I have a problem connecting any php pages to MySQL, I'm new to php, I tried everything I could find online but none of them worked. I tried downloading a php form and made a database for this page but it still doesn't add anything to the database.
<html>
<link href="//db.onlinewebfonts.com/c/a4e256ed67403c6ad5d43937ed48a77b?family=Core+Sans+N+W01+35+Light" rel="stylesheet" type="text/css"/>
<link rel="stylesheet" href="form.css" type="text/css">
<div class="body-content">
<div class="module">
<h1>Create an account</h1>
<?php
session_start();
$_SESSION['message'] = '';
$mysqli = new mysqli("127.0.0.1", "root", "", "accounts_complete");
//the form has been submitted with post
if ($_SERVER["REQUEST_METHOD"] == "POST") {
//two passwords are equal to each other
if ($_POST['password'] == $_POST['confirmpassword']) {
//set all the post variables
$username = $mysqli_real_escape_string($_POST['username']);
$email = $mysqli_real_escape_string($_POST['email']);
$password = md5($_POST['password']); //md5 has password for security
$avatar_path = $mysqli_real_escape_string('images/'.$_FILES['avatar']['name']);
//make sure the file type is image
if (preg_match("!image!",$_FILES['avatar']['type'])) {
//copy image to images/ folder
if (copy($_FILES['avatar']['tmp_name'], $avatar_path)){
//set session variables
$_SESSION['username'] = $username;
$_SESSION['avatar'] = $avatar_path;
//insert user data into database
$sql = "INSERT INTO users (username, email, password, avatar) "
. "VALUES ('$username', '$email', '$password', '$avatar_path')";
//if the query is successsful, redirect to welcome.php page, done!
if ($mysqli_query($sql) === true){
$_SESSION['message'] = "Registration succesful! Added $username to the database!";
header("location: welcome.php");
}
else {
$_SESSION['message'] = 'User could not be added to the database!';
}
$mysqli_close();
}
else {
$_SESSION['message'] = 'File upload failed!';
}
}
else {
$_SESSION['message'] = 'Please only upload GIF, JPG or PNG images!';
}
}
else {
$_SESSION['message'] = 'Two passwords do not match!';
}
}
?>
<form class="form" action="form.php" method="post" enctype="multipart/form-data" autocomplete="off">
<div class="alert alert-error"><?= $_SESSION['message'] ?></div>
<input type="text" placeholder="User Name" name="username" required />
<input type="email" placeholder="Email" name="email" required />
<input type="password" placeholder="Password" name="password" autocomplete="new-password" required />
<input type="password" placeholder="Confirm Password" name="confirmpassword" autocomplete="new-password" required />
<div class="avatar"><label>Select your avatar: </label><input type="file" name="avatar" accept="image/*" required /></div>
<input type="submit" value="Register" name="register" class="btn btn-block btn-primary" />
</form>
</div>
</div>
</html>
The password is empty because there isn't any password.
Can you help me? Thanks in advance.
Actually there are many mistakes, but base on question about database :
All mysqli_ syntax is a function, not a variable. So you just need remove any initial $ at mysqli_ syntax.
At mysqli, you need to pass connection variable to first parameter of mysqli_ function.
Example:
Before: $mysqli_query($sql);
After: mysqli_query($mysqli, $sql)
AND
Before: $mysqli_close();
After: mysqli_close($mysqli)
Related
I wrote a simple login page that is connected to a mySQL database. But even when I try to put in the correct login information, it still returns the "Incorrect username or password" error. I can't figure out if there is something wrong with my code itself, or my database. Any help would be greatly appreciated!
My database looks like this: https://gyazo.com/da06e276d981a35a3e2f01f5ec17f27b
I currently have 2 entries in that database for testing: https://gyazo.com/04a52dde61e77e0cbc2f90b78b3f40a9
My index.php code is as follows
<?php
include('login.php'); // Include Login Script
if ((isset($_SESSION['username']) != ''))
{
header('Location: home.php');
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>PHP Login Form with Session</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<h1>PHP Login Form with Session</h1>
<div class="loginBox">
<h3>Login Form</h3>
<br><br>
<form method="post" action="">
<label>Username:</label><br>
<input type="text" name="username" placeholder="username" /><br><br>
<label>Password:</label><br>
<input type="password" name="password" placeholder="password" /> <br><br>
<input type="submit" name="submit" value="Login" />
</form>
<div class="error"><?php echo $error;?></div>
</div>
</body>
</html>
My login.php code is as follows:
<?php
session_start();
include("connection.php"); //Establishing connection with our database
$error = ""; //Variable for storing our errors.
if(isset($_POST["submit"]))
{
if(empty($_POST["username"]) || empty($_POST["password"]))
{
$error = "Both fields are required.";
}else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
//Check username and password from database
$sql="SELECT uid FROM users WHERE username='$username' and password='$password'";
$result=mysqli_query($db,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
//If username and password exist in our database then create a session.
