I have 2 pages:
index.php
<?php session_start(); ?>
<!DOCTYPE html>
<html>
<head>
<title></title>
<link href="https://fonts.googleapis.com/css?family=Lato" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="container">
<div class="wrapper">
<h1>Welcome to the Great Number Game!</h1>
<h3>I am thinking of a number between 1 and 100</h3>
<h3>Take a guess!</h3>
<?php
echo $_SESSION['message'];
?>
<form method="post" action="process.php">
<input type="hidden" name="action" value="guess">
<input type="text" name="number">
<br>
<input type="submit" value="Submit">
</form>
</div>
</div>
</form>
</body>
</html>
and process.php
<?php session_start(); ?>
<?php header('Location: index.php'); ?>
<?php
if (!isset($_SESSION["message"])) {
$_SESSION["message"] = "";
}
if(!isset($_SESSION['num'])) {
$_SESSION['num'] = rand(1, 100);
}
$new_game = "<a href='logout.php'><button class='btn'>Play again</button></a>";
if ($_POST['number']) {
$number = $_POST['number'];
if (is_numeric($_POST['number'])) {
if ($number > $_SESSION['num']) {
$_SESSION['message'] = "<div class='bad-guess'>Too high!</div>";
}elseif ($number < $_SESSION['num']) {
$_SESSION['message'] = "<div class='bad-guess'>Too low!</div>";
}else{
$_SESSION['message'] = "<div class='lucky-guess'>Congratulations! ".$_POST['number']." was the number!</div><br>".$new_game;
}
}else{
$_SESSION['message'] = "<div> <b>'$number'</b> is not a number. Please insert a number!</div>";
}
}
?>
Problem is that then I am starting session, I got the error that my $_SESSION['message'] index is undefined. Then I start guessing number, I got correct messages. So how can I define $_SESSION['message'] for sessions beggining?
in your index.php page
Put this
echo $_SESSION['message'] != '' ? $_SESSION['message'] : 'No messages';
Check if it is set first in index.php
if(isset($_SESSION['message']))
{
echo $_SESSION['message'];
}
Related
i'm trying to learn about session_start() but when i run the file, it only show what is inside the
if (isset($_SESSION['username'])&& isset($_SESSION['password'])==$password) {
?>
log out
<?php } ?>
and not showing else{...} and even after i click log out, it won't print anything in else statement and only print inside the if statement. I use another file to do the log out proses but i don't know the right code for session_destroy()
here's the logout.php code below:
<?php
session_start();
session_destroy();
header("location: home.php");
?>
here's the full code:
<?php
session_start();
include("DB/db.php");
$_SESSION['username']=$username;
$_SESSION['password']=$password;
$_SESSION['is_log_in'] = true;
?><!DOCTYPE html>
<html>
<head>
<title></title>
<link rel="stylesheet" type="text/css" href="css/css.css">
</head>
<body>
<div id="blank"></div>
<div id="panel">
<nav id="bar">
<div id="submen">
<form id="sir">
<input type="Search" name="search" placeholder="Search.." id="search">
</form>
Walpaper
Art
Photos
Image
<?php
if (isset($_SESSION['username'])&& isset($_SESSION['password'])==$password) {?>
<?php echo $username?>
log out
</div>
</nav>
</div>
</table>
<?php } else {
?>
login
register
</div>
</nav>
</div>
</table>
<?php } ?>
</body>
</html>
UPDATE for log in script
<?php
session_start();
include("DB/db.php");
if ($_GET['log']=='out'){
session_destroy();
}
if ($_POST['user']){
$sql = "Select password from user where username = '".$_POST['user']."' ";
$result = mysqli_query($koneksi, $sql);
if (mysqli_num_rows($result)){
$row = mysqli_fetch_assoc($result);
if ($row['password'] == md5($_POST['pass'])) {
$_SESSION['login'] = TRUE;
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
}else{
$pesan = "Username and password mismatch";
}
}else{
$pesan = "please register";
}
}
?><!DOCTYPE html>
<html>
<head>
<title>Log in</title>
</head>
<body>
<?php
if ($_SESSION['login']) {
echo "text";
}else{
?>
<h1>Login</h1>
<form method="post" action="rahasia.php">
Username: <input type="text" name="user">
Password: <input type="password" name="pass">
<input type="submit" name="" value="Login">
</form>
<form method="post" action="register.php">
<input type="submit" name="register" value="register">
</form>
<?php
}
echo $pesan;
?>
</body>
</html>
where have i gone wrong
Your $_SESSION vars are always set, and $password always equals $_SESSION['password'].
