this is my log in page. I can log in when I put the relevant username and password and can't log in if they do not match. but the thing is I still have the privilege of logging in when I do not enter any username, password and click on the log in button.
this is the index page
<html>
<head>
<title>Login</title>
<link rel="stylesheet" type="text/css" href="login.css">
</head>
<body>
<div class="login-page">
<form method="post" class="form" action="login.php">
<input type="text" id="user" name="user" placeholder="username"/>
<input type="password" id="pass" name="pass" placeholder="password"/>
<button type="submit" name="submit" id="btn">login</button>
</form>
</div>
</body>
</html>
this is login.php
<?php
//get values passe from form in login.php file
$username = $_POST['user'];
$password = $_POST['pass'];
//to prevent sql injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
//connect to the server and select database
mysql_connect("localhost","root","");
mysql_select_db('laboursalary');
//query the database for user
$result = mysql_query("SELECT * FROM login WHERE username= '$username' and password='$password'")
or die("Failed to query database" .mysql_error());
$row = mysql_fetch_array($result);
if ($row['username']==$username && $row['password']==$password) {
header("Location: ../projectdetails/index.php");
} elseif ($row['username']=="" && $row['password']==""){
echo "Failed to login";
} else {
echo "Failed to login";
}
?>
<?php
if(isset($_POST['submit']))
{
//get values passe from form in login.php file
$username = mysql_real_escape_string($_POST['user']);
$password = mysql_real_escape_string($_POST['pass']);
//connect to the server and select database
mysql_connect("localhost","root","");
mysql_select_db('laboursalary');
//query the database for user
$result = mysql_query("SELECT * FROM login WHERE username= '$username' and password='$password'");
$row = mysql_num_rows($result);
if($row == 1)
{
header("Location: ../projectdetails/index.php");
} else {
echo "Failed to login";
}
}
?>
Which means you are having a row with username and password empty. Delete those rows in the table and update the below code as well.
if ($username != "" && $password !=""){
//query the database for user
$result = mysql_query("SELECT * FROM login WHERE username= '$username' and password='$password'")
or die("Failed to query database" .mysql_error());
$row = mysql_fetch_array($result);
if ($row['username']==$username && $row['password']==$password) {
header("Location: ../projectdetails/index.php");
} else {
echo "Failed to login";
}
} else
echo "Failed to login";
}
Note: Also change your mysql connection to mysqli or PDO. Because it is deprecated in the latest PHP versions.
Related
I am trying to set up a login system but the page is not doing the validation of the user and passwors. I know is connecting to the database but it doesn't show any results after the for each statement.
I have two files one for the login form(login.php) and one for the login to the database(process.php).
Here is my code:
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
<title>Login Page</title>
</head>
<body>
<div>
<form action="process.php" method="POST">
<p>
<label>Username:</label>
<input type="text" id="user" name="user">
</p>
<p>
<label>Password:</label>
<input type="password" id="pass" name="pass">
</p>
<p>
<label>Username:</label>
<input type="submit" id="btn" value="Login">
</p>
</form>
</div>
</body>
</html>
Process.php
<?php
//Get values from login.php file
$username = $_POST['user'];
$password = $_POST['pass'];
//Stop SQL injection
/* $username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);*/
//Connect to the server and select database
$domainsn = 'mysql:host=localhost;dbname=login';
$username = 'root';
$password = 'costarica';
try {
$db = new PDO ($domainsn, $username, $password);
echo "Connected";
} catch (Exception $e) {
$error_message = $e->getMessage();
echo "Coudn't connect due to $error_message";
}
$query = "SELECT * FROM users WHERE username = '$username' AND password ='$password'";
$result = $db->query($query);
//echo "$result";
foreach ($result as $results) {
echo "$results";
echo $users['id'];
if ($results['username'] == $username && $results['password'] == $password) {
echo "Login success!!! Welcome ".$results['username'];
} else {
echo "failed try {} catch ( $e) {}";
}
}
?>`enter code here`
You can use this i hope it will help.
$query = "SELECT * FROM users WHERE username = '".$username."' AND password ='".$password."' ";
$result = $db->query($query);
if($result->num_rows>0){
// User exists
}else{
// User not exists.
