I am new on PHP and I trying to make a simple login system. I want that when i login, if I submit incorrect information system gives validation error and if I submit true info I want to get email or name in profile blade.
Like hello $user!!!
Login page
<html>
<title>Login Form</title>
<body>
<div class="container">
<form class="" method="post">
<label for="email">Enter Your Email</label>
<input type="text" name="email"> <br/>
<label for="password">Enter Your Password</label>
<input type="password" name="pass"><br/>
<input type="submit" value="Login" name="submit">
</form>
</div>
</body>
</html>
<?php
if(isset($_POST['submit'])){
$email=$_POST['email'];
$pass=$_POST['pass'];
if(($email=="cagri#vargonen.com") && ($pass=="1234")){
header()
}
else{
echo "Invalid username/password";
}
}
?>
In login page, I tried;
<?php
$email = $_POST['email'];
$password = $_POST['pass'];
if($email == 'cagri#vargonen.com' && $password == '1234'){
echo "Welcome Çağrı Uğurel";
}
else{
echo "Your email or password incorrect";
}
?>
Can you please help me where is my mistake?
You need to use session_start() to get username or other temp variables.
<?php
session_start();
if (isset($_POST["submit"])) {
$username = $_POST["username"];
$password = $_POST["password"];
$actualuser = "cagri#vargonen.com";
$actualpass = "1234";
if (($email == $actualuser) && ($pass == $actualpass)) {
$_SESSION["username"] = $username;
header("location:somepage.php");
} else {
echo "Username or Password isn't matched.";
}
}
?>
And if login is succeed, username goes to session variable which means you can use that variable during the session.
somepage.php
<?php
session_start();
?>
<html>
<title>User Page</title>
<body>
<p><?php echo $_SESSION["username"];?> </p>
</body>
</html>
I suggest you to use ajax method for kind of these.
EDIT:
Here is real-life example from my previous project.
index.php
<div class="modal fade" id="loginmodal" role="dialog" data-backdrop="static">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header" style="padding:35px 50px;">
<button type="button" class="close" data-dismiss="modal">×</button>
<h1> Giriş yap</h1>
</div>
<div class="modal-body" style="padding:40px 50px;">
<form role="form" method="post" action="index.php">
<div class="form-group">
<label for="usrname"><span class=""></span> Kullanıcı Adı</label>
<input type="text" pattern="[a-z]*"class="form-control" id="usrname" name="username" placeholder="Yetkili veya normal kullanıcı adı giriniz" required>
</div>
<div class="form-group">
<label for="psw"><span class=""></span> Şifre</label>
<input type="password" class="form-control" id="psw" name="password" placeholder="Şifre" required>
</div>
<button type="submit" class="btn btn-success btn-block" name="login"><span class=""></span> Giriş</button>
</form>
</div>
logincheck.php
<?php
if(isset($_POST["login"])){
$username = $_POST["username"];
$password = $_POST["password"];
$query = $db->prepare("select * from users where username=:username AND password=:password");
$query->execute(array(
':username' => $username,
':password' => $password
));
$r = $query->fetch();
$count = $query->rowCount();
if($count > 0 && $r["rank"] > 0) {
$_SESSION["username"] = $username;
$_SESSION["rank"] = $r["rank"];
header("location:project.php");
}
}
?>
userpage.php
<ul class="nav navbar-nav navbar-right">
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#"> <?php echo $_SESSION["username"];?> <span class="caret">
</span></a>
<ul class="dropdown-menu">
<li>Çıkış yap</li>
</ul>
</li>
</ul>
Hope, this is help!
