My PHP page is unable to pick values from HTML form. It's sending blank strings to database. Here is my HTML and PHP code. Please find error. I am new to PHP, unable to solve the problem.
my html page:
<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>LOGIN</title>
<link rel="stylesheet" href="css/reset.css">
<link rel='stylesheet prefetch' href='http://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900|RobotoDraft:400,100,300,500,700,900'>
<link rel='stylesheet prefetch' href='http://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css'>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<!-- Mixins-->
<!-- Pen Title-->
<div class="pen-title">
<h1>SYNCHPHONY</h1>
</div>
<div class="rerun">Rerun Pen</div>
<div class="container">
<div class="card"></div>
<div class="card">
<h1 class="title">Login</h1>
<form name="login" action="login.php" method="POST">
<div class="input-container">
<input type="text" id="loginid" required="required"/>
<label for="loginid">Login ID</label>
<div class="bar"></div>
</div>
<div class="input-container">
<input type="password" id="password" required="required"/>
<label for="password">Password</label>
<div class="bar"></div>
</div>
<div class="button-container">
<button><span>Go</span></button>
</div>
</form>
</div>
<div class="card alt">
<div class="toggle"></div>
<h1 class="title">Register
<div class="close"></div>
</h1>
<form name="register" action="register.php" method="POST">
<div class="input-container">
<input type="text" id="loginid" required="loginid"/>
<label for="loginid">Login ID</label>
<div class="bar"></div>
</div>
<div class="input-container">
<input type="password" id="password" required="required"/>
<label for="password">Password</label>
<div class="bar"></div>
</div>
<div class="button-container">
<button value'submitb'><span>Next</span></button>
</div>
</form>
</div>
</div>
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script src="js/index.js"></script>
</body>
</html>
my php page:
**strong text** <?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "syncphony";
$loginid="";
$password="";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST['loginid'])){ $loginid = $_POST['loginid']; }
if(isset($_POST['password'])){ $password = $_POST['password']; }
// Escape user inputs for security
$loginid = mysqli_real_escape_string($conn,$loginid);
$password = mysqli_real_escape_string($conn,$password);
// attempt insert query execution
$sql = "INSERT INTO users (loginid, password ) VALUES ('$loginid', '$password')";
if(mysqli_query($conn, $sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($conn);
}
// close connection
mysqli_close($conn);
?>
The inputs inside your form tag do not have names. Try this for login:
<input type="text" id="loginid" required="required" name="loginid"/>
and this for password:
<input type="password" id="password" required="required" name="password"/>
It would be nice if you would protect your users against XSS attacks and to use encryption when you store a password. Also, you should structure your code and make sure your HTML is valid.
Related
I want to insert the values in two different tables based on the if and else condition. But i am getting error of else statement when used second time. All the page goes blank if i use else{?> before html elements. Please help me out.
I have used if and else in different ways and i also used condition with these statements
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/js/bootstrap.min.js"></script>
<title>GlobalWorkOnline Registration</title>
<link rel="stylesheet" href="css/style.css" />
</head>
<body>
<?php
require('db.php');
// If form submitted, insert values into the database.
if($_GET['viewregistrationid']!="") {
if (isset($_REQUEST['submit'])){
$username = stripslashes($_REQUEST['username']); // removes backslashes
$username = mysqli_real_escape_string($con,$username); //escapes special characters in a string
$name = stripslashes($_REQUEST['name']);
$name = mysqli_real_escape_string($con,$name);
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($con,$password);
$trn_date = date("Y-m-d H:i:s");
$query = "INSERT into `freelancer_details` (username, password, fullname, trn_date) VALUES ('$username', '".md5($password)."', '$name', '$trn_date')";
$result = mysqli_query($con,$query);
if($result){
echo "<div class='form text-center'><h3>You are registered successfully.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
