I have a login table containing Name, Username and Password. When user logins with username and password, I want to display the name of the user instead of the username. I want to display user's name in the next page as Welcome NAME instead of Welcome USERNAME.
Here is the HTML:
<form class="form-basic" method="post" action="login.php">
<div class="form-row">
<label>
<span>Username</span>
<input type="text" name="username" id="username" >
</label>
</div>
<div class="form-row">
<label>
<span>Password</span>
<input type="password" name="password" id="password" >
</label>
</div>
<div class="form-row">
<button type="submit" name="submit" id="submit"/>SUBMIT</button>
</div>
</form>
PHP code:
<?php
// your values are stored in cookies, then you can login without validate
include_once 'db.php';
// login validation in php
if (isset($_POST['submit'])) {
$name = $_POST['name'];
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = $_POST['password'];
$query = mysql_query("select name,username,password from reglogin where username='".$username."' AND password='".$password."'");
$numrows = mysql_num_rows($query);
if ($numrows != 0) {
while ($row=mysql_fetch_assoc($query)) {
$dbname=$row['username'];
$dbpassword=$row['password'];
}
if($username == $dbname && $password == $dbpassword)
{
$_SESSION['sess_user']=$name;
echo "<script>window.open('registration1.php','_self')</script>";
}
}
else {
echo "<script>alert('Invalid! Username or Password')</script>";
}
}
?>
you have input
<input type="text" name="username" id="username" >
In php side you are accessing
$name=$_POST['name'];
you have to change above line to
$name=$_POST['username'];
or you have to update
$_SESSION['sess_user']=$name;
to
$_SESSION['sess_user']=$row['username'];
Updated
As you need name so you can set name to session
$_SESSION['sess_user']=$row['name'];
You can replace your code with this one:
Your errors:
In the line number 8 you have an Undefined Index called name.
You are using that in value for $_SESSION which you can get from
database while fetching the username and password.
Review your query what you are selecting and what you fetched.
Changes I have made:
check line number 8.
check line number 20
Hope this will help you.
// your values are stored in cookies, then you can login without validate
include_once 'db.php';
// login validation in php
if (isset($_POST['submit'])) {
// $name = $_POST['name']; // this is not posted
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = $_POST['password'];
$query = mysql_query("select name,username,password from reglogin where username='".$username."' AND password='".$password."'");
$numrows = mysql_num_rows($query);
if ($numrows != 0) {
while ($row=mysql_fetch_assoc($query)) {
$dbname=$row['username'];
$dbpassword=$row['password'];
$name =$row['name'];
}
if($username == $dbname && $password == $dbpassword)
{
$_SESSION['sess_user']=$name;
echo "<script>window.open('registration1.php','_self')</script>";
}
}
else {
echo "<script>alert('Invalid! Username or Password')</script>";
}
}
?>
Related
I'm trying to make is a small login form. The user has to type in the username and the password and if the username and password matches the username and password in the database, it should proceed to the home page.
What I have so far:
<html>
<body>
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$tUsers_Select = "SELECT ID, username, password FROM users WHERE username = ".$username;
$tUsers_Select_Query = mysqli_query($dbConnect, $tUsers_Select);
$row = mysqli_fetch_array($tUsers_Select_Query);
$ID = $row['ID'];
$dbusername = $row['username'];
$dbpassword = $row['password'];
$dbSecurePassword = md5($dbpassword);
if(isset($username) AND isset($password)) {
if ($username == $dbusername AND $password == $dbpassword) {
echo "Username and password match.";
} else {
echo "Username and password do not match.";
}
} else {
echo "Username and password are not set";
}
?>
<form action="index.php" method="post">
<label for="username">Username</label>
<input type="text" name="username"><br />
<label for="password">Password</label>
<input type="password" name="password"><br /><br />
<button type="submit" name="submit">Login</button>
</form>
</body>
Errors I'm getting:
If you need any more details, please comment.
Username and password aren't set the first time you load the page.
Change the username/password assignment to use this syntax:
$username = isset($_POST['username']) ? $_POST['username'] : false;
$password = isset($_POST['password']) ? $_POST['password'] : false;
Then:
if (!$username or !$password) {
//don't run the rest of the PHP login code because nothing was provided
}
My script doesn't saves the value into a $_SESSION, how is that possible?
Whenever my users login, i try to place their username into a session.
My only problem is when i use var_dump($_SESSION['user_name']); to debug and reveal the current value on the end page, i just keep receiving NULL.
Could someone help me out?
