Hi i have a problem with the use of session.
I create the session here
<?php session_start();
include('MConsultas.php');
$mail = $_POST['mail'];
$contraseña = $_POST['contraseña'];
$Objeto = new Consulta();
$consulta="SELECT * from persona where Email='".$mail."'";
$Rset = $Objeto->querys($consulta);
if ($fila = mysql_fetch_assoc($Rset)) {
$contraseña1=hash('sha512',$contraseña);
if ($fila['Contrasena']==$contraseña1)
{
$_SESSION['IDuser']= $fila['ID_Persona'];
$_SESSION['IDnombre']= $fila['Nombre'];
$_SESSION['IDemail']= $fila['Email'];
$_SESSION['IDempre']= 'NULL';
$_SESSION['IDAbogado']= 'NULL';
$_SESSION['Autentica'] = "si";
$_SESSION['Tipo']="persona";
echo $fila['ID_Persona'];
echo "<script type='text/javascript'> document.location = '../administrador/personas/mis-casos.php'; </script>";
}
And i try to use the session here:
<?php session_start();
if($_SESSION['Autentica'] == 'si')
{
if($_SESSION["Tipo"] == "persona" || $_SESSION["Tipo"] == "empresa")
{
?>
But this php, doesn't recognize the session.
Can someone tell me what i'm doing wrong please?
Related
I searched now for hours but couldn't find any solution. I hope you can help me.
I created a website and tested it with xampp and eververthing works well, but now I uploaded it on a server and I could realize that the session_start() does not work.
This is the code of my index.php:
<?php
session_start();
echo session_status()."<br>";
echo "SessionID: ".session_id();
error_reporting(E_ALL & ~E_NOTICE);
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="stylesheet.css" media="screen" />
<meta charset="UTF-8" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script>
$(document).ready(function(){
// Add smooth scrolling to all links
$("a").on('click', function(event) {
// Make sure this.hash has a value before overriding default behavior
if (this.hash !== "") {
// Prevent default anchor click behavior
event.preventDefault();
// Store hash
var hash = this.hash;
// Using jQuery's animate() method to add smooth page scroll
// The optional number (800) specifies the number of milliseconds it takes to scroll to the specified area
$('html, body').animate({
scrollTop: $(hash).offset().top
}, 800, function(){
// Add hash (#) to URL when done scrolling (default click behavior)
window.location.hash = hash;
});
} // End if
});
$(".loginField").click(function() {
$(".loginDetails").toggle("slow");
});
$(".profilName").click(function() {
$(".profilMenu").toggle("slow");
});
$("#middleLoginButton").click(function() {
$(".middleLoginForm").toggle("slow");
});
});
</script>
</head>
<body>
<!-- getting UserData, if available -->
<?php
//delete Session Data, if logout
if (isset($_GET['logout']) && $_GET['logout'] == 1) {
echo "SessionID Logout:".session_id();
session_destroy();
//header("Location:https://www.whocando.eu");
}
function autoload ($className) {
if (file_exists('classes/'.$className.'.php')) {
require 'classes/'.$className.'.php';
}
}
spl_autoload_register("autoload");
if ($_GET['falsePassword'] == 1) {
$falsePassword = 1;
}
if ((empty($_POST['userName']) || empty($_POST['password'])) && empty($_POST['registration'])) {
// after Login Check!
} elseif (isset($_POST['userName']) && isset($_POST['password']) && !isset($_POST['registration'])) {
$loginCheck = new loginParser();
$userID = $loginCheck->loginChecker($_POST['userName'],$_POST['password']);
$_SESSION['userID'] = $userID;
$abfrage = new dbQuery("SELECT ID,name, firstName FROM db764570417.userdata WHERE ID = $userID");
$userName = $abfrage->fetchData('ID','name');
$userFirstName = $abfrage->fetchData('ID','firstName');
// already logged in Check!
