Being redirected one page back - php

My goal is that the user will be redirected to the page that he initially was when he pressed the login button and has inputed his username and password. So far I had no problem doing so. However, if I press the view more button so that I am redirected to the singleproduct.php and then press the back from the browser going back to search.php and after that try to login I am redirected to the singleproduct.php instead of search.php. I had no problem doing this on other pages including the singleproduct.php or any other of my pages and even in the search.php if I dont end up there by going back or forward through the browser buttons it still works.
Does it have to do with the $_SERVER['REQUEST_URI'] not being given the new url or have I messed up somewhere else?
I was wondering why this is happening and what can I do to fix it.
search.php
<?php
session_start();
include 'includes/dbh.inc.php';
$_SESSION['current_page'] = $_SERVER['REQUEST_URI'];
?>
<!DOCTYPE html>
<html lang="en">
<head>
</head>
<body>
<form class="sea" action="search.php" method="GET">
<input class="searchbar" name="search" type="text" placeholder="Search...">
<button class="searchbutton" name="submit-search" type="submit"><i class="fa fa-search"></i></button>
</form>
//button for login
<?php
if(isset($_GET['submit-search'])) {
$search = mysqli_real_escape_string($conn, $_GET['search']);
$sql = "SELECT * FROM table WHERE product_name LIKE '%$search%' OR product_category LIKE '$search'";
$result = mysqli_query($conn, $sql);
$queryResult = mysqli_num_rows($result);
if ($queryResult > 0) {
while ($row = mysqli_fetch_array($result)) { ?>
//read from database
View More
<?php }
} ?>
</body>
</html>
singleproduct.php
<?php
session_start();
include 'includes/dbh.inc.php';
$_SESSION['current_page'] = $_SERVER['REQUEST_URI'];
?>
<!DOCTYPE html>
<div lang="en">
<head>
</head>
<body>
<form class="sea" action="search.php" method="GET">
<input class="searchbar" name="search" type="text" placeholder="Search...">
<button class="searchbutton" name="submit-search" type="submit"><i class="fa fa-search"></i></button>
</form>
//button for login
<?php
$id = $_GET[viewmore];
$result = mysqli_query($conn,"SELECT * FROM table WHERE product_id='".$id."' ");
while($row = mysqli_fetch_array($result)){
//read the database for the single item
}?>
</body>
</html>
includes/login.inc.php
<?php
session_start();
if (isset($_POST['submit'])){
//Error Handlers
if(){
}
else{
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_uid'] = $row['user_uid'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_status'] = $row['user_status'];
$_SESSION['u_level'] = $row['user_level'];
$_SESSION['success-message'] = '';
header("Location: ". $_SESSION['current_page']);
exit();
}
}

Related

php is not showing the else-block

i'm trying to learn about session_start() but when i run the file, it only show what is inside the
if (isset($_SESSION['username'])&& isset($_SESSION['password'])==$password) {
?>
log out
<?php } ?>
and not showing else{...} and even after i click log out, it won't print anything in else statement and only print inside the if statement. I use another file to do the log out proses but i don't know the right code for session_destroy()
here's the logout.php code below:
<?php
session_start();
session_destroy();
header("location: home.php");
?>
here's the full code:
<?php
session_start();
include("DB/db.php");
$_SESSION['username']=$username;
$_SESSION['password']=$password;
$_SESSION['is_log_in'] = true;
?><!DOCTYPE html>
<html>
<head>
<title></title>
<link rel="stylesheet" type="text/css" href="css/css.css">
</head>
<body>
<div id="blank"></div>
<div id="panel">
<nav id="bar">
<div id="submen">
<form id="sir">
<input type="Search" name="search" placeholder="Search.." id="search">
</form>
Walpaper
Art
Photos
Image
<?php
if (isset($_SESSION['username'])&& isset($_SESSION['password'])==$password) {?>
<?php echo $username?>
log out
</div>
</nav>
</div>
</table>
<?php } else {
?>
login
register
</div>
</nav>
</div>
</table>
<?php } ?>
</body>
</html>
UPDATE for log in script
<?php
session_start();
include("DB/db.php");
if ($_GET['log']=='out'){
session_destroy();
}
if ($_POST['user']){
$sql = "Select password from user where username = '".$_POST['user']."' ";
$result = mysqli_query($koneksi, $sql);
if (mysqli_num_rows($result)){
$row = mysqli_fetch_assoc($result);
if ($row['password'] == md5($_POST['pass'])) {
$_SESSION['login'] = TRUE;
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
}else{
$pesan = "Username and password mismatch";
}
}else{
$pesan = "please register";
}
}
?><!DOCTYPE html>
<html>
<head>
<title>Log in</title>
</head>
<body>
<?php
if ($_SESSION['login']) {
echo "text";
}else{
?>
<h1>Login</h1>
<form method="post" action="rahasia.php">
Username: <input type="text" name="user">
Password: <input type="password" name="pass">
<input type="submit" name="" value="Login">
</form>
<form method="post" action="register.php">
<input type="submit" name="register" value="register">
</form>
<?php
}
echo $pesan;
?>
</body>
</html>
where have i gone wrong

