<?php
session_start();
include_once 'db.login.php';
if (isset($_SESSION['users']) != "") {
header("Location: profile.php");
}
if (isset($_POST['btn-login'])) {
$username = mysqli_real_escape_string($con, $_POST['username']);
$upass = mysqli_real_escape_string($con, $_POST['password']);
$res = mysqli_query($con, "SELECT * FROM users WHERE username='$username'");
$row = mysqli_fetch_array($res);
if ($row['password'] == md5($upass)) {
$_SESSION['users'] = $row['id'];
header("Location: profile.php");
} else {
$err = "<p style='color: red'>Wrong Username or Password</p>";
?>
<?php
}
}
?>
method i am trying but it doesn't seem to display anything
<?= $_SESSION['username'] ?>">
i am basically looking at echoing the username logged into the session
you fill session in
$_SESSION['users']
but echo
$_SESSION['username']
<?php
session_start();
include_once 'db.login.php';
if(isset($_SESSION['users']) && $_SESSION['users'] != "")
{
header("Location: profile.php");
exit();
}
if(isset($_POST['btn-login']))
{
$username = mysqli_real_escape_string($con, $_POST['username']);
$upass = mysqli_real_escape_string($con, $_POST['password']);
$res=mysqli_query($con, "SELECT * FROM users WHERE username='$username'");
$row=mysqli_fetch_array($res);
if($row['password'] == md5($upass))
{
$_SESSION['users'] = $row['id'];
$_SESSION['username'] = $row['username'];
header("Location: profile.php");
}
else
{
$err = "<p style='color: red'>Wrong Username or Password</p>";
?>
<?php
}
}
?>
you did not define $_SESSION['username'] anywhere.
Related
I am a beginner in PHP and just starting to learn it. I am trying to make a registration page and login page. My login page is working once I select username and password and it also can detect an incorrect password but the profile picture that I uploaded through the registration page is not appearing on the welcome page. Once I add the profile, the login page no longer works at all. I hope you guys can understand my problem and help me find a solution. Thank you in advance. I attach my code below :
REGISTER FORM PHP
<?php
session_start();
$_SESSION['message'] = '';
$mysqli=new MySQLi('127.0.0.1','root','','accounts');
if($_SERVER["REQUEST_METHOD"] == "POST") {
if ($_POST['password']== $_POST['confirmpassword']) {
$username = $mysqli->real_escape_string($_POST['username']);
$email = $mysqli->real_escape_string($_POST['email']);
$password = md5($_POST['password']);
$profile_path = $mysqli->real_escape_string('images/'.$_FILES['profile']['name']);
if (preg_match("!image!", $_FILES['profile']['type'])) {
if (copy($_FILES['profile']['tmp_name'],$profile_path)){
$_SESSION['username'] =$username;
$_SESSION['profile'] =$profile_path;
$sql ="INSERT INTO users(username,email,password,profile)"
."VALUES ('$username','$email','$password','$profile_path')";
if($mysqli->query($sql)=== true) {
$_SESSION['message'] = 'Registration successful!
Added $username to the database!';
header("location:RegisterLogin.php");
}
else {
$_SESSION['message'] = "User could not be added to the database!";
}
}
else{
$_SESSION['message'] = "file failed!";
}
}
else {
$_SESSION['message'] = "Please only upload GIF,JPG, or PNG images!";
}
}
else{
$_SESSION['message'] = "two password do not match!";
}
}
?>
lOGIN fORM
<?php
session_start();
$_SESSION['message']='';
$mysqli=new MySQLi('127.0.0.1','root','','accounts');
if(isset($_POST['login'])) {
$username = $mysqli->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$profile_path = $mysqli->real_escape_string(isset($_FILES['profile']));
$sql="SELECT * FROM users WHERE username='$username' AND password='$password' AND profile = 'profile_path'";
$result = mysqli_query($mysqli,$sql);
if(mysqli_affected_rows($mysqli) == 1){
$_SESSION['username'] = $username;
$_SESSION['profile'] = $profile_path;
$_SESSION['message'] = "Registration successful!";
header("location:Welcome.php");
}
else{
$_SESSION['message'] = "Login Failed!";
}
}
?>
WELCOME PHP
<link rel="stylesheet" href="Form2.css" />
<?php session_start(); ?>
<div class="body content">
<div class="welcome">
<div class="alert alert-success"><?= $_SESSION['message']?></div>
Welcome To Your Profile <span class="user"><img src='<?=$_SESSION['profile']?>'</span>
update your codes like following
REGISTER FORM
<?php
session_start();
