I'm pretty new to php and have been trying to create a site using it. I have created a login page and am trying to provide the option to create a new user by inserting a username & pass into the DB. I feel like this is something simple that I'm missing but i'm not sure so hopefully someone can help :)
php ~
<?php
session_start();
unset($_SESSION["currentUser"]);
unset($_SESSION["currentUserID"]);
if (isset($_POST["action"]) && $_POST["action"]=="create") {
$formUserC=$_POST["name"];
$formPassC=$_POST["pword"];
include("dbConnect.php");
$dbQuery=$db->prepare("select * from users");
$newAcc = "INSERT INTO users (username, password) VALUES ('$formUserC', '$formPassC')";
if($newAcc){
echo "<p>Your account was successfully created.";
}
else{
echo "<p>Error</p>";
}
}
if (isset($_POST["action"]) && $_POST["action"]=="login") {
$formUser=$_POST["username"];
$formPass=$_POST["password"];
include("dbConnect.php");
$dbQuery=$db->prepare("select * from users where username=:formUser");
$dbParams = array('formUser'=>$formUser);
$dbQuery->execute($dbParams);
$dbRow=$dbQuery->fetch(PDO::FETCH_ASSOC);
if ($dbRow["username"]==$formUser) {
if ($dbRow["password"]==$formPass) {
$_SESSION["currentUser"]=$formUser;
$_SESSION["currentUserID"]=$dbRow["id"];
if (isset($_SESSION["homePage"]))
header("Location: addToBasket.php");
else header("Location: homePage.html");
}
else {
header("Location: login.php?failCode=2");
}
} else {
header("Location: login.php?failCode=1");
}
} else {
?>
html (mostly) ~
<html >
<head>
<meta charset="UTF-8">
<title>Flat HTML5/CSS3 Login Form</title>
<link rel="stylesheet" href="css/loginstyle.css">
</head>
<body>
<div class="login-page">
<div class="form">
<form class="register-form" name="create" method="post" action="login.php">
<input type="text" name="name" placeholder="name"/>
<input type="password" name="pword" placeholder="pword"/>
<input type="hidden" name="action" value="create">
<input type="submit" value="create"/>
<p class="message">Already registered? Sign In</p>
</form>
<form name="login" method="post" action="login.php">
<input type="text" name="username" placeholder="username"/>
<input type="password" name="password" placeholder="password"/>
<input type="hidden" name="action" value="login">
<input type="submit" value="login"/>
<p class="message">Not registered? Create an account</p>
</form>
<?php
if (isset($_GET["failCode"])) {
if ($_GET["failCode"]==1)
echo "<h3 style='color:red;'>Invalid username entered</h3>";
if ($_GET["failCode"]==2)
echo "<h3 style='color:red;'>Invalid password entered</h3>";
}
?>
</div>
</div>
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script src="js/loginindex.js"></script>
</body>
</html>
<?php
}
?>
P.S. some of it's code I nabbed from others. Thanks in advance.
Related
I am working on a web project where I want to move from one PHP page to another Php page if condition true...
In below login PHP page, I am getting username and password using $_POST[]. if both username and password got matched in (if statement) of current PHP login page then, I want to jump to another PHP page(choice.php) specified in header function below after if.
<html>
<body>
<head>
</head>
<form method="post" action="login.php">
<div id="div1">
<h1>welcome to bizdiary</h1>
<div id="div2">
<label >Username</label>
<input id="name" type="text" name="username" value=""
placeholder="username" />
<label >Password</label><input type="text" name="password" value=""
placeholder="password"/>
<input type='submit' name="login" value="login" >
</form>
<?php
if(isset($_POST['submit'])){
$username=$_POST['username'];
$password=$_POST['password'];
if($username=='root' && $password=='tiger'){
header( "Location:http://localhost/bizdiary/choice.php" ); die;
}
}
?>
This code should work:
The HTML in top of the file.
Remove the action in your form.
