So for some reason if the password is correct it knows and takes the user to the correct user account, but if the pass is wrong, it wont log them in but still takes them to the account page that isn't logged in.
Can someone please help me out to not re-direct them if the password is wrong
<?php
session_start();
//$connection = mysqli_connect('localhost', 'root', '');
$connection = mysqli_connect("pdb18.awardspace.net","*****","******","*****");
if (!$connection){
die("Database Connection Failed" . mysqli_error($connection));
}
$select_db = mysqli_select_db($connection, '******');
if (!$select_db)
{
die("Database Selection Failed" . mysqli_error($connection));
}
$username=trim($_POST['username']);
$password=trim($_POST['password']);
//$encoded_password = base64_encode($password);
$sql = "SELECT * from register where Username='".$username."' and Password='".$password."'";
$result = mysqli_query($connection, $sql) or die(mysqli_error($connection));
$result = $con->query($sql);
$count = mysqli_num_rows($result);
//echo $count;
if ($count == 1){
while($row = $result->fetch_assoc()) {
$id=$row['id'];
}
$_SESSION['User'] = $username;
$_SESSION['UserId'] = $id;
echo "valid";
}
else{
echo "Invalid";
}
?>
Remove this line:
$result = $con->query($sql);
You are using procedural functions, mysqli_*.
This part of code $con->query is OOP style, which you are not using in your code, and overwritting the value o $result variable.
You can use both styles, but you should use the same connection, or $connection in your case.
Related
<?php
if(isset($_POST['submit'])){
$con=mysqli_connect("localhost","root","") or die("Failed to connect to MySQL: " .mysqli_connect_error());
$db=mysqli_select_db($con,"users") or die("Failed to connect to MySQL: " .mysqli_connect_error());
$count=0;
$username = $_POST['username'];
$password = $_POST['password'];
$query1 = "SELECT * FROM user_info WHERE Username= '$_POST[username]' && Password= '$_POST[password]'";
$res = mysqli_query($con, $query1) or die(mysqli_connect_error());
$count = mysqli_num_rows($res);
if($count>0){
session_start();
$_SESSION['username'] = $username;
header ("Location: user_panel.php");
}
else{
echo "Incorret username or password ...";
}
}
?>
use fullpath in header location like this
<?php
$baseurl = "http://examplesite.com/";
header("location: ".$baseurl."user_panel.php");
?>
You can achieve by javascript also.
window.location.href='user_panel.php';
I've got a login.php file which looks like this:
include "myfuncs.php";
$connect = dbConnection();
$username = $_POST["username"];
$passwort = md5($_POST["password"]);
$query = "SELECT username, password FROM user WHERE username LIKE '$username' LIMIT 1";
$ergebnis = mysql_query($query);
$row = mysql_fetch_object($result);
if($row->password == $passwort)
{
echo "Hi $username";
$_SESSION["username"] = $username;
echo "Login successfully";
}
else
{
echo "Login doesn't work";
}
and a myfuncs.php file which looks like this:
function dbConnection()
{
$servername = "...";
$username = "...";
$password = "...";
$dbname = "...";
$db_connect = new mysqli($servername, $username, $password, $dbname);
if ($db_connect->connect_error)
{
die("Connection failed: " . $db_connect->connect_error);
}
return $db_connect;
}
Unfortunately the login form doesn't work - it always gives the error "Login doesn't work" even when the username and password matches with the database entry.
Arg, you are mixing a mysqli with class mysql functions. I dont think it works...
It works this way : PHP MySQLI
$stmt = $mysqli->prepare($query)
while ($stmt->fetch()) {
(...)
}
I see you have error in your variable name in line #6.
try this:
$query = "SELECT username, password FROM user WHERE username LIKE '$username' LIMIT 1";
$result= mysql_query($query);
$row = mysql_fetch_object($result);
There are several problems with your code. In myfuncs.php you use mysqli and after that, in your code you use mysql (without "i"). mysql (without "i") is deprecated, so you should use mysqli everywhere.
More than that, in your code you have:
$query = "SELECT username, password FROM user WHERE username LIKE '$username' LIMIT 1";
$ergebnis = mysql_query($query);
$row = mysql_fetch_object($result);
Please see the bold text from next two lines (it should be the same variable):
$ergebnis = mysql_query($query);
$row = mysql_fetch_object($result);
You should have
$result = mysql_query($query);
if you will use mysql.
This is my login code, cant figure out whats wrong ( the last if, always goes to the last else ). i tried everything but still no luck.
<?php
error_reporting(E_ALL & ~E_NOTICE);
session_start();
if($_POST['submit']){
include_once("connection.php");
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$sql = "SELECT id, username, password FROM user WHERE username = '$username' AND password = '$password'";
$query = mysqli_query($connection, $sql);
if($query){
$row = mysqli_fetch_row($query);
$userId = $row[0];
$dbUsername = $row[1];
$dbPassword = $row[3];
}
if ($username = $dbUsername && $password == $dbPassword) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $userId;
header('Location: users.php');
}else {
header('Location: error.php');
}
}
?>
and thas my connection code
<?php
$connection = mysql_connect('localhost', 'root', '');
if (!$connection){
die("Database Connection Failed" . mysql_error());
}
$select_db = mysql_select_db('login');
if (!$select_db){
die("Database Selection Failed" . mysql_error());
}
?>
You are going to kick yourself... you have only a single = in your if.
if ($username = $dbUsername && $password == $dbPassword) {
Should be
if ($username == $dbUsername && $password == $dbPassword) {
The single = turns it into an assignment instead of a comparison.
