I tried to hosting my php, and found error: 404 when start login. What should I do? I've searched various solutions and repeatedly fixed my php code, but it did not work very well. There is a solution that says that the error is caused .htaccess. How to use htaccess? Please help. I'm a beginner. Here i will include my php code.
admin-login.php
<?php
include("config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$myusername = mysqli_real_escape_string($dbC,$_POST['username']);
$mypassword = mysqli_real_escape_string($dbC,$_POST['password']);
$sql = "SELECT * FROM akun WHERE id = '$myusername' and password = '$mypassword'";
$result = mysqli_query($dbC,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
session_register("myusername");
$_SESSION['login_user'] = $myusername;
header("location: admin-halomedan.php");
}else {
$error = "Your Login Name or Password is invalid";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Halo Medan</title>
<link rel="icon" type="image/png" href="img/icon.png">
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div class="wrapper" style="height: 100%; width:100%; background: #FFBD30;">
<div class="boxmenu">
<img src="img/halomedan1.png" style="text-align:center;">
</div>
<div class="header" style="padding-top:100px;">
<form action="" method="POST" style="text-align:center;">
<input type="text" name="username" placeholder="Username" class="login_regis"><br/>
<input type="password" name="password" placeholder="Password" class="login_regis"><br/>
<input type="Submit" name="submit" value="LOGIN" class="tombol_login">
</form>
</div>
</div>
</body>
</html>
config.php
<?php
$dbHost = "mysql.hostinger.in";
$dbUser = "user db";
$dbPass = "my password";
$dbName = "my database";
$dbC = mysqli_connect($dbHost, $dbUser, $dbPass, $dbName)
or die("Error Connecting to MySQL DataBase");
?>
session.php
<?php
include('config.php');
session_start();
$user_check = $_SESSION['login_user'];
$ses_sql = mysqli_query($dbC,"SELECT nama from akun where id = '$user_check' ");
$row = mysqli_fetch_array($ses_sql,MYSQLI_ASSOC);
$login_session = $row['username'];
if(!isset($_SESSION['login_user'])){
header("location:admin-halomedan.php");
}
?>
admin-halomedan.php
<?php
include('session.php');
?>
<!DOCTYPE html>
<html>
<head>
<title>Nyekrip Halaman Khusus</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="profile">
<b id="welcome">Selamat Datang : <i><?php echo $_SESSION; ?></i></b>
<b id="logout">Log Out</b>
</div>
</body>
</html>
Related
I am new to PHP and was following a login_registration script the registration process works fine and the user is added to the database, however, when I try to log in it shows error I checked php.error log on wamp server and it says this,
PHP 1. {main}() C:\wamp64\www\php\login_register_system\login.php:0
Here is my code
connect.inc.php
<?php
//$conn_error = "could not connect";
$mysql_host= "localhost";
$mysql_user = "root";
$mysql_pass ="";
$mysql_db ="a_database";
$conn = mysqli_connect($mysql_host,$mysql_user,$mysql_pass,$mysql_db);
/*if(!mysqli_connect($mysql_host,$mysql_user,$mysql_pass) && !mysqli_select_db($mysql_db)){
die($conn_error);
}
*/
if(!$conn){
die("Connection failed: ". mysqli_connect_error());
}
?>
registration.php
<!DOCTYPE html>
<html>
<head>
<meta charset ="utf-8">
<title>Registartion</title>
<link rel ="stylesheet"href="style.css"/>
</head>
<body>
<?php
require "connect.inc.php";
if(isset($_REQUEST["username"])){
$username =stripslashes($_REQUEST["username"]);
$username =mysqli_real_escape_string($conn,$username);
$email =stripslashes($_REQUEST["email"]);
$email =mysqli_real_escape_string($conn,$email);
$password =stripslashes($_REQUEST["password"]);
$password =mysqli_real_escape_string($conn,$password);
$trn_date = date("Y-m-d H:i:s");
$query ="INSERT INTO `users2` (username,password,email,trn_date) VALUES('$username','".md5($password)."','$email','$trn_date')";
$result =mysqli_query($conn,$query);
if($result){
echo "<div class='form'>
<h3>You are registered succesfully</h3><br>
Click here to <a href='login.php'>Log in</a>
</div>";
}
}else{
?>
<div class="form">
<h1>Registration</h1>
<form name="registration" action ="registration.php" method="post">
<input type="text" name ="username" placeholder ="Username" required/>
<input type="text" name ="email" placeholder ="Email" required/>
<input type="password" name ="password" placeholder ="password" required/>
<input type="submit" type="submit" value="Register"/>
</form>
</div><!--form-->
<?php } ?>
</body>
</html>
login.php
