcard SQL statement
$sql = mysqli_query($con, "SELECT * FROM login WHERE username = '%$uname%' AND password = '%$pword%' ");
}//end statement
//if no data is inserted it will putput this
else{
echo("Please enter Login details!");
//this will kill the connection
die;
}
//end else
$result = $con->query($sql);
//if it finds no matching data it informs the user and kills the DB connextion
if(mysqli_num_rows($result) == 0){
echo("<p>No record found or password doesn't match! </p>");
die;
}
else{
header('Location: adminPage.php');
?>
</body>
</html>
Here is my connection, this works for the other pages as it should this.
<?php
//connects to my music database
$con=mysqli_connect("localhost","root","root","music");
//if it fails to connect it outputs this with an error number
if(mysqli_connect_errno()) {
echo "failed to connet to MYSQL:".mysqli_connect_error();
}
?>
Got time for that Beer?
This query is incorrect, you use the % character only when using the LIKE syntax, so query should be
$sql = mysqli_query($con, "SELECT *
FROM login
WHERE username = '$uname'
AND password = '$pword' ");
If you format your code more consistantly it will also help in spotting errors.
And as in my answer to your last question, check for errors after all mysqli_ calls. During development it will save you much time, as thats when we developers make little bobo's
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// this would be better at the top of the script
require('includes/dbconx.php');
// why do 2 steps when one would do
// also you have not checked these actually exist
// until the IF that follows these 2 lines
//$username = $_POST['username'];
//$password = $_POST['password'];
// empty() does an isset already so you only need the empty()
if( !empty($username) && !empty($password)){
$pword = mysqli_real_escape_string($con, $_POST['password']);
$uname = mysqli_real_escape_string($con, $_POST['username']);
$sql = mysqli_query($con, "SELECT *
FROM login
WHERE username = '$uname'
AND password = '$pword'");
// always check status after mysqli_query and other calls
// and at least output the error message
if ( $sql === FALSE ) {
echo mysqli_error($con);
exit;
}
} else {
echo("Please enter Login details!");
die;
}
$result = $con->query($sql);
if(mysqli_num_rows($result) == 0){
echo("<p>No record found or password doesn't match! </p>");
die;
} else {
header('Location: adminPage.php');
// header Location: shoudl always be followed by an exit;
// as header does not stop execution
exit;
} // add missing closing bracket
?>
</body>
</html>
This question already has answers here:
How to fix "Headers already sent" error in PHP
(11 answers)
Closed 7 years ago.
My header location doesn't works, in my wampserver it works, when I put it in my server, it doesn't, any Ideas?
If I put a echo instead of the header, it works fine.
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
<link rel="stylesheet" href="css/login.css" />
</head>
<body>
<?php
require('db.php');
session_start();
// If form submitted, insert values into the database.
if (isset($_POST['username'])){
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$username = mysqli_real_escape_string($connection, $username);
$password = stripslashes($password);
$password = mysqli_real_escape_string($connection, $password);
$query = "SELECT * FROM `users` WHERE username='$username' and password='$password'";
$result = mysqli_query($connection, $query) or die(mysql_error());
$rows = mysqli_num_rows( $result);
if($rows==1){
$_SESSION['username'] = $username;
header("Location: welkom.php");
}else{
echo "<div id='cancel'><h3>Username/password is incorrect.</h3><br/>Click here to <a href='index.php'>try again</a></div>";
}
}else{
?>
<div id="login">
<div id="triangle"></div>
<h1>Log in</h1>
<form action="" method="POST" name="login">
<input type="text" name="username" placeholder="Username" required />
<input type="password" name="password" placeholder="Password" required />
<input name="submit" type="submit" value="login" />
</form>
</div>
<?php } ?>
</body>
</html>
If anything, make sure there is no output whatsoever before or after the location header and put a die() after it.... Your sessions_start() should also not work, because you already have output before the statement...
So your session start and your location header should preceed the HTML.
Take a look at what I changed:
<?php
require('db.php');
session_start();
// If form submitted, insert values into the database.
if (isset($_POST['username'])){
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$username = mysqli_real_escape_string($connection, $username);
$password = stripslashes($password);
$password = mysqli_real_escape_string($connection, $password);
$query = "SELECT * FROM `users` WHERE username='$username' and password='$password'";
$result = mysqli_query($connection, $query) or die(mysql_error());
$rows = mysqli_num_rows( $result);
if($rows==1){
$_SESSION['username'] = $username;
header("Location: welkom.php");
die();
}
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
<link rel="stylesheet" href="css/login.css" />
</head>
<body>
<?php
if($rows!=1){
echo "<div id='cancel'><h3>Username/password is incorrect.</h3><br />Click here to <a href='index.php'>try again</a></div>";
}else{
?>
<div id="login">
<div id="triangle"></div>
<h1>Log in</h1>
<form action="" method="POST" name="login">
<input type="text" name="username" placeholder="Username" required />
<input type="password" name="password" placeholder="Password" required />
<input name="submit" type="submit" value="login" />
</form>
</div>
<?php } ?>
</body>
</html>
You can't use header("Location: welkom.php"); where you are because headers have already been sent.
Either load all of the HTML in the page before that into a variable and then echo it once your code has come to that condition, or turn on Output Buffering.
Alternatively, re-order your code to check this condition and redirect before you send anything to the browser.
Remove this :
header("Location: welkom.php");
And try this :
echo '<script>window.location.href = "welkom.php";</script>' ;
Use full url in header location from i.e. header("Location: httP://yoursite.com/welkom.php");
that will work.