about session maintaining with php - php

Here's my login_check php file and login_done php file.
Before I had put in my Session functions, it worked well.
but after I had inserted some Session functions, it had stopped working and keeps resulting in "invalid login" even with a VALID ID and PASSWORD.
'login_check.php'
<?php
session_start();
include_once ('../config.php');
$mysqli = new mysqli($DB['host'], $DB['id'], $DB['pw'], $DB['db']);
if (mysqli_connect_error()) {
exit('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());
}
extract($_POST);
$q = "SELECT * FROM ap_member WHERE id='$user_id'";
$result = $mysqli->query($q);
if($result->num_rows==1) {
$encrypted_pass = sha1($user_pass);
$row = $result->fetch_array(MYSQLI_ASSOC);
if( $row['pw'] == $encrypted_pass ) {
header("Location: http://sovereign-recipe.com/member/login_done.php");
exit();
}
else {
echo 'wrong password';
}
}
else {
echo 'ID does not exist or invalid approach. Try again.';
}
if( $row['pw'] == $encrypted_pass ) {
$_SESSION['is_logged'] = 'YES';
$_SESSION['user_id'] = $user_id;
header("Location: http://sovereign-recipe.com/member/login_done.php");
exit();
}
else {
$_SESSION['is_logged'] = 'NO';
$_SESSION['user_id'] = '';
header("Location: http://sovereign-recipe.com/member/login_done.php");
exit();
}
?>
'login_done.php'
<?php
session_start();
$is_logged = $_SESSION['is_logged'];
if($is_logged=='YES') {
$user_id = $_SESSION['user_id'];
$message = $user_id . 'login success. session would continue with your logged-in info. start your surf.';
}
else {
$message = 'your log-in is invalid. please, try again.';
}
var_dump($_SESSION);
?>
<html>
<head>
<title>login result</title>
<meta charset="utf-8" >
</head>
<body>
<?php
echo $message;
?>
</body>
</html>


Try this approach in your login_check.php
session_start();
include_once ('../config.php');
$mysqli = new mysqli($DB['host'], $DB['id'], $DB['pw'], $DB['db']);
if (mysqli_connect_error()) {
exit('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}
extract($_POST);
$q = "SELECT * FROM ap_member WHERE id='$user_id'";
$result = $mysqli->query($q);
if ($result->num_rows == 1) {
$encrypted_pass = sha1($user_pass);
$row = $result->fetch_array(MYSQLI_ASSOC);
if ($row['pw'] == $encrypted_pass) {
$_SESSION['is_logged'] = 'YES';
$_SESSION['user_id'] = $user_id;
} else {
$_SESSION['is_logged'] = 'NO';
$_SESSION['user_id'] = '';
//echo 'wrong password';
}
} else {
$_SESSION['is_logged'] = 'NO';
$_SESSION['user_id'] = '';
echo 'ID does not exist or invalid approach. Try again.';
}
//You can to use here your redirect, then remove the previous
header("Location: http://sovereign-recipe.com/member/login_done.php");
exit();
I hope this help you.

Related

Facing problem in if- else statement. It always redirect to 1st condition

Here is my PHP code. In the If-else statement when I login it always goes to the 1st php page. It does not go to the other. Suppose If I type username 'tamluk' it redirects to 'welcomemoyna.php'. I want when username match it will redirect to the definite page.
I am trying it online. 000webhost for PHP and PHPMyAdmin for the database.
<?php
session_start();
$message = "";
if (count($_POST) > 0) {
$con = mysqli_connect('localhost', 'id8401317_new', 'Deba#212', 'id8401317_abc') or die('Unable To connect');
$result = mysqli_query($con, "SELECT * FROM login WHERE username='" . $_POST["username"] . "' and password = '" . $_POST["password"] . "'");
$row = mysqli_fetch_array($result);
if (is_array($row)) {
$_SESSION["id"] = $row[id];
$_SESSION["username"] = $row[username]; {
if (isset($_POST["username"]) == 'moyna') {
header("Location:welcomemoyna.php");
} elseif (isset($_POST["username"]) == 'ramtarak') {
header("Location:welcomeramtarak.php");
} elseif (isset($_POST["username"]) == 'tamluk') {
header("Location:welcometamluk.php");
} elseif (isset($_POST["username"]) == 'bagnan') {
header("Location:welcomebagnan.php");
}
}
} else {
$message = "Invalid Username or Password!";
}
// }
}
?>
I want that when I type for 'username' like tamluk it will redirect to welcometamluk.php and so on.