$_SESSION['message'] = '';
$mysqli= new mysqli('127.0.0.1','root','','accounts');
if(isset($_POST) && array_filter($_POST)){
if ($_POST['password'] == $_POST['confirmpassword']) {
$username = $mysqli->real_escape_string($_POST['username']);
$email = $mysqli->real_escape_string($_POST['email']);
$password = md5($_POST['password']);
$profile_path = $mysqli->real_escape_string('images/'.$_FILES['profile']['name']);
if(!empty($username) && !empty($email) && !empty($password) && !empty($_FILES['profile']['name']){
if (preg_match("!image!", $_FILES['profile']['type'])) {
if (move_uploaded_file($_FILES['profile']['tmp_name'],$profile_path)){
$_SESSION['username'] = $username;
$_SESSION['profile'] = $profile_path;
$sql ="INSERT INTO users(username,email,password,profile) VALUES ('$username','$email','$password','$profile_path')";
if($mysqli->query($sql) == true) {
$_SESSION['message'] = "Registration successful! Added $username to the database!";
header("Location: RegisterLogin.php");
}
else { $_SESSION['message'] = "User could not be added to the database!"; }
} else {$_SESSION['message'] = "file failed!";}
} else { $_SESSION['message'] = "Please only upload GIF,JPG, or PNG images!"; }
}else{ $_SESSION['message'] = "values are missing"; }
} else{ $_SESSION['message'] = "two password do not match!"; }
}
?>
LOGIN FORM
<?php
session_start();
$_SESSION['message']='';
$mysqli= new mysqli('127.0.0.1','root','','accounts'););
if(isset($_POST['login'])){
$username = $mysqli->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$sql="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = $mysqli->query($sql);
if($result->num_rows > 0){
$row = $result->fetch_assoc();
$_SESSION['username'] = $username;
$_SESSION['profile'] = 'images/'.$row['profile'];
$_SESSION['message'] = "Login successful!";
header("Location: Welcome.php");
}else{ $_SESSION['message'] = "Login Failed!";}
}
?>
WELCOME PHP
<?php session_start(); ?>
<link rel="stylesheet" href="Form2.css" />
<div class="body content">
<div class="welcome">
<div class="alert alert-success"><?= $_SESSION['message']?></div>
Welcome To Your Profile <span class="user"><img src='<?=$_SESSION['profile'];?>'/></span>
You are setting your session values incorrectly in login.php. In the below code, uses mysqli_fetch_array() to retrieve correct values for $_SESSION variable.
Login.php
Try this:
<?php
session_start();
$_SESSION['message']='';
$mysqli=new MySQLi('127.0.0.1','root','','accounts');
if(isset($_POST['login'])) {
$username = $mysqli->real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$sql="SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1;";
$result = mysqli_query($mysqli,$sql);
if(mysqli_num_rows($result)>0){
$row = mysqli_fetch_array($result);
$_SESSION['username'] = $row['username'];
$_SESSION['profile'] = $row['profile'];
$_SESSION['message'] = "Registration successful!";
header("location:Welcome.php");exit();
}
else{
$_SESSION['message'] = "Login Failed!";
}
}
?>
In Welcome.php
Move <?php session_start(); ?> to the topmost of your document. You cannot output anything (HTML content or echos) before calling session_start() or session will fail unless using output buffering.
I am trying to redirect the user after login, but it is not working.
This is my code:
session_start();
include_once 'config.php';
if (isset($_SESSION['username']) != "") {
header("Location: Home.php");
}
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$res = mysql_query("SELECT * FROM employee_login WHERE email = '$username'");
$pass = $_POST['pass'];
$row = mysql_fetch_array($res);
$newpass = $row['pass'];
if ($newpass == $pass && !empty($row)) {
$user_email = $row['email'];
$_SESSION['username'] = $user_email;
$username = $_SESSION['username'];
if ($_SESSION['username'] == "abc#gmail.con") {
header("Location: admin/dashboard.php");
}
else {
header("location: Home.php");
exit();
}
}
else {
print_r("no");
}
}
I am using the logic below to check if the user is logged in on the homepage.
session_start();
include_once 'config.php';
if (isset($_SESSION['username'])) {
}
else {
}
What have I done wrong, or what have I missed out that is stopping my redirect from working?
It occurs undefined index error for the first time while redirecting to the same page after login, how can I solve this problem?
