Using a form that has a user submit his/her email and a php query of the database, I am hoping to generate a shuffled token, however, upon button click, the token is not displaying on the page. I have checked the connection to the database and it is successful. Code is as follows:
<?php
$servername = "localhost";
$username = "admin";
$password = "";
$database = "registration";
if (isset($_POST["forgotPass"])) {
$connection = new mysqli($servername, $username, $password, $database);
$email = $connection->real_escape_string($_POST["email"]);
$data = $connection->query("SELECT id FROM users WHERE email='$email'");
if ($data->num_rows > 0) {
$str = "0123456789qwertyuiopasdfghjklzxcvbnm";
$str = str_shuffle($str);
$str = substr($str, 0, 10);
echo $str;
} else {
echo "Please check your inputs!";
}
}
?>
<html>
<body>
<form action="forgotpassword.php" method="post">
<input type="text" name="email" placeholder="Enter Email Address..."><br>
<input type="button" name="forgotPass" value="Request Password" />
</form>
</body>
</html>
Thanks for any and all help/suggestions.
Related
I am making a panel with PHP. It contains a login script. It's working good, just what I expect. The next step is: Echo the username.
With $_POST you can echo the username what the person has typed. So, just like: Welcome, $username.
The problem now is, that I can't echo the $_POST. It's not possible because you will redirect to another page. My question is: How can I echo a username.
My login script:
<?php
//DATABASE CONNECTION
session_start();
$host = "localhost";
$username = "root";
$password = "root";
$database = "test_tutorial";
$message = "";
try {
$connect = new PDO("mysql:host=$host; dbname=$database", $username, $password);
$connect->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$fname = $_POST["fname"];
//LOGIN CHECK
if(isset($_POST["login"])) {
if(empty($_POST["fname"]) || empty($_POST["lname"])) {
echo 'All fields required';
}
else
{
$query = "SELECT * FROM users WHERE fname = :fname AND lname = :lname";
$statement = $connect->prepare($query);
$statement->execute(
array(
'fname' => $_POST["fname"],
'lname' => $_POST["lname"]
)
);
$count = $statement->rowCount();
if($count > 0)
{
//VISITED
header("Refresh:0; url=veilig.php");
//END
}
else
{
echo 'Wrong data';
}
}
}
}
catch(PDOException $error) {
$message = $error->getMessage();
}
?>
My form:
<form action="" method="post">
<label>fname</label>
<input type="text" name="fname" class="form-control" />
<br />
<label>lname</label>
<input type="password" name="lname" class="form-control" />
<br />
<input type="submit" name="login" value="Login" />
</form>
So, how can I echo a post if someone is redirected to another page?
You've already called session_start so you're ready to use the $_SESSION superglobal which will persist data for the user across all pages that call session_start first.
For example, here on index.php
<?php
session_start();
$_SESSION['username'] = 'Prabhjot.Singh';
header('Location: veilig.php');
Then later on veilig.php
<?php
session_start();
echo $_SESSION['username'];
Prabhjot.Singh
I have a little problem with my Login & Register System but I don't know where the problem is. When I press "Login" or "Register", the next page is white. I see only my message: "Try again!". I made 3 PHP files:
1) index.php
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<form action="logreg.php" metodh="post" accept-charset="utf-8">
<label>Username:</label><input type="text" name="username" placeholder="Username">
<br>
<label>Password:</label><input type="password" name="password" placeholder="Password">
<br>
<input type="submit" name="login" value="Login">
<input type="submit" name="register" value="Register">
</form>
</body>
</html>
I think the problem is in the next file:
2) logreg.php
<?php
$servername = "localhost";
$username = "alex";
$password = "calamar28";
$database = "register/login";
$conn = mysqli_connect($servername, $username, $password, $database );
if(!$conn){
die("Connection failde:".mysqli_connect_error());
}
if(isset($_POST["login"])) {
$user = $_POST['username'];
$pass = $_POST['password'];
$sql = "SELECT * FROM users WHERE username='$user' AND password='$pass';";
$result = mysqli_query($conn, $sql);
$count = mysqli_num_rows($result);
if ($count == 1)
{
header("Location: personal.php");
