This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
I am having great problem fixing this issue here and i am not very familiar with php. I don't see any problem missing in the code. I have searched and spent a really long time on this. However, it just keeps changing from one to another issue. the error that appears looks like this,
Undefined variable: password in /home2/abdi/public_html/phpinfo.php/login files/login.php on line 19
here is the actual code
<?php error_reporting(E_ALL); ini_set('display_errors', 1); session_start(); //connect to database $db=mysqli_connect("localhost","abdi_yae","abdi_yae123","abdi_ya"); if(isset($_POST['login_btn'])) { addslashes(trim($_POST['username'])); addslashes(trim($_POST['password'])); //$username=mysqli_real_escape_string($_POST['username']); // $password=mysqli_real_escape_string($_POST['password']); $password=md5($password); //Remember we hashed password before storing last time $sql="SELECT * FROM users WHERE username='$username' AND password='$password'"; $result=mysqli_query($db,$sql); if(mysqli_num_rows($result)==1) { $_SESSION['message']="You are now Logged In"; $_SESSION['username']= $username; header("location:home.php"); } else { $_SESSION['message']="Username and Password combiation incorrect"; } } ?>
You need to set password variable for this.
$password = $_REQUEST['pass_text_name'];
<?php error_reporting(E_ALL);
ini_set('display_errors', 1);
session_start(); //connect to database
$db=mysqli_connect("localhost","abdi_yae","abdi_yae123","abdi_ya");
if(isset($_POST['login_btn'])) {
$username = addslashes(trim($_POST['username']));
//addslashes(trim($_POST['password']));
//$username=mysqli_real_escape_string($_POST['username']);
// $password=mysqli_real_escape_string($_POST['password']);
$password=md5($_POST['password']); //Remember we hashed password before storing last time
$sql="SELECT * FROM users WHERE username='$username' AND password='$password'";
$result=mysqli_query($db,$sql);
if(mysqli_num_rows($result)==1)
{
$_SESSION['message']="You are now Logged In";
$_SESSION['username']= $username;
header("location:home.php");
}
else
{
$_SESSION['message']="Username and Password combiation incorrect";
}
}
?>
Check Now Buddy. It's Done
Related
When I coded my php login system (In MySQLi), I get an error that do not actually checks if username or password is wrong, idk what to do abot this. Please help me out here.
<?php
// If logged in
if(isset($_SESSION['user_id'])) {
header('Location: index.php');
}else {}
//error_reporting(0);
//MySQLi Login form
//Database connection
$con = mysqli_connect('localhost', 'root', '', 'console');
//Actual Login form
if(isset($_POST['login'])) {
session_start();
//Explainging details
$username = $_POST['username'];
$password = $_POST['password'];
//Fetching data
$result = $con->query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$row = $result->fetch_array(MYSQLI_BOTH);
//Logging in
$_SESSION['user_id'] = $row['user_id'];
header('Location: index.php');
}else{
$wrong = 'Username or password is wrong';
}
?>
Also i got a check.php that redirects you to /notloggedin.php if not logged in, but IF the user is logged in it will display their User_ID, but when user logsIn with wrong details then go to check.php it does not show anything and it does not redirect the users to /notloggedin.php.
So what do I do with that? Is there something I forgot to add, or something i did wrong???Can you write a example if you have any ideas?? Thanks.
EDIT:
Now instead of using MySQLi I got an idea from #christoandrew, so i made everything into functions. What the functions tells the system to do is its gonna check for the username first, if the username exists its gonna make a $_SESSION()for the username. Then again using the $_SESSION() to find the User_ID to the username then its gonna look for the password for the same User_ID. Then when its checked everything it will destroy all 'Sessions' it made and create a $_SESSION() for all information like User_ID, Email, Username, Password, Etc... Thanks for all the help i got in my way!
if(isset($_POST['login'])) {
session_start();
//Explainging details
$username = $_POST['username'];
$password = $_POST['password'];
//Fetching data
$result = $con->query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$row = $result->fetch_array(MYSQLI_BOTH);
// Try checking if there are actually rows that are returned
// If the rows are greater than zero then the user exists else the
// user supplied wrong credentials
if(mysqli_num_rows($row) > 0){
//Logging in
$_SESSION['user_id'] = $row['user_id'];
header('Location: index.php');
}else{
$wrong = 'Username or password is wrong';
}
// The else block below is not necessary and the validation is misplaced
}
you need start the session:
session_start();
Here is my code that I made when I tried to make a login page to my site. I get wrong details everytime I try to login, I have checked the details several times so that they match, I do get a clear dbconnection so there is not a problem with that either. I do not have an md5 encryption so that I have thought of too... I use LONGTEXT as datatype in my mysql database for storage of name and password. I got 3 rows of information in the table users of the database. ID, Name, password, named exactly as I have written.
