I am trying to add variable into session and read that variable in function.
so here is index.php:
<?php
include("include/config.php");
if(!empty($txt_user) && !empty($txt_pass))
{
$result=login_func($txt_user,$txt_pass);
if($result==1)
{
header("Location: homepage.php");
}else{
$alert_class="alert-danger";
}
}
?>
<form action="<?php echo("".$_SERVER['PHP_SELF']."");?>" method='post' class='form-validate' id="test">
<div class="form-group">
<div class="email controls">
<input type="text" name='txt_user' placeholder="Kullanıcı Adınız" class='form-control' data-rule-required="true">
</div>
</div>
<div class="form-group">
<div class="pw controls">
<input type="password" name="txt_pass" placeholder="Şifreniz" class='form-control' data-rule-required="true">
</div>
</div>
<div class="submit">
<input type="submit" value="Giriş Yap" class='btn btn-primary'>
</div>
</form>
config.php:
<?php
ini_set('session.gc_maxlifetime', 3600);
session_start();
ob_start();
include("class.php");
include("functions.php");
**connections to db**
?>
functions.php:
function login_func($user,$pass)
{
$sql=mysql_query("SELECT * FROM table WHERE user_name='$user' AND pass='$pass' LIMIT 1");
$control_number=mysql_num_rows($sql);
if(($control_number==1))
{
$_SESSION['login_id']=#mysql_result($sql,0,'id');
$_SESSION['login_name']=#mysql_result($sql,0,'name');
$_SESSION['login_email']=#mysql_result($sql,0,'email');
return 1; // true
}else{
return 2; //false
}
}
So if i add following commands to homepage.php i get empty result for each echo:
echo $_SESSION['login_id'];
echo $_SESSION['login_name'];
echo $_SESSION['login_email'];
even also if i do same echo action just in function it doesnt give any output too.
So i am stuck on here and cant find what cause this problem. thanks for your helps.
please dont worry about syntax errors I think that only problem is using wrong sessions and sessions conf.
You are trying to access $txt_user and $txt_pass variables as registered globals.
Unless you are using php 5.3 and below the register_globals is removed from PHP.
Registering globals is a huge security risk and should be avoided in any case.
Try using $_POST['txt_user'] and $_POST['txt_pass'] instead
Related
hi my code in localhost work correctly but in host not work ,i think setcookie function dont work
my code in localhost work correctly but in host not work ,i think setcookie function dont work
<body>
<?php
if(isset($_POST['txt_name'])&&isset($_POST['txt_password'])){
include '../config.php';
$con=mysqli_connect("localhost",$db_name,$db_password,$db_database);
mysqli_set_charset($con,"utf8");
$query=mysqli_query($con,"SELECT * FROM admin WHERE admin_username='{$_POST['txt_name']}' AND admin_password='{$_POST['txt_password']}'");
$i=0;
$row=mysqli_fetch_assoc($query);
if(mysqli_num_rows($query)>=1){
setcookie('login',"true",time() + 3600);
setcookie('username',$row['admin_username'],time() + 3600);
setcookie('password',$row['admin_password'],time() + 3600);
header('Location: index.php');
echo $_COOKIE["username"];
}
}
else
{
if(isset($_COOKIE['login'])){
header('Location: index.php');
}
?>
<fieldset>
<legend>
<i class="fa fa-lock"></i>
login
</legend>
<form method="post" action="">
<div class="input_section">
<div class="input_group">
<input type="text" name="txt_name" placeholder="نام کاربری">
</div>
<div class="input_group">
<input type="text" name="txt_password" placeholder="کلمه عبور">
</div>
<div class="input_group">
<input type="submit" value="ورود">
</div>
</div>
</form>
</fieldset>
<?php
}
?>
</body>
Check error log file in your host for possible solutions if dubious please post contents of the same here.
Make sure you are running compatible php version
I know its a duplicate one but i'm getting this error while trying to fetch data passed from a link..I dont know how to resolve it.
here is my code:
add_package.php
echo "<td><a href='delete.php?name3=" . $row['package_type']."&id3=".$row['p_id']."'>Delete</a></td>";
echo "<td><a href='edit_package.php?name3=" . $row['package_type']."&id3=".$row['p_id']."'>Update</a></td>";
here the delete link works perfectly but when i click update it takes to the edit_package page where i'm getting an undefined error..
code for edit_package.php:
<?php
include('db.php');
$id4 = $_GET['id3'];//update the page
$name4 = $_GET['name3'];//helps to update the package
echo $id4;
echo $name4;//getting values here correctly..
