My cookies are not saving, I am using PHP 5.
Code:
require 'dbcon.php';
$sql = "SELECT * FROM accounts";
$result = $conn->query($sql);
$username = $_POST['username'];
$password = $_POST['password'];
$row = mysql_fetch_row($result);
setcookie("ID6", $row['ID'], time() + 60*60*24*31*12, "/") or die("Cookie could not be set. <a href='index.php'>Try again!</a>");
if(!isset($_POST['username']) || !isset($_POST['password'])) {
header("Location: index.php");
exit();
}
while($row = mysqli_fetch_assoc($result)) {
if($username == $row['username']) {
if($password == $row['password']) {
if($row['accdel'] == 1) {
echo("You are banned.");
exit();
}
echo "Logged in with cookie:" . $_COOKIE['ID6'];
exit();
}
else {
echo "The account does not exist, or you have put in the wrong log in.";
exit();
echo"That's not an account name though...";}
}
}
?>
Please help. Is the selected sql even a settable cookie value? (Please make it simple. I do not know much about php nor cookies.
https://www.jqueryscript.net/other/E-commerce-Cart-Plugin-For-jQuery.html
I tried save cookies with PHP many days never work.
Maybe try jquery.
The ID wasnt got from the database because it was not in the while loop.
Related
I am trying to redirect a user after a logging with saving the session. I am trying to do that using header function in PHP:
<?php
include 'phpconnect.php';
if(isset($_POST['but_submit'])){
$uname = mysqli_real_escape_string($conn,$_POST['txt_uname']);
$password = mysqli_real_escape_string($conn,$_POST['txt_pwd']);
if ($uname != "" && $password != ""){
$sql_query = "select count(*) as cntAdmin from admindb where adminID='".$uname."' and AdminPassword='".$password."'";
$result = mysqli_query($conn,$sql_query);
$row = mysqli_fetch_array($result);
$count = $row['cntAdmin'];
if($count > 0){
$_SESSION['uname'] = $uname;
header('Location: adminpanel.php');
}else{
die("Invalid username and password");
}
}
}
?>
Credentials are correct, all other functions (for example registration form with inputting some data into the database) is working. Echo function call works fine if credentials are wrong, so database connection is fine. I suppose something wrong with header, but have no clue.
try this
header("Location: /adminpanel.php");
as a last resort you can use this
echo "<script>";
echo "window.location.href='/adminpanel.php'";
echo "</script>";
I am trying to use session to display a possible error msg. In my auth_id.php file, I checked whether the input id and password posted from auth_form.php file are correct, if not $_SESSION['fail'] will be set to an error msg.
At the top of my auth_id.php file, I checked whether $_SESSION['fail'] was set, if so, display the error msg and then unset $_SESSION['fail'].
But this is not working like what I expected. The unset function does remove 'fail' from $_SESSION in the auth_form.php file, but it reappears after refreshing the page. Therefore, I always got the error msg after setting it for the first time.
I am not sure what's causing this problem, anyone has any ideas what I did wrong?
Thank you for your help!
auth_form.php:
<?php
session_start();
if (isset($_SESSION['fail'])) {
print($_SESSION['fail']);
unset($_SESSION['fail']);
}
?>
auth_id.php:
session_start();
$mode = $_SESSION['mode'];
if ($res->num_rows == 1) {
// unset($_SESSION['fail']);
$row = $res->fetch_assoc();
$db_password = $row['password'];
if ($password == $db_password) {
if ($mode == 'delete') {
$delete = "DELETE FROM guestbook WHERE ID = $ID";
$mysqli->query($delete);
$_SESSION['delete'] = $row['name'] . "\'s comment has been deleted.";
header("Location: list.php");
die();
}
$_SESSION['name'] = $row['name'];
$_SESSION['email'] = $row['email'];
$_SESSION['url'] = $row['url'];
$_SESSION['comments'] = $row['comments'];
header("Location: form.php");
die();
} else {
$_SESSION['fail'] = "Authentication failed.";
header("Location: auth_form.php");
die();
}
}
I have been trying to solve this issue couldn't, tried reading from asked questions but couldn't get it. I started the session and required it in another page but when ever i want to use it to insert some text base on the current session id, it is always zero in the database. Please,explain to me, maybe i miss understood it. Thanks!
