Here is my form, it send POST to loginuser.php it have drop-down list which was read users from database.
<form action="loginuser.php" method="POST">
<div class="form-group">
<select name="userList">
<option> - - - </option>
<?php
include 'db.php';
$sql = "SELECT username FROM dbusers";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "<option>" . $row["username"]. "</option>";
}
}
?>
</select>
</div>
<div class="form-group">
<input name "password" type="password" class="form-control" id="inputPassword">
</div>
<div class="form-group">
<button type="submit" class="btn btn-info btn-sm btn-block">Login</button>
</div>
</form>
And this is my loginuser.php - when i push the Login button it send me to localhost/loginuser.php but it show "TEST-FALSE"
<?php
session_start();
require('db.php');
if (isset($_POST['username']) and isset($_POST['password'])){
echo "TEST - GOOD";
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM `dbusers` WHERE username='$username' and password='$password'";
$result = mysqli_query($conn, $query) or die(mysqli_error($conn));
$count = mysqli_num_rows($result);
if ($count == 1){
$_SESSION['username'] = $username;
}else{
$fmsg = "Invalid Login Credentials.";
}
}
if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
echo "Succes";
}else{
echo "TEST - FALSE";
}
?>
Also, my connection in db.php work because script on form show users correctly.
I changed some pass values in select drop down in your front end like and i dont know name=password is typo error or not :
<form action="loginuser.php" method="POST">
<div class="form-group">
<select name="userList">
<option> - - - </option>
<?php
include 'db.php';
$sql = "SELECT username FROM dbusers";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "<option value='".$row["username"]."'>" . $row["username"]. "</option>";
}
}
?>
</select>
</div>
<div class="form-group">
<input name="password" type="password" class="form-control" id="inputPassword">
</div>
<div class="form-group">
<button type="submit" class="btn btn-info btn-sm btn-block">Login</button>
</div>
and your php code is like:
<?php
session_start();
require('db.php');
if (isset($_POST['userList']) && isset($_POST['password'])){
echo "TEST - GOOD";
$username = $_POST['userList'];
$password = $_POST['password'];
$query = "SELECT * FROM `dbusers` WHERE username='$username' and password='$password'";
$result = mysqli_query($conn, $query) or die(mysqli_error($conn));
$count = mysqli_num_rows($result);
if ($count == 1){
$_SESSION['username'] = $username;
}else{
$fmsg = "Invalid Login Credentials.";
}
}
if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
echo "Succes";
}else{
echo "TEST - FALSE";
}
?>
Note: Please avoid the sql injection try to use PDO.,
You wrote this
<div class="form-group"> <input name "password" type="password" class="form-control" id="inputPassword"> </div>
Correct with this
<div class="form-group"> <input name="password" type="password" class="form-control" id="inputPassword"> </div>
name="password" (=) missing
Related
I'm a beginner and need some help with my code.
If I enter the webpage index.php, I want to be redirected to login.php if I'm not logged in.
I'm using this code and it works so I redirects to login.php, but I can't log in. I'm stuck at login.php.
I have this code in my index.php
<?php
if(isset($_SESSION['userId'])) {
// comment
} else {
header("Location:login.php");
}
?>
Parts of my login.php
<?php
include('template.php');
if (isset($_POST['username']) and isset($_POST['password'])) {
$name = $mysqli->real_escape_string($_POST['username']);
$pwd = $mysqli->real_escape_string($_POST['password']);
$query = <<<END
SELECT username, password, user_id FROM users4project
WHERE username = '{$name}'
AND password = '{$pwd}'
END;
$result = $mysqli->query($query);
if ($result->num_rows > 0) {
$row = $result->fetch_object();
$_SESSION["username"] = $row->username;
$_SESSION["user_id"] = $row->user_id;
header("Location:index.php");
} else {
echo "Wrong username or password. Try again";
}
}
$content = <<<END
<form action="login.php" method="post">
<div class="form-group">
<input type="text" class="form-control form-control-user" name="username" required placeholder="Username">
</div>
<div class="form-group">
<input type="password" class="form-control form-control-user" name="password" required placeholder="Password">
</div>
<div class="form-group">
<div class="custom-control custom-checkbox small">
<input type="checkbox" class="custom-control-input" id="customCheck">
<label class="custom-control-label" for="customCheck">Remember Me</label>
</div>
</div>
<input type="submit" value="Login" class="btn btn-primary btn-user btn-block">
</form>
END;
echo $navigation;
echo $content;
?>
my template.php
session_name('Website');
session_start();
$host = "localhost";
$user = " ";
$pwd = " ";
$db = " ";
$mysqli = new mysqli($host, $user, $pwd, $db);
isset($_SESSION['userId'] !== $_SESSION["user_id"]
aside from the major security issues, you're not comparing the right session name
(for clarity)
You check
<?php
if(isset($_SESSION['userId'])) {
// comment
but you set
if ($result->num_rows > 0) {
....