your user values now in a session.try this.i hope it will help.
<?php
session_start();
$message="";
if(count($_POST)>0) {
$con = mysqli_connect('localhost','id8401317_new','Deba#212','id8401317_abc') or die('Unable To connect');
$result = mysqli_query($con,"SELECT * FROM login WHERE username='" . $_POST["username"] . "' and password = '". $_POST["password"]."'");
$row = mysqli_fetch_array($result);
if(is_array($row)) {
$_SESSION["id"] = $row[id];
$_SESSION["username"] = $row[username];
if (isset($_SESSION['username']['id'])) {
if($_SESSION["username"]=='moyna') {
header("Location:welcomemoyna.php");
}
elseif($_SESSION['username']=='ramtarak') {
header("Location:welcomeramtarak.php");
}
elseif($_SESSION['username']=='tamluk') {
header("Location:welcometamluk.php");
}
elseif($_SESSION['username']=='bagnan') {
header("Location:welcomebagnan.php");
}
}
else {
$message = "Invalid Username or Password!";
}
}
}
?>

Php project login error

Recently i developed a small school management software everything is fine in localhost but when i move the file to online server and try to login my (role) than it shows me a message and change the url mydomain/authenticate.php
The bizedu.co.in page isn’t working
bizedu.co.in is currently unable to handle this request.
500
Authenticate.php code here-
<?php
require 'connection.php';
ob_start();
session_start();
$id = "";
$password = "";
if (isset($_POST['id'])) {
$id = $_POST['id'];
}
if (isset($_POST['password'])) {
$password = $_POST['password'];
}
echo $id . " : " . $password;
$q = 'SELECT * FROM account WHERE id=:id AND password=:password';
$query = $conn->prepare($q);
$query->execute(array(':id' => $id, ':password' => $password));
if ($query->rowCount() == 0) {
header('Location: index.php?err=1');
} else {
$row = $query->fetch(PDO::FETCH_ASSOC);
session_regenerate_id();
$_SESSION['sess_user_id'] = $row['id'];
$_SESSION['sess_username'] = $row['username'];
$_SESSION['sess_userrole'] = $row['role'];
echo $_SESSION['sess_userrole'];
session_write_close();
if ($_SESSION['sess_userrole'] == "admin") {
header('Location: school_admin_home1.php');
} elseif ($_SESSION['sess_userrole'] == "employee") {
header('Location: school_employee_home.php');
} elseif ($_SESSION['sess_userrole'] == "parent") {
header('Location: parent_home.php');
} else {
}
}
?>
Connection.php code here-
<?php
//database credentials
define('DBHOST','localhost');
define('DBUSER','bizeduco_portal ');
define('DBPASS','password123');
define('DBNAME','bizeduco_school');
try {
//create PDO connection
$conn = new PDO("mysql:host=".DBHOST.";dbname=".DBNAME, DBUSER, DBPASS);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
//show error
echo '<p class="bg-danger">'.$e->getMessage().'</p>';
exit;
}
?>
Please give me a solution.

Can someone help me with this error " Warning: Cannot modify header information - headers already sent by"

this is the login form....it says that it cannot modify header information and I tried everything to fix but I cant...can someone help me with my codes..thanks in advance
<?php
$loginpopup = 'Login Success';
$failpopup = 'Wrong Username or Password';
if(!$con)
{
die("Error connection" . mysqli_connect_error());
}
if (isset($_POST['submitlogin']))
{
$login = "SELECT * from admin where username = '$_POST[user]' AND password ='$_POST[pass]'";
$getuser = mysqli_query($con,$login) or die(mysql_error());
while($row = mysqli_fetch_array($getuser))
{
if($row==0)
{
echo "<SCRIPT>alert('$failpopup');</SCRIPT>";
header("location:index.php");
}
else
{
echo "<SCRIPT>alert('$loginpopup');</SCRIPT>";
header("location:home.php");
}
}
}
?>

if the query failed to run your script will Die because of or die(mysql_error);
which won't output anything after $getuser
modify your code to this
include('movieshub/includes/config.php');
if ($getuser = mysqli_query($con,$login)) { // check if the query succeeded running
$count = mysqli_num_rows($getuser);
if ($count == 0 ) {
echo "<SCRIPT>alert('$failpopup');</SCRIPT>";
header("location:index.php");
} else {
while($row = mysqli_fetch_array($getuser))
{ //output data }
echo "<SCRIPT>alert('$loginpopup');</SCRIPT>";
header("location:home.php");
}
}
} else {
echo "query failed to run";
}

