I have tried all methods but still am not seeing a redirect to index.php as expected.
I also added ob_start() but it doesn't work. Then I tried header('location:...'). It also didn't work. Then I tried to redirect using JavaScript but that also didn't work.
Any suggestions ??
<html>
<head>
<link rel ="stylesheet" href=css/style.css>
</head>
<body>
<?php
ob_start();
require('dbconnect.php');
require('loginservice.php');
session_start();
//if my form is submitted
if(isset($_POST['submit']))
{
$username=$_POST['username'];
$password=$_POST['password'];
$query1= userIdentity($username,$password);
echo 'returning value deisplay';
echo '\n' .$query1 . '\n';
echo 'i am here';
if($query1==1){
//echo 'welcome dude';
$_SESSION['username'] = $username;
// Redirect user to index.php
//echo "<script type='text/javascript'> window.location='index.php'; </script>";
// header("Location: index.php");
//e//cho 'heeeelo';
echo "<script type='text/javascript'>window.location.href = 'index.php'; </script>";
ob_flush();
exit(0);
}
// header("Location: index.php");
else
{
echo " <div class='form'>
<h3>Username/password is incorrent.</h3>
<br/>click here to <a href='login.php'>Login</a></div>";
}
//header("Location: index.php");
}
else {
?>
<div class="form">
<h1>Log In</h1>
<form action="" method='post' name="login">
<input type ="text" name="username" placeholder="username" required />
<input type="password" name="password" placeholder="password" required />
<input name="submit" type="submit" value="login" />
</form>
<p> Not registered yet ? <a href='register.php'>Register Here </a> </p>
</div>
<?php
}
?>
</body>
</html>
Per the PHP manual page for header():
Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP.
So move the PHP code above the starting HTML tags, like the example below. I created a variable to hold the message in case the login attempt fails (i.e. $message). Notice how it is set it to a blank message initially (for good scope) and then set when appropriate. Then it is added to the form down below.
Edit:
You can see this demonstrated in this phpFiddle. Try logging in with any username. If you enter the password pw, then you should be taken to index.php, which on that page display an image with the text phpfiddle.org. Also, I removed the HTML from the else block, so it will always show the form (and insert the login failure message if it is set), though you might want to have it not show the form again if the login fails...
<?php
ob_start();
require('dbconnect.php');
require('loginservice.php');
session_start();
$message = ''; //initialize to empty, for good scope
//if my form is submitted
if(isset($_POST['submit']))
{
$username=$_POST['username'];
$password=$_POST['password'];
$query1= userIdentity($username,$password);
if($query1==1){
$_SESSION['username'] = $username;
// Redirect user to index.php</script>";
header("Location: index.php");
//...
}//else:
else {
$message = "<div class='form'><h3>Username/password is incorrect.</h3>
<br />click here to <a href='login.php'>Login</a></div>";
}
?>
<html>
<head>
<!-- the rest of the HTML content -->
and in the body, append that incorrect message if it is defined, e.g.:
<div class="form"><?php echo $message; ?>
<h1>Log In</h1><!-- rest of the HTML for the form-->
Instead of having the html <html><head><body> tags before your php code, have the php code before these and use the header function. Here is the working new version:
<?php
ob_start();
require('dbconnect.php');
require('loginservice.php');
session_start();
//if my form is submitted
if(isset($_POST['submit']))
{
$username=$_POST['username'];
$password=$_POST['password'];
$query1= userIdentity($username,$password);
echo 'returning value deisplay';
echo '\n' .$query1 . '\n';
echo 'i am here';
if($query1==1){
//echo 'welcome dude';
$_SESSION['username'] = $username;
// Redirect user to index.php
//echo "<script type='text/javascript'> window.location='index.php'; </script>";