<!DOCTYPE html>
<html>
<head>
<meta charset ="utf-8">
<title>Login</title>
<link rel ="stylesheet"href="style.css"/>
</head>
<body>
<?php
//ini_set('display_errors','1');
//error_reporting(E_ALL);
require "connect.inc.php";
session_start();
if(isset($_POST["username"])){
$username = stripslashes($_REQUEST["username"]);
$username = mysqli_real_connect($conn,$username);
$username = mysqli_real_escape_string($conn,$password);
$query ="SELECT * FROM `users` WHERE username ='$username' and password ='".md5($password)."' ";
$result =mysqli_query($conn,$query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if($rows==1){
$_SESSION["username"] = $username;
header("Location: index.php");
}else{
echo "<div class='form'>
<h3>Username/password is incorrect</h3><br>
Click here to <a href='login.php'>Login</a>
</div>";
}
}else{
?>
<div class="form">
<h1>Login </h1>
<form action="login.php" method="post" name="login">
<input type="text" name ="username" placeholder ="Username" required/>
<input type="passowrd" name ="password" placeholder ="password" required/>
<input type="submit" type="submit" value="Login"/>
</form>
</div>
<?php } ?>
</body>
</html>
logout.php
<?php
session_start();
if(session_destroy()){
header("Location: login.php");
}
?>
index.php
<?php
include("auth.php");
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Welcome home</title>
</head>
<body>
<div class="form">
<p>Welcome <?php echo $_SESSION["username"];?></p>
<p>This is secure area</p>
Logout
</div>
</body>
</html>
Any help will be highly appreciated. Thanks.
Do note this is just for learning the purpose. I know there are flaws but please be easy.
Just change this,
$username = stripslashes($_REQUEST["username"]);
$username = mysqli_real_connect($conn,$username);
$password =stripslashes($_REQUEST["password"]);
$password = mysqli_real_escape_string($conn,$password);
to the following,
$username = stripslashes($_REQUEST['username']);
$username = mysqli_real_escape_string($conn, $username);
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($conn, $password);
I hope you have only one user related to the entered credentials in the database. Hope this helps you!
thanks i got it resolved..problem was this line $query ="SELECT * FROM users WHERE username ='$username' and password ='".md5($password)."' "; in login.php..
correct should be this
$query ="SELECT * FROM `users2` WHERE username ='$username' and password ='".md5($password)."' ";
i was checking data in users table whereas i registered in users2 table..as i had many tables that created confusion
When I hit my submit button to login nothing happens. I am just getting the same page, and not even an error. The connection to db should be fine. I have been looking at the code for 10 hours now, and I cannot figure out why. Does anybody have an idea?
dbconfic.inc.php:
<?php
$db_host = "localhost";
$db_user = "root";
$db_pass = "root";
$db_name = "testdb";
// connection:
$mysqli = new mysqli($db_host, $db_user, $db_pass , $db_name);
// tjek conenction:
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
}
// vi kører utf-8 på connection:
$mysqli->set_charset("utf-8");
?>
index.php:
<?php
include('login.php'); // Include Login Script
if(isset($_SESSION['username']))
{
header('Location: home.php');
}
exit();
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>PHP Login Form with Session</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<h1>PHP Login Form with Session</h1>
<div class="loginBox">
<h3>Login Form</h3>
<br><br>
<form method="post" action="">
<label>Username:</label><br>
<input type="text" name="username" placeholder="username" /><br><br>
<label>Password:</label><br>
<input type="password" name="password" placeholder="password" /> <br><br>
<input type="submit" value="Login" />
</form>
<div class="error"><?php echo $error;?></div>
</div>
</body>
</html>
login.php:
<?php
session_start();
include("dbconfic.inc.php"); //Establishing connection with our database
$error = ""; //Variable for storing our errors.
if(isset($_POST["submit"]))
{
if(empty($_POST["username"]) || empty($_POST["password"]))
{
$error = "Both fields are required.";
}else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// To protect from MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
//Check username and password from database
$sql="SELECT uid FROM users WHERE username='$username' and password='$password'";
$result=mysqli_query($db,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
//If username and password exist in our database then create a session.