}
I am working on login system. But, i cannot log in. I have set my database table.
login.php
<?php
session_start();
if(isset($_POST['login'])) {
include_once("db.php");
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
$sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
$query = mysqli_query($db, $sql);
$row = mysqli_fetch_array($query);
$id = $row['id'];
$db_password = $row['password'];
if($password == $db_password) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
header("Location: av_pocetna.html");
} else {
echo "You didn't enter the correct details!";
}
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<h1 style="font-family: Tahoma;">Login</h1>
<form action="login.php" method="post" enctype="multipart/form-data">
<input placeholder="Username" name="username" type="text" autofocus>
<input placeholder="Password" name="password" type="password">
<input name="login" type="submit" value="Login">
</form>
</body>
</html>
and this is db.php
<? php
$db=mysqli_connect('192.168.1.113:8080','root','hidden','av');
?>
connent of users table
id
username
password
Edit Edit
Copy Copy
Delete Delete
1
a
0cc175b9c0f1b6a831c399e269772661
Your form code look right. Just change like below your login.php code:-
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors',1);
$conn = mysqli_connect('host-name','user-name','password','database-name');
if($conn){
if(isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
$sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
$query = mysqli_query($db, $sql);
if($query){
$row = mysqli_fetch_array($query);
$id = $row['id'];
$db_password = $row['password'];
if($password == $db_password) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
header("Location: av_pocetna.html");
} else {
echo "You didn't enter the correct details!";
}
}else{
echo "query not executed because".mysqli_error($conn);
}
}
}else{
echo "db connection error".mysqli_connect_error();
}
?>
Note:- i have added connection code here only,so change the credentials there. And use this same code to check working or not?
Also if you are working on your local then change ip address to localhost and check. If it will work then it will work with include("db.php") too.I mean to say try with $conn = mysqli_connect('localhost','root','aleksandar','av');
Here is the working login.php
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors',1);
$conn = mysqli_connect('localhost','root','aleksandar','av');
$db = new mysqli('localhost','root','aleksandar','av');
if($conn){
if(isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
$sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
$query = mysqli_query($db, $sql);
if($query){
$row = mysqli_fetch_array($query);
$id = $row['id'];
$db_password = $row['password'];
if($password == $db_password) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
header("Location: av_pocetna.html");
} else {
echo "You didn't enter the correct details!";
}
}else{
echo "query not executed because".mysqli_error($conn);
}
}
}else{
echo "db connection error".mysqli_connect_error();
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<h1 style="font-family: Tahoma;">Login</h1>
<form action="login.php" method="post" enctype="multipart/form-data">
<input placeholder="Username" name="username" type="text" autofocus>
<input placeholder="Password" name="password" type="password">
<input name="login" type="submit" value="Login">
</form>
</body>
</html>
Oh Okay.
Lets try debugging one step at a time then.
In your db.php file, use this:
// Connecting to mysql database
$db = new mysqli('192.168.1.113:8080','root','hidden','av');
// Check for database connection error
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
If you get any error, please dump it here for debugging.
Updated.
// Connecting to mysql database
$db = new mysqli('localhost','root','hidden','av');
// Check for database connection error
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
I dont know what to do anymore, when i login it's cool and then when i return back it logs me out but cookies arent destroyed, i want on whatever page i go to stay logged on, and yep, SUBMIT buttons i can press it because when i log in its not hidden, please help, im on the edge of losing it, improve my code if its wrong, and i know it is
<?php
error_reporting(0);
$con = mysqli_connect("localhost","root","","samp");
if (mysqli_connect_errno())
{
echo "Failed to connect to the database: " . mysqli_connect_error();
die();
}
session_start();
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$userName = isset($_POST["username"]) ? $_POST["username"] : null;
$userPass = isset($_POST["password"]) ? $_POST["password"] : null;
$hashedPass = hash('whirlpool', $userPass);
$query = "SELECT Ime FROM Igraci WHERE Ime = '$userName' AND Lozinka = '$hashedPass'";
$result = mysqli_query( $con, $query);
$row = mysqli_fetch_array($result);
if($row)
{
$session = md5($userName.$hashedPass);
mysqli_query($con, "UPDATE Igraci SET session = '$session' WHERE Ime = '$userName' AND Lozinka = '$hashedPass'");
setcookie("login", $userName,time()+3600);
echo "You are now logged in with hash: ".htmlspecialchars($_COOKIE["login"]). ' logout?';
header('index.php');
}
else
{
die('Account has not been found.');
}
}
if(isset($_GET['logout']))
{
setcookie("login", "", time()-60);
exit(); # stop executing here
header('index.php');
}
if(isset($_COOKIE["login"]) && mb_strlen(isset($_COOKIE["login"]) == '32'))
{
$session = $con->real_escape_string($_COOKIE["login"]);
$query = "SELECT Ime FROM Igraci WHERE session = '$session' LIMIT 1";
$result = mysqli_query( $con, $query); $row = mysqli_fetch_array($result);
if($row['Ime'])
{
echo "User is already logged in with username ".$row['Ime']. " and hash: ".htmlspecialchars($_COOKIE["login"]). ' logout?';
exit();
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Roleplay Factory User Control Panel</title>
<link rel="stylesheet" type="text/css" href="style.css">
<link href='https://fonts.googleapis.com/css?family=Roboto:300' rel='stylesheet' type='text/css'>
</head>
<body>
<h1>Welcome, please login to your account.</h1>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="text" placeholder = "Username" name="username">
<input type="password" placeholder = "Password" name="password">
<input type="submit" name="login_button" value="Login">
</form>
<div class="footer">
<p>roleplay factory © 2016 all rights reserved</p>
</div>
</body>
</html>
update your code line
header('index.php');
to be
header('location:index.php');
Only the last line of if/else statement is working.
