php session dropped after form submit - php

Seems, that I can't add password protection to the script: it should allow to login with the pass and to submit data from the form to mysql. Login looks fine, but if I try to press submit, it returns me to login page. Seems, that session is dropped or overwritten, but is not clear, how:
//login area
<?php
$password = "test";
session_start();
$_SESSION['txtPassword']= $_POST['txtPassword'] ;
if ( $_SESSION['txtPassword']!=$password ) {
?>
<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><label for="txtPassword">Password:</label>
<br /><input type="text" title="Enter your password" name="txtPassword" /></p>
<p><input type="submit" name="Submit" value="Login" /></p>
</form>
<?
}
elseif ( $_SESSION['txtPassword']=$password ) {
echo $_SESSION['txtPassword'] ; // tried to print password, result is correct: test
//my db connection, just in case:
include "config.php";
$connect = mysqli_connect(HOST, USER, PASSWORD, NAME);
// data which should be inserted to db
if
(#$_POST['posted']=='1' $_POST['posted'])) {
$sSQL = "UPDATE users SET user_login='".mysqli_real_escape_string($connect, $_POST['usern'])."',user_pass='".mysqli_real_escape_string($connect, dohashpw($_POST['passw']))."' WHERE ID=1";
mysqli_query($connect, $sSQL) or print(mysql_error());
print ' <div class="container"> <p class="pstype">Password updated! </p>';
...
//input form
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"><input type="hidden" name="posted" value="1" />
<div class="col-xs-3">
<label for="ex2">New Username: </label>
<input type="text" class="form-control input-lg" name="usern" >
</div>
<div class="col-xs-3">
<label for="ex2">New Password: </label>
<input type="password" class="form-control input-lg" name="passw" >
</div>
<div class="col-xs-3">
<input type="submit" value="Submit" onclick="<? mysqli_query ($connect, $sSQL);?>; ">
</div>
</form>
I am able to login this page, but when I fill the form and click Submit, I get login area again. If echo $_SESSION show a correct result, I think that it was established, but data are lost after for submit. Could you please help to find my error?


You are assigning and not comparing here :
elseif ( $_SESSION['txtPassword']=$password ) {
this is better
elseif ( $_SESSION['txtPassword']==$password ) {
but thats a bad idea anyway, passwords should not be stored in session variables like this, and you have to hash them once the user submit them and only manipulate and store the hashed passwords in your code and database


<?php
$password = "test";
session_start();
$_SESSION['txtPassword']= $_POST['txtPassword'] ;
if($_SESSION['txtPassword']!=$password ){
?>
<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ? >">
<p><label for="txtPassword">Password:</label></p>
</br>
<p><input type="text" title="Enter your password" name="txtPassword"/> </p>
<p><input type="submit" name="Submit" value="Login"/></p>
</form>
<?php
}
else{
echo $_SESSION['txtPassword'];
}
?>
i am not understanding why the elseif stands for? you are already checking inside the if condition which both are not equal?.