Here's my code:
code on index-page
<?php
session_start();
$error = $_SESSION['error'];
$conn = mysql_connect("localhost", "root", "");
mysql_select_db("db_food", $conn);
$row = mysql_query("select * from tbl_temp order by id DESC", $conn);
$row = mysql_fetch_array($row);
$user = $row['user'];
$pass = $row['pass'];
?>
code for the page After form submission
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if($username =='' || $password == '') {
$error = "Username or Password cant' be empty......";
header("location: index.php");
} else {
$data = mysql_query("select * from tbl_user where username='$username' && password='$password'", $conn);
$num = mysql_num_rows($data);
if($num==1) {
$row = mysql_fetch_array($data);
$_SESSION['name'] = $row['name'];
$_SESSION['id'] = $row['id'];
$_SESSION['user'] = $row['username'];
exit;
} else {
$error= "Either Username or Password wrong!!!";
header("location: index.php");
}
}
$_SESSION['error'] = $error;
?>
I want to display the error message in the index page.
check first by isset
$error = "";
if(isset($_SESSION['error'])){
$error = $_SESSION['error'];
}
i have script login.php, it works when login with a true username and password, but when it comes login with wrong username and password it redirect to a blank page, when it should be redirect back to index.php
here my script, may be some one can help me, what wrong with my script.
thanks before.
<?php
session_start();
include 'dbconfig.php';
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$username = stripslashes ($username);
$password = stripslashes ($password);
$query = mysql_query("SELECT username, namalengkap, nik, level FROM users WHERE username= '$username' and password='$password'");
while($row = mysql_fetch_array($query)) {
$level= $row['level'];
$user = $row['namalengkap'];
$nik = $row['nik'];
if ($level == 'admin')
{
$_SESSION['level'] = $level;
$_SESSION ['user']= $user;
$_SESSION ['nik'] = $nik;
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=homeadmin.php">';
exit;
}
elseif ($level == 'pengguna')
{
$_SESSION['level'] = $level;
$_SESSION ['user'] = $user;
$_SESSION ['nik'] = $nik;
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=home.php">';
exit;
}
else {
header("location:index.php");
}
}
?>
Don't use mysql_query it has been depreciated
Don't use while loop
<?php
session_start();
include 'dbconfig.php';
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$username = stripslashes ($username);
$password = stripslashes ($password);
$query = mysql_query("SELECT username, namalengkap, nik, level FROM users WHERE username= '$username' and password='$password'");
$row = mysql_fetch_array($query);
$level= $row['level'];
$user = $row['namalengkap'];
$nik = $row['nik'];
if ($level == 'admin')
{
$_SESSION['level'] = $level;
$_SESSION ['user']= $user;
$_SESSION ['nik'] = $nik;
header('Location:homeadmin.php');
exit;
}
elseif ($level == 'pengguna')
{
$_SESSION['level'] = $level;
$_SESSION ['user'] = $user;
$_SESSION ['nik'] = $nik;
header('Location:home.php');
exit;
}
else {
header("location:index.php");
}
?>
So, my problem is that I can't log in as any other user with my login script in PHP, it only selects the last row in the table.
<?php
require_once('core/config.php');
if(isset($_POST['lSubmit'])) {
$result = $mysqli->query("SELECT * FROM cms_users");
while($row = $result->fetch_object() ) {
$username = $row->username;
$password = $row->password;
$id = $row->id;
$Rank = $row->Rank;
$fail = "";
}
if($_POST['username'] == $username && hash("SHA512", "SHA512", $_POST['password'] + "QxLUF1bgIAdeQX") == $password) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
header("Location: index.php?ID=$id&Username=$username");
} else
header("Location: login.php?fail=true");
$fail = "Username and/or password is wrong!";
}
} else {
header("Location: login.php");
$fail = "Username and/or password is wrong!";
}
Your query select several rows :
$mysqli->query("SELECT * FROM cms_users");
You need to select the user in the table with the username and password passed. If a record will be fetch, that one is the user, otherwise it's a wrong login..
Myabe you can try it like this:
<?php
require_once('core/config.php');
if(isset($_POST['lSubmit'])) {
$result = $mysqli->query("SELECT * FROM cms_users where username='".$_POST['username']."'");
while($row = $result->fetch_object() ) {
$username = $row->username;
$password = $row->password;
$id = $row->id;
$Rank = $row->Rank;
$fail = "";
}
if(hash("SHA512", "SHA512", $_POST['password'] . "QxLUF1bgIAdeQX") == $password) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
header("Location: index.php?ID=$id&Username=$username");
} else
header("Location: login.php?fail=true");
$fail = "Username and/or password is wrong!";
}
} else {
header("Location: login.php");
$fail = "Username and/or password is wrong!";
}
You should not select all users in your user table. Just the one match username is enough