Add semicolon here header();
<html>
<title>Login Form</title>
<body>
<div class="container">
<form class="" method="post">
<label for="email">Enter Your Email</label>
<input type="text" name="email"> <br/>
<label for="password">Enter Your Password</label>
<input type="password" name="pass"><br/>
<input type="submit" value="Login" name="submit">
</form>
</div>
</body>
</html>
<?php
if(isset($_POST['submit'])){
session_start();
$email=$_POST['email'];
$pass=$_POST['pass'];
if(($email=="cagri#vargonen.com") && ($pass=="1234")){
$_SESSION['user'] = array('email'=>$email);
echo 'Hello '.$_SESSION['user']['email'].'...!';
}
else{
echo "Invalid username/password";
}
}
?>
Related
I have two files
functions.php
<?php
include 'config.php';
function signup(){
if (isset($_POST['submit'])) {
$uname = $_POST['uname'];
$email = $_POST['email'];
$password = $_POST['password'];
$cpassword = $_POST['cpassword'];
if($password == $cpassword) {
$hash = md5($password);
$insert = "INSERT INTO `users`(`user_name`, `email`, `password`) VALUES ('$uname','$email','$hash')";
$result = mysqli_query($con, $insert);
if ($result) {
echo '<script>alert("Your account has been successfully created.")</script>';
}
}
else {
echo '<script>alert("Passwords do not match!")</script>';
}
}
}
?>
signup.php
<?php
include 'functions.php';
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- ===== Iconscout CSS ===== -->
<link rel="stylesheet" href="https://unicons.iconscout.com/release/v4.0.0/css/line.css">
<!-- ===== CSS ===== -->
<link rel="stylesheet" href="css/credential.css">
<title>Sing Up</title>
</head>
<body>
<div class="container">
<div class="forms">
<div class="form signup">
<span class="title">Sign Up</span>
<form method="POST" action="functions.php">
<div class="input-field">
<input type="text" name="uname" placeholder="Enter your full name" required>
<i class="uil uil-user"></i>
</div>
<div class="input-field">
<input type="email" name="email" placeholder="Enter your email" required>
<i class="uil uil-envelope icon"></i>
</div>
<div class="input-field">
<input type="password" class="password" name="password" placeholder="Create a password" required>
<i class="uil uil-lock icon"></i>
</div>
<div class="input-field">
<input type="password" class="password" name="cpassword" placeholder="Confirm a password" required>
<i class="uil uil-lock icon"></i>
<i class="uil uil-eye-slash showHidePw"></i>
</div>
<div class="checkbox-text">
<div class="checkbox-content">
<input type="checkbox" id="termCon">
<label for="termCon" class="text">I accepted all Terms and Conditions, Privacy Policy and Cookie Policy</label>
</div>
</div>
<div class="input-field button">
<input type="submit" value="Sign Up" name="submit">
</div>
</form>
<div class="login-signup">
<span class="text">Already have an account?
Login Now
</span>
</div>
</div>
<div class="form login">
<span class="title">Login</span>
<form action="#">
<div class="input-field">
<input type="email" placeholder="Enter your email" required>
<i class="uil uil-envelope icon"></i>
</div>
<div class="input-field">
<input type="password" class="password" placeholder="Enter your password" required>
<i class="uil uil-lock icon"></i>
<i class="uil uil-eye-slash showHidePw"></i>
</div>
<div class="checkbox-text">
<div class="checkbox-content">
<input type="checkbox" id="logCheck">
<label for="logCheck" class="text">Remember me</label>
</div>
Forgot password?
</div>
<div class="input-field button">
<input type="submit" value="Login" name="submit">
</div>
</form>
<div class="login-signup">
<span class="text">Don't have an account?
Signup Now
</span>
</div>
</div>
</div>
</div>
<script src="js/credential.js"></script>
</body>
</html>
I want something like this...
when I click on <input type="submit" of signup the signup() function from functions.php should work. But I don't know how to do it.
If I remove function signup(){} from functions.php and try without function then in url signup.php is replaced by functions.php and page is blank and no data is inserted in mysql localhost.
In 'config.php' file
<?php
$con = mysqli_connect("localhost","root","","get-viewed");
?>
Database name, Table name and field name are perfect I have double checked it.
The form action correctly point to function.php and the webserver execute it.
The result is blank because nothing in function.php get executed.
you defined function signup() but you don't call it
add signup(); as last code line, just before php closing tag ?>
Note 1: you can extract the code from the signup function, since it does not add any advantage.
Note 2: if the php closing tag is the last code line in the file (no html follow) you should omit, it is a good practice to avoid unwanted output.
This is a must once you start to use frameworks, otherwise header errors will popup
Thanks for helping me I have solved my question.
I updated functions.php
<?php
include 'config.php';
function signup() {
$uname = $_POST['uname'];
$email = $_POST['email'];
$password = $_POST['password'];
$cpassword = $_POST['cpassword'];
if($password == $cpassword) {
$hash = password_hash($password, PASSWORD_DEFAULT);
$insert = "INSERT INTO `users`(`user_name`, `email`, `password`) VALUES ('$uname','$email','$hash')";
$result = mysqli_query($con, $insert);
if ($result) {
echo '<script>alert("Your account has been successfully created.")</script>';
}
}
else {
echo '<script>alert("Passwords do not match!");location.replace("signup.php");</script>';
}
}
function login(){
if (isset($_POST['login'])) {
echo '<script>alert("login")</script>';
}
}
if (isset($_POST['signup'])) {
signup();
}
else {
login();
}
Now it is working perfectly as I wanted.