}
}
}
elseif {
if (isset($_REQUEST['submit'])){
# code...
$username = stripslashes($_REQUEST['username']); // removes backslashes
$username = mysqli_real_escape_string($con,$username); //escapes special characters in a string
$name = stripslashes($_REQUEST['name']);
$name = mysqli_real_escape_string($con,$name);
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($con,$password);
$trn_date = date("Y-m-d H:i:s");
$query = "INSERT into `employer_details` (username, password, fullname, trn_date) VALUES ('$username', '".md5($password)."', '$name', '$trn_date')";
$result = mysqli_query($con,$query);
if($result){
echo "<div class='form text-center'><h3>You are registered successfully.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
}
}
}
else {?>
<div class="container">
<h1 class="text-center head">GlobalWorkOnline Registration Form</h1>
<div class="col-sm-offset-3 col-sm-6 rform">
<form class="form-horizontal" name="registration" action="" method="post">
<div class="form-group content">
<label class="control-label col-sm-3" for="name">Full Name :</label>
<div class="col-sm-offset-0 col-sm-9">
<input type="text" class="form-control" name="name" placeholder="Full Name" required>
</div>
</div>
<div class="form-group content">
<label class="control-label col-sm-3" for="uname">Username :</label>
<div class="col-sm-offset-0 col-sm-9">
<input type="text" class="form-control" name="username" placeholder="Enter Username" required>
</div>
</div>
<div class="form-group content">
<label class="control-label col-sm-3" for="pwd">Password :</label>
<div class="col-sm-offset-0 col-sm-9">
<input type="password" class="form-control" name="password" placeholder="Enter Password" required>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-3 col-sm-10">
<input class="buttonregister" type="submit" class="register" name="submit" value="Register" />
</div>
</div>
</form>
</div>
</div>
<?php } ?>
</body>
</html>
The values should be inserted as per conditions. But the page goes blank when using condition with else and if.
I have 2 files connect.php (The connection is successful) to connect to the database. The register.php whiche includes the connect file. The code doesnt give any errors, it just doesnt send the information into the actual databse. Below is the code from each file and an image of the database I have setup.
Here is the actual code ran (I combined the connect.php with register.php for this it is just the connection to the database.)
<html>
<head>
<title>User Registeration Using PHP & MySQL</title>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" >
<!-- Optional theme -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" >
<link rel="stylesheet" href="styles.css" >
<!-- Latest compiled and minified JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<?php
$connection = mysqli_connect('localhost', 'root', 'password', 'login');
if (!$connection){
die("Database Connection Failed" . mysqli_error($connection));
}
$select_db = mysqli_select_db($connection, 'test');
if (!$select_db){
die("Database Selection Failed" . mysqli_error($connection));
}
// If the values are posted, insert them into the database.
if (isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$email = $_POST['email'];
$password = md5($_POST['password']);
$query = "INSERT INTO `user` (username, password, email) VALUES ('$username', '$password', '$email')";
$result = mysqli_query($connection, $query);
if($result){
$smsg = "User Created Successfully.";
}else{
$fmsg ="User Registration Failed";
}
}
?>
<body>
<div class="container">
<form class="form-signin" method="POST">
<?php if(isset($smsg)){ ?><div class="alert alert-success" role="alert"> <?php echo $smsg; ?> </div><?php } ?>
<?php if(isset($fmsg)){ ?><div class="alert alert-danger" role="alert"> <?php echo $fmsg; ?> </div><?php } ?>
<h2 class="form-signin-heading">Please Register</h2>
<div class="input-group">
<span class="input-group-addon" id="basic-addon1">#</span>
<input type="text" name="username" class="form-control" placeholder="Username" required>
</div>
<label for="inputEmail" class="sr-only">Email address</label>
<input type="email" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required>
<div class="checkbox">
<label>
<input type="checkbox" value="remember-me"> Remember me
</label>
</div>
<button class="btn btn-lg btn-primary btn-block" type="submit">Register</button>
<a class="btn btn-lg btn-primary btn-block" href="login.php">Login</a>
</form>
</div>
</body>
</html>
When trying to submit my form I get the following error message:
Notice: Undefined index: application_results in C:\xampp\htdocs\cas\insert.php
This is my form php code:
<!DOCTYPE html>
<html lang="en">
<head>
<title>CAS Application</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap /3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</head>
