I am trying to use session to display a possible error msg. In my auth_id.php file, I checked whether the input id and password posted from auth_form.php file are correct, if not $_SESSION['fail'] will be set to an error msg.
At the top of my auth_id.php file, I checked whether $_SESSION['fail'] was set, if so, display the error msg and then unset $_SESSION['fail'].
But this is not working like what I expected. The unset function does remove 'fail' from $_SESSION in the auth_form.php file, but it reappears after refreshing the page. Therefore, I always got the error msg after setting it for the first time.
I am not sure what's causing this problem, anyone has any ideas what I did wrong?
Thank you for your help!
auth_form.php:
<?php
session_start();
if (isset($_SESSION['fail'])) {
print($_SESSION['fail']);
unset($_SESSION['fail']);
}
?>
auth_id.php:
session_start();
$mode = $_SESSION['mode'];
if ($res->num_rows == 1) {
// unset($_SESSION['fail']);
$row = $res->fetch_assoc();
$db_password = $row['password'];
if ($password == $db_password) {
if ($mode == 'delete') {
$delete = "DELETE FROM guestbook WHERE ID = $ID";
$mysqli->query($delete);
$_SESSION['delete'] = $row['name'] . "\'s comment has been deleted.";
header("Location: list.php");
die();
}
$_SESSION['name'] = $row['name'];
$_SESSION['email'] = $row['email'];
$_SESSION['url'] = $row['url'];
$_SESSION['comments'] = $row['comments'];
header("Location: form.php");
die();
} else {
$_SESSION['fail'] = "Authentication failed.";
header("Location: auth_form.php");
die();
}
}
Related
As the title suggests I am trying to use the same .php page and have it display something new upon being redirected from a particular location.
In context...
I have a login which upon successful login redirects to a home page but if unsuccessful, redirects to the index. Is there a way that I can tell my index page to display an "Error logging in" message when it has been redirected from my login page?
Here is my login code...
<?php
session_start();
include('conn.php');
$query = "SELECT * FROM User";
$result = mysqli_query($conn, $query) or die(mysqli_error($conn));
if (isset($_POST["submit"])) {
$logEmail = $conn->real_escape_string($_POST['logEmail']);
$logPass = $conn->real_escape_string($_POST['logPass']);
$checkuser = "SELECT * FROM User WHERE Email='$logEmail' AND UserPassword=AES_ENCRYPT('$logPass', 'MyKey')";
$userresult = mysqli_query($conn, $checkuser) or die(mysqli_error($conn));
$loginsucc = (mysqli_num_rows($userresult) > 0);
if (mysqli_num_rows($userresult) > 0) {
while ($row = mysqli_fetch_assoc($userresult)) {
$userPriKey = $row['UserID'];
$userid = $row['Email'];
$accounttype = $row['IsAdmin'];
$firstname = $row['FirstName'];
$surname = $row['LastName'];
$_SESSION['userPriKey'] = $userPriKey;
$_SESSION['name'] = $firstname;
$_SESSION['surname'] = $surname;
$_SESSION['Email'] = $userid;
$_SESSION['IsAdmin'] = $accounttype;
if($accounttype == '1'){
header("Location: home.php");
}else if ($accounttype == '0'||$accounttype == NULL ) {
header("Location: userhome.php");
}
}
} else {
header("Location: index.php");
}
}
?>
Before you call header() set a session variable like so
$_SESSION['msg'] = 'success you are logged in';
header('Location: page.php');
exit;
Then in page.php,
session_start();
if (isset($_SESSION['msg'])) {
echo $_SESSION['msg'];
unset($_SESSION['msg']);
}
Also FYI, you should be using prepared statements. Your code is not totally safe
My cookies are not saving, I am using PHP 5.
Code:
require 'dbcon.php';
$sql = "SELECT * FROM accounts";
$result = $conn->query($sql);
$username = $_POST['username'];
$password = $_POST['password'];
$row = mysql_fetch_row($result);
setcookie("ID6", $row['ID'], time() + 60*60*24*31*12, "/") or die("Cookie could not be set. <a href='index.php'>Try again!</a>");
if(!isset($_POST['username']) || !isset($_POST['password'])) {
header("Location: index.php");
exit();
}
while($row = mysqli_fetch_assoc($result)) {
if($username == $row['username']) {
if($password == $row['password']) {
if($row['accdel'] == 1) {
echo("You are banned.");
exit();
}
echo "Logged in with cookie:" . $_COOKIE['ID6'];
exit();
}
else {
echo "The account does not exist, or you have put in the wrong log in.";
exit();
echo"That's not an account name though...";}
}
}
?>
Please help. Is the selected sql even a settable cookie value? (Please make it simple. I do not know much about php nor cookies.
https://www.jqueryscript.net/other/E-commerce-Cart-Plugin-For-jQuery.html
I tried save cookies with PHP many days never work.