//Otherwise echo error.
if(mysqli_num_rows($result) == 1)
{
$_SESSION['username'] = $login_user; // Initializing Session
header("location: home.php"); // Redirecting To Other Page
}else
{
$error = "Incorrect username or password.";
}
}
}
?>
home.php:
<?php
include("check.php");
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Home</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<h1 class="hello">Hello, <em><?php echo $login_user;?>!</em></h1>
<br><br><br>
Logout?
</body>
</html>
check.php:
<?php
include('dbconfic.inc.php');
session_start();
$user_check=$_SESSION['username'];
$sql = mysqli_query($db,"SELECT username FROM users WHERE username='$user_check' ");
$row=mysqli_fetch_array($sql,MYSQLI_ASSOC);
$login_user=$row['username'];
if(!isset($user_check))
{
header("Location: index.php");
}
?>
logout.php
<?php
session_start();
if(session_destroy())
{
header("Location: index.php");
}
?>
The index page seems more or less ok, a minor alteration to the use of isset and the inclusion of the login.php script.
The check.php does an extra db lookup - you should be able just to use the session info to judge whether or not to redirect the user - so rather than echo $login_user in the html use $_SESSION['username']
In the login.php script use prepared statements if possible to help mitigate against sql injection, and if possible avoid hashing passwords with md5!
<?php
$error='';
if( !isset( $_SESSION ) ) session_start();
if( !isset( $_SESSION['username'] ) ) include( login.php' );
else exit( header('Location: home.php') );
?>
<!doctype html>
<html>
<head>
<meta charset='utf-8'>
<title>PHP Login Form with Session</title>
<link rel='stylesheet' href='style.css' type='text/css' />
</head>
<body>
<h1>PHP Login Form with Session</h1>
<div class='loginBox'>
<h3>Login Form</h3>
<br><br>
<form method='post' action=''>
<label>Username:</label><br>
<input type='text' name='username' placeholder='username' /><br><br>
<label>Password:</label><br>
<input type='password' name='password' placeholder='password' /><br><br>
<input type='submit' name='submit' value='Login' />
</form>
<div class='error'><?php echo $error;?></div>
</div>
</body>
</html>
<?php
/* login.php */
$error = '';
if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['submit'], $_POST['username'], $_POST['password'] ) ) {
if( empty( $_POST['username'] ) || empty( $_POST['password'] ) ){
$error = 'Both fields are required.';
}else {
/*
Use prepared statements - mitigates agsint sql injection.
Use placeholders in the sql which are used by the `bind_param` statement
*/
$sql='select `uid` from `users` where `u_username`=? and `password`=? limit 1';
$stmt=$db->prepare( $sql );
if( !$stmt ) exit('Failed to prepare sql statement');
/*
md5 is not recommended for password hashing as it is generally considered to be broken
bind the variables to the placeholders & execute the sql
*/
$username=$_POST['username'];
$password=md5( $_POST['password'];
$stmt->bind_param('ss', $username, $password ) );
$res=$stmt->execute();
/* bind the result of the query to a variable */
$stmt->bind_result( $login_user );
while( $stmt->fetch() ){
/* go through recordset ( 1 record ) */
$_SESSION['username'] = $login_user;
}
$stmt->close();
$db->close();
if( isset( $_SESSION['username'] ) ) exit( header( 'location: home.php' ) );
else $error='Incorrect username or password.';
}
}
?>
<?php
/* home.php */
if( !isset( $_SESSION ) ) session_start();
if( !isset( $_SESSION[ 'username' ] ) ) exit( header('Location: index.php') );
#include("check.php"); /* serves no real purpose once session is set */
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Home</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<h1 class="hello">Hello, <em><?php echo $_SESSION['username'];?>!</em></h1>
<br><br><br>
Logout?