// header("Location: index.php");
//e//cho 'heeeelo';
header("Location: index.php);
ob_flush();
exit(0);
}
// header("Location: index.php");
else
{
echo " <div class='form'>
<h3>Username/password is incorrent.</h3>
<br/>click here to <a href='login.php'>Login</a></div>";
}
//header("Location: index.php");
}
else {
?>
<html>
<head>
<link rel ="stylesheet" href=css/style.css>
</head>
<body>
<div class="form">
<h1>Log In</h1>
<form action="" method='post' name="login">
<input type ="text" name="username" placeholder="username" required />
<input type="password" name="password" placeholder="password" required />
<input name="submit" type="submit" value="login" />
</form>
<p> Not registered yet ? <a href='register.php'>Register Here </a> </p>
</div>
<?php
}
?>
</body>
</html>
Related
i'm trying to learn about session_start() but when i run the file, it only show what is inside the
if (isset($_SESSION['username'])&& isset($_SESSION['password'])==$password) {
?>
log out
<?php } ?>
and not showing else{...} and even after i click log out, it won't print anything in else statement and only print inside the if statement. I use another file to do the log out proses but i don't know the right code for session_destroy()
here's the logout.php code below:
<?php
session_start();
session_destroy();
header("location: home.php");
?>
here's the full code:
<?php
session_start();
include("DB/db.php");
$_SESSION['username']=$username;
$_SESSION['password']=$password;
$_SESSION['is_log_in'] = true;
?><!DOCTYPE html>
<html>
<head>
<title></title>
<link rel="stylesheet" type="text/css" href="css/css.css">
</head>
<body>
<div id="blank"></div>
<div id="panel">
<nav id="bar">
<div id="submen">
<form id="sir">
<input type="Search" name="search" placeholder="Search.." id="search">
</form>
Walpaper
Art
Photos
Image
<?php
if (isset($_SESSION['username'])&& isset($_SESSION['password'])==$password) {?>
<?php echo $username?>
log out
</div>
</nav>
</div>
</table>
<?php } else {
?>
login
register
</div>
</nav>
</div>
</table>
<?php } ?>
</body>
</html>
UPDATE for log in script
<?php
session_start();
include("DB/db.php");
if ($_GET['log']=='out'){
session_destroy();
}
if ($_POST['user']){
$sql = "Select password from user where username = '".$_POST['user']."' ";
$result = mysqli_query($koneksi, $sql);
if (mysqli_num_rows($result)){
$row = mysqli_fetch_assoc($result);
if ($row['password'] == md5($_POST['pass'])) {
$_SESSION['login'] = TRUE;
$_SESSION['username'] = $user;
$_SESSION['password'] = $pass;
}else{
$pesan = "Username and password mismatch";
}
}else{
$pesan = "please register";
}
}
?><!DOCTYPE html>
<html>
<head>
<title>Log in</title>
</head>
<body>
<?php
if ($_SESSION['login']) {
echo "text";
}else{
?>
<h1>Login</h1>
<form method="post" action="rahasia.php">
Username: <input type="text" name="user">
Password: <input type="password" name="pass">
<input type="submit" name="" value="Login">
</form>
<form method="post" action="register.php">
<input type="submit" name="register" value="register">
</form>
<?php
}
echo $pesan;
?>
</body>
</html>
where have i gone wrong
Your $_SESSION vars are always set, and $password always equals $_SESSION['password'].
$_SESSION['username']=$username; // null, plus notice in error_log
$_SESSION['password']=$password; // null, plus notice in error_log
Unless those two vars are set in include("DB/db.php");, in which case that is bad practice. Can you paste db.php to see what is happening inside?
UPDATE.
Okay so the vars are being set. This now means:
$_SESSION['username']=$username; // a
$_SESSION['password']=$password; // 123456789
Therefore they will still match. You need to refactor these lines to function properly. Are you sure the mysql credentials is what you want for your logged in user
?
i want to display my error message in the login form by getting the result from the login.php ,here is the sample code that i have use.The first part is the index.php
<?