if(isset($_POST['submit']) )
{
$package=$_POST['package'];
if (ctype_alnum($package) && !empty($id4) && !empty($name4))
{
$sql13="select package_type,id from tbl_package where package_type='".$package."'";
$retvali=mysql_query($sql13,$conn);
$num_rows1 = mysql_num_rows($retvali);
if ($num_rows1 == 0 || $num_rows1=="")
{
$sql = "Update tbl_package set package_type='".$package."' where package_type='".$name4."' and p_id='".$id4."'";
$retval = mysql_query( $sql, $conn );
?><script>alert("Updated Successsfully");window.location ='http://localhost/demo/add_package.php';
</script><?php
}
else
{
?><script>alert("Already Exists");window.location ='http://localhost/demo/add_package.php';
</script><?php
}
}
else
{
?><script>alert("enter only letters and numbers")</script><?php
}
}
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<form id="form-validation" action="edit_package.php" method="post" class="form-horizontal" enctype="multipart/form-data" novalidate="novalidate">
<div class="col-md-6">
<div class="block" style="height:500px;">
<div class="block-title">
<h2><strong>State the Package For Tour</strong></h2>
</div>
<fieldset>
<div class="form-group">
<label class="col-md-4 control-label" for="val_username">Update Package <span class="text-danger">*</span></label>
<div class="col-md-6">
<div class="input-group">
<input type="text" id="package" name="package" class="form-control" required >
<span class="input-group-addon"><i class="fa fa-user"></i></span>
</div>
</div>
</div>
<div class="form-group form-actions">
<div class="col-md-8 col-md-offset-4">
<input type="submit" class="btn btn-info btn-primary " value="Update" name="submit">
</div>
</div>
</fieldset>
</form>
When i press update button i'm getting an undefined error i dont know why?..Thanks in advance
I'm attaching an image to it..
Try to change the <form>'s action URL to include your GET varaibles:
<form id="form-validation" action="edit_package.php?id3=<?php echo $_GET['id3']; ?>&name3=<?php echo $_GET['name3']; ?>" method="post" class="form-horizontal" enctype="multipart/form-data" novalidate="novalidate">
PLEASE NOTE: This is extremely unsafe! You need to sanitize ALL user input before using it. My example above, dis-regards security, and simply is to demonstrate my point. GET and POST data, are user variables. A malicious user could put bad code in the URL (ie ?name3=<badcode>) and it would be printed on the page, well in the source code, which they could easily pop out of. Also, in SQL queries, you need to escape the data or use prepared statements.
You should not be using mysql functions, switch to MySQLi or PDO. MySQL has been killed for a while now..
These are just asking for you to get hacked:
$sql13="select package_type,id from tbl_package where package_type='".$package."'";
and..
$sql = "Update tbl_package set package_type='".$package."' where package_type='".$name4."' and p_id='".$id4."'";
You are vulnerable to SQL injections, would could easily allow a malicious attacker to add/edit/view/delete data in your database.
The problem is, you have $package (which is raw data from POST) and $id4 and $name4 (which is raw data from GET) in your SQL query.
You would use mysql_real_escape_string() on them, but you should be using mysqli or PDO anyways...
Example:
$name4 = mysql_real_escape_string($_GET['name3']);
It's confusing, I don't know what the GET variable is called name3 but you assign it the variable $name4.. Whoever (even you) comes along later on will be lost in your code.
Updated:
Try this code. I swapped your GET for POST in your php code, and passed the GET variables from your URL as hidden fields in your form.
<?php
include('db.php');
if(isset($_POST['submit']) )
{
$package = mysql_real_escape_string($_POST['package']);
$id4 = mysql_real_escape_string($_POST['id3']); // why is variable named id4 but its id3??
$name4 = mysql_real_escape_string($_POST['name3']); // why is variable $name4 but its name3??