Related

Showing error message on correct page in PHP

I have 4 forms in my PHP Project. Index.php will store the user's name and id number then they may click next and it will take them to Form2.php. Form2.php will store some random answers of theirs, Form3.php will do the same as Form2 and Form4.php will store a few details then the user can click submit and the record should save in my DB. The issue I am having is that my ID number field is a unique field, and I want an error to show on Index.php when the user clicks Next if the ID input is the same as one in the DB. Currently, it is showing after the submit button is clicked in the last Form. Is there any way to do this?
Index.php
<body>
<center>
<div class="div2">
<h1>Welcome</h1>
<form action="form2.php" method="post">
<p>
<label for="firstName">Named:</label>
<input size="30" class="rounded-input" type="text" name="name" id="name" autocomplete="off" required>
</p>
<p>
<label for="lastName">S ID:</label>
<input size="30" class="rounded-input" type="text" name="Sid" id="Sid" autocomplete="off" required>
</p>
<input class="btn" type="submit" value="Next" style="float: right;">
</form>
</div>
</center>
</body>
Form2.php:
<?php
session_start();
$_SESSION['name'] = $_POST['name'];
$_SESSION['Sid'] = $_POST['Sid'];
?>
<div class="div2">
<h1>How disappointed would you be if this product ceased to exist?</h1>
<form action="form3.php" method="post">
<input type="radio" style="height:20px; width:20px;" required
name="product_exist_satisfaction"
<?php if (isset($product_exist_satisfaction) && $product_exist_satisfaction == "Very disappointed") echo "checked"; ?>
value="Very disappointed">
<label style="font-size: 20px;"> Very disappointed</label><br />
<input type="radio" style="height:20px; width:20px;" required
name="product_exist_satisfaction"
<?php if (isset($product_exist_satisfaction) && $product_exist_satisfaction == "Mildly disappointed") echo "checked"; ?>
value="Mildly disappointed">
<label style="font-size: 20px;"> Mildly disappointed</label><br />
<input type="radio" style="height:20px; width:20px;" required
name="product_exist_satisfaction"
<?php if (isset($product_exist_satisfaction) && $product_exist_satisfaction == "Not at all") echo "checked"; ?>
value="Not at all">
<label style="font-size: 20px;"> Not at all</label><br />
<input type="button" onclick="history.back()"
value="Previous" style="float: left;">
<input type="submit" value="Next" style="float: right;">
</form>
</div>
Insert.php
<?php
session_start();
?>
<body>
<div class="div2">
<?php
$conn = mysqli_connect("localhost", "root", "", "survey");
if ($conn === false) {
die("ERROR: Could not connect. "
. mysqli_connect_error());
}
$stmt = $conn->prepare('insert into `cus_survey`
( `fullname`, `Sid`, `product_exist_satisfaction`,
`system_battery_runout`, `rank_appliances` )
values (?, ?, ?, ?, ?)');
$stmt->bind_param('sssss', $_SESSION['fullname'], $_SESSION['Sid'],
$_SESSION['product_exist_satisfaction'],
$_SESSION['system_battery_runout'],
$_POST['rank_sequence']);
$stmt->execute();
$msg = ($stmt->affected_rows == 1)
? 'Your survey was captured successfully. Thank You!'!'
: 'Sorry, your S ID is used already, Please use another and resubmit.' . "<h3><a href='/index.php'>Click here to edit your S ID</a></h3>" . mysqli_connect_error();
$stmt->close();
$conn->close();
printf('<h3>%s</h3>', $msg);
?>
</div>
</body>

I have not checked the code, but the basic steps are:
-In your index.php, you could post the index to self, by changing to action="<?php echo $_SERVER['PHP_SELF']; ?>"
-You would then run a select query for the Sid
-If Sid is not already in sql table, then you would redirect to form2.php
-else you have Sid already, then set the error message and then display of the index form with the error message.
<?php
// Start/resume sessions
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
//set your error message to empty string
$error_message = "";
// ensure that you actually have values to check
if ((isset($_POST['name'])) &&(isset($_POST['Sid']))) {
// use select statement to verify that the Sid is not already in table
$sql_check = 'SELECT Sid FROM cus_survey...
//...
//... put your check on the result of select statement
if (Sid not already there) {
// redirect to form 2
header("Location: form2.php");
}else{
// If Sid already used found, populate the error message, which will get displayed in your body
$error_message = "Sorry, your S ID is used already, Please use another and submit.";
}
}
?>
<body>
<center>
<div class="div2">
<?php if ($error_message != ""){
?>
<h1>Oops: <?php echo "{$error_message}"; ?></h1>
<?php
}else{
?>
<h1>Welcome</h1>
<?php
};
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>
<label for="firstName">Named:</label>
<input size="30" class="rounded-input" type="text" name="name" id="name" autocomplete="off" required>
</p>
<p>
<label for="lastName">S ID:</label>
<input size="30" class="rounded-input" type="text" name="Sid" id="Sid" autocomplete="off" required>
</p>
<input class="btn" type="submit" value="Next" style="float: right;">
</form>
</div>
</center>
</body>

