It occurs undefined index error for the first time while redirecting to the same page after login, how can I solve this problem?
Here's my code:
code on index-page
<?php
session_start();
$error = $_SESSION['error'];
$conn = mysql_connect("localhost", "root", "");
mysql_select_db("db_food", $conn);
$row = mysql_query("select * from tbl_temp order by id DESC", $conn);
$row = mysql_fetch_array($row);
$user = $row['user'];
$pass = $row['pass'];
?>
code for the page After form submission
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if($username =='' || $password == '') {
$error = "Username or Password cant' be empty......";
header("location: index.php");
} else {
$data = mysql_query("select * from tbl_user where username='$username' && password='$password'", $conn);
$num = mysql_num_rows($data);
if($num==1) {
$row = mysql_fetch_array($data);
$_SESSION['name'] = $row['name'];
$_SESSION['id'] = $row['id'];
$_SESSION['user'] = $row['username'];
exit;
} else {
$error= "Either Username or Password wrong!!!";
header("location: index.php");
}
}
$_SESSION['error'] = $error;
?>
I want to display the error message in the index page.
check first by isset
$error = "";
if(isset($_SESSION['error'])){
$error = $_SESSION['error'];
}
Related
<?php
session_start();
include_once 'db.login.php';
if (isset($_SESSION['users']) != "") {
header("Location: profile.php");
}
if (isset($_POST['btn-login'])) {
$username = mysqli_real_escape_string($con, $_POST['username']);
$upass = mysqli_real_escape_string($con, $_POST['password']);
$res = mysqli_query($con, "SELECT * FROM users WHERE username='$username'");
$row = mysqli_fetch_array($res);
if ($row['password'] == md5($upass)) {
$_SESSION['users'] = $row['id'];
header("Location: profile.php");
} else {
$err = "<p style='color: red'>Wrong Username or Password</p>";
?>
<?php
}
}
?>
method i am trying but it doesn't seem to display anything
<?= $_SESSION['username'] ?>">
i am basically looking at echoing the username logged into the session
you fill session in
$_SESSION['users']
but echo
$_SESSION['username']
<?php
session_start();
include_once 'db.login.php';
if(isset($_SESSION['users']) && $_SESSION['users'] != "")
{
header("Location: profile.php");
exit();
}
if(isset($_POST['btn-login']))
{
$username = mysqli_real_escape_string($con, $_POST['username']);
$upass = mysqli_real_escape_string($con, $_POST['password']);
$res=mysqli_query($con, "SELECT * FROM users WHERE username='$username'");
$row=mysqli_fetch_array($res);
if($row['password'] == md5($upass))
{
$_SESSION['users'] = $row['id'];
$_SESSION['username'] = $row['username'];
header("Location: profile.php");
}
else
{
$err = "<p style='color: red'>Wrong Username or Password</p>";
?>
<?php
}
}
?>
you did not define $_SESSION['username'] anywhere.
I recently started learning PHP. I've been working on a basic login page. Everything works great locally, but when it's uploaded to ipage, it just reloads the login page. If I enter incorrect login info, it tells me that I entered something wrong.
Here's my code...
login.php:
<?php
ob_start();
session_start();
require 'connect.inc.php';
if (isset($_POST['submit'])) {
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$uid = strip_tags($uid);
$pwd = strip_tags($pwd);
$uid = stripcslashes($uid);
$pwd = stripcslashes($pwd);
$uid = mysqli_real_escape_string($db, $uid);
$pwd = mysqli_real_escape_string($db, $pwd);
$sql = "SELECT * FROM users WHERE uid='$uid' LIMIT 1";
$query = mysqli_query($db, $sql);
$row = mysqli_fetch_array($query);
$id = $row['id'];
$db_password = $row['pwd'];
$pwd = password_verify($pwd, $row['pwd']);
if ($pwd == $db_password) {
//$_SESSION['username'] = $uid;
$_SESSION['id'] = $id;
header("Location: http://website.com/dashboard.php");
exit;
}else {
echo 'You didn\'t enter the correct information';
}
}
?>
dashboard.php:
<?php
ob_start();
session_start();
require 'connect.inc.php';
if (!isset($_SESSION['id'])) {
header("Location: http://website.com/login.php");
exit();
}
?>
any help would be appreciated very much...