if (ctype_alnum($package) && !empty($id4) && !empty($name4))
{
$sql13 = "SELECT package_type,id FROM tbl_package WHERE package_type='$package' LIMIT 1";
$retvali = mysql_query($sql13, $conn);
$num_rows1 = mysql_num_rows($retvali);
if ($num_rows1 == 0 || $num_rows1=="")
{
$sql = "Update tbl_package set package_type='$package' WHERE package_type = '$name4' AND p_id='$id4'";
$retval = mysql_query( $sql, $conn );
echo '<script>alert("Updated Successsfully");window.location = "http://localhost/demo/add_package.php";</script>';
} else {
echo '<script>alert("Already Exists"); window.location = "http://localhost/demo/add_package.php";</script>';
}
} else {
echo '<script>alert("enter only letters and numbers");</script>';
}
}
?>
<form action="edit_package.php" method="post" enctype="multipart/form-data" novalidate="novalidate">
<input type="hidden" name="id3" value="<?php echo htmlspecialchars($_GET['id3'], ENT_QUOTES | ENT_HTML5); ?>" />
<input type="hidden" name="name3" value="<?php echo htmlspecialchars($_GET['name3'], ENT_QUOTES | ENT_HTML5); ?>" />
Update Package: <input type="text" id="package" name="package" class="form-control" required >
<input type="submit" class="btn btn-info btn-primary " value="Update" name="submit">
</form>
I removed your HTML formatting from the form. You had div tags that didn't match up.. I can't see your whole code, but it looks like you have a bunch of div's that are messed up (ie: not closed where they should be). I also added mysql_real_escape_string() to the passed variables, and htmlspecialchars() to the GET variables echo'd in the hidden fields of your form. It's a start.
You might be able to make better sense of your code and troubleshoot errors, if you wrote your code a bit cleaner. Not trying to bash you :) Proper indentation, spacing, and formatting go a long way. It makes it easier on your eyes, and on yourself, in times like these..
I left your <script> tags because I assumed there was a reason your wanted to popup a message box.. I would just use header('Location: /path/to/where.php'); and pass your error message through a session variable or something, like an array of errors, which you get, clear, and show on the page the errors.
I have created a simple one user one password custom login to protect a specific page. In the page I want to protect (gallery.php) I have the following code:
<?php
session_start();
if (!$_SESSION["Login"]){
header("Location:index.php");
}
?>
<p>some protected content</p>
As so if user enters url http://www.example.com/pics/gallery.php
the pages take you to http://www.example.com/pics/index.php
In index I have the fallowing code:
<?php
session_start();
if(($_POST['username'] == "user1") && ($_POST['pass'] == "pass1"))
{
$_SESSION["Login"]= true;
header("Location:gallery.php");
}
else
{ ?>
<?php include 'header.php'; ?>
<div class="wlcm">
<div class="login-box wow fadeInUp">
<h2 class="lgn-tle">Please login</h2>
<form name="login" method="post" accept-charset='UTF-8'>
<input
type="text"
id="username"
name="username"
class="wow fadeInUp"
data-wow-delay=".2s"
placeholder="User"
required="true">
<input
type="password"
id="pass"
name="pass"
class="wow fadeInUp"
data-wow-delay=".4s"
placeholder="Password"
required="true">
<input
type="submit"
name="Submit"
class="submit wow fadeInUp"
data-wow-delay=".6s"
value="Login">
</form>
</div>
</div>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
echo "incorrect";
}
}
?>
While the code on gallery.php works and takes user to login.php if he's not already logged in. When I submit correct info in index.php I just get a blank page without any php errors.
It seems like header("Location:gallery.php"); doesn't do anything and I have tried absolute paths and spaces after "Location".
Am I missing something here?
All I want is a custom login using an html form instead of .htaccess and to do so in the simples and cleaner possible way.
Why you include login.php like <include'login.php'/>?
it should be <?php include 'login.php'; ?>
And form should have action set to login.php or index.php if you're checking if values are set on index.php
Im having a problem displaying a php function. Its for an admin log in form.
The Function Look Like this -
function displayAdmin(){
//test if login is valid
if (isset($_SESSION['adminLogin'])){
if($_SESSION ['adminLogin']=="valid"){
?>
<script type="text/javascript">location.replace('addproduct.php')</script>
<?php
}
else {
// test if login is invalid
// display error message and login form
if($_SESSION['adminLogin']=="invalid") {
echo "<div>Incorrect User ID and/or password provided</div>";
?>
<form name="adminLogin" method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
<div id="sign_up_form">
<label><strong>Username:</strong> <input type = "text" name="userID" class="sprited"/></label>
<label><strong>Password:</strong> <input type="password" name="passWord" class="sprited"/></label>
<div id="actions">
<a class="close form_button sprited" id="cancel" href="#">Cancel</a>
<a type ="submit" name="adminSignin"class="form_button sprited" id="log_in" href="">Sign in</a>
</div>
</div>
</form>
<?php
}
}
?>
<form name="adminLogin" method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
<div id="sign_up_form">
<label><strong>Username:</strong> <input type = "text" name="userID" class="sprited"/></label>
<label><strong>Password:</strong> <input type="password" name="passWord" class="sprited"/></label>
<div id="actions">
<a class="close form_button sprited" id="cancel" href="#">Cancel</a>
<a type ="submit" name="adminSignin"class="form_button sprited" id="log_in" href="">Sign in</a>
</div>
</div>
</form>
<?php
}
} // end of function
And on my page where I am wanting the function to sit the code looks like this -
<?php
session_start();
// Test that page title has been created
if (!isset($pageTitle)) {
$pageTitle = '<< Page title not set >>';
}
// include the myFunctions file
include('includes/myFunctions.php');
// test if login details have been keyed in
if(!empty($_POST["userID"])) {
// Store userID and passWord in local variables
$userID=$_POST["userID"];
$passWord=$_POST["passWord"];
// check database for valid customer
checkValidAdmin($userID, $passWord);
}
?>
and then -
<div id="sign_up">
<h3 id="see_id">Administration Log in</h3>
<span>Please sign in using the form below</span>
<div><?php displayAdmin(); ?></div>
<a id="close_x" class="close sprited" href="#">close</a>
</div>
I have searched long and hard for this problem but can not seem to find the issue, if the issue jumps out at anyone I would love to hear from you!