I've reset my database and on registration, we added random salt to hashes, and the registration script worked fine, we could create accounts and accounts with the same password and they had different hashes, but our login script is broken, not logging in users, saying their password is incorrect.
No idea why- we have spent the last 2 hours trying to fix it. We have used PHP error checkers(https://phpcodechecker.com/), nothing was wrong.
We are running an old version PHP(5.6) and MySQL and can't currently change.
<?php
ob_start();
session_start();
require_once 'dbconnect.php';
// it will never let you open index(login) page if session is set
if ( isset($_SESSION['user'])!="" ) {
header("Location: index.php");
exit;
}
$error = false;
if( isset($_POST['btn-login']) ) {
// prevent sql injections/ clear user invalid inputs
$email = trim($_POST['email']);
$email = strip_tags($email);
$email = htmlspecialchars($email);
$name = trim($_POST['name']);
$name = strip_tags($name);
$name = htmlspecialchars($name);
$pass = trim($_POST['pass']);
$pass = strip_tags($pass);
$pass = htmlspecialchars($pass);
// prevent sql injections / clear user invalid inputs
if(empty($name)){
$error = true;
$nameError = "Please enter your username.";
}
if(empty($pass)){
$error = true;
$passError = "Please enter your password.";
}
$res=mysql_query("SELECT userId, userEmail, userPass, userSalt, userSalt2 FROM users WHERE userName='$name'");
$row=mysql_fetch_array($res);
$row['userSalt']=$salt1;
$row['userSalt2']=$salt2;
// if there's no error, continue to login
if (!$error) {
$passwordHash = hash('sha256', $salt1 . $password . $salt2); // password hashing using SHA256
//$res=mysql_query("SELECT userId, userEmail, userPass, userSalt, userSalt2 FROM users WHERE userName='$name'");
//$row=mysql_fetch_array($res);
$count = mysql_num_rows($res); // if email/pass correct it returns must be 1 row
if( $count == 1 && $row['userPass']==$passwordHash ) {
$_SESSION['user'] = $row['userId'];
header("Location: dashboard.php");
} else {
$errMSG = "Incorrect Credentials, Try again...";
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<script src="//code.jquery.com/jquery-1.10.2.js"></script>
<script>
$(function(){
$("#overallhead").load("overall_header.php");
$("#overallfoot").load("overall_footer.html");
});
</script>
<style>
body {
color: Thistle;
}
</style>
<div id="overallhead"></div>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Creature Paradise</title>
<link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css" />
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<div class="container">
<div id="login-form">
<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
<div class="col-md-12">
<div class="form-group">
<h2 class="">Login</h2>
</div>
<div class="form-group">
<hr />
</div>
<?php
if ( isset($errMSG) ) {
?>
<div class="form-group">
<div class="alert alert-danger">
<span class="glyphicon glyphicon-info-sign"></span> <?php echo $errMSG; ?>
</div>
</div>
<?php
}
?>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span></span>
<input type="name" name="name" class="form-control" placeholder="Your Username" value="<?php echo $name; ?>" maxlength="40" />
</div>
<span class="text-danger"><?php echo $nameError; ?></span>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
<input type="password" name="pass" class="form-control" placeholder="Your Password" maxlength="15" />
</div>
<span class="text-danger"><?php echo $passError; ?></span>
</div>
<div class="form-group">
<hr />
</div>
<div class="form-group">
<button type="submit" class="btn btn-block btn-primary" name="btn-login">Sign In</button>
</div>
<div class="form-group">
<hr />
</div>
<div class="form-group">
Don't have an account? Sign up here!
</div>
</div>
</form>
</div>
</div>
<div id="overallfoot"></div>
</body>
</html>
<?php ob_end_flush(); ?>
Have you do hashing on registration page, too? Because $row['userPass'] will never equal $passwordHash if you have not registration a new account with new hash applied
I am very new at php and I'm trying to create a login div on the right side bar. Well it's seems to work but when I login it shows me:
user name [ textbox ]
password [ textbox ]
[ login button ]
welcome new2
Obviously, I'm not intrested of showing the textboxing and the login button because the user is already login.