Your $_SESSION vars are always set, and $password always equals $_SESSION['password'].
$_SESSION['username']=$username; // null, plus notice in error_log
$_SESSION['password']=$password; // null, plus notice in error_log
Unless those two vars are set in include("DB/db.php");, in which case that is bad practice. Can you paste db.php to see what is happening inside?
UPDATE.
Okay so the vars are being set. This now means:
$_SESSION['username']=$username; // a
$_SESSION['password']=$password; // 123456789
Therefore they will still match. You need to refactor these lines to function properly. Are you sure the mysql credentials is what you want for your logged in user
?

PHP Login page isn't working

A user is able to Register their account but nothing happens (no errors appear, no redirection after login) when I submit a registered users information.
I've posted my form partial code down below as well as my Login.php file if anyone could help me out? I've played around with the code to see if there was anything specific blocking the functionality of the page but nothing seems to make a difference
Login Form
<body>
<div align = "center" ><p style="margin-top: 100px;">
<div class="col-lg-4 mb-4">
<div class="card h-100">
<h4 class="card-header"><font face = "Lucida
Handwriting">Login</font></h4>
<form method="post" action="<?php echo
htmlspecialchars($_SERVER["PHP_SELF"]);?>"><b
<p style="margin-top: 50px;"></p>
<span class="error">* <?php echo $email_addressErr;?></span>
Email Address:<br><input type="text"
name="email_address"
value="<?php echo $email_address;?>"><br>
<span class="error">* <?php echo $acc_passwordErr;?></span>
Password:<br><input type="text" name="acc_password"
value="
<?php echo $acc_password;?>"><br>
<br><p style="margin-top: 30px;"></p>
<input type ="submit" value="submit" name="Sign-In"
href="Main.php"></p>
</form>
</div>
</div>
</div>
</body>
Main page
<html lang="en">
<?php
include 'Assets/Partials/Header.php'
?>
<?php
//start session
session_start();
//if userSession is set
if ( isset($_SESSION['userSession'])!="" )
{
header("Location: Main.php");
}
require_once 'DBConnect.php';
//initialising variables
$email_address = "";
$acc_password = "";
//if login button is clicked
if (isset($_POST['Sign-In']) )
{
//Following 3 lines commented out and they weren't doing
anything
//$email_address = strip_tags($_POST['email_address']);
//$email_address = $mysqli->strip_tags($_POST['email_address']);
// $acc_password = strip_tags($_POST['acc_password']);
$email_address = $DBcon->mysqli_real_escape_string($DBcon,
$_POST['email_address']);
$acc_password = $DBcon->mysqli_real_escape_string($DBcon,
$_POST['acc_password']);
//select user details where email matches email field
$query = $DBcon->query("SELECT customer_id FROM customer WHERE
email_address='$email_address' and acc_password =
'$acc_password'");
$result = mysqli_query($DBcon, $query);
$row = mysqli_fetch_arry($result, MYSQLI_ASSOC);
$active = $row['active'];
//see if row is returned
$count = mysqli_num_rows($result);
//if row is returned and hashed password is verified, set
session
if ( password_verify($acc_password, $row['acc_password']) &&
$count==1 )
{
$_SESSION['userSession'] = $row['customer_id'];
header("Location: Main.php");
}
//else notify user that email or password is incorrect
else
{
echo"<script>alert('Your Email Address and/or Password is
invalid')</script>";
}
//close connection
$DBcon->close();
}//End If
?>
<body>
<?php
include 'Assets/Partials/IndexMenu.php'
?>
<?php
include 'Assets/Partials/LoginForm.php'
?>
</body>
</html>

Not able to pre populate data from database in a form

Not able to figure out what is wrong. The connection is working fine. I used the same connection.php file to store data. But not able to pre populate in a different form. Please help.
This is the code i have written:
<?php
session_start();
if (!isset($_SESSION['email']))
header('location: index.php');
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Welcome</title>
</head>
<body>
<form action="app_script.php" method="POST">
<input class="form-control" placeholder="Name" name="name" required = "true" value="<?php require_once("connection.php"); $eventid = $_GET['ID'];$field = $_GET['Name'];$result = mysql_query("SELECT $field FROM `persons` WHERE `ID` = '$eventid' ");$row = mysql_fetch_array($result);echo $row[$field]; ?>">
<button type="submit" name="submit" class="btn btn-primary pull-right">Submit</button>
</form>
</body>
</html>

