I was working on a register/log in page with a database (first time)
Whenever I register my user, I get the following information in the database:
It is giving me something like a password, but it won't give me my username and email (and i guess password aswell)
Can anyone help me with this?
My php code looks like this:
<?php
session_start();
// connect to database
$db = mysqli_connect('localhost', 'root', '', 'toolsforever');
if (isset($_POST['login_btn'])) {
$username = $db->real_escape_string($username);
$password = $db->real_escape_string($password);
$password = md5($password); // hashed
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysqli_query($db, $sql);
if (mysqli_num_rows($result) == 1) {
$_SESSION['message'] = "You are now logged in";
$_SESSION['username'] = $username;
header("location: home.php"); //redirect to home page
}else{
$_SESSION['message'] = "Username/password combination incorrect";
}
}
?>
Thanks in advance
PS: Password2 = confirm password for registration password==password2 before they can register.
You are not getting the values from post array so do it like this:
$username = $db->real_escape_string($_POST['username']);
$password = $db->real_escape_string($_POST['password']);
I assume the form fields are names as username and password
It's not just related to retrieval, seems like you need to check the save operation as well. You are storing empty values during registration.
That one worked #danyal Sandeelo. I feel incredible stupid because i've tried an $_POST but i did it like: $username = $_POST['username']; $username = $db->real_escape_string;
Related
I already set a password for the user to log in, in phpMyAdmin. But I want to make sure that the password is deleted once the user uses it. Therefore, the user cannot login to the system twice. But I don't know how to make an SQL statement for that. I just want to delete the password without deleting the username. Can I combine the delete code with submit button?
<?php
if(isset($_POST['submit']))
{
include("config.php");
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$_SESSION['login_user'] = $username;
$query = mysqli_query($mysqli,"SELECT username from logins WHERE username='$username' and password='$password'");
if(mysqli_num_rows($query) !=0)
{
echo "<script language='javascript' type='text/javascript'>location.href='home.php'</script>";
}
else
{
echo "<script language='javascript' type='text/javascript'>alert('Username or Password invalid!')</script>";
}
}
?>
Thank you.
Add an SQL UPDATE statement before your redirect your user.
And do not save the password as plain text in your DB:
Best way to store passwords in MYSQL database
But an better idea is, that you will add an timestamp to your database with the last login. If the timestamp is NULL, than the user can login. If it is not empty the user can not login.
But here the example for the given code:
(Security manuel: https://www.php.net/manual/en/mysqli.real-escape-string.php)
if(isset($_POST['submit']))
{
include("config.php");
session_start();
$username = mysqli_real_escape_string($mysqli, $_POST['username']);// add a little bit security at this point
$password = mysqli_real_escape_string($mysqli, $_POST['password']); // add a little bit security at this point
$_SESSION['login_user'] = $username;
$query = mysqli_query($mysqli,"SELECT username from logins WHERE username='$username' and password='$password' and password IS NOT NULL"); // check that the password is not empty
if(mysqli_num_rows($query) !=0)
{
// update your DB row
// if you got an ID, than do it with the ID and not with the $username and $password
mysqli_query($mysqli,"UPDATE logins SET password = NULL WHERE username='$username' and password='$password'");
// to do it better use instead of JavaScript PHP for the redirect. In this case it is important, that nothing is printed out bevore the `header()`:
header("Location: home.php");
exit;
// try to not mix it up if you are on an pure PHP page
// echo "<script language='javascript' type='text/javascript'>location.href='home.php'</script>";
}
else
{
// same as above
header("Location: login.php?tag=login-invalid");
exit;
// echo "<script language='javascript' type='text/javascript'>alert('Username or Password invalid!')</script>";
}
}
If the "password" is not NULL able, than replace the NULL through = ""
I'm having problems with my log in php file. I completed my sign up form, which takes data and saves it in a database. I now want to be able to log in with the data from the db. This is my first log in form and I'm not sure if I have all the things needed to make it run or if there's just an error. A list of what is needed to make this log in form will help, Thank you. I would also like to mention that I have more data in the DB other than email/password.
<?php
$db = mysql_connect("127.0.0.1:3307", "root", "", "test");
if(!$db){die('could not connect:'.mysql_error());}
echo'connected successfully';
if (isset($_POST['submit'])) {
$username = $_POST['Email'];
$password = $_POST['Password'];
$username = mysql_real_escape_string($Email);
$password = mysql_real_escape_string($Password);
$sql = "SELECT * FROM people WHERE Email ='$Email' AND
Password='$Password'";
mysql_select_db('test');
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count == 1) {
echo "<script> alert('You Have Successfully Logged In')</script>";
exit();
} else {
echo "<script> alert('Invalid Username and/or Password')</script>";
}
}
mysql_close($db);
?>
You parse the POSTed EMAIL to your $username variable, but in your SELECT statement, you use a $Email variable. Perhaps this should have been your $Username variable instead, as this seems to hold your emailadress.
So your problem is in mixing of email and username. Correct this and your script should work.
So i am not sure what to do anymore.
I've been trying to create a register/login system for my website. After a lot of struggeling my register now works but i can't yet login to it. I am pretty sure it is a $_session related problem.