Here is my code:
<? php
include_once('../db/config.php');
session_start();
$error = '';
if (isset($_POST['submit'])) {
if (empty($_POST['isamp_username']) || empty($_POST['isamp_password'])) {
$error = "Username or Password is invalid!";
} else {
$isamp = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
$username = stripslashes($username);
$password = stripslashes($password);
$username = $isamp - > real_escape_string($username);
$password = $isamp - > real_escape_string($password);
$username = $_POST['isamp_username'];
$nopassword = $_POST['isamp_password'];
$password_hash = hash('whirlpool', $nopassword);
$password = strtoupper($password_hash); // <- Also for the Register!
$sql = "select * from users where password='$password' AND username='$username'";
$result = $isamp - > query($sql) or trigger_error($isamp - > error." [$sql]"); /* i have added the suggestion from MY Common Sence */
if ($result - > num_rows == 1) {
$_SESSION['user_name'] = $username;
header("Location: ../../index.php");
} else {
$error = "Username or Password is invalid!";
}
$isamp - > close();
}
} ?>
My HTML:
<?php
include('login.php');
?>
<h2>iSAMP</h2>
<hr/>
<form action="" method="post">
<label>Username :</label>
<input type="text" name="isamp_username" id="name" placeholder="Username"/><br /><br />
<label>Password :</label>
<input type="password" name="isamp_password" id="isamp_password" placeholder="*******"/><br/><br />
<input type="submit" value=" Login " name="submit"/><br />
<span><?php echo $error; ?></span>
</form>
In your first php script, move the session_start() above the include statement.
In your html file, add session_start(); above the include statement.
I have a form named login that when is submitted sends the fields username and password to a MySQL database to check if they match. I want to echo an error when they don't match.
Here is the PHP code that goes above the form:
if (!isset($_POST['login'])) {
mysql_connect (...);
mysql_select_db (...);
$username = $_POST['username'];
$password = $_POST['password'];
$location = $_POST['location'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM members WHERE username='$username' and password='$password'";
$result = mysql_query($sql);
if (mysql_num_rows($result) == 1) {
session_register("username");
session_register("password");
header("Location: $location");
}
else {
echo "Wrong username or password.";
}
mysql_close();
}
And the form:
<form name="login" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input name="location" type="hidden" value="<?php echo $_GET['location']; ?>"/>
<input name="username" type="text" value="Username" onclick="this.value=''"/>
<input name="password" type="text" value="Password" onfocus="this.value='';this.type='password'"/>
<input name="submit" type="submit" value="Login"/>
</form>
If I submit the form with the correct username and password the code works normally.
The problem is that the error message is always present, even before the form is submitted. Any ideas?
change first line to :
if (isset($_POST['username'])) {
if (!isset($_POST['login']))
remove the exclamation mark. So if (isset($_POST['login']))
$_POST['login'] is most likely not set in your script. The aforementioned solution will fix your first bug. Yet, you will not be able to login if $_POST['login'] is not set.
I suggest you check for the post variables that you will use in your script:
if(isset($_POST['username']) && isset($_POST['password']) && isset($_POST['location'])) {
// your code
}
I have a login form (HTML -> PHP). I enter the correct details, it then reloads the page and i have to enter the details again. I press submit and then it does it again. On the third time (sometimes the second I think) it actually logs me in.
Any help would be greatly appreciated.
Here is the forms HTML:
<!-- Login Form -->
<form method="post" id="login-form-splash">
<input type="text" class="text" name="username" onfocus="if(this.value == 'Username') { this.value = ''; }" value="Username" />
<input type="password" name="password" class="password" onfocus="if(this.value == 'Password') { this.value = ''; }" value="Password" />
<input type="submit" name="submit" value="Login" class="submit" />
<br />
<span>Lost Password?</span>
<br />
No account yet? Register.<br />
</form>
And here is the PHP actually doing the login:
<?php
//Check if login form was submitted.
if(isset($_POST['submit']))
{
//include important settings and functions.
include($_SERVER['DOCUMENT_ROOT'] . '/includes/config.php');
//Check if both fields were completed.
if($_POST['username'] == '' || $_POST['password'] == '')
{
//Tell them whats wrong.
echo "<script language=\"javascript\">alert('You need to complete both fields.');</script>";
} else
{
//The completed both fields.
//Localise vars.
$username = $_POST['username'];
$password = $_POST['password'];
//Protect against SQL Injection using mysql_prep function. [mysql_prep can be found in ./includes/functions.php]
mysql_prep($username);
mysql_prep($password);
//MD5 Hash the password to check against hashed password in DB.
$password = md5($password);
//Connect to MySQL Database.
include($_SERVER['DOCUMENT_ROOT'] . '/includes/connect.php');
//If connection exists
if(isset($mysql_connection))
{
//Run MySQL Query on DB.
