How to add user on a mysql server via php code? - php

I've created simple code that has to add user on mysql through PHP, but it doesn't. Here is the code.
<form action='' method='post'>
Login: <input type='text' name='login' /> <br/>
Pass: <input type='pass' name='pass' /> <br/>
<input type='submit'>
</form>
<?php
$c=mysql_connect('localhost','test','test');
$login=$_POST['login'];
$pass=$_POST['pass'];
$t="CREATE USER '".$login."'#'localhost' IDENTIFIED BY PASSWORD '".$pass."';";
if($login!=NULL){
if($q=mysql_query($t,$c))
{
echo "CREATED!";
}else{
die('ERROR: ' . mysql_error());
}
}
?>
Error: Password hash should be a 41-digit hexadecimal number
Whats wrong with it?


Take out the word PASSWORD. By using that keyword, it suggests you're providing the hash. dev.mysql.com/doc/refman/5.5/en/create-user.html
You want this:
$t="CREATE USER '".$login."'#'localhost' IDENTIFIED BY '".$pass."';";


Try this :
<?php
$host="localhost";
$user="root";
$password="";
$con = mysqli_connect("localhost","root","","mydb");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>
<!DOCTYPE html>
<head>
<title>MyExample</title>
<meta charset="UTF-8"/>
</head>
<body>
<h1>Create user in MySQL by FORM</h1>
<form action="<?php $_SERVER['PHP_SELF']?>" method="POST">
<label for="username">Username</label>
<input type="text" id="username" name="username" />
<label for="password">Password</label>
<input type="password" id="password" name="password"/>
<button type="submit" name="send">Send</button>
</form>
</body>
</html>
<?php
if (isset($_POST['send'])) {
$username = $_POST['username'];
$password = $_POST['password'];
mysqli_query($con,"CREATE USER '".$username."'#'".$host."' IDENTIFIED BY '".$password."'");
mysqli_close($con);
}
?>

Related

Form within PHP not showing up on page

I have a form that I am trying to use to reset passwords. I can get it to send the email out and I can click the link, but when I click the link all I get is the header. My form is not showing. I am extremely new to all of this. Any help will be much appreciated. I did search through some other posts, but none of them seemed to get me any closer to the right answer. Everything seems to work as it should, I just can't get my form to display so that I can enter the information.
<!DOCTYPE html>
<html lang="en">
<head>
<title>Reset Password Form</title>
</head>
<body>
<div class="container"><h2>Reset New Password Here</h2>
<?php
if($_GET['email'] && $_GET['token']) {
$conn = mysqli_connect("localhost", "root", "", "user");
// Check connection
if($conn === false){
die("ERROR: Could not connect. "
. mysqli_connect_error());
}
$email = $_GET['email'];
$token = $_GET['token'];
$query = mysqli_query("SELECT * FROM `customers` WHERE `reset_link_token`='".$token."' and `emailaddress`='".$email."';");
$current_date = date("Y-m-d H:i:s");
if (mysqli_num_rows($query) > 0) {
$row = mysqli_fetch_array($query);
if($row['expiry_date'] <= $current_date) { ?>
<form action="update-password.php" method="post">
<input name="email" type="hidden" value="<?php echo $email; ?>" />
<input name="reset_link_token" type="hidden" value="<?php echo $token; ?>" />
<div class="form-group"><label for="new-password">Password</label>
<input id="new-password" name="password" type="password" /></div>
<div class="form-group"><label for="confirm-password">Confirm Password</label>
<input id="confirm-password" name="confirm_password" type="password" /></div>
<input class="submit-btn" name="submit" type="submit" />
</form>
<?php }
} else {
echo "This forget password link has been expired";
}
}
?>
</div>
</body>
</html>

