login.php
I just want to prevent the user after the user logout and press the back button he will still logout... in the current state of my project after the user logout and press back button he will go back in the last page and still log in
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=MS932">
<title>Login Page</title>
<link rel ="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div id ="frm">
<form action="process.php" method="post" >
<p>
<label>Username:</label>
<input type="text" id="email" name="user" required/>
</p>
<p>
<label>Password:</label>
<input type="password" id="pass" name="pass" required/>
</p>
<p>
<input type="submit" id="btn" value="Login"/>
</p>
</form>
</div>
</body>
process.php
<?php
$username = $_POST['user'];
$password = $_POST['pass'];
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
mysql_connect("localhost","root","");
mysql_select_db("testproduct");
$result = mysql_query("SELECT * FROM tbluser where email = '$username' and pass='$password'")or die("Failed to query database".mysql_error());
$row = mysql_fetch_array($result);
if($row['email'] == $username && $row['pass'] == $password){
echo "<script>window.location.assign('index.php');</script>";
}else{
echo "<script>alert('Login was unsuccessful, please check your username and password')</script>";
echo "<script>window.location.assign('login.php');</script>";
return false;
}
?>
logout.php
<?php
session_start();
session_destroy();
$_SESSION = array();
header("location: login.php");
?>
Initialize session variable on user login and destroy it on logout. Everytime you go to index.php, you check if that session variable exists or there is a successful login.
http://php.net/manual/en/ref.session.php
process.php
<?php
session_start();
$username = $_POST['user'];
$password = $_POST['pass'];
$username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
mysql_connect("localhost","root","");
mysql_select_db("testproduct");
$result = mysql_query("SELECT * FROM tbluser where email = '$username' and pass='$password'")or die("Failed to query database".mysql_error());
$row = mysql_fetch_array($result);
if($row['email'] == $username && $row['pass'] == $password){
$_SESSION['un'] = $username;
echo "<script>window.location.assign('index.php');</script>";
}else{
echo "<script>alert('Login was unsuccessful, please check your username and password')</script>";
echo "<script>window.location.assign('login.php');</script>";
return false;
}
?>
index.php
<?php
session_start();
if(!isset($_SESSION['un'])){
header("location:login.php");
}
...
?>
Related
My PHP and MySQL knowledge is very little. I am trying to create a very basic login script however when I attempt to submit the credentials, I am faced with an error message that says "this page isn't working, localhost is unable to handle this request.".
Here is my signin.php script
<?php
session_start();
require('connect.php');
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username = '$username' and password= '$password'";
$query = mysqli_query($sql);
if(mysqli_num_rows($query) > 0)
{
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("Location: welcome.html");
exit();
}else {
echo "Error: the information is not correct.";
}
?>
and this is my html
<!DOCTYPE html>
<html>
<head>
<title>Murdoch Study Assist</title>
<link rel="stylesheet" type="text/css" href="style.css">
<link href="https://fonts.googleapis.com/css?family=Baloo+Chettan" rel="stylesheet">
</head>
<body>
<div id="login">
<form method="post" action="signin.php">
<b>Login</b><br>
<br>
<input type="text" name="username" class="input" placeholder="Username"><br><br>
<input type="password" name="password" class="input" placeholder="Password"><br><br>
<input type="submit" name="submit" value="Sign In" class="sub"><input type="reset" name="reset" value="Clear" class="res"><br><br><hr><br>
<h3>Not a member?</h3>
<button>Sign Up</button>
</form>
</div>
</body>
</html>
You didn't close below if-statement :
if (isset($_POST['username']) and isset($_POST['password'])){
}//add this in the end
try this
<?php
session_start();
require('connect.php');
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users WHERE username = '$username' and password= '$password'";
$query = mysqli_query($sql);
if(mysqli_num_rows($query) > 0)
{
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("Location: welcome.html");
exit();
}else {
echo "Error: the information is not correct.";
}
}// add this tag
?>
I am trying to set up a login system but the page is not doing the validation of the user and passwors. I know is connecting to the database but it doesn't show any results after the for each statement.
I have two files one for the login form(login.php) and one for the login to the database(process.php).
