I know there are questions similar to this but their answers doesn't solve my problem.
My php is running without errors (at least not from the navigator), it even returns me the custom url I set at the end of my script ?register=success but it doesn't send the data to my database(local).
I really don't know what section of my code I should let here because, as I said at the begining, there are not errors from php in the navigator, so I just put all my main php (register.php).
<?php
if (isset($_POST["submit"])){
include_once "dbh_inc.php";
$first = mysqli_real_escape_string($conn, $_POST["first"]);
$last = mysqli_real_escape_string($conn, $_POST["last"]);
$nickname = mysqli_real_escape_string($conn, $_POST["nickname"]);
$password = mysqli_real_escape_string($conn, $_POST["password"]);
$email = mysqli_real_escape_string($conn, $_POST["email"]);
//Birthdate
$birthDay = mysqli_real_escape_string($conn, $_POST["birth-day"]);
$birthMonth = mysqli_real_escape_string($conn, $_POST["birth-month"]);
$birthAge = mysqli_real_escape_string($conn, $_POST["birth-age"]);
$birthDate = $birthDay."-".$birthMonth."-".$birthAge;
$speciality = mysqli_real_escape_string($conn, $_POST["speciality"]);
$gender = mysqli_real_escape_string($conn, $_POST["gender"]);
//Error handlers
//Check for empty fields
if (empty($first) || empty($last) || empty($email) || empty($last) || empty($last) || empty($last)) {
header("Location: ../register.php?register=empty");
exit();
}else{
//Check if input characters are valid
if(!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)){
header("Location: ../register.php?register=invalid");
exit();
}else{
//Check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../register.php?register=email");
exit();
}else{
//Check if birthdate is valid
if (!checkdate ($birthMonth , $birthDay, $birthAge)) {
header("Location: ../register.php?register=date");
exit();
}else{
//Check if user exists
$sql = "SELECT * FROM users WHERE user_nickname='$nickname'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
//Entering to the database to check if username exists
if ($resultCheck > 0) {
header("Location: ../register.php?register=usertaked");
exit();
}else{
//Hashing the password
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
//Insert user registration data into the database
$sql = "INSERT INTO users (user_first, user_last, user_nickname, user_password, user_email, user_birth_date, user_speciality, user_gender) VALUES ('$first', '$last', '$nickname', '$password', '$email', '$birthDate', '$speciality', '$gender')";
mysqli_query($conn, $sql);
header("Location: ../register.php?register=success");
exit();
}
}
}
}
}
}else{
header("Location: ../register.php");
exit();
}
And this is the php where I do the connection with the database (dbh_inc.php):
<?php
$dbServername = "localhost";//because there's running a local server
$dbUsername = "root";
$dbPassword = "";
$dbName = "login_system";
$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword, $dbName) or die ("Conexion fallida");
Related
I just started off with PHP and attempted to make a simple login and sign-up page. The sign-up module works perfectly with the records being successfully being inserted into the database. But, whenever I try to log in, it always throws me a wrong password/username combination.
I am really new to web development so I am not looking for advice on SQL injections and other security-related issues. Could someone just tell me how I could make this work using PHP and MySQL only.
I am using the XAMPP server with phpMyAdmin.
Here is my Config.php file which I use to validate the data I accept through the forms.