Login System not fully working - Wrong string outputs

So I have a Login and a Create account form. The create account system works perfectly, sending all the information to mySQL database.
Now, I have written a 'login_user.php' script, which connects to the database, fetches the values of a registered user, and outputs the correct message according to correct or incorrect user input. It looks like the operation runs through the whole code and outputs the last message 'Invalid username or password' every single time, even when there is no input, or wrong username/passwords entered. Below I will provide all of my login form php code. Can you spot any mistakes? Please let me know if you would like a reference to a specific part of the html code.
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if ($username && $password) {
$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
$query = mysql_query("SELECT * FROM Client_Information WHERE username='$username'");
$numrows = mysql_num_rows($query);
if($numrows != 0){
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username==$dbusername){
if($password==$dbpassword){
echo "You are logged in.";
}else{
echo "Invalid password.";
}
}else{
echo "Invalid username.";
}
}else{
echo "This name does not exist.";
}
}else{
echo "Invalid username or password.";
}
?>
HTML CODE:
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="X-UA-Compatible" content="chrome=1,IE=edge" />
<title>LOGIN</title>
<link href='http://fonts.googleapis.com/css?family=Montserrat:400,700' rel='stylesheet' type='text/css'>
</head>
<body>
<div class="logo"></div>
<div class="login-block">
<h1>Log In</h1>
<form action="login_check.php" method="post">
<input type="text" value="" placeholder="Username" id="username" name="username" />
<input type="password" value="" placeholder="Password" id="password" name="password" />
<button>Log In</button>
Sign Up for New Account?
</form>
</div>
</div>
</body>
</html>

When using $_POST for PHP, you have to reference the input's name attribute, not its id attribute.
<input type="text" value="" placeholder="Username" id="name" name="name" />
<input type="password" value="" placeholder="Password" id="password" name="password" />

Posting form input value to the same page to build SQL connect string

I am trying to make a form's input value the trigger for a database connection; can anyone tell me what I am doing wrong please?
I thought I could post the value and on the page load after submission use the posted value as a variable to complete my connect string.
Code:
<form name="form" action="Test.php" method="post">
<B>Please Enter Password</B> <input type='password' name='test-' id ='password123';/>
<button id='test'>Submit Year</button>
</form>
<?php
$password= $_POST['password123'];
$conn = #mysql_connect('localhost','root','$password');
if (!$conn) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db('ct', $conn);
?>

Try this
<?php
if ($_POST['do'] == 'something') {
$conn = mysql_connect('localhost','root','$password') or die(mysql_error());
mysql_select_db('ct', $conn);
//Uncomment the below to prevent refresh spam
//header("Location: {$_SERVER['REQUEST_URI']}");
//die();
}
?>
<form name="form" action="?process" method="POST">
<input type='hidden' name='do' value='something'/>
<strong>Please Enter Password</strong>
<input type='password' name='test-' id ='password123'/>
<button id='test'>Submit Year</button>
</form>
Consider using MySQLi also.

try this
<form name="form" action="<?php $_SERVER['PHP_SELF']?>" method="post">
<B>Please Enter Password</B> <input type='password' name='test-' id ='password123';/>
<button id='test' name="submit">Submit Year</button>
</form>
<?php
if(isset($_POST['submit'])) {
$password= $_POST['test-'];
$conn = #mysql_connect('localhost','root','$password');
if (!$conn) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db('ct', $conn);
}
?>

$data=mysqli_fetch_array($result) not working

I was trying to make a login page in php connected with database of mysql.. below is the html code of the page for login where values are entered and then directed to a second page of php where they are checked..
<html>
<head>
<title>Library Login</title>
<link rel="stylesheet" type="text/css" href="css/reset.css">
<link rel="stylesheet" type="text/css" href="css/structure.css">
</head>
<body>
<form class="box login" method="GET" action="http://localhost/redirect.php">
<label align="center"><font size="6" color="grey">Library System</font></label>
<fieldset class="boxBody">
<label>Username</label>
<input type="text" placeholder="Username" required name="username">
<label><a href="#" class="rLink" tabindex="5" ></a>Password</label>
<input type="password" placeholder="Password" required name="password">
<input type="submit" class="btnLogin" value="Login" name="login">
<input type="reset" class="btnLogin" value="Reset" name="reset" >
<label>
</form>
</html>
</div>
And below is the code for second page where only else condition is executed whatever entry is input... I am new to Php and Mysql... Please help me out...
<?php
$con=mysqli_connect("localhost","root","","project");
if(mysqli_connect_errno())
{
echo "failed".mysqli_connect_errno();
}
$uid=$_GET['username'];
$pass=$_GET['password'];
$sql="SELECT *FROM login";
$result=mysqli_query($con,$sql);
while($data=mysqli_fetch_array($result))
{
if($uid==$data['user'] and $pass==$data['pass'])
{
header('location:http://localhost/error/index.html');
}
else
{
header('location:http://localhost/mam.html');
}
}
mysqli_close($con);
?>