include("login.php");?>
<!DOCTYPE html>
<html>
<head>
<title>Login Form in PHP with Session</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="main">
<h1>Hup Seng</h1>
<div id="login">
<h2>Login Form</h2>
<form action="login.php" method="post">
<label>UserName :</label>
<input id="name" name="username" placeholder="username" type="text" required>
<br>
<br>
<label>Password :</label>
<input id="password" name="password" placeholder="**********" type="password" required>
<br>
<input name="submit" type="submit" value=" Login ">
<span><?php echo $error; ?></span>
</form>
</div>
</div>
</body>
</html>
Here is the login.php i have put the error message under the else statement in order to pass the information to the login form
<?php
include("dbconfig.php");
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
//if (isset($_POST['submit'])) {
if (isset($_POST['username']) || isset($_POST['password'])) {
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
$pw = encode($password);
$sql = "SELECT count(ID) as cid FROM tblUser WHERE UserId = '$username' and Password1 = '$pw'";
$rs = odbc_exec($link_mssql,$sql);
while (odbc_fetch_row($rs)) {
$count=odbc_result($rs,"cid");
}
if ($count == 1) {
$_SESSION['username']=$username; // Initializing Session
header("location: homepage.php"); // Redirecting To Other Page
} else {
$error="username/passwod combination incorrect";
header("location: index.php");
}
odbc_close($link_mssql); // Closing Connection
}
//}
?>
No need to add header you already including login.php file in index.php
$error="username/passwod combination incorrect";
//header("location: index.php");//remove this line
session_start();
$_SESSION['error']="username/passwod combination incorrect";
and in login form check
session_start();
if(isset($_SESSION['error'])){
echo $_SESSION['error'];
}
//header("location: index.php");
Remove this or you can redirect the page after some time if you want like this.
header( "refresh:5;url=index.php" ); // page redirect after 5sec
but some how the page is not showing any error message. also it is not redirecting to the page where i want to redirect it after successful login. i want the login page to be redirected at home page and show the message and when the logout link is clicked the page again come back to the login page
<?php
session_start();
error_reporting(E_ALL ^ E_NOTICE);
?>
<?php
if($_REQUEST["logout"]=='yes'){
unset($_SESSION["login"]);
}
?>
<html>
<body>
<form action="" method="post">
<label>Username</label><input type="text" name="unametxt" value="<?php echo $_post["unametxt"]; ?>" />
<label>Password</label><input type="password" value="<?php echo $_post["password"]; ?>" />
<input type="submit" name="sbt" value="Login">
</form>
<?php
if(isset($_post["sbt"]))
{
if($_post["unametxt"]== "debarun" && $_post["password"]=="1234")
{
$_SESSION["login"]="yes";
$_SESSION["uname"]=$_post["unametxt"];
$_SESSION["passwd"]=$_post["password"];
header('location:home.php');
}
else
{
echo "Please enter correct credentials";
}
}
?>
</body>
</html>
and it is my home page script:
<?php
session_start();
if(!isset($_SESSION["login"])){
session_destroy();
header('location:login.php');
}
else{
echo "Welcome".$_SESSION["uname"]."<br/>"."your password is".$_SESSION["passwd"];
}
?>
<html>
<body>
<form action="" method="post">
Logout
</form>
</body>
</html>
please
tell me why it is not working??
Add name attribute in your password element. Because of this, it cannot fetch from $_POST array and your condition will always fail.
Try this,
<label>Password</label><input type="password" name="password" value="<?php echo $_post["password"]; ?>" />
First thing $_post must be up letter case like this $_POST then you forgot to specify name="password" to password input field
take a look
<?php
session_start();
error_reporting(E_ALL ^ E_NOTICE);
?>
<?php
if($_REQUEST["logout"]=='yes'){
unset($_SESSION["login"]);
}
?>
<html>
<body>
<form action="" method="post">
<label>Username</label><input type="text" name="unametxt" value="<?php echo $_POST["unametxt"]; ?>" />
<label>Password</label><input type="password" name="password" value="<?php echo $_POST["password"]; ?>" />
<input type="submit" name="sbt" value="Login">
</form>
<?php
if(isset($_POST["sbt"]))
{
echo $_POST["password"];
if($_POST["unametxt"] == "debarun" and $_POST["password"] == "1234")
{
$_SESSION["login"]="yes";
$_SESSION["uname"]=$_POST["unametxt"];
$_SESSION["passwd"]=$_POST["password"];
header('location:home.php');
}
else
{
echo "Please enter correct credentials";
}
}
?>
</body>
</html>
Put all those validation code at the top. Nothing should be sent to the browser before redirecting. Not even an empty line.