<body style="background-color:#FF9933">
<div class="container" >
<form action="insert.php" method="post" class="form-horizontal" role="form" enctype="multipart/form-data">
<h2 style="text-align:center">Application Form</h2>
</div>
<div class="form-group">
<label for="surname" class="col-sm-3 control-label">Surname</label>
<div class="col-sm-9">
<input type="text" name="surname" id="surname" placeholder="Surname" class="form-control" autofocus>
</div>
</div>
<div class="form-group">
<label for="firstName" class="col-sm-3 control-label">First Name</label>
<div class="col-sm-9">
<input type="text" name="first_name" id="first_name" placeholder="First Name" class="form-control" autofocus>
</div>
</div>
<div class="form-group">
<label for="email" class="col-sm-3 control-label">Email</label>
<div class="col-sm-9">
<input type="text" id="email" placeholder="Email" class="form-control" name="email">
</div>
</div>
<div class="col-sm-offset-3">
<h2>Application Results</h2>
<label for="application_results">Please upload your application results here:</label>
<input type="file" name="application_results" ><br>
</div>
<div class="form-group">
<div class="col-sm-6 col-sm-offset-3">
<button type="submit" class="btn btn-primary btn-block" name="submit">Submit</button>
</div>
</div>
</form>
</div>
</body>
</html>
<?php
$con = mysql_connect("localhost","root","");
mysql_select_db("cas",$con);
if(isset($_POST['submit'])) {
$file = rand(1000,100000). "-".$_FILES['application_results']['name'];
$file_loc = $_FILES['application_results']['tmp_name'];
$folder="application_results";
if(move_uploaded_file($file)) {
$sql="INSERT INTO applications (application_results) VALUES ($application_results)";
mysql_query($sql);
}
}
?>
This is my code for insertion:
<?php
$link = mysqli_connect("localhost", "root", "", "cas");
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$surname = mysqli_real_escape_string($link, $_REQUEST['surname']);
$first_name = mysqli_real_escape_string($link, $_REQUEST['first_name']);
$email = mysqli_real_escape_string($link, $_REQUEST['email']);
$application_results = mysqli_real_escape_string($link, $_REQUEST['application_results']);
// attempt insert query execution
$sql = "INSERT INTO applications ( surname, first_name,
email, application_results )
VALUES ('$surname', '$first_name', '$email', $application_results )";
if(mysqli_query($link, $sql)){
echo "Your application has been submitted.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// close connection
mysqli_close($link);
?>
What I am actually trying to accomplish is after insertion when calling an applications.php page details of the applicant must be displayed together with the uploaded file for reading. I suspect most of the uploaded files will be in pdf.
I am trying to insert data submitted in a form, into a MySQL Database, and I can't see the problem in my code(except for MySQL injection, that I will work to resolve after actually being able to insert any data). I have searched in Stack Overflow, and found someone who probably worked by the same manual, but I work in localhost, he's on GoDaddy. The solution given there doesn't work for me.
Here is my code for the HTML and the PHP code:
<?php
require'connection/connect.php';
?>
<?php
if(isset($_POST['Register'])){
session_start();
$Fname = $_POST['FirstName'];
$Lname = $_POST['LastName'];
$Email = $_POST['Email'];
$pw = $_POST['Password'];
$sql= $con->query("INSERT INTO user (Fname,Lname,Email,Password) values('{$Fname}', '{$Lname}', '{$Email}', '{$pw}')");
}
?>
<!DOCTYPE html >
<html>
<head>
<link href="css/Master.css" rel="stylesheet" type="text/css" />
<link href="css/Menu.css" rel="stylesheet" type="text/css" />
<title>Register</title>
</head>
<body>
<div class="container">
<div class="header">
</div>
<div class="menu">
<div id="NavBar">
<nav>
<ul>
<li>
Login
</li>
<li>
Register
</li>
</ul>
</nav>
</div>
</div>
<div class="leftBody"></div>
<div class="rightBody">
<form action="" method="post" name="RegisterForm" id="RegisterForm">
<div class="FormElement">
<input name="FirstName" id="FirstName" type="text" placeholder="First Name" class="TField">
</div><br>
<div class="FormElement">
<input name="LastName" id="LastName" type="text" placeholder="Last Name" class="TField">
</div><br>
<div class="FormElement">
<input name="Email" id="Email" type="email" placeholder="E-Mail" class="TField">
</div><br>
<div class="FormElement">
<input name="Password" id="Password" type="password" placeholder="Password" class="TField">
</div><br>
<input name="Register" id="Register" type="button" value="Register" class="regButton">
</form>
</div>
<div class="footer"></div>
</div>
</body>
</html>
And this is my connection.php file:
That it does show that it connects.