<?php
session_start();
//variable declaration
$email = "";
$name = "";
$batch = "";
$password = "";
$errors = array();
$_SESSION['success'] = "";
//connect to database
$conn = mysqli_connect('localhost', 'root', '', 'timetable');
//Register User
if(isset($_POST['reg_user']))
{
$email = mysqli_real_escape_string($conn, $_POST['email']);
$name = mysqli_real_escape_string($conn, $_POST['name']);
$batch = mysqli_real_escape_string($conn, $_POST['batch']);
$password_1 = mysqli_real_escape_string($conn, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($conn, $_POST['password_2']);
//form validation
if($batch != 2016 || $batch != 2017 || batch != 2018 || batch != 2019)
{
array_push($errors, "Batch should be one of 2016/2017/2018/2019.");
}
if($password_1 != $password_2)
{
array_push($errors, "The two passwords do not match.");
}
if(count($errors) == 0)
{
$password = hash('sha512', $password);
$query = "INSERT INTO chairperson(email, name, batch, password)
VALUES('$email', '$name', '$batch', '$password')";
mysqli_query($conn, $query);
$_SESSION['email'] = $email;
$_SESSION['success'] = "You are now logged in.";
header('location: index.php');
}
}
//Login user
if(isset($_POST['login_user']))
{
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
if(count($errors) == 0)
{
$password = hash('sha512', $password);
$query = "SELECT * FROM chairperson WHERE email='$email' AND password='$password'";
$results = mysqli_query($conn, $query);
if(mysqli_num_rows($results) == 1)
{
$_SESSION['success'] = "You are now logged in.";
$_SESSION['email'] = $email;
header('location: index.php');
}
else
{
array_push($errors, "Wrong username/password combination.");
}
}
}
?>
<?php
session_start();
//variable declaration
$email = "";
$name = "";
$batch = "";
$password = "";
$errors = array();
$_SESSION['success'] = "";
//connect to database
$conn = mysqli_connect('localhost', 'root', '', 'timetable');
//Register User
if(isset($_POST['reg_user']))
{
$email = mysqli_real_escape_string($conn, $_POST['email']);
$name = mysqli_real_escape_string($conn, $_POST['name']);
$batch = mysqli_real_escape_string($conn, $_POST['batch']);
$password_1 = mysqli_real_escape_string($conn, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($conn, $_POST['password_2']);
//form validation
if(($batch != 2016) && ($batch != 2017) && ($batch != 2018) && ($batch != 2019))
{
array_push($errors, "Batch should be one of 2016/2017/2018/2019.");
}
if($password_1 != $password_2)
{
array_push($errors, "The two passwords do not match.");
}
if(count($errors) == 0)
{
$password = password_hash($password,PASSWORD_BCRYPT);
$query = "INSERT INTO chairperson(email, name, batch, password)
VALUES('$email', '$name', '$batch', '$password')";
mysqli_query($conn, $query);
$_SESSION['email'] = $email;
$_SESSION['success'] = "You are now logged in.";
header('location: index.php');
}
}
//Login user
if(isset($_POST['login_user']))
{
$email = mysqli_real_escape_string($conn, $_POST['email']);
$password = mysqli_real_escape_string($conn, $_POST['password']);
if(count($errors) == 0)
{
$query = "SELECT * FROM chairperson WHERE email='$email' ";
$results = mysqli_query($conn, $query);
if(mysqli_num_rows($results) == 1)
{
$row=mysqli_fetch_assoc($results);
if(password_verify($password, $row['password']))
{
$_SESSION['success'] = "You are now logged in.";
$_SESSION['email'] = $email;
header('location: index.php');
}
else
{
array_push($errors, "Wrong username/password combination.");
}
}
else
{
array_push($errors, "Wrong username/password combination.");
}
}
}
?>
i have a problem with my website. it should get a Login/Sign Up website. If i type in my First and Last name, password and so, i click on submit and 404 Object not Found Appears. The Files are in the correct directory... btw, im not using a htaccess file yet so u dont need to ask for it.
sry for my basic english :)
`
if (isset($POST_['submit']))
include_once 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//error handler
//Check for empty fields
if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
header("Location: ../signup.php?signup=empty")
exit();
} else {
//Check if inputs are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $first) ) {
header("Location: ../signup.php?signup=invalid")
exit();
} else {
//check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email")
exit();
} else {
$sql = "SELECT * FROM users WHERE user_id='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($results);
if ($resultCheck > 0) {
header("Location: ../signup.php?signup=usernametaken")
exit();
} else {
//hashing passwords
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//Insert the user into DB
$sql = "INSER INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first', '$
last', '$email', '$uid', '$hashedPwd');";
$result = mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=succes")
exit();
}
}
}
} else {
header("Location: ../signup.php")
exit();
}`
As far as I know you can't use '..' notation in header('location:'). Browsers don't understand '..' notation.