} elseif (isset($_SESSION['userID'])) {
$userID = $_SESSION['userID'];
$abfrage = new dbQuery("SELECT ID,name, firstName FROM db764570417.userdata WHERE ID = $userID");
$userName = $abfrage->fetchData('ID','name');
$userFirstName = $abfrage->fetchData('ID','firstName');
// after Registration Check!
} elseif (isset($_POST['registration'])) {
$name = $_POST['name'];
$vorName = $_POST['vorname'];
$email = $_POST['email'];
$uni = $_POST['uni'];
$geburtstag = $_POST['gebDatum'];
$password = $_POST['passwort'];
$confirmedPassword = $_POST['confirmPasswort'];
$gebDatum = date("Y-m-d",strtotime($geburtstag));
$abfrageEmail = new dbQuery("SELECT ID,email FROM db764570417.logindata");
$userEmails = $abfrageEmail->fetchData('ID','email');
if ($password != $confirmedPassword) {
header("Location:https://www.whocando.eu/registration.php?fault=passwordNotMatched&name=".$name."&vorname=".$vorName."&email=".$email."&uni=".$uni."&gebDatum=".$geburtstag);
} elseif (in_array($email,$userEmails)) {
header("Location:https://www.whocando.eu/registration.php?fault=emailAlreadyUses&name=".$name."&vorname=".$vorName."&email=".$email."&uni=".$uni."&gebDatum=".$geburtstag);
} elseif (empty($name)) {
header("Location:https://www.whocando.eu/registration.php?fault=nameMissing&name=".$name."&vorname=".$vorName."&email=".$email."&uni=".$uni."&gebDatum=".$geburtstag);
}elseif (empty($vorName)) {
header("Location:https://www.whocando.eu/registration.php?fault=vorNameMissing&name=".$name."&vorname=".$vorName."&email=".$email."&uni=".$uni."&gebDatum=".$geburtstag);
} elseif (empty($email)) {
header("Locationhttps://www.whocando.eu/:registration.php?fault=emailMissing&name=".$name."&vorname=".$vorName."&email=".$email."&uni=".$uni."&gebDatum=".$geburtstag);
} elseif (empty($uni)) {
header("Location:https://www.whocando.eu/registration.php?fault=uniMissing&name=".$name."&vorname=".$vorName."&email=".$email."&uni=".$uni."&gebDatum=".$geburtstag);
}elseif (empty($geburtstag)) {
header("Locationhttps://www.whocando.eu/:registration.php?fault=gebMissing&name=".$name."&vorname=".$vorName."&email=".$email."&uni=".$uni."&gebDatum=".$geburtstag);
} elseif (empty($password)) {
header("Location:https://www.whocando.eu/registration.php?fault=passwordMissing&name=".$name."&vorname=".$vorName."&email=".$email."&uni=".$uni."&gebDatum=".$geburtstag);
} elseif (empty($confirmedPassword)) {
header("Location:https://www.whocando.eu/registration.php?fault=confirmedPasswordMissing&name=".$name."&vorname=".$vorName."&email=".$email."&uni=".$uni."&gebDatum=".$geburtstag);
} else {
include ('dbConnection.php');
$date = date("Y-m-d H:i:s",time());
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$sqlCode = "INSERT INTO db764570417.logindata (name,email,password)
VALUES (?,?,?)";
$userNameDB = $vorName."".$name;
$statement = $mysqli->prepare($sqlCode);
$statement->bind_Param('sss',$userNameDB,$email,$hashedPassword);
$statement->execute();
$newUserId = $mysqli->insert_id;
$_SESSION['userID'] = $newUserId;
$sqlCode = "INSERT INTO db764570417.userdata (ID,name,firstName,firstLogin,lastLogin,birthDate,email,university)
VALUES (?,?,?,?,?,?,?,?)";
$statement = $mysqli->prepare($sqlCode);
$statement->bind_Param('isssssss',$newUserId,$name,$vorName,$date,$date,$gebDatum,$email,$uni);
$statement->execute();
//header("Location:index.php");
$userID = $newUserId;
$userFirstName[$userID] = $vorName;
$userName[$userID] = $name;
}
}
?>
If I load the page there will be no session ID created, but if I test exactly the same code on localhost, it works.