Try the code below:
<?php
//if your are using wamp then let $servername,$username and $password be same as below otherwise change them.
$servername = "localhost"; //insert your severname at the place of localhost
$username = "root"; //insert your username at the place of root
$password = ""; //insert your password at the place of ""
// Create connection
$con = mysqli_connect($servername, $username, $password);
//select database
mysqli_select_db($con,"test"); //here enter your database name at the place of test
// Check connection
if (!$con) {
die("Connection failed: " . mysqli_connect_error());
}
$loginpopup = 'Login Success';
$failpopup = 'Wrong Username or Password';
if (isset($_POST['submitlogin']))
{
$user=$_POST["user"];
$pass=$_POST["pass"];
$login = "SELECT * from admin where username=$user AND password=$pass";
$getuser = mysqli_query($con,$login);
$row=mysqli_affected_rows($con);
if($row>1)
{
echo "<SCRIPT>alert('$loginpopup');</SCRIPT>";
header("location:home.php");
}
else
{
echo "<SCRIPT>alert('$failpopup');</SCRIPT>";
header("location:index.php");
}
}
?>

Referencing a SESSION() in a query

I am trying to reference a variable stored in a SESSION() from a SESSION() controller and I'm having a bit of trouble with the code. What I have are two tables, one for articles and one for authors. The author id of the current user logged in is stored in my $id variable via a SQL query in access.inc.php in function databaseContainsAuthor($email, $password, &$id), then referenced in function userIsLoggedIn() and stored in $_SESSION['id']
includes>access.inc.php
<?php
function userIsLoggedIn()
{
if (isset($_POST['action']) and $_POST['action'] == 'login')
{
if (!isset($_POST['email']) or $_POST['email'] == '' or
!isset($_POST['password']) or $_POST['password'] == '')
{
$GLOBALS['loginError'] = 'Please fill in both fields';
return FALSE;
}
$password = md5($_POST['password'] . 'chainfire db');
if (databaseContainsAuthor($_POST['email'], $password, $id))
{
include 'db.inc.php';
session_start();
$_SESSION['loggedIn'] = TRUE;
$_SESSION['email'] = $_POST['email'];
$_SESSION['password'] = $password;
$_SESSION['id'] = $id;
return TRUE;
}
else
{
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['email']);
unset($_SESSION['password']);
unset($_SESSION['id']);
$GLOBALS['loginError'] = 'The specified email address or password was incorrect.';
return FALSE;
}
}
if (isset($_POST['action']) and $_POST['action'] == 'logout')
{
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['email']);
unset($_SESSION['password']);
unset($_SESSION['id']);
header('Location: ' . $_POST['goto']);
exit();
}
session_start();
if (isset($_SESSION['loggedIn']))
{
return databaseContainsAuthor($_SESSION['email'], $_SESSION['password'], $_SESSION['id']);
}
}
function databaseContainsAuthor($email, $password, &$id)
{
include 'db.inc.php';
$email = mysqli_real_escape_string($link, $email);
$password = mysqli_real_escape_string($link, $password);
$sql = "SELECT COUNT(*) FROM author
WHERE email='$email' AND password='$password'";
$result = mysqli_query($link, $sql);
if (!$result)
{
$error = 'Error searching for author.';
include 'error.html.php';
exit();
}
$row = mysqli_fetch_array($result);
$sql = "SELECT id FROM author
WHERE email='$email'";
$id = mysqli_query($link, $sql);
if (!$id)
{
$error = 'Error searching for id.';
include 'error.html.php';
exit();
}
if ($row[0] > 0)
{
return TRUE;
}
else
{
return FALSE;
}
}
Now that I have the variable $id, which contains the current user's id, stored in $_SESSION['id'], I would like to use the SESSION() in a SQL query in my index.php to insert the author's id along with their articles in my article table so the author and the article the author submits are linked. I'm just having a bit of trouble implementing the correct code to reference $_SESSION['id'] in my SQL query for index.php
articles>index.php
<?php
include_once $_SERVER['DOCUMENT_ROOT'] .
'/includes/magicquotes.inc.php';
include $_SERVER['DOCUMENT_ROOT'] .
'/includes/access.inc.php';
if (isset($_GET['add']))
if (!userIsLoggedIn())
{
include $_SERVER['DOCUMENT_ROOT'] . '/includes/login.inc.html.php';
exit();
}
else
{
$pagetitle = 'New Article';
$action = 'addform';
$text = '';
$authorid = '';
$id = '';
$button = 'Add article';
include 'form.html.php';
exit();
}
if (isset($_GET['addform']))
{
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
$text = mysqli_real_escape_string($link, $_POST['text']);
$id = $_SESSION['id'];
$sql = "INSERT INTO article SET
articletext='$text',
articledate=CURDATE(),
authorid= '$id'";
if (!mysqli_query($link, $sql))
{
$error = 'Error adding submitted article: ' . mysqli_error($link);
include 'error.html.php';
exit();
}
header('Location: .');
exit();
}
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
$result = mysqli_query($link, 'SELECT id, articletext FROM article');
if (!$result)
{
$error = 'Error fetching articles: ' . mysqli_error($link);
include 'error.html.php';
exit();
}
while ($row = mysqli_fetch_array($result))
{
$articles[] = array('id' => $row['id'], 'text' => $row['articletext']);
}
include 'articles.html.php';
?>
The SESSION() I'm trying to reference is under if (isset($_GET['addform'])), but I;m unsure if this is the rite syntax to use to do so. Any help would be greatly appreciated!