checking users html form info with PHP on same page

I am trying to write a simple html form which requires the user to enter the correct email and password, using $_SERVER as the action for my form. I do not want to send the POST info to another php page, but I want to do it on the same page instead.
I have set two variables, $correct_email and $correct_password.
Here is the form;
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
<label for="eml">Email:</label>
<input type="email" name="eml" id="eml" required>
<br>
<label for="pwd">Password:</label>
<input type="password" name="pwd" id="pwd" required>
<br>
<input type="hidden" name="checkMe" value="12345">
<input type="submit" name="submit" value="Submit">
</form>
Here is what I am trying to get work in PHP
$correct_email = "(my personal email)";
$correct_password = "password"];
if ($_POST['eml']) == $correct_email && ($_POST['pwd']) == $correct_password {
echo "<h1>You are logged in</h1>";
} else {
echo "<h1>error</h1>";
}
It is not working, please help! I am also unclear on whether the PHP should come before or after the form.
Also, I would like to have the form be cleared from view, on the page, when the correct info is entered.
Thanks so much

Change the name of the submit button - never call anything "submit" in a form
Put the test at the top
You had issues with the ( and ) in the test
Also an issue with a ] after "password"
<?php
if ($_POST["subBut"] === "Submit") {
$correct_email = "(my personal email)";
$correct_password = "password";
if ($_POST['eml'] == $correct_email && $_POST['pwd'] == $correct_password) {
echo "<h1>You are logged in</h1>";
} else {
echo "<h1>error</h1>";
}
}
else {
?>
<form method="post" action="<?php echo htmlspecialchars($_SERVER[" PHP_SELF "]); ?>">
<label for="eml">Email:</label>
<input type="email" name="eml" id="eml" required>
<br>
<label for="pwd">Password:</label>
<input type="password" name="pwd" id="pwd" required>
<br>
<input type="hidden" name="checkMe" value="12345">
<input type="submit" name="subBut" value="Submit">
</form>
<?php } ?>

How to move from current PHP page to another PHP page if condition true?

I am working on a web project where I want to move from one PHP page to another Php page if condition true...
In below login PHP page, I am getting username and password using $_POST[]. if both username and password got matched in (if statement) of current PHP login page then, I want to jump to another PHP page(choice.php) specified in header function below after if.
<html>
<body>
<head>
</head>
<form method="post" action="login.php">
<div id="div1">
<h1>welcome to bizdiary</h1>
<div id="div2">
<label >Username</label>
<input id="name" type="text" name="username" value=""
placeholder="username" />
<label >Password</label><input type="text" name="password" value=""
placeholder="password"/>
<input type='submit' name="login" value="login" >
</form>
<?php
if(isset($_POST['submit'])){
$username=$_POST['username'];
$password=$_POST['password'];
if($username=='root' && $password=='tiger'){
header( "Location:http://localhost/bizdiary/choice.php" ); die;
}
}
?>

This code should work:
The HTML in top of the file.
Remove the action in your form.
<?php
if(isset($_POST['submit'])){
$username=$_POST['username'];
$password=$_POST['password'];
$host = $_SERVER['HTTP_HOST'];
// Put in here the conditional that the request need to accomplish to redirect.
if($username=='root' && $password=='tiger'){
header("Location: http://{$host}/choice.php");
}
}
?>
<html>
<body>
<head>
</head>
<body>
<form method="post">
<div id="div1">
<h1>welcome to bizdiary</h1>
<div id="div2">
<label >Username</label>
<input id="name" type="text" name="username" value="" placeholder="username" />
<label >Password</label>
<input type="text" name="password" value="" placeholder="password"/>
<input type='submit' name="login" value="login" >
</form>
</body>
</html>