I thought there were an issue with the server and uploaded a file with the following code:
<?php
if (!isset($_SESSION)) {
session_start();
echo session_status();
echo "SessionID: ".session_id();
}
echo "SessionID: ".session_id();
?>
I am now completely confused and don't know what mistake I did.
Can someone help me with this?
Thank you!
Exec following code and find session.save_path
<?php
phpinfo();
?>
Just add right permissions to this path
I need some help on my log out. I try to show less code as possible to avoid long code.
What I'm trying to do is a webpage that allow user to log in and view some stuff. When the user done viewing the stuff, the user are able to log out. When logging out, it'll redirect the user to login page and update my database to clear up all the data such as session_id etc.
But the problem is, whenever the user click the log out button, it'll redirect the user to the login page, but not updating the query which is in the logout function. I'm trying to logs the user out by clearing all the session and data in the database such as session_id, last_log, etc.
Is there any way to make the log out button works?
In my protect class
class protect
{
var $username = "";
var $password = "";
var $id = "";
var $isAdmin = -1;
var $sess_id = "";
var $action = "";
var $query = "";
var $ip_address = "";
var $otp = "";
function __construct()
{
try
{
session_start();
$db = new DB("XXUser","password",DB_NAME);
$db->connect();
$this->check_login($db);
if(!isset($_SESSION['loggedin']) || $_SESSION['loggedin']!=1)
{
$this->logout($db);
}
else
{
if($this->action == "logout")
{
$this->logout($db);
}
$this->check_session($db);
}
}
catch
{
$this->logout($db);
exit();
}
}
function post_value()
{
if (!empty($_POST))
{
foreach ($_POST as $key => $value)
{
$this->$key=$value;
}
}
}
function get_value()
{
if(isset($_GET['action']))
{
$this->action=$_GET['action'];
}
}
function insert_session($db)
{
$sql = "UPDATE myuser SET lastLog = now(), active = 'Y', last_active
= now(), last_access = now(), ip_addr = '".$this->ip_address."',
session_ID = '".trim($this->sess_id)."', fail_login_count = 0,
last_fail_login_time ='1900-01-01 00:00:00', otp =
'".$_SESSION['otp']."' WHERE ID = '".$_SESSION['id']."'";
$db->query($sql);
}
function check_session($db)
{
if(isset($_SESSION['loggedin']) || $_SESSION['loggedin'] == 1)
{
$sql2 = "SELECT * FROM myuser WHERE ID = '".$_SESSION['id']."'
AND otp = '".$_SESSION['otp']."'";
$db->query($sql2);
$db->fetchRow();
if($db->resultCount() == 0)
{
echo "<script type=\"text/javascript\">
alert(\"Access Denied\");
</script>";
session_destroy();
$db->disconnect();
header("Location: login2.php");
exit();
}
else
{
$this->check_time($db);
$this->refresh_session();
}
}
}
function refresh_session()
{
//Regenerate id
session_regenerate_id();
//Regenerate otp
$_SESSION['otp'] = trim(md5(time() .$_SESSION['id']));
}
function check_time($db)
{
$sql3 = "SELECT * FROM myuser WHERE ID = '".$_SESSION['id']."' AND
otp = '".$_SESSION['otp']."' AND last_active > DATE_SUB(NOW(),
INTERVAL 10 MINUTE)";
$db->query($sql3);
if($db->resultCount($db) == 0)
{
$this->logout($db);
}
else
{
$sql2 = "UPDATE myuser SET last_active = now() WHERE ID =
'".$_SESSION['id']."' AND otp = '".$_SESSION['otp']."'";
$db->query($sql2);
}
}
function check_login($db)
{
if(!isset($_SESSION['loggedin']) || $_SESSION['loggedin']!=1)
{
$this->username = sanitize($_POST['username']);
$this->password = $_POST['password'];
$sql = "SELECT * FROM myuser WHERE userName = '".$this-
>username."' AND userPass = '".$this->password."'";
$db->query($sql);
if($db->resultCount() == 0)
{
echo "<script type=\"text/javascript\">
alert(\"Wrong Username or Password\");
</script>";
$db->disconnect();
$db->clear();
}
else
{
$db->fetchRow();
//Correct username but wrong password.