<?php
$host="localhost";
$username="root";
$password="";
$dataBase="users";
$con=mysqli_connect($host,$username,$password,$dataBase);
if (!$con) {
die("Could not connect: " . mysqli_error());
}
echo "Connected successfully";
?>
And a picture of my database in phpMyAdmin:
Database
I have tried also using this line like this for some reason, but to no avail.:
$sql= $con->query("INSERT INTO user
(Fname,Lname,Email,Password)
values ('Fname', 'Lname', 'Email', 'pw')");
i didn't see submit button that actually submit the form. So if i am not wrong please try to use
<input name="Register" id="Register" type="submit" value="Register" class="regButton">
your code should be run
$sql= $con->query("INSERT INTO user
(Fname,Lname,Email,Password)
VALUES('$Fname', '$Lname', '$Email', '$pw')");
I have 2 projects 1 is just for checking username and password if they exist in the database,which has the function password_verify() working , and the other u can sign up and then log in, but in this 1 the function password_verify is always returning false even thought i have the same code written in both but changed the table name i will post the project, so if anyone can help me please.
I did check that it is connecting to the database normally and returning the email result correct but when it comes to comparing hashed pass with the one entered it's always false.
Index.php is the main page and contains only two php lines:
include("signup.php");
include("login.php");
Connection.php
<?php
$server="localhost";
$db_username="myusername";
$db_password="mypassword";
$db="test_db";
$conn=mysqli_connect($server,$db_username,$db_password,$db);
if(!$conn)
die ("Connection Failed: ".mysqli_connect_error());
?>
signup.php
<?php
session_start();
if(isset($_POST['signup']))
{
function validateFormData($formData)
{
$formData=trim(stripcslashes(htmlspecialchars($formData)));
return $formData;
}
$email=validateFormData($_POST['email']);
$password=validateFormData($_POST['password']);
if(!$_POST['email'])
$error.="Please enter an email<br>";
else if(!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL))
{
$error.="Please enter a valid email<br>";
}
if(!$_POST['password'])
$error.="Please enter a password<br>";
else
{
if(strlen($_POST['password'])<8)
$error.="Password must contain at least 8 characters<br>";
if(!preg_match('`[A-Z]`',$_POST['password']))
$error.="Password must contain at least one capital letter<br>";
}
if($error)
{
echo "<div class='alert alert-danger text-center lead'><a class='close red' data-dismiss='alert'>×</a>".$error."</div>";
}
else
{
include('connection.php');
$query="SELECT * FROM `diary` WHERE email='".mysqli_real_escape_string($conn,$email)."'";
$result=mysqli_query($conn,$query);
$results=mysqli_num_rows($result);
if($results)
echo "<div class='alert alert-danger text-center lead'>This email already exists, do you want to log in?<a class='close red' data-dismiss='alert'>×</a></div>";
else
{
$selectUser=mysqli_real_escape_string($conn,$email);
$hashedPass=password_hash($password,PASSWORD_DEFAULT);
$query="INSERT INTO `diary`(`email`, `password`) VALUES ('$selectUser','$hashedPass')";
mysqli_query($conn,$query);
echo "<div class='alert alert-success text-center lead'>You've been signed up!<a class='close green' data-dismiss='alert'>×</a></div>";
$_SESSION['id']=mysqli_insert_id($conn);
}
}
}
?>
login.php
<?php
if(isset($_POST['login']))
{
function validateFormData($formData)
{
$formData=trim(stripcslashes(htmlspecialchars($formData)));
return $formData;
}
$formEmail=validateFormData($_POST['loginEmail']);
$formPass=validateFormData($_POST['loginPassword']);
$newPass=password_hash($formPass,PASSWORD_DEFAULT);
echo $newPass;
include("connection.php");
$query="Select * from diary where email='$formEmail' ";