<?php
if(isset($_POST['submit'])){
$username=$_POST['username'];
$password=$_POST['password'];
$host = $_SERVER['HTTP_HOST'];
// Put in here the conditional that the request need to accomplish to redirect.
if($username=='root' && $password=='tiger'){
header("Location: http://{$host}/choice.php");
}
}
?>
<html>
<body>
<head>
</head>
<body>
<form method="post">
<div id="div1">
<h1>welcome to bizdiary</h1>
<div id="div2">
<label >Username</label>
<input id="name" type="text" name="username" value="" placeholder="username" />
<label >Password</label>
<input type="text" name="password" value="" placeholder="password"/>
<input type='submit' name="login" value="login" >
</form>
</body>
</html>
You should mysql control. Example
if ($_POST){
$username = htmlspecialchars($_POST['username']);
$password = htmlspecialchars($_POST['password']);
if (empty($username) or empty($password)){
echo 'Don't leave blank.';
}else {
$user = mysql_query('SELECT * FROM user WHERE username = "'.$username.'" AND password = "'.$password.'"');
if (mysql_num_rows($user)){
header('Location: asd.php');
}else {
echo 'Didn't find user.';
}
}
}
After clicking on the login button it remains on the same page and it does not give nay output for example:if i put in a wrong userid or password it should echo something but it does not echo anything and stays the same
the code for LOGIN.PHP FILE is:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>title of the document</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<form action"signin.php" method="POST">
<input type="text" name="uid" placeholder="Username"><br>
<input type="password" name="password" placeholder="PAssword"><br>
<button type="submit">SIGN IN</button><br>
</form>
<br><br><br><br>
<form action="signup1.php" method="POST">
<input type="text" name="firstname" placeholder="Firstname"><br>
<input type="text" name="lastname" placeholder="Lastname"><br>
<input type="text" name="uid" placeholder="Username"><br>
<input type="password" name="password" placeholder="PAssword"><br>
<button type="submit">SIGN UP</button><br>
</form>
</body>
</html>
the signin.php file is:
<?php
include 'dbh1.php';
$userid=$_POST['uid'];
$pwd=$_POST['password'];
$sql="select * from userlogin where uid='$userid' AND password='$pwd'";
$result = $conn->query($sql);
if (!$row = $result->fetch_assoc())
{
echo "YOU ARE NOT LOGGED IN INCORRECT CREDENTIALS!!";
}
else {
echo "SUCCESFULLY LOGGED IN!!";
}
I have tried this and it is working. Here learn prepared statements
<form action"signin.php" method="POST">
<input type="text" name="uid" placeholder="Username"><br>
<input type="password" name="password" placeholder="PAssword"><br>
<input type="submit" value="Sign In" />
</form>
<?php
include 'database.php';
$userid=$_POST['uid'];
$pwd=$_POST['password'];
$stmt = $conn->prepare("select * from userlogin where uid=? AND password=?");
$stmt->bind_param("ss",$userid, $pwd);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
$stmt->close();
With prepared statements you have achieved a lot of things. Just try to check it.
Hi friends am trying to redirect a page once user logged in by using heade location but its not working unable to understand why..
Here is code..
<?php include "config.php"; ?>
<?php session_start();
error_reporting(0);
ini_set('display_errors', 0);
if(isset($_SESSION['username'])){
header("Location: user_details.php");
}
?>
Here is my html login with php
<html>
<head>
</head>
<body>
<div id="form">
<form action="" method="POST">
<div class="login-block">
<h1>Login</h1>
<input type="text" value="" placeholder="Username" id="username" name="user"/>
<input type="password" value="" placeholder="Password" id="password" name="pass"/>
<button type="submit" id="btn" value="Login" name="login">Submit</button>
<?php
if(isset($_POST['login']))
{
$username=$_POST['user'];
$password=$_POST['pass'];
$username=mysqli_real_escape_string($conn,$username);
$password=mysqli_real_escape_string($conn,$password);
$password=md5(mysqli_real_escape_string($conn,$password));
$query="SELECT * FROM user WHERE username = '{$username}' and password='{$password}'";
$select_user_query=mysqli_query($conn,$query);
if(!$select_user_query)
{
die("Connection failed".mysqli_error($conn));
}
while($row=mysqli_fetch_array($select_user_query))
{
$db_user_id=$row['id'];
$_SESSION['username']=$row['username'];
$db_user_email=$row['email'];
$db_user_password=$row['password'];
}
if($username === $_SESSION['username'] && $password ===$db_user_password)
{
header("location: titles.php");
}
else
{
echo "<p style='color:#FF7B81'> enter correct username and password <p>";
}
}
?>
</div>
</form>
</div>
Can anyone help me how can I redirect. I have used the echo statement after the heade location only I have tried both 'L' and 'l' in Location
This line will never work:
header("location: titles.php");
as headers must be sent before any form of output. It's usually common practice to place the isset($_POST['submit']) above the HTML block, and assign vars you might want to put into the HTML for later use.