if($db->record['userName'] == $this->username)
{
if($db->record['userPass'] != $this->password)
{
echo "<script type=\"text/javascript\">
alert(\"Wrong Username or Password\");
</script>";
$sql3 = "UPDATE myuser SET ip_addr='".$this-
>ip_address."',fail_login_count=(fail_login_count+1)
WHERE userName='".$this->username."'";
mysql_query($sql3) or die(mysql_error());
}
else
{
$this->id = $db->record['ID'];
$sql4 = "SELECT * FROM subordinate_reporting WHERE
myuser_uid = '".$this->id."'";
$db->query($sql4);
if($db->record['active'] == 'Y')
{
session_destroy();
$db->disconnect();
header("Location: login2.php");
exit();
}
else if($db->resultCount() == 0)
{
echo "<script type=\"text/javascript\">
alert(\"".$db->record['real_name'].", You
are not authorized to access this page\");
</script>";
$db->clear();
}
else
{
echo "<script type=\"text/javascript\">
alert(\"Welcome ".$db-
>record['real_name'].". Your last access was
on ".$db->record['last_access']."\");
</script>";
$this->session($db);
}
}
}
}
}
}
//This function haven't use
function check_attempt($db)
{
$db->query("SELECT fail_login_count, last_fail_login_time FROM
myuser WHERE userName = ".$this->username."");
$db->fetchRow();
if($db->record['fail_login_count'] >= 3)
{
$db->query("UPDATE myuser SET blocked = 'Y',
last_fail_login_time = now()");
echo "<script type=\"text/javascript\">
alert(\"Your account has been blocked for 10 minutes due to
failed login attempts of 3 times\");
</script>";
}
if($db->record['blocked'] === 'Y')
{
if(($db->record['last_fail_login_time'] - time()) > 10)
{
$db->clear();
$db->query("UPDATE myuser SET last_fail_login_time = '1900-
01-01 00:00:00', fail_login_count = 0, blocked = 'N'");
}
else
{
$db->clear();
echo "<script type=\"text/javascript\">
alert(\"Please try again later\");
</script>";
}
}
}
function logout($db)
{
$sql = "UPDATE myuser SET session_ID = '', otp = '', active =
'N', last_active = '1900-01-01 00:00:00', lastLog = '1900-01-01
00:00:00' WHERE ID = ".$_SESSION['id']." AND
otp='".$_SESSION['otp']."'";
$db->query($sql);
echo $sql;
unset ($_SESSION['otp']);
unset ($_SESSION['loggedin']);
unset ($_SESSION['id']);
session_unset();
session_destroy();
$db->clear();
$db->disconnect();
header("Location: login2.php");
exit();
}
function session($db)
{
$_SESSION['loggedin'] = 1;
$_SESSION['id'] = $this->id;
$_SESSION['otp'] = trim(md5(time() .$_SESSION['id']));
$this->ip_address = $this->get_ip();
$this->sess_id = session_id();
$_SESSION['timeout'] = time();
$this->insert_session($db);
}
function logout_btn()
{
echo "<form name='logoutbtn' method='post' action=''>";
echo "\n <input type='hidden' name='action' value='logout'
/>";
echo "<input type='submit' id='button' value='Log Out' />";
echo "\n</form>";
}
function get_ip()
{
if(getenv('HTTP_CLIENT_IP'))
{
$ip = getenv('HTTP_CLIENT_IP');
}
else if(getenv('HTTP_X_FORWARDED_FOR'))
{
$ip = getenv('HTTP_X_FORWARDED_FOR');
}
else
{
$ip = getenv('REMOTE_ADDR');
}
return $ip;
}
}
In my normal html file
<?php
try
{
$prot = new protect();
if(!isset($_SESSION['loggedin']) || $_SESSION['loggedin']!=1)
{
echo "<script type=\"text/javascript\">
alert("Access Denied");
</script>";
}
}
catch (Exception $e)
{
$e->getMessage();
}
?>
<!DOCTYPE html>
<html>
</html>
<head>
</head>
<body>
$ved = new view_exit_docket($db, $_SESSION['id']);
$ved->check_app_uid($db);
$ved->display_table($db);
$prot->logout_btn();
</body>
</html>
If the log out button was not working, then surely you would not have been redirected - this implies that failures are occurring elsewhere.