I think the problem of your code lies in here
if ($pwd == $db_password) {
//$_SESSION['username'] = $uid;
$_SESSION['id'] = $id;
header("Location: http://website.com/dashboard.php");
exit;
}else {
echo 'You didn\'t enter the correct information';
}
password_verify() returns TRUE or FALSE and you are trying to check if it is equal to $db_password. As fas as I know this will not be true so even though the password you are typing in is correct, the page won't go anywhere because the if statement is not working properly.
So in your case, this is how I think you should have your code
<?php
ob_start();
session_start();
require 'connect.inc.php';
if (isset($_POST['submit'])) {
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$uid = strip_tags($uid);
//$pwd = strip_tags($pwd);
$uid = stripcslashes($uid);
//$pwd = stripcslashes($pwd);
$uid = mysqli_real_escape_string($db, $uid);
//$pwd = mysqli_real_escape_string($db, $pwd);
$sql = "SELECT * FROM users WHERE uid='$uid' LIMIT 1";
$query = mysqli_query($db, $sql);
$row = mysqli_fetch_array($query);
$id = $row['id'];
$db_password = $row['pwd'];
$pwd = password_verify($pwd, $db_password);
if ( $pwd === TRUE ) {
//$_SESSION['username'] = $uid;
$_SESSION['id'] = $id;
header("Location: http://website.com/dashboard.php");
exit;
}else {
echo 'You didn\'t enter the correct information';
}
}
I have realized why i can't actually access userdata (after i am logged) old way to find the username is $_SESSION['username']; (assuming there is a row as 'username' in MySQL database)
So as i have a test account as "good25" (reason to choose numbers was to see if Alphanumeric inputs works fine.. its just checkup by me.. nevermind)
Problem :
assuming, i have rows in a table as 'username' and all of his information.. such as 'password', 'email', 'joindate', 'type' ...
On net i found out how to snatch out username from Session
<?php session_start(); $_SESSION('username'); ?>
successful!!
i had an idea to check if session is actually registering or no??
after a log on start.php i used this code
if(isset($_SESSION['username'])) { print_r($_SESSION['username']); }
the result was "1" (while i logged in using this username "good25")
any suggestions?
index.php (lets say, index.php just holds registration + Login form + registration script.. in login form, action='condb.php')
<?php
require 'condb.php';
if (isset($_POST['btn-signup']))
{
//FetchInputs
$usern = mysqli_real_escape_string($connection,$_POST['username']);
$email = mysqli_real_escape_string($connection,$_POST['email']);
$password = mysqli_real_escape_string($connection,$_POST['password']);
$repassword = mysqli_real_escape_string($connection,$_POST['repassword']);
$usern = trim($usern);
$email = trim($email);
$password = trim($password);
$repassword = trim($repassword);
//SearchUser
$searchusr = "SELECT username FROM $user_table WHERE username='$usern'";
$usersearched = mysqli_query($connection, $searchusr);
$countuser = mysqli_num_rows($usersearched);
//SearchEmail
$searcheml = "SELECT email FROM $user_table WHERE email='$email'";
$emlsearched = mysqli_query($connection, $searcheml);
$counteml = mysqli_num_rows($emlsearched);
//RegisteringUser
if ($countuser == 0)
{
if ($counteml == 0)
{
$ctime = time();
$cday = date("Y-m-d",$ctime);
$aCode = uniqid();
$adduser = "INSERT INTO $user_table(username, email, password, realname, activationcode, verified, joindate, type, points) VALUES ('$usern','$email','$password','$name','$aCode','n','$cday','Free',$signPoints)";
if (mysqli_query($connection, $adduser))
{
?><script>alert('You have been registered');</script><?php
}
else {
?><script>alert('Couldnt Register, please contact Admin<br><?mysqli_error($connection);?>');</script><?php
}
} else {
?><script>alert('Email already exists!');</script><?php
}
} else {
?><script>alert('Username already exists!');</script><?php
}
}
?>
condb.php
$connection = mysqli_connect($db_server, $db_user, $db_pass);
mysqli_select_db($connection, $db_name);
if(!$connection) {
die ("Connection Failed: " . mysqli_connect_error);
}
if (isset($_POST['btn-login']))
{
$uname = mysqli_real_escape_string($connection,$_POST['uname']);
