I am a beginner in PHP and just starting to learn it. I am trying to make a registration page and login page. My login page is working once I select username and password and it also can detect an incorrect password but the profile picture that I uploaded through the registration page is not appearing on the welcome page. Once I add the profile, the login page no longer works at all. I hope you guys can understand my problem and help me find a solution. Thank you in advance. I attach my code below :
REGISTER FORM PHP
<?php
session_start();
$_SESSION['message'] = '';
$mysqli=new MySQLi('127.0.0.1','root','','accounts');
if($_SERVER["REQUEST_METHOD"] == "POST") {
if ($_POST['password']== $_POST['confirmpassword']) {
$username = $mysqli->real_escape_string($_POST['username']);
$email = $mysqli->real_escape_string($_POST['email']);
$password = md5($_POST['password']);
$profile_path = $mysqli->real_escape_string('images/'.$_FILES['profile']['name']);
if (preg_match("!image!", $_FILES['profile']['type'])) {
if (copy($_FILES['profile']['tmp_name'],$profile_path)){
$_SESSION['username'] =$username;
$_SESSION['profile'] =$profile_path;
$sql ="INSERT INTO users(username,email,password,profile)"
."VALUES ('$username','$email','$password','$profile_path')";
if($mysqli->query($sql)=== true) {
$_SESSION['message'] = 'Registration successful!
Added $username to the database!';
header("location:RegisterLogin.php");
}
else {
$_SESSION['message'] = "User could not be added to the database!";
}
}
else{
$_SESSION['message'] = "file failed!";
}
}
else {
$_SESSION['message'] = "Please only upload GIF,JPG, or PNG images!";
}
}
else{
$_SESSION['message'] = "two password do not match!";
}
}
?>
lOGIN fORM
<?php
session_start();
$_SESSION['message']='';
$mysqli=new MySQLi('127.0.0.1','root','','accounts');
if(isset($_POST['login'])) {
$username = $mysqli->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$profile_path = $mysqli->real_escape_string(isset($_FILES['profile']));
$sql="SELECT * FROM users WHERE username='$username' AND password='$password' AND profile = 'profile_path'";
$result = mysqli_query($mysqli,$sql);
if(mysqli_affected_rows($mysqli) == 1){
$_SESSION['username'] = $username;
$_SESSION['profile'] = $profile_path;
$_SESSION['message'] = "Registration successful!";
header("location:Welcome.php");
}
else{
$_SESSION['message'] = "Login Failed!";
}
}
?>
WELCOME PHP
<link rel="stylesheet" href="Form2.css" />
<?php session_start(); ?>
<div class="body content">
<div class="welcome">
<div class="alert alert-success"><?= $_SESSION['message']?></div>
Welcome To Your Profile <span class="user"><img src='<?=$_SESSION['profile']?>'</span>
update your codes like following
REGISTER FORM
<?php
session_start();
$_SESSION['message'] = '';
$mysqli= new mysqli('127.0.0.1','root','','accounts');
if(isset($_POST) && array_filter($_POST)){
if ($_POST['password'] == $_POST['confirmpassword']) {
$username = $mysqli->real_escape_string($_POST['username']);
$email = $mysqli->real_escape_string($_POST['email']);
$password = md5($_POST['password']);
$profile_path = $mysqli->real_escape_string('images/'.$_FILES['profile']['name']);
if(!empty($username) && !empty($email) && !empty($password) && !empty($_FILES['profile']['name']){
if (preg_match("!image!", $_FILES['profile']['type'])) {
if (move_uploaded_file($_FILES['profile']['tmp_name'],$profile_path)){
$_SESSION['username'] = $username;
$_SESSION['profile'] = $profile_path;
$sql ="INSERT INTO users(username,email,password,profile) VALUES ('$username','$email','$password','$profile_path')";