<?php
session_start();
if (!isset($_SESSION['email']))
header('location: index.php');
require_once("connection.php");
$eventid = $_GET['ID'];
$field = $_GET['Name'];
$result = mysql_query("SELECT $field FROM `persons` WHERE `ID` = '$eventid' ");
if(mysql_num_rows($result)>0)
{
$row = mysql_fetch_array($result);
$output = $row[$field]; // to populate
}
else
{
$output ='';
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Welcome</title>
</head>
<body>
<form action="app_script.php" method="POST">
<input class="form-control" placeholder="Name" name="name" required = "true"
value="<?php echo $output; ?>">
<button type="submit" name="submit" class="btn btn-primary pull-right">Submit</button>
</form>
</body>
</html>

On clicking back button, I'm still on the same page that has the form

I'm a beginner in making a website and I'm still practising in making a website using PHP lounge.
This is the problem that I'm facing, if I click back button I'm still on the login page, how can i remove login form?
Here is the image
my php code for login from my database
$member_email = $_POST["member_email"];
$member_password = md5($_POST["member_password"]);
require_once("db_open.php");
$sql = "SELECT * FROM members WHERE member_email='".$member_email."' AND member_password='".$member_password."'";
$result = $conn->query($sql) or die($conn->error);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
session_start();
$_SESSION["member_id"] = $row["member_id"];
$_SESSION["member_email"] = $row["member_email"];
$_SESSION["member_full_name"] = $row["member_full_name"];
}
} else {
header("Location: login_form.php");
exit();
}
require_once("db_close.php");
header("Location: index.php");
?>
Code for my checking for my login
<?php
if (!isset($_SESSION["member_id"])) {
exit("<h3>Please <a class='btn btn-primary' href='login_form.php'>login</a> first.</h3>");
}
?>
Here is my html and login form
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>All Members</title>
<link rel="stylesheet" href="bootstrap.min.css" />
</head>
<body>
<?php require_once("top_nav.php"); ?>
<div class="container">
<h1>Login</h1>
<form method="POST" action="login_db.php">
<div class="form-group">
<label for="member_email">Email:</label>
<input type="text" name="member_email" id="member_email" class="form-control" />
</div>
<div class="form-group">
<label for="member_password">Password:</label>
<input type="password" name="member_password" id="member_password" class="form-control" />
</div>
<button type="submit" class="btn btn-success btn-lg">Login</button>
</form>
</div>
</body>
</html>

Session php Dont work

I built an Admin-login using sessions, however it doesn't work, it requests me to login again. It does not recognize the session.
What's wrong?
<!DOCTYPE HTML>
<html>
<head>
<?php
session_start();
include "../header.php";
echo $_SESSION['username'];
?>
<title></title>
</head>
<body dir="rtl">
<?php if(!isset($_SESSION['username'])) { ?>
<h1>כניסה לפאנל ניהול</h1>
<form action="index.php" method="post">
<input name="adminName" placeholder="שם משתמש">
<br>
<input name="adminPass" placeholder="סיסמה">
<br>
<input type="submit" name="login" value="כניסה" class="btn btn-primary">
</form>
<br>
<?php
$username = $_POST['adminName'];
$password = $_POST['adminPass'];
if(isset($_POST['login'])) {
$connect_db = mysql_connect("X", "X", "X");
$select_db = mysql_select_db("X");
$login_query = mysql_query("SELECT * FROM `X`.`admin_login` WHERE `Username` = '$username' and `Password` = '$password';");
$login_num = mysql_num_rows($login_query);
if($login_num == 1) {
$da = mysql_query("SELECT * FROM `X`.`admin_login` WHERE `Username` = '".$_SESSION['username']."'");
while($row = mysql_fetch_array($da)) {
$_SESSION['username'] = $username;
$_SESSION['name'] = $row['Name'];
$_SESSION['date'] = $row['Date'];
}
echo '<div class="alert alert-success">
<strong>הצלחה!</strong> התחברת בהצלחה לפנאל ניהול! רענן
</div>';
}
else {
echo '<div class="alert alert-warning">
<strong>שגיאה:</strong> שם המשתמש או הסיסמה אינם נכונים
</div>';
}
}
}
else if(isset($_SESSION['username'])) {
echo 'ברוך הבא, '.$_SESSION['username'];
}
?>
<br>
</body>
</html>

You need to put session_start() before anything that produces output. So change the beginning of the script to:
<?php
session_start();
?>
<!DOCTYPE HTML>
<html>
<head>
<?php
include "../header.php";
See How to fix "Headers already sent" error in PHP

Categories