The code seems fine.Check if $id has the value you expect it to be just before the query because if it is returning zero every time your authorid must have some default value which always show up,zero in this case.

Undefined variable?

I'm getting an undefined variable error for $id variable in lines 15 & 21, could someone please explain why? I can't see what the problem is.
<?php
function userIsLoggedIn()
{
if (isset($_POST['action']) and $_POST['action'] == 'login')
{
if (!isset($_POST['email']) or $_POST['email'] == '' or
!isset($_POST['password']) or $_POST['password'] == '')
{
$GLOBALS['loginError'] = 'Please fill in both fields';
return FALSE;
}
$password = md5($_POST['password'] . 'chainfire db');
if (databaseContainsAuthor($_POST['email'], $password, $id))
{
include 'db.inc.php';
session_start();
$_SESSION['loggedIn'] = TRUE;
$_SESSION['email'] = $_POST['email'];
$_SESSION['password'] = $password;
$_SESSION['id'] = $id;
return TRUE;
}
else
{
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['email']);
unset($_SESSION['password']);
unset($_SESSION['id']);
$GLOBALS['loginError'] = 'The specified email address or password was incorrect.';
return FALSE;
}
}
if (isset($_POST['action']) and $_POST['action'] == 'logout')
{
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['email']);
unset($_SESSION['password']);
unset($_SESSION['id']);
header('Location: ' . $_POST['goto']);
exit();
}
session_start();
if (isset($_SESSION['loggedIn']))
{
return databaseContainsAuthor($_SESSION['email'], $_SESSION['password'], $_SESSION['id']);
}
}
function databaseContainsAuthor($email, $password, $id)
{
include 'db.inc.php';
$email = mysqli_real_escape_string($link, $email);
$password = mysqli_real_escape_string($link, $password);
$sql = "SELECT COUNT(*) FROM author
WHERE email='$email' AND password='$password'";
$result = mysqli_query($link, $sql);
if (!$result)
{
$error = 'Error searching for author.';
include 'error.html.php';
exit();
}
$row = mysqli_fetch_array($result);
$sql = "SELECT id FROM author
WHERE email='$email'";
$id = mysqli_query($link, $sql);
if (!$id)
{
$error = 'Error searching for id.';
include 'error.html.php';
exit();
}
if ($row[0] > 0)
{
return TRUE;
}
else
{
return FALSE;
}
}
The variable $id is defined in databaseContainsAuthor($email, $password, $id), then stored in the $_SESSION['id'] session so naturally $id = mysqli_query($link, $sql); should have passed but it's not?

Variables changed (or defined) inside a function will not affect the rest of the script. For example:
<?php
function changeVariabe($person) {
$person = 'Bob';
}
$person = 'Alice';
changeVariable($person);
echo "Hello $person!"; // Outputs: Hello Alice!
This can be avoided by passing the variable by reference, like this:
<?php
function changeVariabe(&$person) {
$person = 'Bob';
}
$person = 'Alice';
changeVariable($person);
echo "Hello $person!"; // Outputs: Hello Bob!
You can also use global variables, like this:
<?php
function changeVariabe() {
global $person;
$person = 'Bob';
}
$person = 'Alice';
changeVariable();
echo "Hello $person!"; // Outputs: Hello Bob!

a few things
the variable $id should be defined (not required but good practice) before you use it
so for example
$id = NULL;
if (databaseContainsAuthor($_POST['email'], $password, $id))
also setting the $id inside the databaseContainsAuthor function doesn't mean that $id will change outside the scope of that function.
You could make it global but that is considered bad practice
also your function databaseContainsAuthor
contains this code
if ($row[0] > 0)
{
return TRUE;
}
else
{
return FALSE;
}
which will return TRUE or FALSE. but note that once the code returns a value, none of the code after it will be run
which means this part might as well be commented out, as it is after the return statement it will never be run
$sql = "SELECT id FROM author
WHERE email='$email'";
$id = mysqli_query($link, $sql);
if (!$id)
{
$error = 'Error searching for id.';
include 'error.html.php';
exit();
}

Categories