I will assume that some of the stuff you have edited out of your code is critical to its operation (other wise it would not behave as you describe).
it'll redirect the user to the login page, but not updating the query
From the code you've shown us, the only route to the redirection is through executing the query. If the data was not changed, then the query failed.
1) You didn't tell us anything about the DB class.
2) You don't check the return value from $DB->query() nor poll the state of the operation from $DB after executing the query. If you had, you might have got an error message explaining the problem.
3) You didn't show us the SQL you are running (the most likely place where the fault lies).
4) You have not said what happened to the session data
My login of admin panel and member panel both works fine on local server, But on Live server member panel doesn't work. As admin and member panel both use same connection file so it means connection file works fine. More over when we fill wrong user or password it says
Invalid User or Password
But when we login with correct user or password it returns back with no indication of error.
My login file upper php part is:
<?php
include_once("../init.php");
$msg='';
?>
<?php
if(isset($_POST['click']))
{
$user = trim($_POST['user']);
$pass = trim($_POST['pass']);
if(($user =='' )|| ($pass=='')){
$msg ='Please enter username & password';
}else{
$npass = ($pass);
$qry = mysql_query("select * from user where user ='$user'");
if(mysql_num_rows($qry)==0) {
$msg ='Invalid UserName';
} else {
$res = mysql_fetch_array($qry);
if($res['pass']==$npass) {
$_SESSION['USE_USER'] = $res['user'];
$_SESSION['SID'] = $res['id'];
$_SESSION['USE_NAME'] = $res['fname'];
$_SESSION['USE_SPONSOR'] = $res['sponsor'];
$_SESSION['PACKAGE_AMT'] = $res['package_amt'];
$_SESSION['ADDRESS'] = $res['address'];
$_SESSION['PHONE'] = $res['phone'];
$_SESSION['JOIN_DATE'] = $res['join_date'];
header('location: main.php');
} else {
$msg ='Invalid Password';
}
}
}
}
?>
My header file main.php is
<?php
include_once("../init.php");
validation_check($_SESSION['SID'],MEM_HOME_ADMIN);
$msg='';
$dir ='../'.USER_PIC;
$sId = $_SESSION['SID'];
?>
Session is started from another file called function.php
<?php
function logout($destinationPath)
{
if(count($_SESSION))
{
foreach($_SESSION AS $key=>$value)
{
session_unset($_SESSION[$key]);
}
session_destroy();
}
echo "<script language='javaScript' type='text/javascript'>
window.location.href='".$destinationPath."';
</script>";
}
function validation_check($checkingVariable, $destinationPath)
{
if($checkingVariable == '')
{
echo "<script language='javaScript' type='text/javascript'>
window.location.href='".$destinationPath."';
</script>";
}
}
function realStrip($input)
{
return mysql_real_escape_string(stripslashes(trim($input)));
}
function no_of_record($table, $cond)
{
$sql = "SELECT COUNT(*) AS CNT FROM ".$table." WHERE ".$cond;
$qry = mysql_query($sql);
$rec = mysql_fetch_assoc($qry);
$count = $rec['CNT'];
return $count;
}
//drop down
function drop_down($required=null, $text_field, $table_name, $id, $name, $cond, $selected_id=null)
{
$qry = mysql_query("SELECT $id, $name FROM $table_name WHERE $cond ORDER BY $name ASC");
$var = '';
if(mysql_num_rows($qry)>0)
{
$var = '<select id="'.$text_field.'" name="'.$text_field.'" '.$required.'>';
$var .='<option value="">--Choose--</option>';
while($r = mysql_fetch_assoc($qry))
{
$selected = '';