if($mysqli->query($sql) == true) {
$_SESSION['message'] = "Registration successful! Added $username to the database!";
header("Location: RegisterLogin.php");
}
else { $_SESSION['message'] = "User could not be added to the database!"; }
} else {$_SESSION['message'] = "file failed!";}
} else { $_SESSION['message'] = "Please only upload GIF,JPG, or PNG images!"; }
}else{ $_SESSION['message'] = "values are missing"; }
} else{ $_SESSION['message'] = "two password do not match!"; }
}
?>
LOGIN FORM
<?php
session_start();
$_SESSION['message']='';
$mysqli= new mysqli('127.0.0.1','root','','accounts'););
if(isset($_POST['login'])){
$username = $mysqli->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$sql="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = $mysqli->query($sql);
if($result->num_rows > 0){
$row = $result->fetch_assoc();
$_SESSION['username'] = $username;
$_SESSION['profile'] = 'images/'.$row['profile'];
$_SESSION['message'] = "Login successful!";
header("Location: Welcome.php");
}else{ $_SESSION['message'] = "Login Failed!";}
}
?>
WELCOME PHP
<?php session_start(); ?>
<link rel="stylesheet" href="Form2.css" />
<div class="body content">
<div class="welcome">
<div class="alert alert-success"><?= $_SESSION['message']?></div>
Welcome To Your Profile <span class="user"><img src='<?=$_SESSION['profile'];?>'/></span>
You are setting your session values incorrectly in login.php. In the below code, uses mysqli_fetch_array() to retrieve correct values for $_SESSION variable.
Login.php
Try this:
<?php
session_start();
$_SESSION['message']='';
$mysqli=new MySQLi('127.0.0.1','root','','accounts');
if(isset($_POST['login'])) {
$username = $mysqli->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$sql="SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1;";
$result = mysqli_query($mysqli,$sql);
if(mysqli_num_rows($result)>0){
$row = mysqli_fetch_array($result);
$_SESSION['username'] = $row['username'];
$_SESSION['profile'] = $row['profile'];
$_SESSION['message'] = "Registration successful!";
header("location:Welcome.php");exit();
}
else{
$_SESSION['message'] = "Login Failed!";
}
}
?>
In Welcome.php
Move <?php session_start(); ?> to the topmost of your document. You cannot output anything (HTML content or echos) before calling session_start() or session will fail unless using output buffering.
Related
I am new to php, I'm trying to link the login page and register page. Once I press the login button it goes directly to the linked page although I enter wrong password.
I tried to solve it by putting mysqlinumrows. The result after login is still in the login page . I've tried to fix it, but can't. I hope someone will help me to reduce my stress by knowing my fault in the code below I attach.
Code:
<?php
session_start();
$_SESSION['message'] = '';
$mysqli=new MySQLi('127.0.0.1','root','','accounts');
if($_SERVER["REQUEST_METHOD"] == "POST") {
if ($_POST['password']== $_POST['confirmpassword']) {
$username = $mysqli->real_escape_string($_POST['username']);
$email = $mysqli->real_escape_string($_POST['email']);
$password = md5($_POST['password']);
$profile_path = $mysqli->real_escape_string('images/'.$_FILES['profile']['name']);
if (preg_match("!image!", $_FILES['profile']['type'])) {
if (copy($_FILES['profile']['tmp_name'],$profile_path)){
$_SESSION['username'] =$username;
$_SESSION['profile'] =$profile_path;
$sql ="INSERT INTO users(username,email,password,profile)"
."VALUES ('$username','$email','$password','$profile_path')";
if($mysqli->query($sql)=== true) {
$_SESSION['message'] = 'Registration successful!