</body>
</html>
Database:
<?php
$db_host = "localhost";
$db_user = "root";
$db_pass = "root";
$db_name = "testdb";
// connection:
$mysqli = new mysqli($db_host, $db_user, $db_pass , $db_name);
// tjek conenction:
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
}
// vi kører utf-8 på connection:
$mysqli->set_charset("utf-8");
?>
Index:
<?php
session_start();
if(isset($_SESSION['username']))
{
header('Location: home.php');
}else{
include('login.php');
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>PHP Login Form with Session</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<h1>PHP Login Form with Session</h1>
<div class="loginBox">
<h3>Login Form</h3>
<br><br>
<form method="post" action="index.php">
<label>Username:</label><br>
<input type="text" name="username" placeholder="username" /><br><br>
<label>Password:</label><br>
<input type="password" name="password" placeholder="password" /> <br><br>
<input type="submit" name="dologin" value="Login" />
</form>
<div class="error"><?php echo $error;?></div>
</div>
</body>
</html>
?>
Login:
<?php
include("dbconfic.inc.php"); //Establishing connection with our database
$error = ""; //Variable for storing our errors.
if(isset($_POST["dologin"]))
{
if(empty($_POST["username"]) || empty($_POST["password"]))
{
$error = "Both fields are required.";
}else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// To protect from MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
//Check username and password from database
$sql="SELECT uid FROM users WHERE username='$username' and password='$password'";
$result=mysqli_query($db,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
//If username and password exist in our database then create a session.
//Otherwise echo error.
if(mysqli_num_rows($result) == 1)
{
$_SESSION['username'] = $login_user; // Initializing Session
header("location: index.php"); // Redirecting To Other Page
}else
{
$error = "Incorrect username or password.";
}
}
}
?>
HOME:
<?php
include("check.php");
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Home</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<h1 class="hello">Hello, <em><?php echo $login_user;?>!</em></h1>
<br><br><br>
Logout?
</body>
</html>
Check:
<?php
session_start();
include('dbconfic.inc.php');
$user_check=$_SESSION['username'];
$sql = mysqli_query($db,"SELECT username FROM users WHERE username='$user_check' ");
$row=mysqli_fetch_array($sql,MYSQLI_ASSOC);
$login_user=$row['username'];
if(!isset($user_check))
{
header("Location: index.php");
}
?>
I have followed this tutorial in order to build a login system for a content management site. http://www.formget.com/login-form-in-php/. I would like the site to be set in such a way that the user needs to be logged in in order to view the site, and that if the user enters the site name thru the url, they are directed immediately to the login page.
Currently when I go directly to the page I get an error stating:
Notice: Undefined index: login_user in C:\xampp\htdocs\WebDevelopment\V18\CMS\session.php on line 6
FILES USED:
login.php
<?php
session_start();
$error = ''; // variable to store error message
if (isset($_POST['login'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else {
// Define username and password
$username = $_POST['username'];
$password = $_POST['password'];
$connection = mysql_connect("localhost", "root", "");
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// select DB
$db = mysql_select_db("v18_apartments", $connection);
$query = mysql_query("Select * from login where password = '$password' AND username = '$username'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // initializing session
header("location: CMS-home.php");
} else {
$error = "Username or Password is invalid";
}
mysql_close($connection);
}
}
?>
index.php
<?php
include ('login.php');
if (isset($_SESSION['login_user'])){
header("location: CMS-home.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title> V18 - Login</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="format-detection" content="telephone=no">
<link rel="stylesheet" type="text/css" href="css/styles.css"/>
</head>
<body>
<div id="wrapper">
<div class="center">
<div id="login-form">
<form action="" method="POST">
<input type="text" name="username" placeholder="username">
<input type="password" name="password" placeholder="********">
<button type="submit" name="login">Submit</button>
<h2><?php echo $error; ?></h2>
</form>
</div>
</div>
</div>
</body>
</html>
session.php
<?php
$connection = mysql_connect("localhost", "root", "");
$db = mysql_select_db("v18_apartments", $connection);
session_start();
$user_check=$_SESSION['login_user'];
$ses_sql=mysql_query("select username from login where username = '$user_check'", $connection);
$row = mysql_fetch_assoc($ses_sql);
$login_session = $row['username'];
if (!isset($login_session)) {
mysql_close($connection);
header('Location : index.php');
}
?>
logout.php
<?php
session_start();
if (session_destroy()) // destroy all sessions
{
header("Location: index.php");
}
?>
How about this?
session.php
<?php
session_start();
if(!isset($_SESSION['login_user']))
header('Location : index.php');
exit;
?>
When a user logs in, how can I check whether another person is logged in already with the same username and display an error such as "This user is already logged in"?