How do i solve this? the result is
Please enter a user name and password
the following is the php code :
<?php
session_start();
$username =#$_POST['username'];
$password =#$_POST['password'];
if ($username&&$password)
{
$connect = mysql_connect("localhost","root","")or die("Couldn't connect to the database!");
mysql_select_db("login") or die("Couldn't find database!");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if($numrows!==0)
{
while($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username==$dbusername&&$password==$dbpassword)
{
echo "Your are logged in!";
$_SESSION['username']=$username;
}
else
echo "Your password is incorrect!";
}
else
die("That user doesn't exists!");
}
else
die("Please enter a user name and password");
?>
This is what I've got as my HTML form:
<html>
<form action="loginpage.php" method="post">
Username: <input type="text" name"username">
<p>
Password: <input type="password" name"password">
<p>
<input type="submit">
</form>
</html>
<?php
session_start();
$username = #$_POST['username'];
$password = #$_POST['password'];
if (!empty($_POST['submit'])) {
$connect = mysql_connect("localhost", "root", "")or die("Couldn't connect to the database!");
mysql_select_db("login") or die("Couldn't find database!");
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if ($numrows > 0) {
while ($row = mysql_fetch_assoc($query)) {
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if ($username == $dbusername && $password == $dbpassword) {
echo "Your are logged in!";
$_SESSION['username'] = $username;
} else
echo "Your password is incorrect!";
} else
die("That user doesn't exists!");
}
else {
ECHO "Please enter a username and Password";
}
?>
<form method="post">
<input type="text" name="username">
<input type="text" name="password">
<input type="submit" name="submit" value="submit">
</form>
Try this But my suggestion would also be that you take if(!empty($_POST['submit'])) because when the document loads input fields will definitely be empty so it will go to the else part. where you have added the die code...avoid using die code in else use echo prompt there.
I am trying to create a login page using wamp server kindly help me with the following code
<?php
$host = "localhost";
$user = "root";
$pass = "";
$db ="test"; //database name
if(isset($_POST['username']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$sql ="SELECT * FROM users WHERE username ='$username' AND password ='$password'";
$result = mysqli_query($sql);
if(mysqli_num_rows($result==1))
{
echo "logged in successfully"."<br/>";
}
else
{
echo "invalid password or username retry";
}
}
?>
<html>
<head>
<title>login</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<form name="login" method="post" action="login.php">
Username <input type="text" name="username">
<br/><br/>
Password <input type="password" name="password">
<br/><br/>
<input type="submit" value="login" name="submit">
</form>
</body>
</html>
I think you had read some wrong articles and messed up .The correct code should be like this
$host = "localhost";
$user = "root";
$pass = "";
$db ="test"; //database name
// This line connects to DB
$con = mysqli_connect($host, $user, $pass,$db) or die ("Please check your server connection.") ;
if(isset($_POST['username']))
{
// use mysqli_real_escape_string to prevent SQL Injection
$username = mysqli_real_escape_string($con,$_POST['username']);
$password = mysqli_real_escape_string($con,$_POST['password']);
//write a query to select
$sql ="SELECT * FROM users WHERE username ='".$username."' AND password ='".$password."'";
//execute the written query using mysqli_query()
$result = mysqli_query($con,$sql);
//----------------------^----------- This is the missed parameter
//check the no of rows returned
if(mysqli_num_rows($result) == 1) { echo "logged in successfully"; }
else { echo "invalid password or username retry"; }
}
The line
if(mysqli_num_rows($result==1)) // You are passing boolean parameter here.
is incorrect
It should be:
if(mysqli_num_rows($result)==1) // You are passing result set here, which is expected.