Here is the code of the home page (templat.php):
<?php
session_start();
$db=mysqli_connect("localhost","root","","mydb");
?>
<!DOCTYPE html>
<html lang="he">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title><?php echo $title; ?></title>
<link rel="stylesheet" type="text/css" href="Styles/Stylesheet2.css" />
</head>
<body dir="rtl">
<div id="wrapper">
<div id="banner">
</div>
<nav id="navigation" dir="rtl">
<ul id="nav">
<li>home</li>
<li>topics</li>
<li>on us</li>
</ul>
</nav>
<!--
<div id="content_area">
<?php
//echo $content; ?>
</div>
-->
<div id="sidebar">
<div id="main-wrapper">
<center><h2>Login Form</h2></center>
<div class="imgcontainer">
<center>
<img src="images/avatar.png" width='60' height='60' alt="Avatar" class="avatar">
</center>
</div>
<form action="Template.php" method="post">
<div class="inner_container">
<label><b>Username</b></label>
<br/>
<input type="text" placeholder="Enter Username" name="username" required>
<br/>
<label><b>Password</b></label>
<br/>
<input type="password" placeholder="Enter Password" name="password" required>
<br/>
<button class="login_button" name="login"
type="submit">Login</button>
</div>
</form>
<?php
if(isset($_POST['login']))
{
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
$password=md5($password); //Remember we hashed password before storing last time
$sql="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result=mysqli_query($db,$sql);
$row = mysqli_fetch_array($result);
$num = mysqli_num_rows($result);
if($num==1)
{
$_SESSION['message']="You are now Loggged In";
$_SESSION['username']=$username;
$id=$row['id'];
$_SESSION['id']=$id;
?>
<div id="main-wrapper">
<center><h3>Welcome <?php echo $_SESSION['username']; ?></h3></center>
<form action="Template.php" method="post">
<div class="imgcontainer">
<img src="images/avatar.png" alt="Avatar" width='60' height='60' class="avatar">
</div>
<div class="inner_container">
<button class="logout_button" type="submit">Log Out</button>
</div>
</form>
</div>
<?php
}
else
{
$_SESSION['message']="Username and Password combiation incorrect";
}
}
?>
</br>
</div>
</div>
<footer>
<p>aaa</p>
</footer>
</div>
</body>
</html>
update : logout.php:
<?php
session_start();
session_destroy();
unset($_SESSION['username']);
$_SESSION['message']="You are now logged out";
header("Location:login.php");
?>
You need to check if user is already logged in. You can check if $_SESSION['username'] is empty or not.
Update your login form like that:
<?php if(!isset($_SESSION['username'])) { ?>
<form action="Template.php" method="post">
<div class="inner_container">
<label><b>Username</b></label>
<br/>
<input type="text" placeholder="Enter Username" name="username" required>
<br/>
<label><b>Password</b></label>
<br/>
<input type="password" placeholder="Enter Password" name="password" required>
<br/>
<button class="login_button" name="login"
type="submit">Login
</button>
</div>
</form>
<?php }; ?>
Okay, So I have this log in page here all I want it to do is log me in and send me too "index.php". I know my email is correct and the password and everything is good. it all works it just stays on the same page though instead of actually sending me to "index.php". Im new to php and it is probably something stupid but any help would be greatly appreciated. Please and Thank you! :)
<link rel="stylesheet" href="styles.css" />
<?php
session_start();
if(isset($_SESSION['usr_id'])!="") {
header("Location: index.php");
}
include_once 'dbconnect.php';
//check if form is submitted
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
$result = mysqli_query($conn, "SELECT * FROM users WHERE email = '" . $email. "' and password = '" . md5($password) . "'");
if ($row = mysqli_fetch_array($result)) {
$_SESSION['usr_id'] = $row['id'];
$_SESSION['usr_name'] = $row['name'];
header("Location: index.php");
$successmsg = "SWEET YOU'RE IN!";
//echo "success";
} else {
$errormsg = "Incorrect Email or Password!!!";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>PHP Login Script</title>
<meta content="width=device-width, initial-scale=1.0" name="viewport" >
<link rel="stylesheet" href="css/bootstrap.min.css" type="text/css" />
</head>
<body>
<div class="container-fluid">
<!-- add header -->
<div class="navbar-header">
</div>
<!-- menu items -->
<div class="collapse navbar-collapse" id="navbar1">
<ul class="navbar">
<li class="active">Login</li>
<li>Sign Up</li>
</ul>
</div>
</div>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4 well">
<form role="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="loginform">
<fieldset>
<legend>Login</legend>
<div class="form-group">
<label for="name">Email</label>
<input type="text" name="email" placeholder="Your Email" required class="form-control" />
</div>
<div class="form-group">
<label for="name">Password</label>
<input type="password" name="password" placeholder="Your Password" required class="form-control" />
</div>
<div class="form-group">
<input type="submit" name="login" value="Login" class="btn btn-primary" />
</div>
</fieldset>
</form>
<span class="text-danger"><?php if (isset($errormsg)) { echo $errormsg; } ?></span>
<span class="text-success"><?php if (isset($successmsg)) { echo $successmsg; } ?></span>
</div>
</div>
</div>
</body>
</html>
Where you have this:
if(isset($_SESSION['usr_id'])!="") {
You want this:
if(isset($_SESSION['usr_id']) && $_SESSION['usr_id'] != "") {
Note that what's in $_SESSION['usr_id'] will be the id column from your database. It's not clear from context if such a column exists, so perhaps double check that there really is a value there before the initial redirect (i.e., just after checking the credentials).