OK, as you are dealing with authentication, let's improve your code a little.
<?php
// Do not connect using root, especially when not setting a password:
$con=mysqli_connect("localhost","projectuser","password","project");
if(mysqli_connect_errno())
{
echo "failed".mysqli_connect_errno();
}
$uid = $_GET['username'];
$pass = $_GET['password'];
// This is the main problem, there was a typo:
$sql = "SELECT * FROM login";
// Directly ask the DB if the credentials are correct.
// Then you do not need the loop below.
// BUT: Do not forget to escape the data in this case!
$sql .= " WHERE uid = '" . mysqli_real_escape_string($uid) . "' AND pass = '" . mysqli_real_escape_string($pass) . "'";
$result=mysqli_query($con,$sql);
if ($result->num_rows === 1) {
header('location:http://localhost/mam.html');
} else {
header('location:http://localhost/error/index.html');
}
mysqli_close($con);
?>
A further improvement would be to hash (and salt) the password in the database.
Also, as VMai pointed out, the use of prepared statements would be appropriate.

Log in page form returning empty string to php script

I am creating and application with PHP and MySQL.
I have created two pages. Index.php and login.php (which holds the script for the user log in)
Every time I enter a user that is on the database to log in, it does return that there was no text entered.
I am new at this and I will really appreciate some help.
Here is my code.
Thanks in advance
index.php
<html>
<head>
<meta charset="UTF-8">
<title>Pet Service Catalogue</title>
</head>
<body>
<h1 style="text-align:center;"><img src="cat's paw.jpg" width="150" height="150" alt="cat's paw"/> Welcome to Pet Service Catalogue</h1>
<p style="text-align:center;">Please enter your Log in Details:</p>
<form style ="text-align:center;" name="LogIN" action="log_in.php" method="POST" enctype="multipart/form-data">
<p style="text-align:center;"> Email: <input type="text" name="user_email" value=""/></p>
<p style="text-align:center;"> Password: <input type="password" name="user_password" value="" /></p>
<input type="submit" value="Log In" name="LogIN" />
</form>
<form style="text-align:center;" name="registerprovider" action="registerprovider.php">
<p style="text-align:center;">Not Registered?:</p>
<input type="submit" value="Register Service Provider" name="Register Service Provider" />
</form>
<form style="text-align:center;" name="registerowner" action="registerowner.php">
<input type="submit" value="Register Pet Owner" name="Registerownerbutton" />
</form>
</body>
</html>
login.php
<html>
<head>
<meta charset="UTF-8">
<title></title>
</head>
<body>
<?php
// Create connection
$con = mysqli_connect('localhost', 'root', 'root', 'PetServiceCatalogue') or die("Failed to connect to database:" . mysqli_error($con));
//Get user details and put them on varaiables
$user_email = mysqli_real_escape_string($_POST['user_email']);
$user_password = mysqli_real_escape_string($POST['user_password']);
if (!empty($user_email) && !empty($user_password))
{
//look up for user details on the database
$query = "SELECT * FROM owner, provider WHERE email = '$user_email' AND password = SHA('$user_password') ";
$data = mysqli_query($con, $query);
$result = mysqli_num_rows($data);
printf("Number of rows %d \n", $result);
if ($result == 1) {
//The log in has found the user
$row = mysqli_fetch_array($data);
$user_email = $row('email');
$user_password = $row('password');
header("location: ownerhomepage.php");
} else {
//the user name or password are incorrect
echo "Wrong user email and password";
}
}
else
{
echo ' You must enter the user email and user password';
?>
<form name="back to index" action="index.php">
<input type="submit" value="Back to Log in page" name="Back to Log in page" /> </form>
<?php
}
mysqli_close($con);
?>
</body>
</html>

You have the action: action="log_in.php"but you've written its name is login.php
EDIT
Maybe you should try this as the first if statement:
if (trim($user_email)!="" && $user_password!=""){
//YOUR CODE
}

Categories