$_SESSION["user_id"] = $row->user_id;
.....
PappaJ says "pick a naming convention, and stick with it"
Trying to update a record unable to fetch the data from database.Getting a blank page not getting any data from database.
<?php
include 'includes/db.php';
$id = (int)$_GET['appoint_id'];
$sql = "SELECT * FROM appointment WHERE appoint_id = '$id'";
$run = mysqli_query($conn,$sql);
while ($row = mysqli_fetch_assoc($run)){
$firstname = $row['first_name'];
$lastname = $row['last_name'];
}
?>
<form class="form-horizontal" action="update.php" method="post" role="form">
<input type='hidden' value='<?=$id;?>' name='appoint_id'>
<div class="body">
<div class="row clearfix">
<div class="col-sm-6 col-xs-12">
<div class="form-group">
<div class="form-line">
<input type="text" class="form-control" value="<?php echo $row['first_name'];?>" name="first_name" id="first_name" required>
</div>
</div>
</div>
<div class="col-sm-6 col-xs-12">
<div class="form-group">
<div class="form-line">
<input type="text" class="form-control" value="<?php echo $row['last_name'];?>" name="last_name" id="last_name" required>
</div>
</div>
</div>
</div>
</div>
</form>
update.php
<?php include 'includes/db.php';
if(isset($_POST['submit_user'])){
$ins_sql = "UPDATE first_name,last_name appointment WHERE appoint_id = '$id' ";
$run_sql = mysqli_query($conn,$ins_sql);
}else {
echo "not updated";
}
?>
Not displaying any errors in error log as well.
update.php has incorrect syntax for the UPDATE query, and it's not using any of the form parameters (except for one that doesn't even exist in the form, $_POST['submit_user']).
You should use a prepared statement to protect against SQL injection.
<?php
include 'includes/db.php';
$ins_sql = "UPDATE appointment
SET first_name = ?, last_name = ?
WHERE appoint_id = ?";
$stmt = $conn->prepare($ins_sql);
$stmt->bind_param("ssi", $_POST['first_name'], $_POST['last_name'], $_POST['appoint_id']);
if ($stmt->execute()) {
echo "updated";
} else {
echo "not updated";
}
?php session_start();
include 'includes/db.php';
$id = (int)$_GET['id'];
$sql = "SELECT * FROM appointment WHERE appoint_id = $id";
$oppointArr =array();
$result = mysqli_query($conn,$sql);
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_array($result)) {
$oppointArr = $row;
echo "Name: " . $row["first_name"]. "<br>";
}
} else {
echo "0 results";
}
//mysqli_close($conn);
?>
Query for fetching the data for a particular record
I've been working on a project that has to do with renting houses. Visitors can register or log-in, and only logged-in users can Add a house for rental. Each user has his own profile showing his username, email and accommodations he has uploaded for rental.
My problem is that I cannot retrieve the email of the logged in user. Also, on my MySQL DB I'm using a foreign key in my accom(modation) table, which references the primary key(USER-ID) of the users. The key fails to match the USER-ID.
Any advice would be really helpful. Thank you a lot in advance.