$upass = mysqli_real_escape_string($connection,$_POST['upass']);
//FindUser
$finduser = "SELECT * FROM $user_table WHERE username='$uname' AND password='$upass'";
$findinguser = mysqli_query($connection,$finduser);
$founduser = mysqli_num_rows($findinguser);
//ConfirmPassword
if ($founduser > 0)
{
session_start();
$_SESSION['username'] = $username;
$_SESSION['username'] = true;
if ($findinguser != false)
{
while ($fetchD = mysqli_fetch_array($findinguser, MYSQLI_ASSOC))
{
$fetchD['username'] = $usernn;
$fetchD['email'] = $email;
$fetchD['userid'] = $uid;
$fetchD['realname'] = $rlnm;
$fetchD['points'] = $pts;
$fetchD['type'] = $membertype ;
}
header("Location: start.php");
} else {
echo mysqli_error();
}
} else {
header("Location: index.php");
?><script>alert('Wrong details, please fill in correct password and email');</script><?php
}
}
I am not asking you to build a script.. just little help please? (Thank you so so so so so much, as i am a self-learner, you don't have to say everything.. just a clue is enough for me)
may be you can try this code
<?php
require_once 'require.inc.php';
//session_start();
if (isset($_POST['btn-login']))
{
$uname = mysqli_real_escape_string($_POST['uname']);
$upass = mysqli_real_escape_string($_POST['upass']);
$search = mysqli_query($connection, "SELECT username, userid, password from $user_table WHERE username='$uname' AND password='$upass'");
$match = mysqli_fetch_assoc($search);
if ($match == 1 and $match['password'] == md5($upass))
{
$_SESSION['username'] = $match['userid'];
} else {
?>
<script>alert('Password or E-mail is wrong. If you havent registered, Please Register');</script>
<?php
}
}
if (isset($_SESSION['username']) or isset($match['userid'])){
header("Location:start.php");
}
if (isset($_POST['btn-signup']))
{
$name = mysqli_real_escape_string($_POST['name']);
$usern = mysqli_real_escape_string($_POST['username']);
$email = mysqli_real_escape_string($_POST['email']);
$password = mysqli_real_escape_string($_POST['password']);
$repassword = mysqli_real_escape_string($_POST['repassword']);
$name = trim($name);
$usern = trim($usern);
$email = trim($email);
$password = trim($password);
$repassword = trim($repassword);
$query = "SELECT email FROM $user_table WHERE email='$email'";
$result = mysqli_query($connection, $query);
$count = mysqli_num_rows($result);
$querytwo = "SELECT username FROM $user_table WHERE username='$usern'";
$resulttwo = mysqli_query($connection, $querytwo);
$counttwo = mysqli_num_rows($resulttwo);
if ($count == 0 AND $counttwo == 0)
{
if ($password == $repassword) {
if (mysqli_query($connection, "INSERT INTO $user_table(username, email, password, realname) VALUES ('$usern','$email','$password','$name')"))
{
?>
<script> alert ('Successfully registered'); </script>
<?php
}
}else {
?>
<script> alert ('The Password you entered, doesnt match.. Please fill in the same password'); </script>
<?php
}
}
else {
?>
<script> alert('Username or E-mail already exist'); </script>
<?php
}
}
?>
and this is for require.inc.php
<?php
global $username;
//require 'dconn.php';
session_start();
$_SESSION["username"] = $username;
$connection = mysqli_connect("localhost","root","", "test") or die(mysqli_error());
// Check Login
if (isset($_SESSION['username']) and isset ($match['userid']))
{
$Selection = "SELECT * FROM $user_table WHERE username='$username'";
$selectQuery = mysqli_query($connection, $Selection);
if ($selectQuery != false)
{
while ($fetchD = mysqli_fetch_assoc($selectQuery))
{
$usernn = $fetchD['username'];
$email = $fetchD['email'];
$uid = $fetchD['userid'];
}
} else {
echo mysqli_error();
}
}
?>
#suggestion, create session after user login and authorized then for each page start session and take session which you created and perform SQL queries using that session variable.
for example :
$_SESSION['user_name']=$row['username'];
for each page:
session_start();
$user_name=$_SESSION['user_name'];
SQL query
mysqli_query($con,"SELECT * FROM users where column_name='$user_name'");
I think you need to include dconn.php file in all files where you want to perform the mysql operation. If you have included it only in require.inc.php then you you it in all your other files.