//Otherwise echo error.
if(mysqli_num_rows($result) == 1)
{
$_SESSION['username'] = $login_user; // Initializing Session
header("location: home.php"); // Redirecting To Other Page
}else
{
$error = "Incorrect username or password.";
}
}
}
?>
1- Saving in plain text is a NO.
2- As far as i can see you are comparing a plain text password with its md5.
You have also defined the same variable more than once, with different values, sth ive never seen before.
Well, I don't see where $login_user is assigned a value in your code in login.php page.
Try
$_SESSION['username'] = $username;
Also replace this with what you have at the top of your index.php page.
<?php
include('login.php'); // Include Login Script
if (isset($_SESSION['username'])){
header('Location: home.php');
}
else{}
?>
First of since you have your login script on another file in your project directory, shouldn't you specify the location to the script on your login form? Just like this
<form method="post" action="login.php">
<label>Username:</label><br>
<input type="text" name="username" placeholder="username" /><br><br>
<label>Password:</label><br>
<input type="password" name="password" placeholder="password" /> <br><br>
<input type="submit" name="submit" value="Login" />
</form>
I have 2 problems.
Basic story: I have created a SIMPLE registration and login system.
Problem1: If I try to register a new account then it says "user registration failed". At the moment it should say that because mysql can't get right information from forms. But problem is that I don't know why. Everything seems correct...
Problem2: If I try to login with existent account then it seems that browser is only refreshing the page and nothing else...
Registration with php code:
<?php
require ('insert.php');
// If values posted, insert into the database.
if (isset($_POST['username']) && isset($_POST['password'])){
$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
// nimi refers to name, it's correct
$query = "INSERT INTO `user` (nimi, email, username, password)
VALUES('$name', '$email', '$username', '$password')";
//POST retrieves the data.
$result = mysqli_query($connection, $query);
if($result){
$smsg = "User Created Successfully.";
} else {
$fmsg = "User Registration Failed";
}
}
mysqli_close($connection);
?>
<html>
...
<body>
...
<div>
<form method="POST" class="form-horizontal" role="form">
<!-- Status, how registering went -->
<?php if(isset($smsg)){ ?><div class="alert alert-success" role="alert"> <?php echo $smsg; ?> </div><?php } ?>
<?php if(isset($fmsg)){ ?><div class="alert alert-danger" role="alert"> <?php echo $fmsg; ?> </div><?php } ?>
<!-- Registration form starts -->
<h2>Form</h2><br>
<label for="Name"></label>
<input name="name" type="text" id="name" maxlength="40" placeholder="Ees- ja perenimi" class="form-control" autofocus> <!-- lopp -->
<label for="email"></label>
<input name="email" type="email" id="email" maxlength="65" placeholder="Email" class="form-control"> <!-- lopp -->
<label for="Username"></label>
<input name="username" type="text" id="userName" maxlength="12" placeholder="Kasutajatunnus/kasutajanimi" class="form-control" required> <!-- lopp -->
<label for="Password"></label>
<input name="password" type="password" id="password" maxlength="12" placeholder="Parool" class="form-control" required>
<button type="submit" class="btn btn-primary btn-block">Join</button>
</form> <!-- /form -->
</div> <!-- ./container -->
...
</body>
</html>
Login:
<?php
session_start();
require ('insert.php');
//Is username and password typed?
if (isset($_POST['username']) and isset($_POST['password'])){
//Making vars from inputs
$username = $_POST['username'];
$password = $_POST['password'];
//Checking existent of values.
$query = "SELECT * FROM `liikmed`
WHERE username='$username'
and password='$password'";
$result = mysqli_query($connection, $query)
or die(mysqli_error($connection));
$count = mysqli_num_rows($result);
//3.1.2 If values equal, create session.
if ($count == 1){
$_SESSION['username'] = $username;
} else {
//If credentials doesn't match.