Added $username to the database!';
header("location:RegisterLogin.php");
}
else {
$_SESSION['message'] = "User could not be added to the database!";
}
}
else{
$_SESSION['message'] = "file failed!";
}
}
else {
$_SESSION['message'] = "Please only upload GIF,JPG, or PNG images!";
}
}
else{
$_SESSION['message'] = "two password do not match!";
}
}
?>
(Login Form)
<?php
session_start();
$_SESSION['message']='';
$mysqli=new MySQLi('127.0.0.1','root','','accounts');
if(isset($_POST['username'])) {
$username = $mysqli->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$sql="SELECT * FROM users WHERE username ='$username' AND password=$password";
$result = mysqli_query($mysqli,$sql);
if(mysqli_affected_rows($result) == 1){
$_SESSION['username'] = $username;
$_SESSION['message'] = "Registration successful!";
header("location:Welcome.php");
}
else{
$_SESSION['message'] = "Login Failed!";
}
}
?>
Correct your select query in login page to $sql="SELECT * FROM users WHERE username ='$username' AND password='$password' "; Add single quotes to password variable
First you must have form tag. try this format
<form action="" method="post">
<input type="text" name="username">
<input type="password" name="password">
<input type="submit" name="login">
</form>
And for your PHP code:
if(isset($_POST['login'])) {
$username = $mysqli->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$sql="SELECT * FROM users WHERE username ='$username' AND password=$password";
$result = mysqli_query($mysqli,$sql);
if(mysqli_affected_rows($result) == 1){
$_SESSION['username'] = $username;
$_SESSION['message'] = "Registration successful!";
header("location:Welcome.php");
}
else{
$_SESSION['message'] = "Login Failed!";
}
}
If It's not your problem then comment it below. I'll help you.
<?php
session_start();
include_once 'db.login.php';
if (isset($_SESSION['users']) != "") {
header("Location: profile.php");
}
if (isset($_POST['btn-login'])) {
$username = mysqli_real_escape_string($con, $_POST['username']);
$upass = mysqli_real_escape_string($con, $_POST['password']);
$res = mysqli_query($con, "SELECT * FROM users WHERE username='$username'");
$row = mysqli_fetch_array($res);
if ($row['password'] == md5($upass)) {
$_SESSION['users'] = $row['id'];
header("Location: profile.php");
} else {
$err = "<p style='color: red'>Wrong Username or Password</p>";
?>
<?php
}
}
?>
method i am trying but it doesn't seem to display anything
<?= $_SESSION['username'] ?>">
i am basically looking at echoing the username logged into the session
you fill session in
$_SESSION['users']
but echo
$_SESSION['username']
<?php
session_start();
include_once 'db.login.php';
if(isset($_SESSION['users']) && $_SESSION['users'] != "")
{
header("Location: profile.php");
exit();
}
if(isset($_POST['btn-login']))
{
$username = mysqli_real_escape_string($con, $_POST['username']);
$upass = mysqli_real_escape_string($con, $_POST['password']);
$res=mysqli_query($con, "SELECT * FROM users WHERE username='$username'");
$row=mysqli_fetch_array($res);
if($row['password'] == md5($upass))
{
$_SESSION['users'] = $row['id'];
$_SESSION['username'] = $row['username'];
header("Location: profile.php");
}
else
{
$err = "<p style='color: red'>Wrong Username or Password</p>";
?>
<?php
}
}
?>
you did not define $_SESSION['username'] anywhere.
I'm trying to fix my login page...
It works fine on the login.php with redirecting but on the index it doesn't redirect even if the session is empty. Any pointers? I'm new to this, so forgive me if it's really obvious.
<?php
require_once('../includes/config.php');
session_start();
if(!isset($_SESSION['loggedin']) && $_SESSION['loggedin']=='no'){
// not logged in
header("location: login.php");
exit();
} else {
$_SESSION['loggedin'] = 'yes';
}
?>
<?php
include("../includes/config.php");
$error = NULL;
$atmpt = 1;
if (!isset($_SESSION)) {
session_start();
}
if(isset($_SESSION['loggedin']) && $_SESSION['loggedin']=='yes'){
// logged in
header("location: index.php");
exit();
}
if(isset($_POST['login']))
{
/* get username and password */
$username = $_POST["username"];
$password = $_POST["password"];
/* MySQL Injection prevention */
$username = mysqli_real_escape_string($mysqli, stripslashes($username));
$password = mysqli_real_escape_string($mysqli, stripslashes($password));
/* check for user in database */
$query = "SELECT * FROM admin_accounts WHERE username = '$username' AND password = '$password'"; // replace "users" with your table name
$result = mysqli_query($mysqli, $query);
$count = $result->num_rows;
if($count > 0){
//successfully logged in
$_SESSION['username']=$username;
$_SESSION['loggedin']='yes';
$error .= "<div class='alert alert-success'>Thanks for logging in! Redirecting you..</div>";
header("refresh:1;url=index.php");
} else {
// Login Failed
$error .= "<div class='alert alert-danger'>Wrong username or password..</div>";
$_SESSION['loggedin']='no';
$atmpt = 2;
}
}
?>
The line
session_start();
should be the very first line in the php script.