Well I am trying to create kind of a social network but there is a problem with my session. So I am not able to visit other users profile. This is my code for loginwebsite1.php
<?php
ob_start();
session_start();
$connection = mysqli_connect('localhost', 'root', '123456789', 'register');
if (isset($_POST['email1'])) {
$email = mysqli_real_escape_string($connection, htmlentities($_POST['email1']));
}
if (isset($_POST['password1'])) {
$password = mysqli_real_escape_string($connection, htmlentities($_POST['password1']));
}
if (!empty($email) && !empty($password)) {
$query = "select id from register where email='$email' and password='$password'";
$result = mysqli_query($connection, $query);
$row = mysqli_fetch_array($result);
if ($row > 0) {
$_SESSION['id'] = $row;
$_GET['id'] = $row;
header('location: new.php');
} else {
echo "sorry but the email-id or password is wrong";
}
} else {
echo "please enter your email-id or password or there";
}
?>
My session code goes like this:
<?php
ob_start();
session_start();
if (isset($_SESSION['id']) && !empty($_SESSION['id'])) {
$id = $_SESSION['id'];
foreach ($id as $fn)
$connection = mysqli_connect('localhost', 'id', 'password', 'register');
$query = "select firstname,lastname from register where id='$fn'";
$result = mysqli_query($connection, $query);
$row = mysqli_fetch_array($result);
$firstname = $row['firstname'];
$lastname = $row['lastname'];
} else {
header('location: loginwebsite1.php');
}
?>
But when I try to enter like profile.php?id=9 it still opens the profile of the user who is logged in.
$id=$_SESSION['id'];
This line is where you problem is I believe. Here you get the ID number for the profile page to load from the $_SESSION variable when you should be getting it from the $_GET variable.
It should read:
$id=$_GET['id'];
you should also check if the $_GET['id'] is also set like this
$connection=mysqli_connect('localhost','id','password','register');
if(isset($_SESSION['id']) && !empty($_SESSION['id']) || !empty($_GET['id']))
{
$id=!empty($_GET['id'])? $_GET['id']: $_SESSION['id'];
foreach($id as $fn){
$query="select firstname,lastname from register where id='$fn'";
$result=mysqli_query($connection,$query);
$row=mysqli_fetch_array($result);
$firstname=$row['firstname'];
$lastname=$row['lastname'];
}
}else{
header('location: loginwebsite1.php');
}
also set your $connection variable to connect only once to your database.
I'm trying to make an admin account for my website using php. I'm using the following code and I get "500 internal Server Error" I have no idea what i'm doing wrong.
I have the following php script in my index.php file for admin.
<?php
session_start();
if(!isset($_SESSION["manager"])){
header("Location: admin_login.php");
exit();
}
$id = preg_replace('#[^0-9]#i', '', $_SESSION["id"]);
$manager = preg_replace('#[^0-9]#i', '', $_SESSION["manager"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]);
include "../scripts/db_connect.php";
$sql_str = mysql_query("SELECT * FROM admins WHERE userName = '$userName' AND password = '$password' LIMIT 1");
$exist_Count = mysql_num_rows('$sql_str');
if($exist_Count == 0){
header('location: ../index.php');
exit();
}
?>
and the following code is for admin_login.php file where I ask the user to sign in
<?php
if(isset($_POST["userName"]) && isset($_POST["password"])){
$manager = $_POST["userName"];
$password = $_POST["password"];
include "../scripts/db_connect.php";
$results = mysql_query("SELECT id FROM admins WHERE userName = '$manager' AND password ='$password' LIMIT 1");
$existCount = mysql_num_rows($results);
if($existCount == 1){
while($row = mysql_fetch_array($results)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["manager"] = $manager;
$_SESSION["password"] = $password;
header("Location: index.php");
exit();
}
else{
echo 'Invalid Information';
exit();
}
}
?>
You forgot to add session_start() on your admin_login.php
<?php
session_start(); //<---------- Here
if(isset($_POST["userName"]) && isset($_POST["password"])){
$manager = $_POST["userName"];
$password = $_POST["password"];
include "../scripts/db_connect.php";
$results = ......
//.... rest of your code............