Here is my code:
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
<title>Login Page</title>
</head>
<body>
<div>
<form action="process.php" method="POST">
<p>
<label>Username:</label>
<input type="text" id="user" name="user">
</p>
<p>
<label>Password:</label>
<input type="password" id="pass" name="pass">
</p>
<p>
<label>Username:</label>
<input type="submit" id="btn" value="Login">
</p>
</form>
</div>
</body>
</html>
Process.php
<?php
//Get values from login.php file
$username = $_POST['user'];
$password = $_POST['pass'];
//Stop SQL injection
/* $username = stripcslashes($username);
$password = stripcslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);*/
//Connect to the server and select database
$domainsn = 'mysql:host=localhost;dbname=login';
$username = 'root';
$password = 'costarica';
try {
$db = new PDO ($domainsn, $username, $password);
echo "Connected";
} catch (Exception $e) {
$error_message = $e->getMessage();
echo "Coudn't connect due to $error_message";
}
$query = "SELECT * FROM users WHERE username = '$username' AND password ='$password'";
$result = $db->query($query);
//echo "$result";
foreach ($result as $results) {
echo "$results";
echo $users['id'];
if ($results['username'] == $username && $results['password'] == $password) {
echo "Login success!!! Welcome ".$results['username'];
} else {
echo "failed try {} catch ( $e) {}";
}
}
?>`enter code here`
You can use this i hope it will help.
$query = "SELECT * FROM users WHERE username = '".$username."' AND password ='".$password."' ";
$result = $db->query($query);
if($result->num_rows>0){
// User exists
}else{
// User not exists.
}
I am fiddling around with mysql, PHP, and phpMyAdmin and I am making a short little test login and register system. Only problem is for some reason, the register button takes me to the login page, which it's supposed to, but localhost crashes for some reason. Any help?
Edit: You can test it out too if you would like. My Site: http://localhost/
index.php
<head>
<meta charset="utf-8">
<title>Test Site</title>
<link rel="stylesheet" type="text/css" href="css/styles.css">
</head>
<body>
<form action="login/logreg.php" method="post" accept-charset="utf-8">
<label>Username: </label><input type="text" name="username" value="" placeholder="Username">
<br><br>
<label>Password: </label><input type="password" name="password" value="" placeholder="Password">
<br><br>
<input type="submit" name="login" value="Login">
<input type="submit" name="register" value="Register">
</form>
</body>
logreg.php
<?php
$cookie_name = "loggedin";
$servername = "localhost";
$username = "root";
$password = "H2124130E63C8D14871";
$database = "webserver";
$conn = mysqli_connect($servername, $username, $password $database);
if (!$conn) {
die("Database Connection Failed: ".mysqli_connect_error());
}
if (isset($_POST['login']))
{
$user = $_POST['username'];
$pass = $_POST['password'];
$phash = sha1(sha1($pass."salt")."salt");
$sql = "SELECT * FROM users WHERE username='$user' AND password='$phash';";
$result = mysqli_query($conn, $sql);
$count = mysqli_num_rows($result);
if ($count == 1)
{
$cookie_value = $user;
setcookie($cookie_name, $cookie_value, time() + (180), "/");
header("Location: personal.php");
}
else
{
echo "Username Or Password Is Incorrect!";
}
}
else if (isset($_POST['register']))
{
$user = $_POST['username'];
$pass = $_POST['password'];
$phash = sha1(sha1($pass."salt")."salt");
$sql = "INSERT INTO users (id, username, password) VALUES ('', '$user', '$phash');";
$result = mysqli_query($conn, $sql);
}
?>
personal.php
<?php
$cookie_name = "loggedin";
if (isset($_COOKIE[$cookie_name]))
{
$cookie_value = $_COOKIE[$cookie_name];
echo "Welcome To Your Personal Area $cookie_value!";
echo 'Logout';
}
?>
logout.php
<?php
setcookie("loggedin", "val", time() - (120), "/");
header("Location: index.php");
?>
You missed a comma here:
$conn = mysqli_connect($servername, $username, $password $database);
I cannot get $userLabel ($_SESSION['nickname']) to print. I am using phpmyadmin with apache on a localhost.
I cannot seem to figure out to problem. I have the row made in phpmyadmin and I know it is in row 4. Could it be a wrong method or something? I am new to PHP and trying to best to figure it out. Any solutions or addition help would be great! Thank you!