$result=mysqli_query($conn,$query);
if(mysqli_num_rows($result)>0)
{
while($row=mysqli_fetch_assoc($result))
{
$LogEmail= $row['email'];
$LogPass= $row['password'];
echo "<br>".$LogPass;
}
if(password_verify($newPass,$LogPass))
{
echo "<br>Correct Password";
}
else
echo "<br>Not Correct";
}
}
?>
output of $newPass is :"$2y$10$dw0AtEExMc41p4nUB3W9kOOWTcNZmQev9jM4emNn7oQNODfu6Ld.q"
output of $LogPass is : "$2y$10$biz6Z5nxsMZXNf7p3ebqw.pksPb1VhWEmoan776rMqOC7VcFRQbrK"
Index
<?php
include("signup.php");
include("login.php");
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<title>Secret Diary</title>
<link rel="stylesheet" href="css/Normalize.css">
<link rel="stylesheet" href="bootstrap/css/bootstrap.min.css">
<link rel="stylesheet" href="css/style.css">
<!--[if IE]>
<script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div class="container">
<form class="form-horizontal emailForm" role="form" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">
<legend><h1 class="text-center">Sign Up</h1></legend>
<div class="form-group">
<label class="control-label col-sm-2" for="email" >Email:</label>
<div class="col-sm-10">
<input type="email" class="form-control" style="width:90%" id="email" placeholder="Enter Email" name="email" value="<?php echo addslashes($_POST['email']);?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="pwd">Password:</label>
<div class="col-sm-10">
<input type="password" class="form-control" style="width:90%" id="pwd" placeholder="Password" name="password">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-success " id="btnClick" name="signup">Sign Up</button>
</div>
</div>
</form><!--SIGN UP-->
<form class="form-horizontal emailForm" role="form" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">
<legend><h1 class="text-center">Log In</h1></legend>
<div class="form-group">
<label class="control-label col-sm-2" for="LogInEmail" >Email:</label>
<div class="col-sm-10">
<input type="email" class="form-control" style="width:90%" id="LogInEmail" placeholder="Enter Email" name="loginEmail" value="<?php echo addslashes($_POST['loginEmail']);?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="LogInPassword">Password:</label>
<div class="col-sm-10">
<input type="password" class="form-control" style="width:90%" id="LogInPassword" placeholder="Password" name="loginPassword">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-success " id="btnClick" name="login">Log In</button>
</div>
</div>
</form><!--LOG IN-->
</div>
<script src="js/JQuery.min.js"></script>
<script src="bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
<script src="js/script.js" type="text/javascript"></script>
</body>
</html>
You overwrite your $password when you include your dbconnection.
include('connection.php');
has:
$password="mypassword";
Previously you set:
$password=validateFormData($_POST['password']);
so your hashed password is not the user's password, but your DB password.
I would prefix all DB credentials variables with db_. So your database password variable would then be $db_password. This will allow you to have distinct variables throughout your project (I'd think).
Additionally you should be using $formPass, not $newpass. The $newpass is going to be double hashed at the verify function.
$formEmail=validateFormData($_POST['loginEmail']);
$formPass=validateFormData($_POST['loginPassword']);
$newPass=password_hash($formPass,PASSWORD_DEFAULT);
so change:
if(password_verify($newPass,$LogPass))
to:
if(password_verify($formPass, $LogPass))
password_verify expects the cleartext password as its first argument. To fix your code, remove this line:
$newPass=password_hash($formPass,PASSWORD_DEFAULT);
And change this line:
if(password_verify($newPass,$LogPass))
To the following:
if(password_verify($formPass,$LogPass))