Posting some of the code below:
register.php
<?php include('server.php') ?>
<? php
if (isset($_SESSION['username'])) {
$_SESSION['msg'] = "You're now logged in.";
unset($_SESSION["register.php"];
header('Location: user_index.php');
}
?>
<!DOCTYPE html>
<html>
<link href="https://fonts.googleapis.com/css?family=Eater" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="mystyle.css">
<body>
<p id="pagetitle">Booking Planet </p>
<div class="navbar" id="topnav">
<button onclick="document.getElementById('id01').style.display='block'"
style="width:auto;">Login</button>
<button onclick="document.getElementById('id02').style.display='block'"
style="width:auto;">Register</button>
HOME
</div>
<?php
$db = mysqli_connect('localhost', 'root', '', 'registration');
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($db,"SELECT * FROM accom");
echo "<p> </p>";
echo "<div class='acclist'> Explore some fairytale destinations.. </div>";
echo "<ul>";
while($row = mysqli_fetch_array($result))
{
$image=$row['image'];
$target = "images/".basename($image);
echo "<img src='" . $target . "' width=800 height=500/>";
echo "<li id='title'><b>" . $row['title'] . "</b></li>";
echo "<li> Description: <i>" . $row['description'] . "</i></li>";
echo "<li> Address: <i>". $row['address'] . "</i></li>";
echo "<li> Available from: <i>" . $row['checkin'] . "</i></li>";
echo "<li> Available until: <i>" . $row['checkout'] . "</i></li>";
?><button onclick="document.getElementById('id01').style.display='block'"
type='button' class='bookbtn'>Log-in to book now!</button>
<?php
echo "<li><img src='sepline.png' width=1500 height=75> </li>";}
echo "</ul>";
mysqli_close($db);
?>
</div>
<div id="id01" class="modal">
<? php include('errors.php'); ?>
<form action="" method="post" class="modal-content animate" name="login" >
<div class="logocontainer"> Booking Planet
</div>
<h3> Account Log-in. </h3>
<div class="container">
<? php echo $errors; ?>
<label><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="username" required>
<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="password"
required>
<button type="submit" name="login_user">Login</button>
</div>
<div class="container">
<button type="button" class="cancelbtn" id="cncl1">Cancel</button>
</div>
</form>
</div>
<!-- REGISTRATION -->
<div id="id02" class="modal">
<form action="" method="post" class="modal-content animate" name="register"
>
<div class="logocontainer"> Booking Planet
</div>
<h3> Create an account. </h3>
<div class="container">
<label><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="username" required>
<label><b>Name</b></label>
<input type="text" placeholder="Enter your Name!" name="name" required>
<label><b>Surname</b></label>
<input type="text" placeholder="Enter your Surname!" name="surname" required>
<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="password" required>
<label><b>Email</b></label>
<input type="email" placeholder="Enter Email" name="email" required>
<div class="avatar"><label>Select your avatar: </label>
<input type="file" name="avatar" accept="image/*" required />
<button type="submit" name="reg_user">Register</button>
</div>
<div class="container">
<button type="button" class="cancelbtn" id="cncl2">Cancel</button>
</div>
</form>
</div>
<script src="myscripts.js"></script>
</body>
</html>
user_index.php: is pretty much similar to register.php, it's where people who have registered or logged-in are redirected. I'm posting the beginning of the code.
<?php include('server.php'); ?>
<?phpinclude('auth.php');
session_start();
if ($_SESSION['username']<1) {
session_destroy();
unset($_SESSION['username']);
header("Location: register.php");
}
$db = mysqli_connect('localhost', 'root', '', 'registration');
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($db,"SELECT email FROM users WHERE
username='$_SESSION['username']'");
$row = mysqli_fetch_array($result);
$_SESSION['email'] = $result;
$username = $_SESSION['username'];
$_SESSION['id']=$id;
header("Location: server.php");
?>
server.php: contains the validation for registration and logging-in. Also, links to the DB. I will be skipping the validation parts.
<?php
session_start();
$email=$_SESSION['email'];
// initializing variables
$errors = array();
// connect to the database
$db = mysqli_connect('localhost', 'root', '', 'registration');
//...validationon code
//once no errors, register user
if (count($errors) == 0) {
$password = md5($password);//encrypt the password before saving in the
database
$query = "INSERT INTO users (username, email, password, name, surname)
VALUES('$username', '$email', '$password', '$name', '$surname')";
mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
$_SESSION['success'] = "You are now logged in";
header('Location: user_index.php');
}
}
// LOGIN USER
$msg = '';
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND
password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
session_start();
$_SESSION['email']=$row['email'];
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
$_SESSION['id']= $id;
$_SESSION['success'] = "You are now logged in";
header('Location: user_index.php');
}else {
echo $msg;
}
}
}
auth.php
<?php
session_start();
if(!isset($_SESSION["username"])){
echo $errors; }
?>
For any additional information you might need, please feel free to ask anything.
I am genuinely sorry for the block of text and code.