$sql = "SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
$result = mysql_query($sql, $mysql_connection) or die('Cannot Execute:'. mysql_error());
//Check if there is a match. There can only be one.
if(mysql_num_rows($result) == 1)
{
//Create session variables and set values within them.
$_SESSION['username'] = $username;
//Redirect to Members page.
header('Location: members.php');
} else
{
//Username and Password are not correct, or the account doesn't exist.
echo "<script language=\"javascript\">alert('Please check that you have entered the details correctly.');</script>";
}
} else
{
//Database error.
echo "<script language=\"javascript\">alert('There was a database error. Please try again or contact a technician at errors#eatgamesleep.com');</script>";
}
}
}
?>
Maybe you should replace
if(isset($mysql_connection)) {
to just
if($mysql_connection){
Hello I am having some issue here i created a script to update users account details but when the form is filled in and submit button clicked no errors come up but at the same time no changes are made in the table
THIS IS ONLY A DUMMY APPLICATION SO EVERYTHING IS KEEP BASIC
<?php
session_start();
include('connect_mysql.php');
if(isset($_POST['update']))
{
$usernameNew = stripslashes(mysql_real_escape_string($_POST["username"]));
$passwordNew = stripslashes(mysql_real_escape_string($_POST["password"]));
$first_nameNew = stripslashes(mysql_real_escape_string($_POST["first_name"]));
$last_nameNew = stripslashes(mysql_real_escape_string($_POST["last_name"]));
$emailNew = stripslashes(mysql_real_escape_string($_POST["email"]));
$user_id = $_SESSION['user_id'];
$editQuery = mysql_query("UPDATE users SET username='$usernameNew', password='$passwordNew', first_name='$first_nameNew', last_name='$last_nameNew' , email='$emailNew' WHERE user_id='$user_id'");
if(!$editQuery)
{
echo mysql_error($editQuery);
die($editQuery);
}
}
?>
<html>
<head>
<title>Edit Account</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<header><h1>E-Shop</h1></header>
<article>
<h1>Welcome</h1>
<h1>Edit Account</h1>
<div id="login">
<ul id="login">
<form method="post" name="editAccount" action="userEditAccount.php" >
<fieldset>
<legend>Fill in the form</legend>
<label>Select Username : <input type="text" name="username" /></label>
<label>Password : <input type="password" name="password" /></label>
<label>Enter First Name : <input type="text" name="first_name" /></label>
<label>Enter Last Name : <input type="text" name="last_name" /></label>
<label>Enter E-mail Address: <input type="text" name="email" /></label>
</fieldset>
<br />
<input type="submit" value="Edit Account" class="button">
<input type="hidden" name="update" value="update">
</form>
</div>
<form action="userhome.php" method="post">
<div id="login">
<ul id="login">
<li>
<input type="submit" value="back" onclick="index.php" class="button">
</li>
</ul>
</div>
</article>
<aside>
</aside>
<div id="footer">Text</div>
</div>
</body>
</html>
SOrry for some reason the I forgotten to copy this part faceslap
login.php:
<?php
session_start();
require('connect_mysql.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
$numrow = mysql_num_rows($query);
if($username && $password){
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow !=0){
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username == $dbusername && $password == $dbpassword ){
$_SESSION['user_id'] = $user_id;
header("Location: userhome.php");
}
else{
echo "Incorect password";
}
}
else{
die("This user dosent exists");
}
}
else{
$reg = die("Please enter username and password");
}
}
?>
You haven't called session_start() at the beginning of the file, so $username will be an empty string, and the update command will only update rows where the username is an empty string.
Edit: In fact, that code won't even be run, because you haven't called session_start(), isset($_SESSION['update']) will evaluate to false.
Did you mean to write $_SESSION['update']? Shouldn't that be $_POST['update']?
Last but not least, personally I would replace this:
<input name="update" type="submit" submit="submit" value="Edit Account" class="button">
with this:
<input type="submit" value="Edit Account" class="button">
<input type="hidden" name="update" value="update">
At least for clarity. I don't know if it's still the case, but in time gone by not all browsers submitted the name/value of the submit button.
Sir from the code given above i think you have error in your login.php
$_SESSION['user_id'] = $user_id;
You are not assigning value to $user_id that why it is setting blank value to $_SESSION['user_id'].
<?php
session_start();
require('connect_mysql.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
$numrow = mysql_num_rows($query);
if($username && $password){
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow !=0){
$user_id = 0;
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
$user_id = $row['user_id'];
}
if($username == $dbusername && $password == $dbpassword ){
$_SESSION['user_id'] = $user_id;
header("Location: userhome.php");
}
else{
echo "Incorect password";
}
}
else{
die("This user dosent exists");
}
}
else{
$reg = die("Please enter username and password");
}
}
?>