}
else
{
echo "Username or password is incorrect!";
}
}
else if(isset($_POST["register"])) {
$user = $_POST['username'];
$pass = $_POST['password'];
$sql = "INSERT INTO users (id, username, password) VALUES ('', '$user', '$pass')";
$result = mysqli_query($conn, $sql);
}
else
{
echo "Try again!";
}
?>
3) personal.php
<?php
if(isset($_POST["login"])){
echo "Welcome to you personal area !";
echo 'Your proiect';
}
else
{
echo "You are not logged in!";
}
?>
You will also need to set some session variables to carry through onto the personal.php page... This will help determine if the user has logged in successfully or not as the original posted data won't be transferred through when you redirect to this page... You'll want your logreg.php to be the following:
<?php
if (!isset($_SESSION)) {session_start();}
$servername = "localhost";
$username = "alex";
$password = "calamar28";
$database = "register/login";
$conn = mysqli_connect($servername, $username, $password, $database );
if(!$conn){
die("Connection failde:".mysqli_connect_error());
}
if(isset($_POST["login"])) {
$user = $_POST['username'];
$pass = $_POST['password'];
$sql = "SELECT * FROM users WHERE username='$user' AND password='$pass';";
$result = mysqli_query($conn, $sql);
$count = mysqli_num_rows($result);
if ($count == 1)
{
$_SESSION['loggedIn'] = 1;
header("Location: personal.php");
}
else
{
echo "Username or password is incorrect!";
}
}
else if(isset($_POST["register"])) {
$user = $_POST['username'];
$pass = $_POST['password'];
$sql = "INSERT INTO users (id, username, password) VALUES ('', '$user', '$pass')";
$result = mysqli_query($conn, $sql);
}
else
{
echo "Try again!";
}
?>
And then your personal.php page will change to the following:
<?php
if (!isset($_SESSION)) {session_start();}
if(isset($_SESSION["loggedIn"]) && ($_SESSION["loggedIn"] == 1) ){
echo "Welcome to you personal area !";
echo 'Your proiect';
}
else
{
echo "You are not logged in!";
}
?>
The Default Method for HTML Forms is GET. And in your HTML Code you wrote metodh instead of method. This would be ignored and then your method would automatically default to GET. Other than this, your PHP Code is fine.
Change your HTML Code to look something like below and everything should work fine as expected:
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<form action="logreg.php" method="post" accept-charset="utf-8">
<label>Username:</label><input type="text" name="username" placeholder="Username">
<br>
<label>Password:</label><input type="password" name="password" placeholder="Password">
<br>
<input type="submit" name="login" value="Login">
<input type="submit" name="register" value="Register">
</form>
</body>
</html>
Trying to create simple PHP login form that takes 'username' and 'password', if matched with 'dbusername' and 'dbpassword' the code should echo "You're Logged In!.
When I run the code, I get no errors.The page goes from login.php to process.php but shows a blank page. Doesn't show: echo "Incorrent username or password!" or "You're Logged In!".
I checked to see if its returning any rows from database. I'm getting 0 rows. But why?! Is my code logic incorrect? Because my database connection works AND I have a username: alex and password: abc in my database named phplogin and in table users
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$servername = 'localhost';
$username = 'root';
$password = '';
$dbname = 'phplogin';
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sql = "SELECT *
FROM users
WHERE username = '".$username."'
AND password = '".$password."'";
$result = mysqli_query($conn, $sql);
echo mysqli_num_rows($result); // I Checked to see if I was getting no rows. *I am getting 0 rows!!* But why?!
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
$dbusername = $row['username'];
$dbpassword = $row['password'];
//check to see if the match
if($username == $dbusername && $password == $dbpassword ) {
echo "You're Logged In!";
} if($username != $dbusername || $password != $dbpassword) {
echo "Incorrect password or username!";
} else {
die("That user doesn't exist!");
}
}
}
mysqli_close($conn);
?>
Here is my login.php page [form]
<html>
<form action="process.php" method="POST">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" value="Log In"><br>
</html>
Any ideas?