Maybe try jquery.
The ID wasnt got from the database because it was not in the while loop.
I am currently working on a login page on wich i want the user to be redirected to another page if a boolean read from the database is set on true.
However, the header() in this if statement never redirects the user properly.
here is a sample of my code:
<?php
session_start();
include_once 'php/dbconnect.php';
//check if form is submitted
if (isset($_POST['login'])) {
$gebruikersnaam = mysqli_real_escape_string($con, $_POST['username']);
$password = mysqli_real_escape_string($con, $_POST['password']);
$result = mysqli_query($con, "SELECT * FROM users WHERE username = '" . $gebruikersnaam. "' and password = '" . md5($password) . "'");
if ($row = mysqli_fetch_array($result)) {
$_SESSION['usr_id'] = $row['id'];
if($row['initialised'] == true)
{
header("Location: dashboard.php");
exit();
}
else{
$_SESSION['usr_name'] = $row['username'];
$_SESSION['usr_company'] = $row['companyname'];
header("Location: starter-page.php");
exit();
}
} else {
$errormsg = "Incorrect Email or Password!";
}
}
?>
If i put the if condition on false. The second header with "location: strater-page.php" will redirect to the correct page.
I do not have any unnecessary whitespace.
Puttin:
error_reporting(E_ALL);
ini_set('display_errors', 1);
In the code doesn't show anything.
I am not outputting anything before the header...
Am i missing something?
try redirect using script
<?php
if($row['initialised'] == true)
{
echo ("<SCRIPT LANGUAGE='JavaScript'>
window.location.href='dashboard.php';
</SCRIPT>");
}
?>
Ok, this is my code for authentication. For now, i have one table and 5 PHP working scripts except this one. After successful login, user should be redirected to his home page, but the problem is, PHP echoes "Cannot login" error message regardless of login details. Heres the script:
session_start();
include_once'dbconnect.php';
if (isset($_SESSION['user']) != "") {
header ("Location: home.php");
}
if (isset($_POST['login'])) {
$email = mysql_real_escape_string($_POST['email']);
$pass = mysql_real_escape_string($_POST['pass']);
$sql = mysql_query("SELECT * FROM users WHERE email='".$email."'");
$num = mysql_fetch_assoc($sql);
if ($num['password'] == $pass)) {
$_SESSION['user'] = $num['user_id'];
header ("Location: home.php");
}
else {
echo "Cannot login";
}
}
Any hints ? Thank you
session_start();
include_once'dbconnect.php';
if (isset($_SESSION['user']) != "") {
header ("Location: home.php");
}
if (isset($_POST['login'])) {
$email = mysql_real_escape_string($_POST['email']);
$pass = mysql_real_escape_string($_POST['pass']);
$sql = mysql_query("SELECT * FROM users WHERE email='".$email."'");
$num = mysql_fetch_assoc($sql);
if(count($num)>0){
if ($num['password'] == $pass)) {
$_SESSION['user'] = $num['user_id'];
header ("Location: home.php");
}
else {
echo "Cannot login";
}
}else{
echo "Cannot login, email id not found";
}
}
Make sure you are getting password from the data base.
1.I think Your password encrypted in db.
2.Check it out it may be md5,sha etc.
3.If yes. Change Like this
if ($num['password'] == md5($pass)){
.
.
.
.
}
Hope It Helps..
Here is my issue I'm a bigger in PHP I have done a login page and it is working perfectly in my local machine But after uploading to Server its not working.
Session is created but redirection is not happening.
here is my code and any help is really appreciated.
if( isset($_POST['btn-login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
include 'connection.php';
$sql="SELECT * FROM user WHERE name = '$username' AND password = sha1('$password') AND status = '1'";
$result = mysql_query($sql);
$result = mysql_fetch_array($result);
$userId = '';
if( $result) {
$userId = $result['id'];
$_SESSION['userId'] = $userId;
if( $userId == 1) {
header("location:map.php");
} else if( $userId == 2){
header("location:admin/map-settings.php");
} else {
echo "<li class='loginError'>There is an Error in Login Please Contact Administrator</li>";
}
} else {
echo "<li class='loginError'>Invalid Username or Password</li>";
}
make sure to print_r($_SESSION)
If it did not give empty array, then your session is set.
now make sure nothing in your code started output before you set the "Location" header.
and you could use this to redirect your page
if (!headers_sent())
$filename="map.php";
header('Location: '.$filename);
else {
echo '<script type="text/javascript">';
echo 'window.location.href="'.$filename.'";';
echo '</script>';
echo '<noscript>';
echo '<meta http-equiv="refresh" content="0;url='.$filename.'" />';
echo '</noscript>';
}