LogIn_form.php
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Insert title here</title>
<link rel="stylesheet" href="NewFile.css">
</head>
<body>
<div id=warper>
<?php include 'Menu.php'; ?>
<div class="box">
<form method="POST" id="formReg">
<div id="account">
<div id="accountN">Account:</div>
<div id="accountV"><input type="text" name="account"></div>
</div>
<div id="pass">
<div id="passN">Password:</div>
<div id="passV"><input type="password" name="password"></div>
</div>
<input type="submit" value="submit" name="submit">
<?php
if (isset ($_POST ['submit'])) {
include 'LogIn_database.php';
}
?>
</form>
</div>
</div>
</body>
</html>
LogIn_database.php
<?php
session_start();
$username = htmlspecialchars($_POST ['account'], ENT_QUOTES, 'UTF-8');
$password = htmlspecialchars($_POST ['password'], ENT_QUOTES, 'UTF-8');
$password_sha1 = sha1($password);
if ($username && $password_sha1) {
//-------------------------------------------------------------------------------------------------------------
include 'MySQL_connect.php';
//------------------------------------------------------------------------------------------------------------------
$query = mysqli_query($conn, "SELECT * FROM portofoliu_table WHERE account= '$username' ");
$numrows = mysqli_num_rows($query);
if ($numrows != 0) {
while ($row = mysqli_fetch_assoc($query)) {
$db_account = $row['account'];
$db_password = $row['password'];
}
if ($username == $db_account && $password_sha1 == $db_password) {
#$_SESSION['account'] = $username;
$_SESSION["logged"] = true;
header("location: AboutMe.php");
exit();
} else
echo "<div id='err'>Your password is incorrected</div>";
$_SESSION["logged"] = false;
exit();
} else
die("<div id='err'>That user don't exists</div>");
} else
die("<div id='err'>Please enter a username and password</div>");
Logout.php
<?php
session_start();
session_destroy();
header("location: AboutMe.php");
?>
I'm trying out a login page example in php. I get the error: This webpage has a redirect loop
Details say: Error code: ERR_TOO_MANY_REDIRECTS
Here's my code:
index.php
<?php
include('login.php'); // Includes Login Script
if(isset($_SESSION['login_user'])){
header("location: profile.php");
}
?>
<form action="" method="post">
<label>UserName :</label>
<input id="name" name="username" placeholder="username" type="text">
<label>Password :</label>
<input id="password" name="password" placeholder="**********" type="password">
<input name="submit" type="submit" value=" Login ">
<span><?php echo $error; ?></span>
</form>
login.php
<?php
session_start();
$error='';
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
$username=$_POST['username'];
$password=$_POST['password'];
$connection = mysql_connect("localhost", "root", "");
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$db = mysql_select_db("rjtest", $connection);
$query = mysql_query("select * from login where myPassword='$password' AND myUserName='$username'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username;
header("location: profile.php");
} else {
$error = "Username or Password is invalid";
}
}
}
?>
profile.php
<?php
include('session.php');
?>
<!DOCTYPE html>
<html>
<head>
<title>Your Home Page</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="profile">
<b id="welcome">Welcome : <i><?php echo $login_session; ?></i></b>
<b id="logout">Log Out</b>
</div>
</body>
</html>
session.php
<?php
$connection = mysql_connect("localhost", "root", "");
$db = mysql_select_db("rjtest", $connection);
session_start();
$user_check=$_SESSION['login_user'];
$ses_sql=mysql_query("select myUsername from login where myUsername='$user_check'", $connection);
$row = mysql_fetch_assoc($ses_sql);
$login_session =$row['username'];
if(!isset($login_session)){
header('Location: index.php');
}
?>
And logout.php
<?php
session_start();
if(session_destroy())
{
header("Location: index.php");
}
?>
I can't seem figure out why. The site where I got this code is now inactive, so that's why Im asking this here. Hope you guys could help me out. Sorry for the long post though.
Comment to answer:
What I think is going on is that your code is erroring out and you're not seeing it, causing it to fight against what it should be showing you as an error.
You have $login_session =$row['username']; using the "username" as the row, but you're not selecting it in your query select myUsername from login where myUsername.
So, I'm thinking that if that row doesn't in fact exist, you'd need to do
$login_session =$row['myUsername'];