UPDATE 1: The issue was with my variables conflicting with database.
Now I am getting the following once I login and it has to do with the last statement on my process.php page:
Why is the final else statement printing on screen when Its logging in?
Change $username and $password to $uname and $pass as they are conflicting with database credentials
I highlighted in the code where to make changes
<?php
$uname = mysqli_real_escape_string($_POST['username']); //Change here
$pass = mysqli_real_escape_string($_POST['password']); //Change here
$servername = 'localhost';
$username = 'root';
$password = '';
$dbname = 'phplogin';
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
//Change Here
$sql = "SELECT * FROM users
WHERE username = '".$uname."'
AND password = '".$pass."'";
$result = mysqli_query($conn, $sql);
echo mysqli_num_rows($result); // I Checked to see if I was getting no rows. *I am getting 0 rows!!* But why?!
if (mysqli_num_rows($result) > 0) {
// output data of user
$row = mysqli_fetch_assoc($result);
$dbusername = $row['username'];
$dbpassword = $row['password'];
//check to see if the match
if($uname == $dbusername && $pass == $dbpassword ) { //Change Here
echo "You're Logged In!";
} if($uname != $dbusername || $pass != $dbpassword) { //Change Here
echo "Incorrect password or username!";
}
} else {
die("That user doesn't exist!");
}
mysqli_close($conn);
?>
and in your HTML missing </form>
<html>
<form action="process.php" method="POST">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<input type="submit" value="Log In"><br>
</form>
</html>
$username = $_POST['username'];
$password = $_POST['password'];
$servername = 'localhost';
$username = 'root'; //change this to another name like $db_username
$password = ''; //change this to another name like $db_password
$dbname = 'phplogin';
Please create a notepade++ dbconnection.php file and copy this code
<?php
mysql_connect("localhost","root","");
mysql_select_db("dabasename");
?>
----------------------------------------------------------
Please create a notepade++ index.php file and copy this code
<!DOCTYPE HTML>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<title></title>
<meta name = "viewport" content = "width=device-width,initial- scale=1" />
<link rel="shortcut icon" type = "image/jpg" href="images.jpg" />
<link rel="stylesheet" type = "text/css" href = "css/style.css" />
<link rel="stylesheet" type = "text/css" href = "css/bootstrap.css" />
<link rel="stylesheet" type = "text/css" href = "css/bootstrap.min.css" />
</head>
<body>
<div id = "container">
<div id = "login_header">
<div id = "login_text">YOur Title</div>
</div>
<div id = "login_content">
<img src = "images.jpg" width = "100%" height = "150px" />
<table width = "100%" style = "margin-top:25px;">
<form name = "frmLogIn" action = "login_check.php" method = "post">
<tr>
<td width = "10%"></td>
<td width = "20%">User Type</td>
<td width = "10%">:</td>
<td width = "50%">
<select name = "optUserType" class = "form-control">
<option></option>
<option>Admin</option>
<option>User</option>
<option>Guest</option>
</select>
</td>
<td width = "10%"></td>
</tr>
<tr>
<td width = "10%"></td>
<td width = "20%">Username</td>
<td width = "10%">:</td>
<td width = "50%"><input type = "text" name = "txtUsername" class = "form-control" /></td>
<td width = "10%"></td>
</tr>
<tr>
<td width = "10%"></td>
<td width = "20%">Password</td>
<td width = "10%">:</td>
<td width = "50%"><input type = "password" name = "txtPassword" class = "form-control" /></td>
<td width = "10%"></td>
</tr>
<tr><td colspan = "5"> </td></tr>
<tr><td colspan = "5" align = "center"><input type = "submit" name = "btnLogIn" value = "Log In" class = "btn btn-info" style = "width:100px;"/></td></tr>
</form>
</table>
</div>
<div id = "login_footer"></div>
</div>
</body>
</html>
-------------------------------------------------------------------
Please create a notepade++ login_check.php file and copy this code
<?php
session_start();
require('dbconnection.php');
if(isset($_POST['btnLogIn']))
{
$userType = mysql_real_escape_string($_POST['optUserType']);
$username = mysql_real_escape_string($_POST['txtUsername']);
$password = mysql_real_escape_string($_POST['txtPassword']);
$sql = "SELECT * FROM `tbl_user` WHERE user_type = '$userType' AND username = '$username' AND password = '$password'";
$query = mysql_query($sql);
$row = mysql_fetch_array($query);
if(mysql_affected_rows())
{
$_SESSION['user_code'] = $row['username'];
$_SESSION['password'] = $row['password'];
//header('Location:home.php');
echo "you have logged in";
}
else
{
//header('Location:home.php');
echo "you coud not logged in!";
}
}
?>
My script doesn't saves the value into a $_SESSION, how is that possible?