$fmsg = "Invalid Login Credentials.";
}
}
//if user logged in, welcome with message
if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
echo "Hai " . $username . "";
echo "This is the Members Area";
echo "<a href='logout.php'>Logout</a>";
}else{}
?>
<html>
...
<body>
...
<div id="bg"></div>
<form method="POST" class="form-horizontal">
<h2>Login</h2><br>
<label for="User"></label>
<input name="username" type="text" maxlength="15" placeholder="Username" class="form-control" required autofocus>
<label for="Password"></label>
<input name="password" type="password" maxlength="50" placeholder="Password" class="form-control" required autofocus>
<button type="submit" class="btn btn-primary btn-block">Enter</button>
</form>
</div>
...
</body>
</html>
And finally php database connection file (called insert.php):
<?php
$connection=mysqli_connect("localhost","root","pw");
if (!$connection){
die("Database Connection Failed" . mysqli_error($connection));
}
$select_db = mysqli_select_db($connection, 'my_database');
if (!$select_db){
die("Database Selection Failed" . mysqli_error($connection));
}
?>
First of all in your login PHP code, you only started a session but you didn't tell the from where to direct to if login is successful. Add a header to the code. That is;
if ($count == 1){
$_SESSION['username'] = $username;
header("Location: page.php"); //the page you want it to go to
}
And your registration PHP code looks ok. Check your database table if you've misspelt anything there.
Your logic to set the $_SESSION['username'] requires that the username and password combination exists once in your database.
This might sound silly but can you confirm that this is the case (i.e. confirm that you have not created the same username and password combination).
Altering the logic to be > 1 would also get around this temporarily. So your code
if ($count == 1){
$_SESSION['username'] = $username;
}
should become
if ($count > 1){
$_SESSION['username'] = $username;
}
My code works perfect with correct data. But when is invalid value in field, it shows an error message with link on page register.php and when I click on this error, it redirects to register form, but there is empty form and all values must be inserted again. I want that valid values are displayed after error and invalid not.
Code:
<html>
<head>
<?php include 'connect.php'; ?>
<?php include 'functions.php'; ?>
<meta charset="UTF-8">
<title>TechnoLab-Registracija</title>
<link rel='stylesheet' href='style.css' type='text/css' />
<?php include 'header.php'; ?>
</head>
<body>
<div id="container">
<div id="left">
<?php include "kategorije.php";?>
</div>
<div id="right">
<?php include "loggedin.php";?>
</div>
<form method="post" id='registerform'>
<br/>
<?php
if(!empty($_POST['username']) && !empty($_POST['password']) )
{
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = md5(mysqli_real_escape_string($con, $_POST['password']));
$email = mysqli_real_escape_string($con, $_POST['email']);
$confirm_email = mysqli_real_escape_string($con, $_POST['confirm_email']);
$ime = mysqli_real_escape_string($con, ucfirst($_POST['ime']));
$prezime = mysqli_real_escape_string($con, ucfirst($_POST['prezime']));
$oib = mysqli_real_escape_string($con, $_POST['oib']);
$ulica = mysqli_real_escape_string($con, $_POST['ulica']);
$mjesto = mysqli_real_escape_string($con, $_POST['mjesto']);
$checkusername = mysqli_query($con, "SELECT * FROM korisnici WHERE Username = '".$username."' OR Oib = '".$oib."'");
if(mysqli_num_rows($checkusername) == 1)
{
echo " <p><a class='one' href=\"register.php\">Unesite drugo korisničko ime!</p>";
exit();
}
$checkusernamelenght = checkusernamelenght($username);
if(!$checkusernamelenght){
echo ' <p><a class="one" href="register.php">Korisničko ime minimalno 4 znaka i ne smije sadržavati razmake između slova!</a></p>';
exit();
}
if (preg_match("/^.*(?=.{6,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $_POST['password']) === 0){
echo ' <p><a class="one" href="register.php">Lozinka mora imati barem 6 znakova i sadržavati mala i velika slova te broj!</a></p>';