Try reformatting your code as such:
<?php
if(isset($_POST['login']))
{
$username=$_POST['user'];
$password=$_POST['pass'];
$username=mysqli_real_escape_string($conn,$username);
$password=mysqli_real_escape_string($conn,$password);
$password=md5(mysqli_real_escape_string($conn,$password));
$query="SELECT * FROM user WHERE username = '{$username}' and password='{$password}'";
$select_user_query=mysqli_query($conn,$query);
if(!$select_user_query)
{
die("Connection failed".mysqli_error($conn));
}
while($row=mysqli_fetch_array($select_user_query))
{
$db_user_id=$row['id'];
$_SESSION['username']=$row['username'];
$db_user_email=$row['email'];
$db_user_password=$row['password'];
}
if($username === $_SESSION['username'] && $password ===$db_user_password)
{
header("location: titles.php");
}
else
{
$error = "<p style='color:#FF7B81'> enter correct username and password <p>";
}
}
?>
<html>
<head>
</head>
<body>
<div id="form">
<form action="" method="POST">
<div class="login-block">
<h1>Login</h1>
<input type="text" value="" placeholder="Username" id="username" name="user"/>
<input type="password" value="" placeholder="Password" id="password" name="pass"/>
<button type="submit" id="btn" value="Login" name="login">Submit</button>
<?PHP if(isset($error)){ echo $error; } ?>
</div>
You also need to call:
session_start()
before you can assign any session vars.
<html>
<head>
</head>
<body>
<div id="form">
<form action="" method="POST">
<div class="login-block">
<h1>Login</h1>
<input type="text" value="" placeholder="Username" id="username" name="user"/>
<input type="password" value="" placeholder="Password" id="password" name="pass"/>
<button type="submit" id="btn" value="Login" name="login">Submit</button>
<?php
if(isset($_POST['login']))
{
$username=$_POST['user'];
$password=$_POST['pass'];
$username=mysqli_real_escape_string($conn,$username);
$password=mysqli_real_escape_string($conn,$password);
$password=md5(mysqli_real_escape_string($conn,$password));
$query="SELECT * FROM user WHERE username = '{$username}' and password='{$password}'";
$select_user_query=mysqli_query($conn,$query);
if(!$select_user_query)
{
die("Connection failed".mysqli_error($conn));
}
while($row=mysqli_fetch_array($select_user_query))
{
$db_user_id=$row['id'];
$_SESSION['username']=$row['username'];
$db_user_email=$row['email'];
$db_user_password=$row['password'];
}
if($username === $_SESSION['username'] && $password ===$db_user_password)
{
//header("location: titles.php");
echo "<script>window.location.href='titles.php'</script>";
}
else
{
echo "<p style='color:#FF7B81'> enter correct username and password <p>";
}
}
?>
</div>
</form>
</div>
Try This
You have to start object.
// Add this start of file after <?php
ob_start();
I was trying to make a website that authenticates with the local unix accounts of the server but pam_auth always returns false i.e. I always get Welcome error when I submit the form.
Here is my code:
<html>
<body>
<form id="a" method="post" action="welcome.php">
<input name="user" type="text">
<input name="pass" type="password">
<button type="submit">
</form>
</body>
</html>
welcome.php:
<html>
<body>
<p>Welcome
<?php
if(pam_auth($_POST['user'], $_POST['pass'])) {
echo $_POST['user'];
} else {
echo "error";
}
?></p>
</body>
</html>
Any replies are much appreciated.