if($selected_id==$r[$id]){
$selected = 'selected="selected"';
}
$var .='<option value="'.$r[$id].'" '.$selected.'>'.$r[$name].'</option>';
}
$var .='</select>';
}
echo $var;
}
function uploadResume($title,$uploaddoc,$txtpropimg)
{
$upload= $uploaddoc;
$filename=$_FILES[$txtpropimg]['name'];
$fileextension=strchr($filename,".");
$photoid=rand();
$newfilename=$title.$photoid.$fileextension;
move_uploaded_file($_FILES[$txtpropimg]['tmp_name'],$upload.$newfilename);
return $newfilename;
}
function fRecord($field, $table, $cond)
{
$fr = mysql_fetch_assoc(mysql_query("SELECT $field FROM $table WHERE $cond"));
return $fr[$field];
}
function get_values_for_keys($mapping, $keys) {
$output_arr = '';
$karr = explode(',',$keys);
foreach($karr as $key) {
$output_arr .= $mapping[$key].', ';
}
$output_arr = rtrim($output_arr, ', ');
return $output_arr;
}
function getBaseURL() {
$isHttps = ((array_key_exists('HTTPS', $_SERVER)
&& $_SERVER['HTTPS']) ||
(array_key_exists('HTTP_X_FORWARDED_PROTO', $_SERVER)
&& $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
);
return 'http' . ($isHttps ? 's' : '') .'://' . $_SERVER['SERVER_NAME'];
}
function request_uri()
{
if ($_SERVER['REQUEST_URI'])
return $_SERVER['REQUEST_URI'];
// IIS with ISAPI_REWRITE
if ($_SERVER['HTTP_X_REWRITE_URL'])
return $_SERVER['HTTP_X_REWRITE_URL'];
$p = $_SERVER['SCRIPT_NAME'];
if ($_SERVER['QUERY_STRING'])
$p .= '?'.$_SERVER['QUERY_STRING'];
return $p;
}
preg_match ('`/'.FOLDER_NAME.'(.*)(.*)$`', request_uri(), $matches);
$tableType = (!empty ($matches[1]) ? ($matches[1]) : '');
$url_array=explode('/',$tableType);
?>
Moreover I have created user id by words and time like LH1450429882 and column is verture type. I think this has no effect on login.
I think main errors come from function.php Sorry for a long code, but I tried to cover all parts of coding.
I am struggling with this code from a week. Thanks in advance for help.
This is probably a bug that error_reporting will show off. Always use it in development mode, to catch some carelessness errors and ensure the code's clarity.
ini_set('display_errors',1);
error_reporting(E_ERROR | E_WARNING | E_PARSE);
By implementing code ini_set('display_errors',1); error_reporting(E_ERROR | E_WARNING | E_PARSE); I got the error of header ploblem on line 6 in login php I have removed ?> and
Now my working code in login.php is
<?php
include_once("../init.php");
$msg='';
if(isset($_POST['click']))
{
$user = trim($_POST['user']);
$pass = trim($_POST['pass']);
if(($user =='' )|| ($pass=='')){
$msg ='Please enter username & password';
}else{
$npass = ($pass);
$qry = mysql_query("select * from user where user ='$user'");
if(mysql_num_rows($qry)==0) {
$msg ='Invalid UserName';
} else {
$res = mysql_fetch_array($qry);
if($res['pass']==$npass) {
$_SESSION['USE_USER'] = $res['user'];
$_SESSION['SID'] = $res['id'];
$_SESSION['USE_NAME'] = $res['fname'];
$_SESSION['USE_SPONSOR'] = $res['sponsor'];
$_SESSION['PACKAGE_AMT'] = $res['package_amt'];
$_SESSION['ADDRESS'] = $res['address'];
$_SESSION['PHONE'] = $res['phone'];
$_SESSION['JOIN_DATE'] = $res['join_date'];
header('location: main.php');
} else {
$msg ='Invalid Password';
}
}
}
}
?>
hello I am working on a project where i have to create a php login using a text file. I have the basic code laid out but when I put a username and password on file and try signing in, it does not work. I could really use some advise. thank you. The code below is my login php file.