Thank you so much in advance!!
Definitely your $_SESSION ['adminLogin']=="valid" condition is not true. Check it is set properly or session_start(); is called at beginning of the script.
The problem is you did'nt return the html string.
You should assign the form to a variable, and at the end of the function , return this variable.
$_SESSION['adminLogin'] value is empty i.e. not set or null. that is the reason function inside condition not satisfied.
This question already has answers here:
How do I make a redirect in PHP?
(34 answers)
Closed 6 months ago.
I'm building a website which includes a login page. I need to redirect the user to their profile page once they've logged in successfully, but I don't know how to do that in PHP (It's my first site).
I've searched the internet and have been told that the header() function should do the trick, but it will only work if I haven't outputted any information before using it.
That's the problem. I've outputted a bunch of information (Including the HTML to build the login page itself).
So how do I redirect the user from one page to the next?
What options do I have? Also, what is the best practice in these instances?
EDIT: Here's my entire login.php page:
<?php
session_start();
echo "<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8'>
<title>Sprout</title>
<link rel='stylesheet' href='stylesheet.css' type='text/css'>
</head>
<body>
<div class='box'>
<form action='login.php' method='post'>
Name<br /> <input type='text' name='username' class='form'/><br />
Password<br /> <input type='password' name='password' class='form'/>
<input type='submit' value='Login' class='button' />
</form>
</div>
</body>
</html>";
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "root";
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ("Error connecting to database");
$dbname = "database";
mysql_select_db($dbname);
$query = "SELECT username FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_query($query) or die ("Failed Query of " . $query);
while($row = mysql_fetch_assoc($result))
{
$_SESSION["user"] = $username;
}
}
?>
You could use a function similar to:
function redirect($url) {
header('Location: '.$url);
die();
}
Worth noting, you should them with a die() or exit() function to prevent further code execution.
Note that it just makes no sense to output large chunks of HTML if you are going to redirect. Therefore you have to move the form handling code above all HTML. As a side effect it will mitigate the notorious "Headers already sent" error.
Here's a more detailed guide than any of the other answers have mentioned: http://www.exchangecore.com/blog/how-redirect-using-php/
This guide includes reasons for using die() / exit() functions in your redirects, as well as when to use ob_flush() vs ob_start(), and some potential errors that the others answers have left out at this point.
You can conditionally redirect to some page within a php file....
if (ConditionToRedirect){
//You need to redirect
header("Location: http://www.yourwebsite.com/user.php");
exit();
}
else{
// do something
}
That's the problem. I've outputted a bunch of information (including the HTML to build the login page itself). So how do I redirect the user from one page to the next?
This means your application design is pretty broken. You shouldn't be doing output while your business logic is running. Go an use a template engine (like Smarty) or quickfix it by using output buffering).
Another option (not a good one though!) would be outputting JavaScript to redirect:
<script type="text/javascript">location.href = 'newurl';</script>
header won't work for all
Use below simple code
<?php
echo "<script> location.href='new_url'; </script>";
exit;
?>
Assuming you're using cookies for login, just call it after your setcookie call -- after all, you must be calling that one before any output too.
Anyway in general you could check for the presence of your form's submit button name at the beginning of the script, do your logic, and then output stuff:
if(isset($_POST['mySubmit'])) {
// the form was submitted
// ...