exit();
}
$checkemail = mysqli_query($con, "SELECT * FROM korisnici WHERE Email = '".$email."'");
if(mysqli_num_rows($checkemail) == 1)
{
echo " <p><a class='one' href=\"register.php\">Unesite drugu email adresu!</p>";
exit();
}
if ($confirm_email!=$email){
echo " <p><a class='one' href=\"register.php\">Vaše email adrese se ne podudaraju!</a></p>" ;
exit();
}
$validateEmail = validateEmail($email);
if(!$validateEmail){
echo " <p><a class='one' href=\"register.php\">Unesite ispravan format emaila!</a></p>";
exit();
}
$checkOib = checkOib($oib);
if(!$checkOib){
echo " <p><a class='one' href=\"register.php\">Unesite ispravan OIB !</p>";
exit();
}
else{
$registerquery = mysqli_query($con, "INSERT INTO korisnici VALUES('', '$username', '$password', '$email', '$confirm_email', '$ime', '$prezime', '$oib', '$ulica', '$mjesto', 'user')");
if($registerquery)
{
header('location: index');
}
}
}
else
{
?>
<br/>
<div id="reg">
<label for="username">Korisničko ime:</label><input type="text" name="username" required /><br />
<label for="password">Lozinka:</label><input type="password" name="password" maxlength="20" required /><br />
<label for="email">Email:</label><input type="text" name="email" required /><br />
<label for="confirm_email">Potvrdi email:</label><input type="text" name="confirm_email" required /><br />
<label for="ime">Ime:</label><input type="text" name="ime" required /><br />
<label for="prezime">Prezime:</label><input type="text" name="prezime" required /><br />
<label for="oib">OIB:</label><input type="text" name="oib" required /><br />
<label for="ulica">Ulica i kućni broj:</label><input type="text" name="ulica" required /><br />
<label for="mjesto">Mjesto i poštanski broj:</label><input type="text" name="mjesto" required /><br />
<br/>
<input type="submit" name="register" id="register" value="Registracija" />
</div>
</form>
<?php
}
?>
</div>
<?php include "footer.php";?>
</body>
</html>
Is it possible do that only with php or must be javascript or something else?
I've searched on forum and tried with this and similar code but it doesn't work.
<input type="text" name="login" value="<?php if(isset($_POST['login'])){ echo $_POST['login'];}?>">
I appreciate any help!
The $_POST['<value>'] doesn't work because of the redirect, it "drops" the $_POST data.
One way to achieve the desired functionality is to use $_SESSION when the form has been submitted you can store the values in the $_SESSION, or you might prefer to only store them if there's a error.)
You can store/save the values in $_SESSION like so:
$_SESSION['name'] = $_POST['name'];
And then simply check for the $_SESSION['<value>'] instead of the $_POST['<value>'].
<input type="text" name="login" value="<?php if(isset($_SESSION['login'])){ echo $_SESSION['login'];}?>">
You'd have to remember to start the session at the top of each page you want to use sessions on.
session_start();
One thing to be aware of is that you should unset the session values after you are done with them, so you avoid old data being reused.
There are plenty of ways you can use $_SESSION to achieve what you want so it's all about finding the way that suits you best.
You can read more about sessions here
best way is to create session array for complete data and if it is not empty show it in your fields. other method is to pass that post array back to your view when redirecting after invalid values.
hope you will understand.
If you just want the register.php script to fill the fields, simply send the needed info to this script:
$param = "?user=".urlencode($_POST['user']);
$param .= "&email=".urlencode($_POST['user']);
//...concat all needed param here
echo " <p><a class='one' href=\"register.php".$param."\">Unesite drugo korisničko ime!</p>";
Then in your register.php script, just read the $_GET['...'] values to populate your form. don't forget to urldecode() them.
Note: For obvious security reasons, DO NOT pass the password in the GET parameters (nor store it in a $_SESSION variable).
