I am trying to implement this flow:
User signs up with email address
User receives email with validation link
User follows link to a page asking to set a password
User sets password
Here's the code I have so far:
$email = $_GET['email'];
$verification_code = $_GET['verification_code'];
$validation_message = "";
$self = htmlspecialchars($_SERVER["PHP_SELF"]);
if(isset($_POST['submit'])) {
if ($_POST['password'] == "") {
$validation_message = "Please enter a password";
echo "<form id='verify-email-form' action='$self' method='post'><h1 id='set-password-input' class='h1-splash h1-password'>Choose a password</h1><input type='hidden' name='email' value='$email'><input type='hidden' name='verification_code' value='$verification_code'><input type='password' name='password' class='text-input' placeholder='Password'><button type='submit' name='submit' id='submit-input-splash'>Go!</button></form><p id='validation-message'>$validation_message</p>";
}
else {
echo $_POST['email'];
echo $_POST['password'];
}
}
else {
require 'connect.php';
$sql = "SELECT * FROM users WHERE email='$email' AND verification_code='$verification_code' AND active='0'";
$result = $con->query($sql);
if ($result->num_rows > 0) {
echo "<form id='verify-email-form' action='$self' method='post'><h1 id='set-password-input' class='h1-splash h1-password'>Choose a password</h1><input type='hidden' name='email' value='$email'><input type='password' name='password' class='text-input' placeholder='Password'><button type='submit' name='submit' id='submit-input-splash'>Go!</button></form><p id='validation-message'>$validation_message</p>";
}
else {
echo "Invalid activation code.";
}
}
?>
The URL is in this format: www.example.com/activate.php?email=name#example.com+verification_code=1234567890
I'm tripping up at the eventuality that a user presses submit without typing anything in the password field. It reloads the page to activate.php but without the variables in the URL, so the email address can't be submitted if the user then does type a password.
Is there a workaround for this, or a better way of structuring it?
You are sending those variables as POST and trying to read them as GET: $_GET['verification_code'];
Just change the form method to GET or read the variables as POST.
Related
I'm a novice at mysql having trouble with inserting fields. I have created a login form and a homepage form for users to enter personal details. The login form submitted to mysql database fine, but the personal details form refused to submit; only when I specified the same fields as the first form did the form submit. Obviously, I would like to add new data in the second form, and I would appreciate tips on organizing my database, which consists of a single table profile.It stores info on every user including fields: id,username,password,avatar,location,goal, etc.
Appreciate your help & patience. I will combine the info from the two forms into a user record eventually. Right now, though, I would like to know why no new entry is created or error message displayed even though my error display is turned on.
EDIT:: sorry for not including whole code
loginform.php (works fine)
<?php
require("connect.php");
session_start();
$query = "SELECT * FROM `profile`";
if ($query_run=mysqli_query($cnn,$query))
{
echo "
<h1>Sign up for Runners World</h1>
<form action='' method='post'>
Username: <input type='text' name='username'><br>
Email: <input type='text' name='email'><br>
Password: <input type='text' name='pw'><br>
<input type='submit' name='submit' value='submit'>
</form>
";
}
else {
die("<br>could not connect to table");
}
?>
<?php
if (isset($_POST['submit']))//if you submitted the form
{
$username = $_POST['username'];
$password = $_POST['pw'];
$email = $_POST['email'];
if ($username and $password and $email)
{
$addLogin = "INSERT INTO profile (username,email,password) VALUES ('$username','$email','$password')";
$success = $cnn->query($addLogin);
if ($success)
{
$_SESSION['name']="$username";
echo("<script>location.href = 'homePage.php';</script>");
}
else
{
die("login data failed to reach database");
}
}
else {echo "please fill out all the fields";}
}
else {
$submit=null;
echo 'no form submitted';
}
?>
addDetails.php (not submitting)
<?php
session_start();
error_reporting(E_ALL);
ini_set("display_errors",1);
require("connect.php");
require("login.php");
echo "<h1>Welcome ".$_SESSION['name']."</h1>";
echo "<form action='' method='post'>
Avatar: <input type='text' name='avatar'><br>
Location: <input type='text' name='location'><br>
Descripiton: <input type='text' name='about'><br>
Daily Goal: <input type='text' name='goal'><br>
<input type='submit' value='submit' name='submit'>
</form>
";
$avatar = $_POST['avatar'];
$location = $_POST['location'];
$goal = $_POST['goal'];
$about = $_POST['about'];
if (isset($_POST['submit']))
{
$sql = "INSERT INTO profile (avatar,location,goal) VALUES ('$avatar','$location','$goal')";
if ($cnn->query($sql)===TRUE)
{echo "you have inserted profile fields";}
else
{echo "sqlQuery failed to insert fields";}
}
?>
If you want to add data to a row that already exists, look up the UPDATE command in SQL
You should change the Sql statement in 'addDetails.php' to:
UPDATE profile
SET avatar={$avatar}, location={$location}, goal={$goal}
WHERE id={$id}
By the way you should never ever use this statement in your production, it is not safe, you should keep in mind to prevent Sql injection.