$_SESSION['username']=$username; // null, plus notice in error_log
$_SESSION['password']=$password; // null, plus notice in error_log
Unless those two vars are set in include("DB/db.php");, in which case that is bad practice. Can you paste db.php to see what is happening inside?
UPDATE.
Okay so the vars are being set. This now means:
$_SESSION['username']=$username; // a
$_SESSION['password']=$password; // 123456789
Therefore they will still match. You need to refactor these lines to function properly. Are you sure the mysql credentials is what you want for your logged in user
?
I have a problem with my login script. The problem is, that the login scipt is supposed to check if the password and name is correct. If they are, then a site with informations should open.
The site does open, but the problem is, that no matter what password or name I type the page that is supposed to need correct password and a correct name opens.
And I can't find any errors in my script. Maybe you can help? Here are the scripts:
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<meta charset="UTF-8" />
<style type="text/css">
.fehler { color: red; }
</style>
</head>
<body>
<?php
if (isset($_GET["f"]) && $_GET["f"] == 1) {
echo "<p class='fehler'>Login-Daten nicht korrekt</p>";
}
?>
<form method="post" action="new 2.php">
Your name, m'lady: <br />
<input type="text" name="name" size="20" />
<br />
Your password, m'lady: <br />
<input type="password" name="passwort" size="20" /><br />
<input type="submit" value="Login" />
</form>
</body>
</html>
new 2.php script:
<?php
session_start();
$host = htmlspecialchars($_SERVER["HTTP_HOST"]);
$uri = rtrim(dirname(htmlspecialchars($_SERVER["PHP_SELF"])), "/\\");
if (isset($_POST["name"]) && $_POST["name"] == "M'lady" && $_POST["passwort"] == "lol") {
$_SESSION["name"] = "M'lady";
$_SESSION["login"] = "ok";
$extra = "website.php";
}
else {
$extra = "lol23.php?f-1";
}
header("Location: http://localhost/canttellyouthat/website.php");
?>
website script:
<?php
session_start();
if (isset($_SESSION["login"]) && $_SESSION["login"] == "ok") {
?>
<!DOCTYPE html>
<html>
<head>
<title>Geschützter Bereich</title>
<meta charset="UTF-8" />
</head>
<body>
<?php
echo "<h1>Hi {$_SESSION['name']}</h1>";
?>
<p><font color="FF0000"><font size="7">Wichtige Informationen</font></p>
<p><a href="http://localhost/canttellyouthat/sorrydudes">Datenbank</p>
<p><a href="lol23.php"><font size="7">Ausloggen</font></p>
</body>
</html>
<?php
} else {
$host = htmlspecialchars($_SERVER["HTTP_POST"]);
$uri = rtrim(dirname(htmlspecialchars(["PHP_SELF"])), "/\\");
$extra = "lol23.php";
header("Location: http://localhost/lol23.php");
}
?>
As pointed in the comments, you are using location without any if condition. Try change your code new2.php to:
<?php
session_start();
$host = htmlspecialchars($_SERVER["HTTP_HOST"]);
$uri = rtrim(dirname(htmlspecialchars($_SERVER["PHP_SELF"])), "/\\");
if (isset($_POST["name"]) && $_POST["name"] == "M'lady" && $_POST["passwort"] == "lol") {
$_SESSION["name"] = "M'lady";
$_SESSION["login"] = "ok";
header("Location: http://localhost/canttellyouthat/website.php");
}
else {
header("Location: http://localhost/canttellyouthat/lol23.php?f-1");
}
?>
I have trouble with these codes:
password.php:
<html>
<head>
<title>Password!</title>
<meta charset="UTF-8">
</head>
<body>
<ul>
<form action="check.php" method="POST">
<li><input type="password" name="no1" placeholder="enter your password"></li>
<li><input type="submit" value="GO!"></li>
</form>
</ul>
</body>
Here is password2.php:
<html>
<head>
<title>Password!</title>
<meta charset="UTF-8">
</head>
<body>
<ul>
<form action="check.php" method="POST">
<li><input type="password" name="name" placeholder="verify your password"></li>
<li><input type="submit" value="GO!"></li>
</form>
</ul>
</body>
And here is check.php:
<?php
$enter = $_POST['no1'];
if (empty($enter)) {
echo "Please enter password!";
}
if (!(empty($enter))) {
echo "Your password is $enter";
}
?>
<html>
<body>
<p>Move on!</p>
</body>
</html>
<?php
$check = $_POST['name'];
if ($check == $enter) {
echo "Acces Granted";
}
if (!($check == $enter)) {
echo "Acces denied!";
}
?>
The troubles I have are:
check.php doesn't recognise "name" from password2.php
And I can't verify the password
Because $_POST variable is not persistent between requests it would not work. You can store the value from first form in the $_SESSION variable and retrieve it from session.
