I am currently experiencing an issue here. I have my html login page, once I click login, it will jump to php and run the php and grab data from xml. However, when I click login. It will just jump to php without taking any actions.
Does anyone know what the code is lacking?
Html page:
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<fieldset>
<form method="post" action="login.php">
<p>Email* : <input type="email" name="email" id="email"/></p>
<p>Password* : <input type="password" name="password" id="password"/>
</p>
<div class="buttoninput">
<input type="submit" name="login "value="Login" />
<input type="reset" value="Reset" />
</div>
</form>
</fieldset>
</body>
</html>
Php page:
<?php
session_start();
if(isset($_POST['login'])) {
$email = $_POST['email'];
$pass = $_POST['password'];
$customerxml = simplexml_load_file('customer.xml');
$email_add = "";
$passw = "";
$customerID = "";
for($i = 0; $i < count($customerxml); $i++){
$email_add = $customerxml->info[$i]->Email;
$passw = $customerxml->info[$i]->Password;
$customerID = $customerxml->info[$i]->CustomerID;
if(($email != $email_add) || ($passw != $pass)){
$message = "wrong email/password";
echo "<script type='text/javascript'>alert('$message');</script>";
}
if(($email == $email_add) && ($passw == $pass)){
$_SESSION['logged_in'] = true;
unset($mydata->info[$i]->Password);
$_SESSION['customer-info'] = json_encode($customerxml->info[$i]);
exit(header("Location: ./bidding.php"));
}
}
}
?>
<input type="submit" name="login "value="Login" />
there is space in name="login " remove that space.because of the space if(isset($_POST['login'])) { this is getting failed
replace this line
if(isset($_POST['login'])) {
by
if(isset($_POST['email']) && isset($_POST['password'])) {
in login.php file or remove space in
<input type="submit" name="login "value="Login" />
(name="login ")
Related
I created a registration form which is working fine. I save all of my users data in a txt file named users.txt which saves the the data after the button click like this:
username|password|email
here is my users.txt file:
asd|asd|asd
asd|asd|asd
sanyi|123456|asd#asd.hu
sanyi|123456|asd#asd.hu
sanyi|123456|asd#asd.hu
frici|123|vass.frigyes#gmail.com
frici|123|vass.frigyes#gmail.com
frici|123|vass.frigyes#gmail.com
frici|123|vass.frigyes#gmail.com
frici|123|vass.frigyes#gmail.com
I want to solve that the username must be unique! I tried to solve this by check the txt file before the registration and if I find the same username in the txt that the user submitted, kill the process. I can check the first line username but I have no idea how I can go to the next line, and so on...
My php code:
register.php:
<!-- html section -->
<!DOCTYPE html>
<html>
<head>
<title>Store form data in .txt file</title>
</head>
<body>
<form action="#" method="post">
REGISTRATION<br />
<input type="text" name="username" placeholder = "Username"/><br />
<input type="text" name="password" placeholder = "Password" /><br />
<input type="text" name="password2" placeholder = "Password Again"><br />
<input type="text" name="email" placeholder = "Email Adress"/><br />
<input type="submit" name="submit" value = "REGISTER" />
</form>
</body>
</html>
<!-- php section -->
<?php
if(isset($_POST['submit']))
{
//check if the username has been already taken
$usernameToCheck = $_POST["username"];
$userlist = file ('users.txt');
$success = false;
foreach ($userlist as $user) {
$user_details = explode('|', $user);
if ($user_details[0] == $usernameToCheck) {
die("This user is already exsists");
}
}
// the registreation itself
$username = $_POST["username"];
$password = $_POST["password"];
$password2 = $_POST["password2"];
$email = $_POST["email"];
if(empty($username) || empty($password) || empty($password2) || empty($email)){
die("You filled out the form wrongly! Don't let anything empty next time!");
}else if($password !== $password2){
die("Passwords doesnt match!");
}else{
$fp = fopen('users.txt', 'a');
$line = $username."|".$password."|".$email.PHP_EOL;
fwrite($fp, $line);
fclose($fp);
}
}
?>
I have been making/learning some PHP, and I successfully made a login form. When I have tried to replicate this, it doesn't work at all.