I am learning PHP, and I'm busy with this tutorial over here:
https://www.youtube.com/watch?v=kebwxI1Bw88
I did everything according to the video and went over it 3 times, but my script isn't working... and I was wondering if anyone can help me figure out why? My code seems to be exactly like the guy's code on the video.
The video is about creating the login functionality for a forum. What happens with my script is.... It does what it's supposed to when I type in the WRONG user/pass combination (showing the message that it's supposed to show). But, when I type in the RIGHT user/pass combination... The file redirects to the index like it's supposed to... but it's still displaying the login form and not showing the "You are logged in as _ " message.
My Login Form on the index page:
if (!isset($_SESSION['uid'])) {
echo "<form action='login_parse.php' method='post'>
Username: <input type='text' name='username' />
Password: <input type='password' name='password' />
<input type='submit' name='submit' value='Log In'>
";
} else {
echo "<p>You are logged in as ".$_SESSION['username']." $bull; <a href='logout_parse.php'>Logout</a>";
}
My login_parse.php file:
session_start();
include_once("connect.php");
if (isset($_POST['username'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username='".$username."' AND password='".$password."' LIMIT 1";
$res = mysql_query($sql) or die (mysql_error());
if (mysql_num_rows($res) == 1) {
$row = mysql_fetch_assoc($res);
$_SESSION['uid'] = $row['id'];
$_SESSION['username'] = $row['username'];
header("Location: index.php");
exit ();
} else {
echo "Invalid login information. Please return to the previous page. ";
exit ();
}
}
Check if $_SESSION['uid'] has a value.
print_r($_SESSION);
to see all the values
Below is my code for register.php on my website. This code allows the user to register for my website, creating a MySQL entry for username, email, password, etc. on clicking the submit button.
The button is named "reg" and uses a $_POST. Upon clicking the submit button the PHP code runs through multiple if statements to ensure the information the user entered is valid and does not preexist.
If a user exists, or an error is made in submission it sets PHP variable $errormessage and is supposed to echo it out. Right now, my SUBMIT button does not act like it is being pressed. No error messages, no SQL row is inserted, nothing.
<?php
if( $_POST['reg']){
/* Make sure values are correct and valid */
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['password'];
$getrepass = $_POST['retypepassword'];
/* Check to see if username entererd */
if($getuser){
/* Check to see if email entererd */
if($getemail){
/* Check to see if password entererd */
if($getpass){
/* Check to see if retyped password entererd */
if($getrepass){
/* Check to see if passwords are the EXACT same */
if($getpass === $getrepass){
/* Check to see if VALID email is entered */
if( (strlen($getemail) >= 7) &&
(strstr($getemail, "#")) &&
(strstr($getemail, ".")) ){
/* Email is valid mysql query */
require ("./connect.php");
$query = mysql_query("SELECT * FROM users WHERE username ='$getuser'");
/* If mysql returns zero, the user does not exist. */
$numrows = mysql_num_rows($query);
/* Check if email exists */
if($numrows == 0) {
$query = mysql_query("SELECT * FROM users WHERE email ='$getemail'");
$numrows = mysql_num_rows($query);
if($numrows == 0){
$date = date("F d, Y");
$code = md5(rand());
mysql_query("INSERT INTO users VALUES ('', '$getuser', '$getpass', '$getemail', '0', '$code', '$date')");
$query = mysql_query ("SELECT ALL * FROM users WHERE username = '$getuser'");
$numrows = mysql_num_rows($query);
/* Check to make user was generated */
if($numrows == 1){
$site = "http://www.midnightnachos.com/gs";
$webmaster = "universitydb#gmail.com";
$headers = "From: $webmaster";
$subject = "Activate Your Account";
$message = "Thanks for registering. Click the link below to activate your account.\n";
$message .= "$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account to login.";
if (mail($getemail, $subject, $message, $headers)){
$errormessage = "You have been registered. You must activate your account from the activation link sent to your email.";
echo $form;
$getuser = "";
$getpass = "";
}
else
echo "An error has occured. Your activation email was not sent.";
}
else
$errormessage = "An error has occurred. Account not created.";
}
else
$errormessage = "Email address already in use.";
}
else