<?php
session_start();
$User = $_GET["user"];
$Pass = $_GET["password"];
if (!strpos($User,"#")) {
$User = $User . "#etown.edu";
}
$Validuser = false;
$_SESSION["user"] = $User;
$_SESSION["pass"] = $Pass;
$_SESSION["login"]= $Validuser;
?>
<!DOCTYPE html>
<html>
<body>
<?php
print "<h2>Welcome $User</h2>";
$infile = fopen("account.txt","r");
$entry = fgets($infile);
while (!feof($infile)) {
$array = explode(" ",$entry);
if ($array[0] == $User){
$name = $array[0];
$code = $array[1];
$code = substr($code,0,strlen($code)-1);
}
$entry = fgets($infile);
}
print "Name: $name <br/>";
print "pass on file: $code <br />";
fclose($infile);
if ($name==$User && $code==$Pass)
$Validuser = true;
$_SESSION["login"] = $Validuser;
print "That's All!<br/>";
if ($Validuser) {
print "Welcome valid user<br/>";
}
else {
print "You are not a valid user. Go become one first!";
print '<script type="text/javascript">';
print ' //document.location = "register.html";';
print '</script>';
}
?>
</body>
</html>
try adding this
$User = isset($_GET["user"]) ? $_GET["user"] : '';
$Pass = isset($_GET["user"]) ? $_GET["password"] : '';
$name ='';
$code='';
i'm assuming your txt file is like this
ja#etown.edu 12345
ja2#etown.edu 12345
ja3#etown.edu 12345
I'm very new to php. I found some CMS like code for east text editing here on SO and now I'm trying to implement it on our micro site.
My problem is, that I want login error report to show on exact position on the page - just under the login button.
Can someone tell me how can I put that error report text whereever I want? I don't want to override it with CSS positioning.
In basic, I want to put that p class="error":
<?php
if (empty($_POST) && isset($_GET['action'])) {
$action = $_GET['action'];
switch ($action) {
case 'logout':
session_unset();
session_destroy();
break;
}
}
if (!isset($_SESSION['user'])) {
$user = '';
$pass = '';
if (isset($_POST['login'])) {
$user = strtolower(trim($_POST['user']));
$pass = $_POST['pass'];
$errors = array();
if ($user == '' || $user != '1') {
$errors['user'] = '';
}
if ($pass == '' || $pass != '1') {
$errors['pass'] = '';
}
if (empty($errors)) {
$_SESSION['user'] = $user;
} else {
echo '<p class="error">Insert correct ';
if (isset($errors['user']))
echo 'name';
if (count($errors) == 2)
echo ' a ';
if (isset($errors['pass']))
echo 'password';
echo '.</p>', "\n";
}
}
}
if (isset($_SESSION['user'])) {
$user = $_SESSION['user'];
?>
somewhere else in the whole code of my page. Do I need to cut out something from that php code, or do I need to write new part of code for that?
Thank you for you help, Matej
Instead of just doing 'echo' all over the place, which means you get output at the place where the PHP code is embedded in the page, set some flags/message variables to output later.
e.g.
<?php
$errors = false;
$msgs = '';
if (....) {
$errors = true;
$msgs = "something dun gone wrong";
}
?>
... various bits of your html go here ...
<?php if ($errors) { echo $msgs; } ?>
... more html here ...