Just modify first three lines.
As session_start() should be put before any output has been put on the browser (even space).
<?php
session_start();
require_once('../includes/config.php');
if (empty($_SESSION['loggedin']) && $_SESSION['loggedin']=='no') {
...
Whenever I try to login with the simple page I made. But there is a problem with the lookup to see if that information is in the database or not. All it requires is you to login in with username and password.
Here is the html form :
<p> Login </p>
<form action='login.php' method='POST'>
<input type='text' name='username'/><br>
<input type='password' name='password'/><br>
<input type='submit' name='submit' value='Login'/>
</form>
Here is the script for that form :
<?php
error_reporting(0);
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
include ("connect.php");
if ($username && $password) {
// Info Is Provided
$queryget = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$numrow = mysql_numrows($queryget);
if ($numrow != 0) {
$_SESSION['username'] = $username;
echo "You Have Been Loggend In. | <a href='members.php'>Go To The Members Page</a>";
} else {
echo "Your Username Was Not Found";
}
} else {
echo "You Did Not Provide All OF The Neccesary Information.";
include ("index5.php");
}
?>
Can you figure why it won't let me Login?
Change this:
$numrow = mysql_numrows($queryget);
To:
$numrow = mysql_num_rows($queryget);
And also use isset function in the if condition:
if(isset($username) && isset($password)){
You probably had whitespace after the closing ?>
<?php
error_reporting(0);
session_start();
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
include ("connect.php");
if (isset($username) && isset($password)) {
// Info Is Provided
$queryget = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$numrow = mysql_num_rows($queryget);
if ($numrow != 0) {
$_SESSION['username'] = $username;
echo "You Have Been Loggend In. | <a href='members.php'>Go To The Members Page</a>";
} else {
echo "Your Username Was Not Found";
}
} else {
echo "You Did Not Provide All OF The Neccesary Information.";
include ("index5.php");
}
?>
Hi the problem you are having may have something to do with the version of PHP you are using, MySQL is outdated and does not function on the latest versions, it have changed to MySQL which is similar so its defiantly worth learning. The code below is similar to yours only I have removed the include to connect.php and replaced it with MySQLi. I have also made a change to the query limiting only one item to return.
$username = $_POST['username'];
$password = $_POST['password'];
$Connect = mysqli_connect($host,$user,$pass,$database);
if (isset($username) && isset($password))
{
// Info Is Provided
$queryget = mysqli_query($Connect, "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1");
$numrow = mysqli_num_rows($queryget);
if ($numrow == 1)
{
$_SESSION['username'] = $username;
echo "You Have Been Logged In. | <a href='members.php'>Go To The Members Page</a>";
}
else
{
echo "Your Username Was Not Found";
}
}
else
{
echo "You Did Not Provide All OF The Neccesary Information.";
include ("index5.php");
}
?>
When a user logs in they are redirected to member.php, below is the log in code followed by member.php code.