$errormessage = "Username already exists.";
mysql_close;
}
else
$errormessage = "You did not enter a valid email.";
}
else
$errormessage = "Your passwords did not match.";
}
else
$errormessage = "You must retype your password.";
}
else
$errormessage = "You must enter your password.";
}
else
$errormessage = "You must enter an email to register.";
}
else
$errormessage = "You must enter a username to register.";
echo $form;
}
$form = "
<div class='splash'>
<h1>Register for Game Swap</h1>
<p>Register for Game Swap to browse what games other local
users have added to their library. Propose trades,
chat, and meet to swap games. Your email address
will only be used to notify you when someone has
sent a trade offer. No newsletters, advertisements or
updates will be sent by us. We will also never sell
your contact information to third parties.</p>
<br />
<p align='center'>Fill out the form below to get started</p>
<br />
<form align='center' action='./register.php' method='POST'>
<input type='text' name='user' value='$getuser' class='box' size='30' placeholder='Username' /><br />
<input type='password' name='password' class='box' size='30' placeholder='Password' /><br />
<input type='password' name='retypepassword' class='box' size='30' placeholder='Retype Password' /><br />
<input type='text' name ='email' value='$getemail' class='box' size='30' placeholder='Email Address' /><br />
<input type='button' name='reg' class='loginbutton' value='Register' /><br />
</form>
</div>
<br/> $errormessage";
echo $form;
?>
</body>
</html>
I think you mixed up the button's type attribute, i.e. it's not button, but submit.
So, I guess you have a normal text input field, but your CSS is cheating your eyes. Try writing into it :)
To submit forms via buttons you can use:
<input type="submit" name="reg" value="Register!"/>
<button name="reg" value="1-or-anything">Register!</button>
And as for a possible different way of coding (getting all the validation errors at once):
$error_list = array();
if ($condition1) $error_list[] = 'My Error message 1';
if ($condition2) $error_list[] = 'My Error message 2';
if ($condition3) $error_list[] = 'My Error message 3';
...
if (empty($error_list)) the_fun_part();
else {
foreach($error_list as $msg)
echo "{$msg}<br/>";
}
I created a PHP script that allows a user on my website to change their password once registered, but am getting an error when I try to open it on the site. I believe it is due to a syntax error on my part but I can't seem to spot it. Can someone take a look and see what you can find? Here is the script:
<?php
session_start();
$user = $_SESSION['username'];
if ($user)
{
//user is logged in
if ($_POST['submit'])
{
//start changing password
//check fields
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check password against db
include('connection.php');
$queryget = mysql_query("SELECT password FROM Users WHERE username='$user'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];
//check passwords
if ($oldpassword==$oldpassworddb)
{
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db
$querychange = mysql_query("UPDATE Users SET password='$newpassword' WHERE username='$user'");
session_destroy();
die("Your password has been changed. <a href='homepage.php'> Return</a>");
}
else
die("Old password doesn't match!");
}
else
echo"
<form action='changepassword.php' method='POST'>
Old Password: <input type='text' name='oldpassword'><p>
New Password: <input type='password' name='newpassword'><p>
Repeat New Password: <input type='password' name='repeatnewpassword'><p>
<input type='submit' name ='submit' value='submit'>
</form>
";
}
else
die ("You must be logged in to change your password");
}
?>
The error I am getting is as follows:
Notice: Undefined index: submit in /var/www/localhost/htdocs/changepassword.php on line 11
You must be logged in to change your password.
Thanks in advance for your help.
Well first you should notice that mysql is deprecated, use mysqli or PDO instead More info or like NullPointer has pointed More Good Info :)
change the end of your code like this to get the right results that you want for fail:
}else
die ("Nothing came from the $_POST variable");
}else
die ("You must be logged in to change your password");
The error that your getting is maybe because your $_POST variable isn't set, use isset() to check if $_POST was set.example:
if (isset($_POST['submit']))
{
//submit post was set
}else
{
//submit post wasn´t set
}
If you still not getting any value, check your form.