I want to create login page. First, I get username and password from login.html and send them to login.php to check its available or not. But it always give errors and I cannot solve that
Login.html
<form action="login.php" method="post">
<div class="containerLogin">
<label><b>Username</b></label>
<input type="text" placeholder="Enter Username"name="username" required>
<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="password" required>
</div>
<div class="containerLogin" style="background-color:#f1f1f1">
<input type="submit" name="submit" value="submit" class="btn btn-primary">
<span class="password">Forgot password?</span>
</div>
</form>
login.php
<?php
include_once "connection.php";
if (isset($_POST['submit'])) {
session_start();
if($_POST['username'] && $_POST['password']) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = mysqli_query("SELECT * FROM studenttable WHERE username='$username' and password='$password'");
$res = mysqli_query($con, $query);
$count_user = mysqli_num_rows($res);
if($count_user==1)
{
$row = mysqli_fetch_array($res);
$_SESSION['username'] = $row['username'];
$_SESSION['password'] = $row['password'];
header("location:dashboard.php?success=1");
}else{
$error = 'Incorrect Username, Password and Branch.';
}
}
}
?>
ERRORS
login.php
The $query variable should not be a mysqli_query, but a string, since you can't pass a query as a parameter to another query. Replace that line (24) with this:
$query = "SELECT * FROM studenttable WHERE username='$username' and password='$password'";
I have already created a successfull login form that is connected to a database to determine whether or not a login is correct. But i would like to update this so that if an incorrect username or password is entered they will get an error message. Im just not to sure how to implement that into my existing code?...
my user login page:
<form action="../login.php" method="post">
<label for="login-username"><i class="icon-user"></i> <b>Username</b> </label><br/>
<input class="form-control" type="text" name="username">
<br/>
<label for="login-password"><i class="icon-lock"></i> <b>Password</b> </label> <br/>
<input class="form-control" type="password" name="password">
<br/>
<button type="submit" class="btn pull-right">Login</button>
</form>
<?php
if (isset($_SESSION['username'])){
if($_SESSION['logged_in'] = 1){
echo ('Logged in as: '. $_SESSION['username'].' '.$_SESSION['surname']).'<br>Log out';
}
}
?>
and the login.php it is posting to:
<?php
session_start();
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "gpdb";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("connection failed: " . $conn->connect_error);
}
//echo "connection successful";
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM patients where Username ='$username' and Password ='$password'";
$result = $conn->query($sql);
$admin_user = 'admin';
$admin_password = 'admin1';
if ($result->num_rows > 0) {
if ($username === $admin_user || $password === $admin_password ){
foreach($result as $row) {
//echo "PatientID " .$row["PatientID"]."<br>". "First name and Last name: " . $row["Firstname"]. " ".$row["Surname"]. "<br/>";
$_SESSION['id'] = $row["PatientID"];
$_SESSION['username'] = $row["Firstname"];
$_SESSION['surname'] = $row["Surname"];
$_SESSION['logged_in'] = 2;
header("location: http://localhost/index.php");
die;
}
}else{
foreach($result as $row) {
$_SESSION['id'] = $row["PatientID"];
$_SESSION['username'] = $row["Firstname"];
$_SESSION['surname'] = $row["Surname"];
$_SESSION['logged_in'] = 1;
header("location: http://localhost/index.php");
die;
}
}
}else{
$_SESSION['logged_in'] = 0;
header("location: http://localhost/user.php");
die;
}
?>
<?php
if ($result->num_rows > 0){
header("location: http://localhost/index.php");
}else{
echo "Wrong Username or Password <br />".
'Go back...';
}
?>
You may also create a login_failure.php page and in the else part redirect the user to that page. OR another approach is to pass the value of failure message
header("location: http://localhost/user.php?msg = 1");
and display the message at the top of login box. Get the value of 'msg' in user.php page and apply if condition to display the message.
<div><?php
$msg = $_GET['msg'];
if (isset($msg)) { echo "Wrong username/password"; } ?> </div>
<form action="../login.php" method="post">
<label for="login-username"><i class="icon-user"></i> <b>Username</b> </label><br/>
<input class="form-control" type="text" name="username">
<br/>
<label for="login-password"><i class="icon-lock"></i> <b>Password</b> </label> <br/>
<input class="form-control" type="password" name="password">
<br/>
<button type="submit" class="btn pull-right">Login</button>
</form>