Also, make the L in location capital
header("Location: home.php");
I've got an if statement to check if a variable within the $_SESSION is active and set, and if it is then a message is returned to the user. Here's my header.php:
<?php
$conn = HIDDEN;
session_start();
$username = '';
$_SESSION['username'] = $username;
?>
<header>
<!DOCTYPE html>
<link rel="stylesheet" type="text/css" href="style/main.css">
<title>webshop</title>
</header>
<div id="LogIn">
<?php
if (isset($_SESSION['username']))
{
echo "its working";
} else {
?><form class="form1" method="post" action="" id="form1">
<fieldset>
<ul>
<p>Please enter your username to continue to the webshop.</p>
<label for="name">User Name:</label><span><input type="text" name="username" placeholder="User Name" class="required" role="input" aria-required="true"/></span>
<input class="submit .transparentButton" value="Next" type="submit" name="Submit"/>
</ul>
<br/>
</fieldset>
</form>
<?php } ?>
</div>
<?php
if (isset($_POST['Submit'])) {
$_SESSION['username'] = $_POST['username'];
}
?>
<?php
if (isset($_POST['Submit'])) {
$_SESSION['username'] = $_POST['username'];
// Use the following code to print out the variables.
echo 'Session: '.$_SESSION['username'];
echo '<br>';
echo 'POST: '.$_POST['username'];
}
?>
The first time running, or before the user logs out (to be implemented later), the site should prompt for a username to be entered and then upon refreshing the page the welcome message should be display.
As of right now the code simply returns "it's working" despite no variable in $username existing. The code:
<?php
if (isset($_POST['Submit'])) {
$_SESSION['username'] = $_POST['username'];
// Use the following code to print out the variables.
echo 'Session: '.$_SESSION['username'];
echo '<br>';
echo 'POST: '.$_POST['username'];
}
?>
should print out the variable underneath the welcome message, or nothing at all if it's empty. As of right now, the welcome message "it's working" is displayed always but no variables are in $username. Can anyone tell me why?
Thanks in advance.
$_SESSION['username'] is SET/NULL but is EMPTY you should try !empty() instead if isset(). See below.
<?php
if (!empty($_SESSION['username']))
{
echo "its working";
} else {
?><form class="form1" method="post" action="" id="form1">
<fieldset>
<ul>
<p>Please enter your username to continue to the webshop.</p>
<label for="name">User Name:</label><span><input type="text" name="username" placeholder="User Name" class="required" role="input" aria-required="true"/></span>
<input class="submit .transparentButton" value="Next" type="submit" name="Submit"/>
</ul>
<br/>
</fieldset>
</form>
<?php } ?>
EDIT 2
As to the comment.
IF statement needed to tell if there was a submit if there was don't display the form else display the form. See below Code
<?php
$conn = ""; //HIDDEN kept throwing error whilst I was testing
session_start();
$username = '';
$_SESSION['username'] = $username;
?>
<header>
<!DOCTYPE html>
<link rel="stylesheet" type="text/css" href="style/main.css">
<title>webshop</title>
</header>
<div id="LogIn">
<?php
if (isset($_POST['Submit'])) {
$_SESSION['username'] = $_POST['username'];
$_SESSION['username'] = $_POST['username'];
// Use the following code to print out the variables.
echo 'Session: '.$_SESSION['username'];
echo '<br>';
echo 'POST: '.$_POST['username'];
} else {
if (!empty($_SESSION['username']))
{
echo "its working";
} else {
?><form class="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']?>" id="form1">
<fieldset>
<ul>
<p>Please enter your username to continue to the webshop.</p>
<label for="name">User Name:</label><span><input type="text" name="username" placeholder="User Name" class="required" role="input" aria-required="true"/></span>
<input class="submit transparentButton" value="Next" type="submit" name="Submit"/> //removed css selector .