UPDATE:
to see the actual form you must end the isset before the form your code stays like this:
<?php
session_start();
$user = $_SESSION['username'];
if (isset($_SESSION['username']))
{
//user is logged in
if (isset($_POST['submit']))
{
//start changing password
//check fields
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check password against db
include('connection.php');
$queryget = mysql_query("SELECT password FROM Users WHERE username='$user'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];
//check passwords
if ($oldpassword==$oldpassworddb)
{
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db
$querychange = mysql_query("UPDATE Users SET password='$newpassword' WHERE username='$user'");
session_destroy();
die("Your password has been changed. <a href='homepage.php'> Return</a>");
}
else
die("New password doesn't match!");
}else
die("Old password doesn't match!");
}
else
{
echo"
<form action='changepassword.php' method='POST'>
Old Password: <input type='text' name='oldpassword'><p>
New Password: <input type='password' name='newpassword'><p>
Repeat New Password: <input type='password' name='repeatnewpassword'><p>
<input type='submit' name ='submit' value='submit'>
</form>
";
}
}else
die ("You must be logged in to change your password");
?>
But you wont see it until your logged in. Your second problem is that your $user variable seems to dont have any value. after trying the above code if it wont work.
put this line after
$user = $_SESSION['username'];
echo 'Here it shold show the user: '.$user.'';
if it wont show up your not passing the session value right.
One more thing, if your form is pointing to same page, thats what it looks like change your line to this line:
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"], ENT_QUOTES, "utf-8");?>" method='POST'>
Your input html form has an extra space in it
<input type='submit' name ='submit' value='submit'>
Change it to
<input type='submit' name='submit' value='submit'>
You should also make sure
if (isset($_POST['submit']))
I found this good tutorial on creating a login/register system using PhP and MySQL.
The forum is around 5 years old (edited last year) but it can still be usefull.
Beginner Simple Register-Login system
There seems to be an issue with both login and register pages.
<?php
function register_form(){
$date = date('D, M, Y');
echo "<form action='?act=register' method='post'>"
."Username: <input type='text' name='username' size='30'><br>"
."Password: <input type='password' name='password' size='30'><br>"
."Confirm your password: <input type='password' name='password_conf' size='30'><br>"
."Email: <input type='text' name='email' size='30'><br>"
."<input type='hidden' name='date' value='$date'>"
."<input type='submit' value='Register'>"
."</form>";
}
function register(){
$connect = mysql_connect("host", "username", "password");
if(!$connect){
die(mysql_error());
}
$select_db = mysql_select_db("database", $connect);
if(!$select_db){
die(mysql_error());
}
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$pass_conf = $_REQUEST['password_conf'];
$email = $_REQUEST['email'];
$date = $_REQUEST['date'];
if(empty($username)){
die("Please enter your username!<br>");
}
if(empty($password)){
die("Please enter your password!<br>");
}
if(empty($pass_conf)){
die("Please confirm your password!<br>");
}
if(empty($email)){
die("Please enter your email!");
}
$user_check = mysql_query("SELECT username FROM users WHERE username='$username'");
$do_user_check = mysql_num_rows($user_check);
$email_check = mysql_query("SELECT email FROM users WHERE email='$email'");
$do_email_check = mysql_num_rows($email_check);
if($do_user_check > 0){
die("Username is already in use!<br>");
}
if($do_email_check > 0){
die("Email is already in use!");
}
if($password != $pass_conf){
die("Passwords don't match!");
}
$insert = mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')");
if(!$insert){
die("There's little problem: ".mysql_error());
}
echo $username.", you are now registered. Thank you!<br><a href=login.php>Login</a> | <a href=index.php>Index</a>";
}
switch($act){
default;
register_form();
break;
case "register";
register();
break;
}
?>
Once pressed the register button the page does nothing, fields are erased and no data is added inside the database or error given.
I tought that the problem might be the switch($act){ part so I removed it and changed the page using a require
require('connect.php');
where connect.php is
<?php
mysql_connect("localhost","host","password");
mysql_select_db("database");
?>
Removed the function register_form(){ and echo part turning it into an HTML code:
<form action='register' method='post'>
Username: <input type='text' name='username' size='30'><br>
Password: <input type='password' name='password' size='30'><br>
Confirm your password: <input type='password' name='password_conf' size='30'><br>
Email: <input type='text' name='email' size='30'><br>
<input type='hidden' name='date' value='$date'>
<input type='submit' name="register" value='Register'>
</form>
And instead of having a function register(){ I replaced it with a if($register){
So when the Register button is pressed it runs the php code, but this edit doesn't seem to work either. So what can the problem be? If needed I can re-add this code on my Domain
The login page has the same issue, nothing happens when the button is pressed beside emptying the fields.
Did you echo the $_REQUEST data and checked if they are being grabbed correctly?
<?php
if (!isset($_POST))
register_form();
else
register();
Change switch part with the code above.
Nevermind guys I found a different tutorial with video demonstration. Works like a charm.
My Page
Added the Login/Register system.
Tutorial if anyone needs it. Thanks for answering tho I appreciate it and will +1 them.