--MY HTML--
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
</head>
<body>
<form method="post" action="login.php">
<input type="text" name="usrname" placeholder=" Username">
<br />
<br />
<input type="password" name="passwd" placeholder=" Password">
<br />
<br />
<input type="password" name="pin" placeholder=" PIN #">
<br />
<br />
<input type="submit" value="Login">
</form>
</body>
</html>
--LOGIN.PHP--
<?php
session_start();
include('php/db.php');
$usrname = $_POST['usrname'];
$passwd = $_POST['passwd'];
$pin = $_POST['pin'];
$sql = "SELECT * FROM users WHERE usrname = 'usrname'";
$query = mysql_query($sql);
$row = mysql_fetch_array($query);
$usrnameFromDB = $row['usrname'];
$passwdFromDB = $row['passwd'];
$pinFromDB = $row['pin'];
if($usrnameFromDB == $usrname && $passwdFromDB == $passwd && $pinFromDB == $pin) {
echo "Correct";
} else {
echo "noooooo";
}
?>
<!DOCTYPE html>
<html>
<head>
<title>trhhytrh</title>
</head>
<body>
</body>
</html>
P.S. When comparing the codes, there is no major difference apart from the names. Also, the code provided is the one that isn't working. Thanks in advance! :)
As I stated in comments:
WHERE usrname = 'usrname'"; it should read as WHERE usrname = '$usrname'";
You're presently looking/querying for the string literal of "usrname" in your database, rather than the POST array's variable.
Heed the warnings about SQL injection. You should use a prepared statement and a safe password hashing function when your site does go live, such as password_hash().
You should not put that much trust in people.
References:
http://php.net/manual/en/function.password-hash.php
https://en.wikipedia.org/wiki/Prepared_statement
https://en.wikipedia.org/wiki/SQL_injection
Try this:
Change this in html
<input type="submit" name="submit" value="Login">
Then in php
<?php
session_start();
include('php/db.php');
if(isset $_POST['submit']){
$usrname = $_POST['usrname'];
$passwd = $_POST['passwd'];
$pin = $_POST['pin'];
$sql = "SELECT * FROM users WHERE usrname = '$usrname'";
$query = mysql_query($sql);
$row = mysql_fetch_array($query);
$usrnameFromDB = $row['usrname'];
$passwdFromDB = $row['passwd'];
$pinFromDB = $row['pin'];
if($usrnameFromDB == $usrname && $passwdFromDB == $passwd && $pinFromDB == $pin) {
echo "Correct";
} else {
echo "noooooo";
}
}//End of if
else
{
echo "Form is not submitted";
}
?>
You have not submitted the form. PS you have commited a mistake in your query. You were not using variable there
Im really new to php, so hear me out.
I made a simple page with a form that validates whether the data you sent was ok to send, but it gives me a validation error I made even before I enter anything. Heres the code:
<html>
<body>
<form action="first.php" method="post">
Username:<input type="text" name="username"><br />
Password:<input type="password" name="password"><br />
<input type="submit" name="submit"><br />
</form>
<?php
$errors = array();
$username = $_POST['username'];
$password = $_POST['password'];
$errors = array();
if(!isset($username) || empty($username)){
$errors = "Empty username<br />";
}
if ($username > 10){
$errors['username'] = "Username out of range<br />";
}
if (!empty($errors)){
echo "Error<br />";
print_r ($errors);
}
?>
</body>
</html>
Wrap your PHP code into a if() condition:
if( isset($_POST['submit']) )
{
$errors = array();
(...)
}
Without this, your code is executed even if form is not submitted.
Try this :
<html>
<body>
<form action="first.php" method="post">
Username:<input type="text" name="username"><br />
Password:<input type="password" name="password"><br />
<input type="submit" name="submit"><br />
</form>
<?php
if(isset($_POST['submit']))
{
$errors = array();
$username = $_POST['username'];
$password = $_POST['password'];
$errors = array();
if(!isset($username) || empty($username)){
$errors = "Empty username<br />";
}
if ($username > 10){
$errors['username'] = "Username out of range<br />";
}
if (!empty($errors)){
echo "Error<br />";
print_r ($errors);
}
}
?>
</body>
</html>
Stop repeat the actions on the page after submit the form
I made this "sign in" form and made a error messages to appear if the fields is empty and other error messages.
my request is:
After the "sign in" fails how to stop the fields from resubmit the values again when hit F5 or reload the page.