login.php
<?php
session_start ();
include 'core/init.php';
$username = '';
$password = '';
$dbusername = '';
$dbpassword = '';
if (isset($_POST['Email']) && isset($_POST['Password']))
{
$username = $_POST['Email'];
$password = md5($_POST['Password']);
$query = mysql_query("SELECT * FROM member WHERE Email ='$username' AND Password='$password'");
$numrow = mysql_num_rows ($query);
// user login
if ($numrow!=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['Email'];
$dbpassword = $row['Password'];
}
//Check to see if they match
if ($username==$dbusername&&$password==$dbpassword)
{
$_SESSION ['Email']=$username;
header("Location: member.php");
}
}
else
{
// admin login
$query2 = mysql_query("SELECT * FROM admin WHERE Email ='$username' AND Password ='$password'");
$numrow2 = mysql_num_rows ($query2);
if ($numrow2!=0)
{
while ($row = mysql_fetch_assoc($query2))
{
$dbusername = $row['Email'];
$dbpassword = $row['Password'];
}
//Check to see if they match
if ($username==$dbusername&&$password==$dbpassword)
{
$_SESSION ['Email']=$username;
header("Location: admin.php");
}
else{
echo "Incorrect password";
}
}
else{
if ($username!=$dbusername&&$password!=$dbpassword)
{die("That user does not exist!");
}
}
}
}
/*if ($numrow2!=0)
{
while ($row = mysql_fetch_assoc($query2))
{
$dbusername = $row['Email'];
if ($username!=$dbusername)
{die("That user does not exist!");
}
}
}
else
die("Please enter your email address and password");
*/
?>
member.php code (I know this is messy. Sorry, just need to get it working for now)
<div id="header">
<div id= "logout">
<?php
if(isset($_GET['username']) === true & empty ($_GET['username']) === false)
$username = $_GET ['username'];
if (user_exists($username) === true) {
echo "<p>Welcome, ".$_SESSION['Email']. "!<br><a href='logout.php'>Logout</a>\n<a href='index.php'>Back to homepage</a></p>";
?></div>
</div>
<div id="main-content">
<?php
//get username from user id
$MemberID = user_id_from_username($username);
$profile_data =user_data($MemberID, 'Name','Email');//Need to pull out stuff from oddjob table
?>
<h1><?php echo $profile_data['Name']; ?>'s profile</h1>
<p><?php echo $profile_data['Email'];?></p>
<?php
} else {
echo '<p>Sorry, cannot find that user on system.</p>';
}
?>
At the moment I have set member.php so that if I type a username (which is the users email address) into the URL it displays some profile data specific to that user.
However, when I log in as a user, and get redirected to member.php I just see a blank page and the username doesn't show up in the URL, just an error message saying ' Undefined variable: username' for that user and I don't know how to edit this so that it works and the member is sent to their own profile page.
Relevant functions below:
functions.php
function logged_in() {
return (isset($_SESSION['MemberID'])) ? true : false; //Email
}
function user_data($MemberID){
$data = array();
$MemberID =(int)$MemberID;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args >1) {
unset($func_get_args[0]);
$fields = '`' . implode('`,`', $func_get_args) . '`';
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `member` WHERE `MemberID` = $MemberID"));//expects parameter 1 to be resourse
return $data;
}
}
function user_id_from_username($username) {
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `MemberID` FROM `member` WHERE `Email` = '$username'"),0, 'MemberID');
Init.php:
if (logged_in() ===true) {
$session_MemberID = $_SESSION['MemberID'];//undefined?
$user_data= user_data($session_MemberID,'MemberID','Name','Address','Postcode','DOB','Mobile','Email','Password','RepeatPassword');
exit();
}
To be honest Ive been looking at this code for so long now, I'm completely blind/lost as to how to fix this. Please help if you can.
Index.php
<div id= "login">
<form action="login.php" method="post">
<?php
if (logged_in() === true) {
echo "<p>Welcome, ".$_SESSION['Email']. "!<br><a href='logout.php'>Logout</a>";
}else
echo"<h4>Username: <input type='text' name='Email'><br>
Password: <input type='Password' name='Password'>
<input type='submit' value='Log In'><br>
<a href='register2.php'>Register?</a>
</form>"
?>
On your member.php page you try to get the username from $_GET but you don't pass any parameter when you redirect the user in login.php.
Either rely only on the $_SESSION which you set or change your redirect:
header('Location: member.php?username='.$username);
This header command:
header("Location: member.php");
Must be above the head. it can only be called if no other html code has been sent to the user. E.g.:
<?php
header("Location: member.php");
?>
<html>
<head>
</head>
<body>
</body>
</html>