So I have two files, one called get_users.php (i know it's a bad name) and one called cart.php. Neither of them has whitespace at the start.
What am i actually trying to do? I am trying to get my session to show up on cart.php.
get_users.php:
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$con = new mysqli("localhost","root","","ismsite");
$query = ("SELECT name, comment FROM comments ORDER BY id DESC");
$result = mysqli_query($con, $sql, MYSQLI_BOTH);
session_start();
$_SESSION["user_id"] = $row["user_id"];
header('Location: cart.php');
exit();
?>
and at the start of cart.php
<?php
session_start();
include 'config/config.php';
echo $_SESSION["user_id"];
?>
I really am at my wits end here. I've searched this site but i could not find a solution to my problem. Anyone who knows what the problem is?
Additional info:
-Latest php installed
-I am running it on a virtual webserver that runs the latest ubuntu client with LAMP stack installed.
-Database works just fine
Thanks in advance
EDIT:
I changed $row["user_id"]; to $result["user_id"];
But it still doesn't show up
Try this
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
//for hashing passwords
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($db,$username);
$password = mysqli_real_escape_string($db,$password);
$password = md5($password);
//Check username and password from database
$sql="SELECT userid FROM users WHERE username='$username' and password='$password'";
$result=mysqli_query($db,$sql)
or die("Error");
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
//If username and password exist in our database then create a session.
//Otherwise echo error.
if(mysqli_num_rows($result) == 1)
{
$_SESSION['username'] = $username; // Initializing Session
}else
{
$error = "Incorrect username or password.";
}
But you will have to tweak according to your table structure.
May be $_SESSION["user_id"] not set. You can test $_SESSION array by
print_r($_SESSION) or print_r($GLOBALS);
When I coded my php login system (In MySQLi), I get an error that do not actually checks if username or password is wrong, idk what to do abot this. Please help me out here.
<?php
// If logged in
if(isset($_SESSION['user_id'])) {
header('Location: index.php');
}else {}
//error_reporting(0);
//MySQLi Login form
//Database connection
$con = mysqli_connect('localhost', 'root', '', 'console');
//Actual Login form
if(isset($_POST['login'])) {
session_start();
//Explainging details
$username = $_POST['username'];
$password = $_POST['password'];
//Fetching data
$result = $con->query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$row = $result->fetch_array(MYSQLI_BOTH);
//Logging in
$_SESSION['user_id'] = $row['user_id'];
header('Location: index.php');
}else{
$wrong = 'Username or password is wrong';
}
?>
Also i got a check.php that redirects you to /notloggedin.php if not logged in, but IF the user is logged in it will display their User_ID, but when user logsIn with wrong details then go to check.php it does not show anything and it does not redirect the users to /notloggedin.php.
So what do I do with that? Is there something I forgot to add, or something i did wrong???Can you write a example if you have any ideas?? Thanks.
EDIT:
Now instead of using MySQLi I got an idea from #christoandrew, so i made everything into functions. What the functions tells the system to do is its gonna check for the username first, if the username exists its gonna make a $_SESSION()for the username. Then again using the $_SESSION() to find the User_ID to the username then its gonna look for the password for the same User_ID. Then when its checked everything it will destroy all 'Sessions' it made and create a $_SESSION() for all information like User_ID, Email, Username, Password, Etc... Thanks for all the help i got in my way!
if(isset($_POST['login'])) {
session_start();
//Explainging details
$username = $_POST['username'];
$password = $_POST['password'];
//Fetching data
$result = $con->query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$row = $result->fetch_array(MYSQLI_BOTH);
// Try checking if there are actually rows that are returned
// If the rows are greater than zero then the user exists else the
// user supplied wrong credentials
if(mysqli_num_rows($row) > 0){
//Logging in
$_SESSION['user_id'] = $row['user_id'];
header('Location: index.php');
}else{
$wrong = 'Username or password is wrong';
}
// The else block below is not necessary and the validation is misplaced
}
you need start the session:
session_start();
So i'm writing a simple login script and I ran into some problems. I was able to create the login.php file that works with this dashboard.php file below. Let me describe the scenario: User come into the main page, which is the login page. Enters username and password. If entered correctly user will see the output "dashboard succesfull". If entered wrongly it will redirect them to loginfailed.php. Problem is that the browser does not remember that the user has already been logged in. If I re-enter this page, it will directly goes to loginfailed.php. So my obivous n00b question here is......is there a way to make the browser remember that the user has already been logged in?
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$dblink = mysql_connect("localhost", "root", "");
mysql_select_db("user",$dblink);
$sql = "select * from members where username = '$username' and password = '$password'";
$result = mysql_query($sql) or die ( mysql_error() );
$count = 0;
while ($line = mysql_fetch_assoc($result)) {
$count++;
}
if ($count == 1) {
$_SESSION['loggedIn'] = "true";
echo "<a href='dashboard.php'>dashboard succesfull</a>";
} else {
$_SESSION['loggedIn'] = "false";
header("Location: loginfailed.php");
}
?>
Sure. You just need to put, at the top of the page but below session_start(), something like:
if(isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] == 'true') {
# do something. maybe redirect and then exit?
}
Also, I'd suggest using a session name and escaping the username and password before putting them in your SQL.