I'm creating a website which allows users to register an account and login with it. Now, I would like for them to be able to update their particulars like username and email. I've followed a guide here as I happened to be using the same code as him in register.php however it did not work. I'm quite a beginner in php so please bear with me! Help is appreciated.
register.php
<?php
if(!empty($_POST['username']) && !empty($_POST['password']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));
}
$email = mysql_real_escape_string($_POST['email']);
$checkusername = mysql_query("SELECT * FROM users WHERE username = '".$username."'");
if(mysql_num_rows($checkusername) == 1)
{
echo "<h1>Error</h1>";
echo "<p>Sorry, that username is taken. Please go back and try again.</p>";
}
else
{
$registerquery = mysql_query("INSERT INTO users (username, password, email) VALUES('".$username."', '".$password."', '".$email."')");
if($registerquery)
{
echo "<h1>Success</h1>";
echo "<p>Your account was successfully created. Please click here to login.</p>";
}
else
{
echo "<h1>Error</h1>";
echo "<p>Sorry, your registration failed. Please go back and try again.</p>";
}
}
?>
<h1>Register</h1>
<p>Please enter your details below to register.</p>
<form method="post" action="register.php" name="registerform" id="registerform">
<fieldset>
<label for="username">Username:</label><input type="text" name="username" id="username" /><br />
<label for="password">Password:</label><input type="password" name="password" id="password" /><br />
<label for="email">Email Address:</label><input type="text" name="email" id="email" /><br />
<input type="submit" name="register" id="register" value="Register" />
</fieldset>
</form>
</div>
</body>
</html>
When I enter editprofile.php, the page is blank. this is my editprofile.php
<?php
include "base.php";
session_start();
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['username']))
{
$nameuser = $_SESSION['username'];
$checkinfo = mysql_query("SELECT * FROM users WHERE username = '$nameuser'");
while($results = mysql_fetch_array($checkinfo,MYSQL_ASSOC)) {
$id = $results['id'];
$username = $results['username'];
$email = $results['email'];
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$editNAME=$_POST['username'];
$editEMAIL=$_POST['email'];
$editID=$_POST['id'];
$editquery = mysql_query("UPDATE users SET username='$editNAME' , email='$editEMAIL' WHERE id='$editID'");
if($editquery)
{
echo "<b>Success!</b>";
echo "Your profile was successfully updated. Please click here to view.";
}
else
{
echo "<b>Error</b>";
echo "<p>Sorry, your profile update failed. Please go back and try again.</p>";
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Edit Profile</title>
<link rel="stylesheet" href="styles.css" type="text/css" />
</head>
<body>
<form method="post" action="editprofile.php" name="editform" id="editform">
<p>Username: <input type="text" name="username" id="username" value="<?php echo $username; ?>" /></p>
<p>Email Address : <input type="email" name="email" id="email" value="<?php echo $email; ?>"></p>
<input type="submit" name="save" value="Save"/>
<input type="hidden" name="id" value="<?php echo $id; ?>" />
</form>
</body>
<?php
include "base.php";
session_start();
?>
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['username']))
{
$nameuser = $_SESSION['username'];
$checkinfo = mysql_query("SELECT * FROM users WHERE username = '$nameuser'");
while($results = mysql_fetch_array($checkinfo,MYSQL_ASSOC)){
$id = $row['id'];
$username = $row['username'];
$email = $row['email'];
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$editNAME=$_POST['username'];
$editEMAIL=$_POST['email'];
$editID=$_POST['id'];
$editquery = mysql_query("UPDATE users SET username='$editNAME' , email='$editEMAIL' WHERE id='$editID'");
if($editquery)
{
echo "<b>Success!</b>";
echo "Your profile was successfully updated. Please click here to view.";
}
else
{
echo "<b>Error</b>";
echo "<p>Sorry, your profile update failed. Please go back and try again.</p>";
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Edit Profile</title>
<link rel="stylesheet" href="styles.css" type="text/css" />
</head>
<body>
<form method="post" action="editprofile.php" name="editform" id="editform">
<p>Username: <input type="text" name="username" id="username" value="<?php echo $username; ?>" /></p>
<p>Email Address : <input type="email" name="email" id="email" value="<?php echo $email; ?>"></p>
<input type="submit" name="save" value="Save"/>
<input type="hidden" name="id" value="<?php echo $id; ?>" />
</form>
</body>
you try this....
Not 100% sure but you try..