Side note: don't use MD5() to hash passwords. MD5 isn't as secure as you'd want a password hash to be.
I am redirecting a user to a page named "forgot_pass" in such a way
"forgot_pass.php?code='$code'&username='$hidden_username'>".
But when user clicks on link for redirection the url seems like this
http://localhost/Validation/forgot_pass.php?code=
and there is no any page displayed.
The variables passed in url have values as i have already checked it. But they are not displaying when sent in url.
Help me in solving this issue.
reset.php
<?php
ini_set("display_errors", TRUE);
require_once './include/db_connection.php';
$pass = $_POST['pass'];
$pass1 = $_POST['pass1'];
$code = $_GET['code'];
$hidden_username = $_POST['username'];
if($pass == $pass1)
{
echo 'Password Changed !';
}
else
{
echo "Passowrd must match
<a href='forgot_pass.php?code='$code'&username='$hidden_username'>Try Again</a>
";
}
forgot_pass.php
<?php
ini_set("display_errors", TRUE);
require_once './include/db_connection.php';
if(isset($_GET['code']))
{
$get_code = (isset($_GET['code'])? $_GET['code'] : null);
$get_username =(isset($_GET['username']) ? $_GET['username'] : null);
$match_code = mysqli_query($link, "select * from signup where username='$get_username'");
if(mysqli_num_rows($match_code) > 0)
{
while($row = mysqli_fetch_assoc($match_code))
{
$db_username = $row['username'];
$db_code = $row['paareset'];
}
}
if($get_username == $db_username && $get_code == $db_code)
{ ?>
<html>
<head>
<meta charset="UTF-8">
<title>Change Password</title>
</head>
<body>
<div class="container">
<div class="row">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-body">
<div class="text-center">
<h3><i class="fa fa-pencil fa-4x"></i></h3>
<h2 class="text-center">New Password?</h2>
<div class="panel-body">
<form class="form" method="post"
action= "reset_pass.php?code=<?php echo $get_code ?>"
<fieldset>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-pencil color-blue"></i></span>
<input name="pass" placeholder="New Password" class="form-control" type="password" required="">
</div>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="glyphicon glyphicon-pencil color-blue"></i></span>
<input name="pass1" placeholder="Re-type Password" class="form-control" type="password" required="">
<input type="hidden" name="username" value="<?php echo $db_username ?>">
</div>
</div>
<div class="form-group">
<input class="btn btn-lg btn-primary btn-block" name="send" value="Change Password" type="submit">
</div>
<div class="form-group">
<span style="color: red"><?php if(isset($message['mail'])) {echo $message['mail']; } ?></span>
</div>
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
<?php
}
} // End if (isset['code'])
if(!isset($_GET['code']))
{
?>
<html>
<head>
</head>
<body>
// Here i am displaying another form that gets email address and sends email
</body>
</html>
<?php
}
Remove single-quotes around the arguments, you are using them to delimit the URL so don't use them inside the URL (or at least escape them) :
echo "Password must match <a href='forgot_pass.php?code=$code&username=$hidden_username'>Try Again</a>";
Try with this way
echo "Passowrd must match
Try Again"
you have mismatch in columns
try to change your code to
echo "Passowrd must match
<a href='forgot_pass.php?code=".$code."&username=".$hidden_username".'>Try Again</a>
"
Please check if your filenames are correct.
You named: reset.php and forgot_pass.php
In forgot_pass.php your action goes towards reset_pass.php
remove single quote
"forgot_pass.php?code=$code&username=$hidden_username>"