More info about php sessions here
Leave everything as it is in your question except check.php, here is the modified one:
<?php
//starting the session in PHP
session_start();
$enter = null;
// this is all the logic you need for retrieving `no1` from POST or SESSION
if (isset($_POST['no1'])){
$enter = $_POST['no1'];
$_SESSION['no1'] = $enter;
}elseif(isset($_SESSION['no1'])){
$enter = $_SESSION['no1'];
}
if (empty($enter)) {
echo "Please enter password!";
}
if (!(empty($enter))) {
echo "Your password is $enter";
}
?>
<html>
<body>
<p>Move on!</p>
</body>
</html>
<?php
$check = $_POST['name'];
if ($check == $enter) {
echo "Acces Granted";
// you can comment the next line if you are debugging,
// but after that you should destroy de session so you don't have a password as plain text
session_destroy();
}
if (!($check == $enter)) {
echo "Acces denied!";
}
?>
I have small problem with part of my script:
<?php
session_start();
include_once('../includes/connection.php');
if(isset($_SESSION['logged_in'])) {
?>
<html>
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="../css/style.css">
</head>
<body>
<h1>Markup 1</h1>
</body>
</html>
<?php
} else {
if(isset($_POST['email'], $_POST['password'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$query = $db->prepare("SELECT * FROM user WHERE user_email = ?");
$query->bind_param('s',$email);
$query->execute();
$query->bind_result($user_id,$user_name,$user_email,$user_password);
$query->fetch();
$user = array("user_id"=>$user_id, "user_name"=>$user_name, "user_email"=>$user_email, "user_password"=>$user_password);
if($user['user_id'] != 0) {
$_SESSION['logged_in'] = true;
header("Location: index.php");
die();
} else {
$error = "Incorrect details!";
}
}
}
?>
<html>
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="../css/style.css">
</head>
<body>
<h1>Markup 2</h1>
<div class="container">
<h3>Please login</h3>
<?php if(isset($error)) { ?>
<h4><?php echo $error; ?></h4>
<?php } ?>
<form action="index.php" method="post" autocomplete="off">
<input type="text" name="email" placeholder="E-mail">
<input type="password" name="password" placeholder="Password">
<input type="submit" value="Login">
</form>
</div>
</body>
</html>
Problem is that script after refreshing (calling header() method) doesn't execute die() statement, and after successfully set session variable and rendering part with "Markup 1" it will also render "Markup 2" part but it shouldn't.
I found this example here: https://www.youtube.com/watch?v=UNTvU--o2q8.
You can try including the second markup section within the else block this is a fairly hackish fix, but it should accomplish what you are aiming for. I would recommend restructuring this section and pulling some of the markup out to separate included files.