// perform your logic
// redirect if login was successful
header('Location: /somewhere');
}
// output your stuff here
You could use ob_start(); before you send any output. This will tell to PHP to keep all the output in a buffer until the script execution ends, so you still can change the header.
Usually I don't use output buffering, for simple projects I keep all the logic on the first part of my script, then I output all HTML.
The simplest approach is that your script validates the form-posted login data "on top" of the script before any output.
If the login is valid you'll redirect using the "header" function.
Even if you use "ob_start()" it sometimes happens that you miss a single whitespace which results in output. But you will see a statement in your error logs then.
<?php
ob_start();
if (FORMPOST) {
if (POSTED_DATA_VALID) {
header("Location: https://www.yoursite.com/profile/");
ob_end_flush();
exit;
}
}
/** YOUR LOGINBOX OUTPUT, ERROR MESSAGES ... **/
ob_end_flush();
?>
firstly create index.php page and just copy paste below code :-
<form name="frmUser" class="well login-form" id="form" method="post" action="login_check.php" onSubmit="return FormValidation()">
<legend>
<icon class="icon-circles"></icon>Restricted Area<icon class="icon-circles-reverse"></icon>
</legend>
<div class="control-group">
<label class="control-label" for="inputPassword">Username</label>
<div class="controls">
<div class="input-prepend">
<span class="add-on"><icon class="icon-user icon-cream"></icon> </span>
<input class="input" type="text" name="username" id="username" placeholder="Username" />
</div>
</div>
</div>
<div class="control-group">
<label class="control-label" for="inputPassword">Password</label>
<div class="controls">
<div class="input-prepend">
<span class="add-on"><icon class="icon-password icon-cream"></icon>
</span> <input class="input" type="password" name="password" id="password" value="" placeholder="Password" />
</div>
</div>
</div>
<div class="control-group signin">
<div class="controls ">
<input type="submit" class="btn btn-block" value="Submit" />
<div class="clearfix">
<span class="icon-forgot"></span>forgot password
</div>
</div>
</div>
</form>
/*------------------after that ----------------------*/
create a login_check.php and just copy paste this below code :-
<?php
session_start();
include('conn.php');
<?php
/* Redirect browser */
header("location:index.php");
/* Make sure that code below does not get executed when we redirect. */
exit;
?>
<?php
if(count($_POST)>0)
{
$result = mysql_query("SELECT * FROM admin WHERE username='".$_POST["username"]."' and password = '".$_POST["password"]."'");
$row = mysql_fetch_array($result);
if(is_array($row))
{
$_SESSION["user_id"] = $row[user_id];
$_SESSION["username"] = $row[username];
$session_register["user_id"] = $row[user_id];
$session_register["username"] = $row[username];
}
else
{
$_SESSION['msg']="Invalid Username or Password";
header("location:index.php");
}
}
if(isset($_SESSION["user_id"]))
{
header("Location:dashboard.php");
}
?>
/*-----------------------after that ----------------------*/
create a dashboard.php and copy paste this code in starting of dashboard.php
<?php
session_start();
include('conn.php');
include('check_session.php');
?>
/*-----------------------after that-----------------*/
create a check_session.php which check your session and copy paste this code :-
<?php
if($_SESSION["user_name"])
{
?>
Welcome <?php echo $_SESSION["user_name"]; ?>. Click here to Logout.
<?php
}
else
{
header("location:index.php");
}
?>
if you have any query so let me know on my mail id farjicompany#gmail.com
Although not secure, (no offense or anything), just stick the header function after you set the session variable
while($row = mysql_fetch_assoc($result))
{
$_SESSION["user"] = $username;
}
header('Location: /profile.php');
On click BUTTON action
if(isset($_POST['save_btn']))
{
//write some of your code here, if necessary
echo'<script> window.location="B.php"; </script> ';
}
----------
<?php
echo '<div style="text-align:center;padding-top:200px;">Go New Page</div>';
$gourl='http://stackoverflow.com';
echo '<META HTTP-EQUIV="Refresh" Content="2; URL='.$gourl.'">';
exit;
?>
----------
Just like you used echo to print a webpage. You could use also do the same with redirecting.
print("<script type=\"text/javascript\">location.href=\"urlHere\"</script>")
<?php
include("config.php");
$id=$_GET['id'];
include("config.php");
if($insert = mysqli_query($con,"update consumer_closeconnection set close_status='Pending' where id="$id" "))
{
?>
<script>
window.location.href='ConsumerCloseConnection.php';
</script>
<?php
}
else
{
?>
<script>
window.location.href='ConsumerCloseConnection.php';
</script>
<?php
}
?>