<?php
ob_start();
session_start();
if(isset($_SESSION['$user_id']) && !empty($_SESSION['$user_id']))
{
return true;
}
else
return false;
?>
include.php
<?php
include ("login._form.php");
require ("include.php");
require("require.php");
if ($_SERVER["REQUEST_METHOD"]== "POST")
{
$username = mysqli_real_escape_string($link, $_POST["user"]);
$password = mysqli_real_escape_string($link,$_POST["password"]);
if(empty($username) || empty($password))
{
die();
}
$row = mysqli_query($link,"SELECT * FROM `users` WHERE username ='$username'");
if($row === false)
{
echo "Query Error";
}
while($fetch = mysqli_fetch_array($row)){
if($username == $fetch["username"] && $password == $fetch["password"])
{
$_SESSION["id"] = $id;
header('Location:index.php');
}
else
die("user does'n exist");
}
mysqli_close($link);
}
login.php
?>
require("include.php");
include ("yd_sendpage_form.php");
require("require.php");
if ($_SERVER["REQUEST_METHOD"]== "POST")
{
$user_id = $_SESSION["id"];
$text = mysqli_real_escape_string($link,$_POST["text"]);
if(empty($text))
{
die("Field Can't Be Empty!");
}
$insert = mysqli_query($link,"INSERT INTO `text`(`id`, `user_id`, `text`) VALUES ('$user_id','$user_id','$text')");
}
?>
yd_sendpage.php
Change
if(isset($_SESSION['$user_id']) && !empty($_SESSION['$user_id']))
to
if(!empty($_SESSION['id']))
And don't forget about SQL injection, your code is vulnerable to it.
More information about SQL injection in your code
$_SESSION["id"] was not set, so i changed $_SESSION["id"] to $_SESSION["user"] = $username in the login.php and other pages to $_SESSION["user"] and that works. Thanks!
Ok, this is my code for authentication. For now, i have one table and 5 PHP working scripts except this one. After successful login, user should be redirected to his home page, but the problem is, PHP echoes "Cannot login" error message regardless of login details. Heres the script:
session_start();
include_once'dbconnect.php';
if (isset($_SESSION['user']) != "") {
header ("Location: home.php");
}
if (isset($_POST['login'])) {
$email = mysql_real_escape_string($_POST['email']);
$pass = mysql_real_escape_string($_POST['pass']);
$sql = mysql_query("SELECT * FROM users WHERE email='".$email."'");
$num = mysql_fetch_assoc($sql);
if ($num['password'] == $pass)) {
$_SESSION['user'] = $num['user_id'];
header ("Location: home.php");
}
else {
echo "Cannot login";
}
}
Any hints ? Thank you
session_start();
include_once'dbconnect.php';
if (isset($_SESSION['user']) != "") {
header ("Location: home.php");
}
if (isset($_POST['login'])) {
$email = mysql_real_escape_string($_POST['email']);
$pass = mysql_real_escape_string($_POST['pass']);
$sql = mysql_query("SELECT * FROM users WHERE email='".$email."'");
$num = mysql_fetch_assoc($sql);
if(count($num)>0){
if ($num['password'] == $pass)) {
$_SESSION['user'] = $num['user_id'];
header ("Location: home.php");
}
else {
echo "Cannot login";
}
}else{
echo "Cannot login, email id not found";
}
}
Make sure you are getting password from the data base.
1.I think Your password encrypted in db.
2.Check it out it may be md5,sha etc.
3.If yes. Change Like this
if ($num['password'] == md5($pass)){
.
.
.
.
}
Hope It Helps..
Hello guys I am trying to make a simple log-in system for a school project, I got it to work when I didn't implement the database. But as you can see now that I tried to implement the database it don't work so well since I can't make the PHP tags at the start and end of the echo's, anyway anyone who can help me out?
As I said it worked when I just wrote a random username and password, and didn't have any database thing on it.
<?php
session_start();
include('../inc/dbconnection_inc.php');
$result=mysqli_query($dbconnection, 'SELECT * FROM users');
$row=mysqli_fetch_array($result);
$p=$_POST['password'];
$u=$_POST['username'];
if ($u==echo $row["username"] AND $p==echo $row["password"]);
{
$_SESSION['username'] = echo $row["username"];
header("Location: admin.php");
}
else
{
header("Location: ../index.php");
}
I am not sure that you need echo there. According to the manual, echo returns nothing.
Try removing all echo's from the code, like
...
if ($u === $row["username"] && $p === $row["password"])
{
$_SESSION['username'] = $row["username"];
header("Location: admin.php");
}
(also I usually use && instead of AND, that also could be the cause)
Besides your code will check only first fetched row (I think you're aware of that?)
$p=$_POST['password'];
$u=$_POST['username'];
$query = 'SELECT * FROM users WHERE username = ?';
if($result=mysqli_query($dbconnection, $query)){
mysqli_stmt_bind_param($result, "s", $u);
mysqli_stmt_execute($result);
$row=mysqli_fetch_array($result);
if ($u == $row["username"] && $p == $row["password"]);
{
$_SESSION['username'] = echo $row["username"];
header("Location: admin.php");
}
else
{
header("Location: ../index.php");
}
}else{
//fail
}
Remove the echo
Select a specific user by adding a Where Clasuse
Prepare your statment