</ul>
<br/>
</fieldset>
</form>
<?php } } ?>
</div>
The isset() checks only whether the variable is set or not and it returns true since it is initialized to null string. Here you have to use !empty().
if (isset($_SESSION['username']) && !empty($_SESSION['username'])) {
}
Just a quick solution is to change
if (isset($_SESSION['username']))
to
if (strlen($_SESSION['username']) > 0)
That will work. Im guessing it because technically u did set username so it isset but if u check the length u know its not empty
Index.php Page
I am a beginner.
This is index page in which i print a name of user who is logged in and i want to update the username whenever a user edit his detail i try to update it,it's updating the username but when i edit detail then i have log out first then login again then the name will update.I want to update the name instantly when a user edit his detail and redirect to index page just like facebook do.
i almost spend a week for solving this problem.Please give me code if anything needs to with ajax.
Thank you
<?php
session_start();
require_once("inc/connection.php");
if (empty($_SESSION['usersession'])) {
header("Location: login.php");
}
if (isset($_SESSION['msg'])) {
echo $_SESSION['msg'];
unset($_SESSION['msg']);
}
?>
<!DOCTYPE html>
<html>
<head>
<title>WELCOME TO USER AREA</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body>
<div id="main">
<nav id="nav">
<div class="logout">
WELCOME <?php echo $_SESSION['usersession']['name']; ?> // echo name of user
Log out
</div>
<ul>
<li>Home</li>
<li>Register</li>
<li>Edit</li>
<li>Delete(not recommended)</li>
</ul>
</nav>
<div class="para">
some text
</div>
</div>
</body>
</html>
Edit.php
This is edit.php code
<?php
session_start();
if (empty($_SESSION['usersession'])) {
header("Location: login.php");
}
if (isset($_SESSION['msg'])) {
echo $_SESSION['msg'];
unset($_SESSION['msg']);
}
?>
<!DOCTYPE html>
<html>
<head>
<title>REGISTER HERE</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body>
<div id="reg2">
<?php
if (isset($_POST['btn'])) {
$name = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
$id = $_SESSION['usersession']['id'];
if (!empty($name && $email && $password)) {
if (!empty($password)) {
$password = sha1($password);
require_once("inc/connection.php");
$query = mysqli_query($conn, "UPDATE register SET name='$name',email='$email',password='$password' WHERE id='$id'");
if ($query) {
header("Location: index.php");
} else {
echo "not updated right now please try again later";
}
$_SESSION['msg'] = "Your detail has been updated successfully";
}
} else {
echo "please put your updated password";
}
}
?>
</div>
<div id="form">
<form method="post" action="edit.php">
<label>NAME</label><p>
<input class="int" type="text" class="nm" name="name" placeholder="Please Enter Your Name Here" value="<?php echo $_SESSION['usersession']['name']; ?>" /><p>
<label>EMAIL</label><p>
<input class="int" type="email" class="em" name="email" placeholder="Please Enter Your Email Here" value="<?php echo $_SESSION['usersession']['email']; ?>" /><p>
<label>PASSWORD</label><p>
<input class="int" type="password" name="password" placeholder="Please Enter Your new Password Here" />
<p></p>
<input type="hidden" name="id[]" value="<?php echo $_SESSION['usersession']['id']; ?>"/>
<input type="submit" name="btn" id="btu" value="Update">
</form>
</div>
</body>
</html>
When updating your Database you didnt change the value in your $_SESSION.
You have to do that manually.
// Add that under $_SESSION['msg'] = '....'
$_SESSION['usersession']['username'] = $name; // Same with email and password
Note that your code is vulnerable to mysql-injection. You should mysql_real_escape_string to avoid that.
Furthermore you display your message before even outputting your <!DOCUMENT html>. Please dont do that. Instead echo the message somewhere in your html!