I hope this was enough information to get some help?
Thanks in advance!
<?php
session_start();
include_once 'dbconnect.php';
if(isset($_SESSION['user'])!=""){
header("Location: index.php");
}
if(isset($_POST['login'])){
$email = mysql_real_escape_string($_POST['email']);
$upass = mysql_real_escape_string($_POST['pass']);
$res = mysql_query("SELECT * FROM users WHERE Name='$email'");
$row = mysql_fetch_array($res);
if($row['password']==$upass){
$_SESSION['user'] = $row['user_id'];
header("Location: index.php");
} else {
?>
<script>alert('wrong details');</script>
<?php
}
}
?>
You don't need to do this because will not pass this to the query anyway.
$upass = mysql_real_escape_string($_POST['pass']);
The value of the password is not equal to the value of the escaped password. So this will not be accurate.
if($row['password']==$upass){}
You could just do something like
if($row['password']==$_POST['pass']){}
I would suggest following fixes to your script..
1) Make sure that the name should be unique in your db table..
e.g. if some one has already registered with name as "admin" then do not allow any other person use that as username( or name in your case) to use.
2) Check name and password both in the query it self.
See the below modified code..
<?php
session_start();
include_once 'dbconnect.php';
if(isset($_SESSION['user'])!="")
{
header("Location: index.php");
}
if(isset($_POST['login']))
{
$email = mysql_real_escape_string($_POST['email']);
$upass = mysql_real_escape_string($_POST['pass']);
$res = mysql_query("SELECT * FROM users WHERE Name='$email' AND password = '$upass' ");
if($res) // check if there is any error in the query
{
if(mysql_num_rows($res) == 1) // check for the number of Name - password pair
{
$row = mysql_fetch_array($res);
$_SESSION['user'] = $row['user_id'];
header("Location: index.php");
}
else
{
?>
<script>alert('wrong details');</script>
<?php
}
}
else
{
echo "Error while log in: ".mysql_error();
}
}
?>
Note:
1) Stop using mysql_. They are deprecated Use mysqli_ or PDO
2) Make sure that you have used proper columns names in PHP code, similar to those in the db table.
Please help me. I got this error everytime I tried to login. - "This webpage has a redirect loop ERR_TOO_MANY_REDIRECTS"
Please help me and I'll appreciate your help very much. thanks.
This is my index.php
<?php
include('login.php'); // Includes Login Script
?>
This is my login.php
<?php
session_start();
$error = "";
if (isset($_POST['submit'])) {
if (empty($_POST['email']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
} else {
// Define $username and $password
$usernameLogin = $_POST['email'];
$passwordLogin = $_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect("localhost", "apple", "Apple318992");
// To protect MySQL injection for Security purpose
$username = stripslashes($usernameLogin);
$password = stripslashes($passwordLogin);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// Selecting Database
$db = mysql_select_db("TS", $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from Users where password='$password' AND email='$usernameLogin'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user'] = $usernameLogin; // Initializing Session
} else {
$error = "Username or Password is invalid";
}
}
}
if (isset($_SESSION["login_user"])) {
header("Location:timesheets.php");
}
?>
This is my session.php
<?php
include ('DBConnect.php');
session_start(); // Starting Session
// Storing Session
$user_check = $_SESSION['login_user'];
// SQL Query To Fetch Complete Information Of User
$ses_sql = mysql_query("select email from Users where email='$user_check'", $conn);
$row = mysql_fetch_assoc($ses_sql);
$login_session = $row['email'];
if (!isset($login_session)) {
mysql_close($conn); // Closing Connection
header('Location: index.php'); // Redirecting To Home Page
}
?>
instead of : header('Location: index.php');
try to do it with javascript :
echo '< script> document.location.href="index.php"< /script>';
In your session.php you have to destroy the session because it might be set still but without that the query can find a existing user?
To unset sessions do this:
unset(); for all the session variables unset($_SESSION['login_user']); for a specific session
Please put that before redirecting to index.php.
Otherwise I don't know how to help you sorry.
Also do you have php error / debug enabled? Normally session_start(); should be at very first line in your php file if I am correct, or it throws error.
I'm trying to log in to my site, I'm looking at the database and the username/password are correct. When logging in I should be greeted by ja message that says "Welcome Ryemck" as "Ryemck" is my username, but this could be replaced by any username that is logged in. Here's the code to show that:
<td>Welcome </td>
<td><i><?php echo $username ['username']; ?></i></td>
However, instead of that nice message I get "Notice: Undefined variable: username ", I assume this is because the username isn't being set as the variable as it should in this code.