Whenever my users login, i try to place their username into a session.
My only problem is when i use var_dump($_SESSION['user_name']); to debug and reveal the current value on the end page, i just keep receiving NULL.
Could someone help me out?
Here is my code:
<? php
include_once('../db/config.php');
session_start();
$error = '';
if (isset($_POST['submit'])) {
if (empty($_POST['isamp_username']) || empty($_POST['isamp_password'])) {
$error = "Username or Password is invalid!";
} else {
$isamp = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
$username = stripslashes($username);
$password = stripslashes($password);
$username = $isamp - > real_escape_string($username);
$password = $isamp - > real_escape_string($password);
$username = $_POST['isamp_username'];
$nopassword = $_POST['isamp_password'];
$password_hash = hash('whirlpool', $nopassword);
$password = strtoupper($password_hash); // <- Also for the Register!
$sql = "select * from users where password='$password' AND username='$username'";
$result = $isamp - > query($sql) or trigger_error($isamp - > error." [$sql]"); /* i have added the suggestion from MY Common Sence */
if ($result - > num_rows == 1) {
$_SESSION['user_name'] = $username;
header("Location: ../../index.php");
} else {
$error = "Username or Password is invalid!";
}
$isamp - > close();
}
} ?>
My HTML:
<?php
include('login.php');
?>
<h2>iSAMP</h2>
<hr/>
<form action="" method="post">
<label>Username :</label>
<input type="text" name="isamp_username" id="name" placeholder="Username"/><br /><br />
<label>Password :</label>
<input type="password" name="isamp_password" id="isamp_password" placeholder="*******"/><br/><br />
<input type="submit" value=" Login " name="submit"/><br />
<span><?php echo $error; ?></span>
</form>
In your first php script, move the session_start() above the include statement.
In your html file, add session_start(); above the include statement.
So I have a simple database for logging in to my website, but i am having trouble with displaying whether or not a user has logged in.
session_start();
$username = $_POST['Username'];
$salt = substr($username, 0, 2);
$password = crypt($_POST['Password'], $salt);
$dbh = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbuser, $dbpass);
$query = $dbh->prepare("SELECT * FROM `7Ducklings` WHERE Username = ? AND Password = ?");
$array = array($username, $password);
$query->execute($array);
$numrows = $query->fetchColumn();
if($numrows == 1)
{
$_SESSION['Username'] = $username;
}else{
}
$dbh = null;
And i want this, if the user is logged in to replace the contents of this div tag:
<div id="duckdiv">
<form id="UserPass" method="POST" action="Check.php">
Username:<input type="text" placeholder="Username" name="Username">Password:<input type="password" placeholder="Password" name="Password">
<img src="ducklogin.png">
</form>
</div>
With this:
<p>"Welcome back:" $_SESSION['Username']</p>
How is this possible?
You have to start the session before using the $_SESSION superglobal array and before rendering any content.
session_start();
if($numrows == 1)
{
$_SESSION['Username'] = $username;
}
HTML view:
<?php if (isset($_SESSION['Username'])) : ?>
// render the welcome message
<?php else : ?>
// render the form
<?php endif ?>