Hi i am new to PHP and i am trying to submit a registration form and it works fine but the problem is that when it gives some error like username already exists or password too short in an alert box and then it reloads the form page again and the user has to fill the whole form again i want the fields that are correct to remain unchanged
here is the form page code
<!DOCTYPE HTML>
<html>
<head>
<title>Details</title>
<link rel="stylesheet" type="text/css" href="reg.css">
</head>
<body id="body">
<div id="mmw"> <span> MAP MY WAY </span></div>
<form name="reg" id="reg" method="post" action="insert.php">
<h2>Kindly fill up your Information</h2>
<p>
<input name="username" required class="name" placeholder="Type Your User name" />
<input name="password" placeholder="Type Your Password" class="name" type="password" required />
<input name="first_name" required class="name" placeholder="Type Your First name" />
<input name="last_name" required class="name" placeholder="Type Your Last name" />
<input name="email" required class="email" placeholder="Type a valid E-Mail address" />
<input name="m_no" class="name" placeholder="Type Your Mobile #"/>
<input name="v_name" required class="name" placeholder="Type Your Vahical model and name"/>
<input name="capacity" required class="name" placeholder="Seating capacity"/>
<input name="fuel_type" required class="name" placeholder="Runs on what fuel type"/>
</p>
<p>
<input name="submit" class="btn" type="submit" value="Register" />
</p>
</form>
</div>
</body>
</html>
and here is the page that is processing the data
<?php
$con = mysqli_connect("localhost", "root", "", "map_my_way");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$username = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$first_name = mysqli_real_escape_string($con, $_POST['first_name']);
$last_name = mysqli_real_escape_string($con, $_POST['last_name']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$m_no = mysqli_real_escape_string($con, $_POST['m_no']);
$v_name = mysqli_real_escape_string($con, $_POST['v_name']);
$fuel_type = mysqli_real_escape_string($con, $_POST['fuel_type']);
$capacity = mysqli_real_escape_string($con, $_POST['capacity']);
$exists = mysqli_num_rows(mysqli_query($con,"SELECT * FROM members WHERE username='" . $username . "'"));
if ($exists > 0) {
echo "<script language=\"JavaScript\">\n";
echo "alert('username already exists!');\n";
echo "window.location='reg.php'";
echo "</script>";
}
if (strlen ($password) < 6){
echo "<script language=\"JavaScript\">\n";
echo "alert('password must be 6 characters');\n";
echo "window.location='reg.php'";
echo "</script>";
}
else{
// if ($password < 6) {
// echo "<script language=\"JavaScript\">\n";
// echo "alert('username already exists!');\n";
// echo "window.location='reg.php'";
// echo "</script>";
// } else{
//insert query
$sql = "INSERT INTO members (username, password, first_name, last_name, email, m_no, v_name, fuel_type, capacity)
VALUES ('$username', '$password', '$first_name', '$last_name', '$email', '$m_no', '$v_name', '$fuel_type', '$capacity')";
}
//}
if (!mysqli_query($con, $sql)) {
die('Error: ' . mysqli_error($con));
}
else{
header("location:pic.php");
}
// Register $username
session_start();
$_SESSION['login'] = true;
$_SESSION['username'] = $username;
mysqli_close($con);
?>
Thanks in advance
header('Location: http://example.com/some/url'); relplace it with the javascript
also try to make a function to the escape string less typing:
function security($danger) {
mysqli_real_escape_string($con, $danger)}
simply call it with the username like $username = security($_POST['username'])
Trying to redirect a user to index.php after they login successfully. I have everything working except the redirect. Been looking around for about an hour now and no luck..I'm sure it is tied to jQueryMobile owning the page
Have tried
header('Location: index.php');
nothing happens.
Also tried
echo '<script type="text/javascript">$.mobile.changePage($(\'index.php\'), {transition : "slide"});</script>';
Both do a re-direct if I make them the first part of my php code, but when placed where I need it they do nothing.
Here is my code:
<?php include "layouts/header.php";
if (isset($_POST['submit'])) { // Form has been submitted.
$username = trim($_POST['username']);
$password = trim($_POST['password']);
// Check database to see if username/password exist.
$hashpass = sha1($password);
$found_user = User::authenticate($username, $hashpass);
if ($found_user) {
$session->login($found_user);
$message = "Logged in";
// Redirect to index.php ********
} else {
// username/password combo not found
$message = "Username/password combination incorrect.";
$forgotdisplay = "visible";
}
} else { // Form was not been submitted.
$username = "";
$password = "";
}
?>
</head>
<body>
<div data-role="page" id="loginForm">
<div data-role="header">
<h1>Assessment</h1>
</div>
<div data-role="content" class="centerContent">
<h2>Login</h2>
<p><?php echo output_message($message); ?></p>
<form action="login.php" method="post" data-ajax="false">
<table>
<input type="text" id="username" name="username" maxlength="50" placeholder="username" value="<?php echo htmlentities($username); ?>" />
<input type="password" id="password" name="password" maxlength="30" placeholder="password" value="<?php echo htmlentities($password); ?>" />
<input type="submit" name="submit" value="Login" />
</form>
Sign Up
Forgot Your Password?
<p id="validate-status"></p>
</div>
</div>
</body>
</html>
When valid credentials are submitted the $message does correctly change to "Logged in" so I know that I am getting that far in the script. Have also tried with data-ajax="false" and "true"
Hello you may want to put the full domain in there. I had this problem too
header('location: www.yourdomain.com/index.php');
I believe that should do the trick