$username=$_POST['username'];
I also have this code that SHOULD give me the error if no username/password are entered, but it doesn't, so this doesn't work. is "session_start();" not the correct session code?
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
EDIT
<?php
session_start(); // Starting Session
echo "hello";
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
echo "hello";
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($username);
$password = mysqli_real_escape_string($password);
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "root", "");
// Selecting Database
$db = mysqli_select_db("game", $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = mysqli_query("select * from login where password='$password' AND username='$username'", $connection);
$rows = mysqli_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: header.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysqli_close($connection); // Closing Connection
}
}
?>
Change it to:
<td><i><?php echo $username; ?></i></td>
$username is not an array , gli must write :
<td>Welcome </td>
<td><i><?php echo $username ; ?></i></td>
I am not sure if i am reading this right are you looking to start a new session at the top of the page and the store values in that session?.
if you place something like the following at the top of your page it will remember sessions variables
if(!isset($_SESSION)){session_start());
You would then assign to a session variable using
$_SESSION["userName"] = $_POST["userName"];
To tell if its be set to grant access to a admin console you could do something like
if(isset($_SESSION["userName"]) && $_SESSION["userName"] != '')
the above means that the variable has been set but you would probably wrap the session userName in a db function to check for valid logins.
The button I was clicking was set to "login" whereas the isset was set to "submit".
Simply changing the words solved it.
I'm relatively new to php, and I'm trying to write a really simple login script. I've got the basic functionality down, but I can't login to the system. My login script is below, and my registration script is below as well.
checklogin.php
include_once 'inc/db.inc.php';
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));
try {
$sql="SELECT id, username, password FROM users WHERE username='$username' and password='$password'";
$result = $pdo->query($sql);
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count == 1){
// Register $username, $password and redirect to file "index.php"
session_register("username");
session_register("password");
header("Location: index.php");
}
else {
header("Location: login.php?invalid=1");
}
}
catch (PDOException $e) {
echo $e;
}
ob_end_flush();
?>
checkreg.php
include_once 'inc/db.inc.php';
//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['password'] | !$_POST['passwordconf'] ) {
die('You did not complete all of the required fields');
}
if ($_POST['password'] != $_POST['passwordconf']) {
die('Your passwords did not match. ');
}
$_POST['password'] = md5($_POST['password']);
if (!get_magic_quotes_gpc()) {
$_POST['password'] = addslashes($_POST['password']);
$_POST['username'] = addslashes($_POST['username']);
}
$username = $_POST['username'];
$password = $_POST['password'];
try {
// now we insert it into the database
$sql = "INSERT INTO users(username,password) VALUES ('$username','$password')";
$result = $pdo->exec($sql);
header("Location: index.php");
} catch (PDOException $e){
echo $e;
}
?>
I know that the registration is writing to the database, but everytime I attempt a valid login I receive my invalid credentials flag. Anything you can do to help me would be awesome. Thank you.
Your issue could be with session_register(), depending on the version of PHP you're using. Try putting
session_start();
At the top of checklogin.php, then using
...
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
...
instead of session_register().
First you should clear some things out:
1.
if (!$_POST['username'] | !$_POST['password'] | !$_POST['passwordconf'] ) {
die('You did not complete all of the required fields');}
it should be && and not |.
In your code there's nowhere to check if username exists or not, so i'm guessing that you have multiple users with the same username. Before inserting in your checkreg.php, you should fist check if the username exists or not.
in your checklogin.php change if($count == 1) to if($count > 0)
If this not helped could you give me more information like database data (the data that is in your database now)
<?php
// Use of session_register() is deprecated
$barney = "A big purple dinosaur.";
session_register("barney");
// Use of $_SESSION is preferred, as of PHP 4.1.0
$_SESSION["zim"] = "An invader from another planet.";
// The old way was to use $HTTP_SESSION_VARS
$HTTP_SESSION_VARS["spongebob"] = "He's got square pants.";
?>
Warning:
This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.
Couple of things to try:
1) The session_register function call is deprecated. http://php.net/manual/en/function.session-register.php. You really ought to be using $_SESSION if at possible.
Something like this:
$_SESSION["username"] = $username;
$_SESSION["password"] = "validated"; // md5 is variable so you can't easily check for it on next page render
2) When testing for the values, you don't want $_POST, you want to use $_SESSION again on the next page render. Something like this:
if ("validated" == $_SESSION["password"]) {
// You're logged in...
}
3) Note, for the $_SESSION array to be populated you must call session_start(); once and only once before use. (http://www.php.net/manual/en/function.session-start.php for more.)
4) I know this is sample code, but SQL Injection attack possible. Need to escape those variables.
$sql="SELECT id, username, password FROM users WHERE username='$username' and password='$password'";