You should use either a fully qualified URL or a relative URL:
header('Location: http://example.com/your-subdirectories/signup.php') ;
header('Location: /your-subdirectories/signup.php') ;
This question has already been answered on Stack Overflow
<?php
require_once("db_credentials.php");
$conn = mysqli_connect("localhost", "root", "isdc3333", "collab_schema");
if (isset($_POST["submit"])) {
$first = mysqli_real_escape_string($conn, $_POST["first"]);
$last = mysqli_real_escape_string($conn, $_POST["last"]);
$email = mysqli_real_escape_string($conn, $_POST["email"]);
$uid = mysqli_real_escape_string($conn, $_POST["uid"]);
$pwd = mysqli_real_escape_string($conn, $_POST["pwd"]);
if (empty($first) or empty($last) or empty($email) or empty($uid) or
empty($pwd)) {
header("Location: signup.php?signup=empty");
exit();
} else {
if (!preg_match("/^[a-zA-Z]*$/", $first) or !preg_match("/^[a-zA-
Z]*$/", $last)) {
header("Location: signup.php?signup=invalid");
exit();
} else {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: signup.php");
exit();
} else {
$sql = "SELECT * FROM users WHERE uid='$uid'";
$result = mysqli_query($conn, $sql);
$queryResults = mysqli_num_rows($result);
if ($queryResults > 0) {
header("Location: signup.php?signup=usertaken");
exit();
} else {
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
$sql = "INSERT INTO collab_schema.users (first, last, email, uid,
pwd) VALUES ('$first', '$last', '$email', '$uid',
'$hashedPwd');";
$result = mysqli_query($conn, $sql);
header("Location: signup.php?signup=success");
exit();
}
}
}
}
} else {
header("Location: signup.php");
exit();
echo "Redirecting...";
}
?>
The last sql query won't work, can you list the errors?
Doesn't look like the code is working, but everyone says it fine.
I'm just putting more text because stack overflow says to put more details even when I don't want too :^)
I am trying to send data to my database but nothing is sent. nor it is showing any connectivity error. nor any error in PHP code.
I have made two files one common connectivity file for db dbh.inc.php
which I have called in the main php file.
DATABASE CONNECTIVITY :
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "admin";
$dbName = "musicianshub";
$conn = mysqli_connect ($dbServername, $dbUsername, $dbPassword,$dbName);
PHP code:
<?php
if (isset($_POST['submit'])) {
include 'dbh.inc.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$phone = mysqli_real_escape_string($conn, $_POST['phone']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
if (empty($first) || empty($last) || empty($email) || empty($phone) ||
empty($pwd)) {
header("Location: ../signup.php?signup=empty");
exit();
}
else {
if (!preg_match("/^[a-zA-Z]*$/", $fist) || !preg_match("/^[a-zA-
Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
}
else {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
}
else {
$sql = "SELECT * FROM users WHERE user_phone='$user_phone'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header("Location: ../signup.php?signup=phonetaken");
exit();
}
else {
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
$sql = "INSERT INTO users (user_first, user_last,
user_email, user_phone, user_pwd) VALUES ('$first',
'$last', '$email', '$phone', '$hashedPwd');";
mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
}
else {
header("Location: ../signup.php");
exit();
}
can anyone have any idea about it.
Thank you.
I have followed this tutorial https://www.youtube.com/watch?v=xb8aad4MRx8&t=225s on creating a login system and signup form on a website. I created it on my localhost and it worked perfectly. I have since tried to upload it to my website I have created a database on my server and changed the php code however no data is being entered into the database. My hosting service is 1and1 and below is the code for the code to link the database in php. Password has been changed
<?php
$host_name = 'db706265806.db.1and1.com';
$database = 'db706265806';
$user_name = 'dbo706265806';
$password = 'PASSWORD';
$conn = mysqli_connect($host_name, $user_name, $password, $database);
And this is the code for the signup form
<?php
if (isset($_POST['submit'])) {
include_once 'dbh-inc.php';
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//error handers
//check for empty fields
if (empty($first) || empty($last) || empty($email) || empty($uid) || empty($pwd)) {
header("Location: ../signup.php?signup=empty");
exit();
} else{
//check if input char are valid
if (!preg_match("/^[a-zA-Z]*$/", $first) || !preg_match("/^[a-zA-Z]*$/", $last)) {
header("Location: ../signup.php?signup=invalid");
exit();
}
else {
//check if email is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?signup=email");
exit();
} else{
$sql = "SELECT * FROM users WHERE user_uid='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
header("Location: ../signup.php?signup=usernametaken");
exit();
} else{
//hashing the password
$hashedPwd = password_hash($pwd, PASSWORD_DEFAULT);
//insert the user into db
$sql = "INSERT INTO users (user_first, user_last, user_email, user_uid, user_pwd) VALUES ('$first', '$last', '$email', '$uid', '$hashedPwd');";
$result = mysqli_query($conn, $sql);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
} else{
header("Location: ../signup.php");
exit();
}
Any help for why the data isnt being entered would be appreciated