Beyond that you are actually doing the comparison twice; once in SQL to get back the username and password, the second time in PHP. If your query returns the user id, you already know that the username/password did the trick.
You are also mixing mysql_connect and mysqli_query (and mysql_fetch_row). As the others have suggested, you need to move to the mysqli class or to PDO. But to get you going, you need to at very least change mysqli_query to mysql_query and mysqli_fetch_row to mysql_fetch_row.
Use mysql_query($connection, $sql) instead of mysqli_query($connection, $sql);
as you are using mysql_connect
I need to display a reply data on my page from my 'feedback' field in my mysql table. I want each user to have a different 'feedback' response stored per row and fetched when the user logs into a page through a session. I have set up my database but find it difficult forming the php code to view the feedback on my page...please can someone help../
<?php
session_start();
if ($_SESSION['username'])
{
$con = mysqli_connect('localhost','root','');
if (!$con)
{
die('Could not connect: ' . mysqli_error($con));
}
mysqli_select_db($con,"loginsession");
$username = $_SESSION['username'];
$sql="SELECT * FROM users WHERE username = $username";
$result = mysqli_query($con,$sql);
$feedback = mysql_query("SELECT feedback FROM users WHERE username='$username'");
echo $feedback;
}
else
header("Location: index.php");
?>
$feedback in this case is not a string, its a mysql resource. You need to fetch each row individually with something like:
echo "<PRE>";
while ($row = mysql_fetch_assoc($feedback)) {
print_r($row);
}
Also you should put $username through mysql_real_escape_string() or else your code may be vulnerable to SQL injection attacks.
Edit: (Disclaimer) The method you are using and my suggestion are very outdated and have been depreciated in php5.5 I suggest you look into prepared statements.
$sql = mysql_query("SELECT feedback FROM users WHERE username='{$username}' LIMIT 1");
$feedback = mysql_fetch_assoc($sql);
echo $feedback[0];
<?php
session_start();
if ($_SESSION['username'])
{
$con = mysqli_connect('localhost','root','');
if (!$con)
{
die('Could not connect: ' . mysqli_error($con));
}
mysqli_select_db($con,"loginsession");
$username = $_SESSION['username'];
$sql='SELECT feedback FROM users WHERE username = "'.$username.'"';
$result = mysqli_query($con,$sql);
while($row = mysqli_fetch_array($result))
{
echo $row['feedback'];
}
}
else
header("location: index.php");
?>
<?php
include 'dbc.php';
?>
<?php session_start();
$id = $_SESSION['user_id'];
//$update = Reminder1;
// $rt1 = Reminder1;
// $mm1 = Reminder1;
mysql_connect("localhost", "user", "pass") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());
$data = mysql_query("SELECT reminder FROM users WHERE $id = id)")
or die(mysql_error());
if EXISTS (reminder == Reminder1)') {
echo("Update Your Pasword reset reminder page");
}
else {
echo("redirect to /home.php");
}
?>
can anyone help me out on why this is failing, would be great i have been working on this for a while and it feels like i am hitting brick walls lol. i am still in testing so the to echos will be edited soon as it is in working condition so ignore them lines for now i left it all in for examples sake.
Why is the MySQL extension (ext/mysql) discouraged from use?
<?php
session_start();
$id = $_SESSION['user_id'];
$DB = new PDO('mysql:dbname=database;host=localhost', 'user', 'pass');
$stmt = $DB->prepare('SELECT reminder FROM users WHERE id = ?');
$stmt->execute(array($id));
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result == 'Reminder1') {
echo 'Update Your Pasword reset reminder page';
} else {
header('Location: /home.php');
}
?>
Also see:
control
structures
if control structure
header() function
fetch data
mysql_connect("localhost", "user", "pass") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());
$data = mysql_query("SELECT reminder FROM users WHERE id='".$id."' LIMIT 1") or die(mysql_error());
$row = mysql_fetch_assoc($data);
if($row['reminder'] == 'Reminder1') {
header("Location: /reset_password.php");
}
else {
header("Location: /home.php");
}
// but you should use PDO
$dbh = new PDO('mysql:host=localhost;dbname=database', 'user', 'pass');
$sth = $dbh->prepare("SELECT reminder FROM users WHERE id=:id LIMIT 1");
$sth->execute(array(':id' => $id));
$sth->setAttribute(PDO::FETCH_ASSOC);
$row = $sth->fetch();
if($row['reminder'] == 'Reminder1') {
header("Location: /reset_password.php");
}
else {
header("Location: /home.php");
}