<?php
session_start();
include_once('../includes/connection.php');
if(isset($_SESSION['logged_in'])) {
?>
<html>
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="../css/style.css">
</head>
<body>
<h1>Markup 1</h1>
</body>
</html>
<?php
} else {
if(isset($_POST['email'], $_POST['password'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$query = $db->prepare("SELECT * FROM user WHERE user_email = ?");
$query->bind_param('s',$email);
$query->execute();
$query->bind_result($user_id,$user_name,$user_email,$user_password);
$query->fetch();
$user = array("user_id"=>$user_id, "user_name"=>$user_name, "user_email"=>$user_email, "user_password"=>$user_password);
if($user['user_id'] != 0) {
$_SESSION['logged_in'] = true;
header("Location: index.php");
die();
} else {
$error = "Incorrect details!";
}
} ?>
<html>
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="../css/style.css">
</head>
<body>
<h1>Markup 2</h1>
<div class="container">
<h3>Please login</h3>
<?php if(isset($error)) { ?>
<h4>
<?php echo $error; ?>
</h4>
<?php } ?>
<form action="index.php" method="post" autocomplete="off">
<input type="text" name="email" placeholder="E-mail">
<input type="password" name="password" placeholder="Password">
<input type="submit" value="Login">
</form>
</div>
</body>
</html>
<?php } ?>
You can't call header() after you write content to the browser. You can sort of hack around this in PHP using output buffers (it's been a long time), but really you should move code that handles headers above all of your markup.
See: http://php.net/manual/en/function.header.php
Index.php Page
I am a beginner.
This is index page in which i print a name of user who is logged in and i want to update the username whenever a user edit his detail i try to update it,it's updating the username but when i edit detail then i have log out first then login again then the name will update.I want to update the name instantly when a user edit his detail and redirect to index page just like facebook do.
i almost spend a week for solving this problem.Please give me code if anything needs to with ajax.
Thank you
<?php
session_start();
require_once("inc/connection.php");
if (empty($_SESSION['usersession'])) {
header("Location: login.php");
}
if (isset($_SESSION['msg'])) {
echo $_SESSION['msg'];
unset($_SESSION['msg']);
}
?>
<!DOCTYPE html>
<html>
<head>
<title>WELCOME TO USER AREA</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body>
<div id="main">
<nav id="nav">
<div class="logout">
WELCOME <?php echo $_SESSION['usersession']['name']; ?> // echo name of user
Log out
</div>
<ul>
<li>Home</li>
<li>Register</li>
<li>Edit</li>
<li>Delete(not recommended)</li>
</ul>
</nav>
<div class="para">
some text
</div>
</div>
</body>
</html>
Edit.php
This is edit.php code
<?php
session_start();
if (empty($_SESSION['usersession'])) {
header("Location: login.php");
}
if (isset($_SESSION['msg'])) {
echo $_SESSION['msg'];
unset($_SESSION['msg']);
}
?>
<!DOCTYPE html>
<html>
<head>
<title>REGISTER HERE</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body>
<div id="reg2">
<?php
if (isset($_POST['btn'])) {
$name = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
$id = $_SESSION['usersession']['id'];
if (!empty($name && $email && $password)) {
if (!empty($password)) {
$password = sha1($password);
require_once("inc/connection.php");
$query = mysqli_query($conn, "UPDATE register SET name='$name',email='$email',password='$password' WHERE id='$id'");
if ($query) {
header("Location: index.php");
} else {
echo "not updated right now please try again later";
}
$_SESSION['msg'] = "Your detail has been updated successfully";
}
} else {
echo "please put your updated password";
}
}
?>
</div>
<div id="form">
<form method="post" action="edit.php">
<label>NAME</label><p>
<input class="int" type="text" class="nm" name="name" placeholder="Please Enter Your Name Here" value="<?php echo $_SESSION['usersession']['name']; ?>" /><p>
<label>EMAIL</label><p>
<input class="int" type="email" class="em" name="email" placeholder="Please Enter Your Email Here" value="<?php echo $_SESSION['usersession']['email']; ?>" /><p>
<label>PASSWORD</label><p>
<input class="int" type="password" name="password" placeholder="Please Enter Your new Password Here" />
<p></p>
<input type="hidden" name="id[]" value="<?php echo $_SESSION['usersession']['id']; ?>"/>
<input type="submit" name="btn" id="btu" value="Update">
</form>
</div>
</body>
</html>
When updating your Database you didnt change the value in your $_SESSION.
You have to do that manually.
// Add that under $_SESSION['msg'] = '....'
$_SESSION['usersession']['username'] = $name; // Same with email and password
Note that your code is vulnerable to mysql-injection. You should mysql_real_escape_string to avoid that.
Furthermore you display your message before even outputting your <!DOCUMENT html>. Please dont do that. Instead echo the message somewhere in your html!