login:
if($_POST['submit']) {
include_once("connection.php");
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$sql = "SELECT id, username, password, nickname FROM users WHERE username = '$username' AND activated = '1' LIMIT 1";
$query = mysqli_query($connect, $sql);
if ($query) {
$row = mysqli_fetch_row($query);
$userId = $row[0];
$dbUsername = $row[1];
$dbPassword = $row[2];
$userLabel = $row[4];
}
if ($username == $dbUsername && $password == $dbPassword) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $userId;
$_SESSION['nickname'] = $userLabel;
header('Location: user.php');
}
else {
echo "Error: password mismatch.";
}
}
?>
<html>
<head>
</head>
<body>
<form action="index.php" method="post">
<li>
<input type="text" name="username" placeholder="Username">
</li>
<li>
<input type="password" name="password" placeholder="Password">
</li>
<li>
<input type="submit" name="submit" value="Sign In">
</li>
</form>
</body>
<html>
webpage:
if (isset($_SESSION['id'])) {
$userId = $_SESSION['id'];
$username = $_SESSION['username'];
$userLabel = $_SESSION['nickname'];
}
else {
header('Locaion: index.php');
die();
}
?>
<html>
<head>
</head>
<body>
<p><font color="white">Hello <?php echo $userLabel; ?>.</font></
</body>
<html>
<?php $userLabel = $row[3]; ?>
<p><font>Hello <?php echo $userLabel; ?>.</font></p>
Hello I am having some issue here i created a script to update users account details but when the form is filled in and submit button clicked no errors come up but at the same time no changes are made in the table
THIS IS ONLY A DUMMY APPLICATION SO EVERYTHING IS KEEP BASIC
<?php
session_start();
include('connect_mysql.php');
if(isset($_POST['update']))
{
$usernameNew = stripslashes(mysql_real_escape_string($_POST["username"]));
$passwordNew = stripslashes(mysql_real_escape_string($_POST["password"]));
$first_nameNew = stripslashes(mysql_real_escape_string($_POST["first_name"]));
$last_nameNew = stripslashes(mysql_real_escape_string($_POST["last_name"]));
$emailNew = stripslashes(mysql_real_escape_string($_POST["email"]));
$user_id = $_SESSION['user_id'];
$editQuery = mysql_query("UPDATE users SET username='$usernameNew', password='$passwordNew', first_name='$first_nameNew', last_name='$last_nameNew' , email='$emailNew' WHERE user_id='$user_id'");
if(!$editQuery)
{
echo mysql_error($editQuery);
die($editQuery);
}
}
?>
<html>
<head>
<title>Edit Account</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<header><h1>E-Shop</h1></header>
<article>
<h1>Welcome</h1>
<h1>Edit Account</h1>
<div id="login">
<ul id="login">
<form method="post" name="editAccount" action="userEditAccount.php" >
<fieldset>
<legend>Fill in the form</legend>
<label>Select Username : <input type="text" name="username" /></label>
<label>Password : <input type="password" name="password" /></label>
<label>Enter First Name : <input type="text" name="first_name" /></label>
<label>Enter Last Name : <input type="text" name="last_name" /></label>
<label>Enter E-mail Address: <input type="text" name="email" /></label>
</fieldset>
<br />
<input type="submit" value="Edit Account" class="button">
<input type="hidden" name="update" value="update">
</form>
</div>
<form action="userhome.php" method="post">
<div id="login">
<ul id="login">
<li>
<input type="submit" value="back" onclick="index.php" class="button">
</li>
</ul>
</div>
</article>
<aside>
</aside>
<div id="footer">Text</div>
</div>
</body>
</html>
SOrry for some reason the I forgotten to copy this part faceslap
login.php:
<?php
session_start();
require('connect_mysql.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
$numrow = mysql_num_rows($query);
if($username && $password){
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow !=0){
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username == $dbusername && $password == $dbpassword ){
$_SESSION['user_id'] = $user_id;
header("Location: userhome.php");
}
else{
echo "Incorect password";
}
}
else{
die("This user dosent exists");
}
}
else{
$reg = die("Please enter username and password");
}
}
?>
You haven't called session_start() at the beginning of the file, so $username will be an empty string, and the update command will only update rows where the username is an empty string.
Edit: In fact, that code won't even be run, because you haven't called session_start(), isset($_SESSION['update']) will evaluate to false.
Did you mean to write $_SESSION['update']? Shouldn't that be $_POST['update']?
Last but not least, personally I would replace this:
<input name="update" type="submit" submit="submit" value="Edit Account" class="button">
with this:
<input type="submit" value="Edit Account" class="button">
<input type="hidden" name="update" value="update">
At least for clarity. I don't know if it's still the case, but in time gone by not all browsers submitted the name/value of the submit button.
Sir from the code given above i think you have error in your login.php
$_SESSION['user_id'] = $user_id;
You are not assigning value to $user_id that why it is setting blank value to $_SESSION['user_id'].
<?php
session_start();
require('connect_mysql.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
$numrow = mysql_num_rows($query);
if($username && $password){
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow !=0){
$user_id = 0;
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
$user_id = $row['user_id'];
}
if($username == $dbusername && $password == $dbpassword ){
$_SESSION['user_id'] = $user_id;
header("Location: userhome.php");
}
else{
echo "Incorect password";
}
}
else{
die("This user dosent exists");
}
}
else{
$reg = die("Please enter username and password");
}
}
?>