<?php
ob_start();
session_start();
include "config/config.php";
include "includes/functions/check.php";
$userName = $passWord = "";
$userNameErr = $passWordErr = $loginErr = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST['user_name'])) {
$userNameErr = "User name is required";
} else {
$userName = check_input($_POST['user_name']);
if (!preg_match("/^[a-zA-Z ]*$/", $userName)) {
$userNameErr = "Only letters and white space allowed";
}
}
if (empty($_POST['password'])) {
$passWordErr = "Password is required";
} else {
$passWord = check_input($_POST['password']);
}
$loginUser = $db->prepare("SELECT * FROM hired_person_info WHERE user_name=? AND password=?");
$loginUser->bind_param('ss', $userName, $passWord);
if ($loginUser->execute()) {
$results = $loginUser->get_result();
if ($results->num_rows == 1) {
$row = $results->fetch_object();
$_SESSION['name'] = $row->full_name;
$_SESSION['log'] = 1;
print_r($_SESSION);
header("Location:?pid=4");
} elseif (!empty($_POST['user_name']) && !empty($_POST['password'])) {
$loginErr = "Invalid Login Information";
}
}
}
ob_flush()
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Administration Panel</title>
<link href="../css/adminStyle.css" rel="stylesheet" type="text/css">
</head>
<body>
<h1 id="head" class="header_height"></h1>
<div class="contentLogin">
<div class="login_bg">
<div id="header">
<p>login</p>
</div>
<div id="form">
<?php
echo $loginErr;
?>
<form action="<?php htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<label for="user_name" class="text_login">User name</label>
<input type="text" name="user_name" id="user_name" value="<?php echo $userName ?>">
<?php echo $userNameErr; ?>
<br/><br/>
<label for="password" class="text_login">Password</label>
<input type="password" name="password" id="password">
<?php echo $passWordErr; ?>
<br/>
<div id="submit">
<input type="submit" value="Sign in" name="submit" id="submit" class="btn">
</div>
</form>
</div>
</div>
</div>
</body>
</html>
Instead of using if($_SERVER["REQUEST_METHOD"] == "POST"){ try using the post name of your submit button. So the condition will be as follows,
if(isset($_POST['submit'])) {
}
Within this you can put all your codes. I am not telling that the condition you have used is wrong, but it may create conflict when you will put another form in the same page.
And after your operation completed, success or fail, does not matter just unset the post variable.
unset($_POST);
To completely avoid the resend functionality you need to redirect your page to the same page once. For that just save your error message in session and redirect to login page again. Then checking if session value for message exists then display your message.
I'm kinda' beginner and I've coded my own PHP login from Zero, but I still got some errors, here's the code:
<?php
include 'connection.php';
$query = " SELECT * FROM admin";
$result = mysql_query($query) or die(mysql_error());
?>
<form action="<?php echo $_SERVER['SELF_PHP']; ?>" method="post">
Username : <input type="text" name="usernameInput" value="" />
Password : <input type="password" name="passwordInput" value="" />
<input type="submit" value="Login" />
</form>
<?php
$username = $_POST['usernameInput'];
$password = $_POST['passwordInput'];
if ($username = $result['username']) {
if ($password = $result['password']){
header('Location: admin.php');
} else {
echo "PASSWORD IS INCORRECT";
}
} else {
echo "USERNAME IS INCORRECT";
}
?>
So if you can fix this or got an easier way from PHP login from please tell me. :)
A few things...
Don't use mysql functions
You need to use == to compare strings, not =
You need to actually fetch the results of your query
include 'connection.php';
$query = " SELECT * FROM admin";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_row($result); /* add this */
?>
<form action="<?php echo $_SERVER['SELF_PHP']; ?>" method="post">
Username : <input type="text" name="usernameInput" value="" />
Password : <input type="password" name="passwordInput" value="" />
<input type="submit" value="Login" />
</form>
<?php
if(isset($_POST['usernameInput']) && isset($_POST['passwordInput'])){
$username = $_POST['usernameInput'];
$password = $_POST['passwordInput'];
}
else{
echo 'some error ...';
}
if($username == $row ['username'] && $password == $row ['password']){
header('Location: admin.php');
}
else{
echo ' username or password is wrong';
}
?>
I have to point out that you are sending the same form over and over without first checking the post. And when you send the form, you will not be able to send the header to redirect, because html is started and headers are sent already.
Mysql functions are deprecated, please use mysqli interface.
Among other several bugs like assignment = instead of is equal ==
Try it this way:
If no post exists send the form else check and if ok redirect or not ok. resend the form
<?php
if($_POST){
include 'connection.php';
$query = " SELECT * FROM admin";
$r = mysql_query($query) or die(mysql_error());
// get an associated array from query result resource.
$result = mysql_fetch_assoc($r);
$username = $_POST['usernameInput'];
$password = $_POST['passwordInput'];
if ( ($username == $result['username'])
&& ($password == $result['password'])){
header('Location: admin.php');
exit(0);
} else {
echo "PASSWORD IS INCORRECT";
}
}
?>
<form action="<?php echo $_SERVER['SELF_PHP']; ?>" method="post">
Username : <input type="text" name="usernameInput" value="" />
Password : <input type="password" name="passwordInput" value="" />
<input type="submit" value="Login" />
</form>
<?php
?>