You should mysql control. Example
if ($_POST){
$username = htmlspecialchars($_POST['username']);
$password = htmlspecialchars($_POST['password']);
if (empty($username) or empty($password)){
echo 'Don't leave blank.';
}else {
$user = mysql_query('SELECT * FROM user WHERE username = "'.$username.'" AND password = "'.$password.'"');
if (mysql_num_rows($user)){
header('Location: asd.php');
}else {
echo 'Didn't find user.';
}
}
}

issue with echo div in PHP

I am doing the login page If the user not successfully login I will use the the below to handle it, which means the message will be showed on the left of text box pwd. But the message never showed when the login failed. Can you tell me why
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<label>Username:</label>
<input type="text" name="name" size="10"> </br>
<label>Password:</label>
<input type="text" name="pwd" size="10"> </br>
<?php
echo '<div style="position:absolute; left:650px; top:25px;float:left">';
if (isset($username))
{
// if they've tried and failed to log in
echo 'Your password is not right<br />';
}
echo '</div>';
?>
Register &nbsp
<input type=submit name=login value=Login>
</form>
If I dont put PHP code, the message will be showed blow the pwd textbox.But I want is to the left of text box. I am sure the problem is CSS style, because when I just define DIV only has one properties, which is float left the error will be showed blow pwd text box, login and register will be to the right of this error message, which is very strange

If you are not using AJAX, and you are not familiar with it.
Try this!
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<label>Username:</label>
<input type="text" name="name" size="10"> </br>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if(!empty($_POST['name']) && !empty($_POST['pwd'])){
$name = trim($_POST['name']);
$password = trim($_POST['pwd']); # Normally this password is encrypted
# Database Connection Here
if // if they've tried and failed to log in
{
echo '<div style="position:absolute; left:650px; top:25px;float:right">Your password is not right<div/>';
}
}
}
?>
<label>Password:</label>
<input type="text" name="pwd" size="10"> </br>
Register &nbsp
<input type="submit" name="login" value="Login">
The better solution or practice would be to use AJAX. With AJAX you can display your error message anywhere you want. If you want to practice go to the website link below:-
http://www.developphp.com/view.php?tid=1296

Form Submit to change/modify session variables in PHP

At the top I have a session start and the session ID can be passed across all the webpages because the ID is the same on all, this also includes a session variable called 'username' with the value of Guest.
I want to change this variable to the one entered in the form.
This is my first post so sorry for any mistakes.
<form class="form1" method="post" action="./" id="form1">
<fieldset>
<ul>
<p>Please enter your username to continue to the webshop.</p>
<label for="name">User Name:</label><span><input type="text" name="username" placeholder="User Name" class="required" role="input" aria-required="true"/></span>
<input class="submit .transparentButton" value="Next" type="submit" name="Submit"/>
</ul>
<br/>
</fieldset>
</form>
<?
if (isset($_POST['Submit'])) {
$_SESSION['username'] = $_POST['username'];
}
?>
Thanks

You need to take out ./ is in the action="" quotes like below (this is because you are using the same file to process the form)... and always start your php opening with <?php
<form class="form1" method="post" action="" id="form1">
<fieldset>
<ul>
<p>Please enter your username to continue to the webshop.</p>
<label for="name">User Name:</label><span><input type="text" name="username" placeholder="User Name" class="required" role="input" aria-required="true"/></span>
<input class="submit .transparentButton" value="Next" type="submit" name="Submit"/>
</ul>
<br/>
</fieldset>
</form>
<?php
if (isset($_POST['Submit'])) {
$_SESSION['username'] = $_POST['username'];
}
?>
And if you want to test it try something like this:
<?php
if (isset($_POST['Submit'])) {
$_SESSION['username'] = $_POST['username'];
// Use the following code to print out the variables.
echo 'Session: '.$_SESSION['username'];
echo '<br>';
echo 'POST: '.$_POST['username'];
}
?>
Tested the code after making the changes, and it works fine... look:
Update answer based of requests in the comments
<form class="form1" method="post" action="./" id="form1">
<fieldset>
<ul>
<p>Please enter your username to continue to the webshop.</p>
<label for="name">User Name:</label><span><input type="text" name="username" placeholder="User Name" class="required" role="input" aria-required="true"/></span>
<input class="submit .transparentButton" value="Next" type="submit" name="Submit"/>
</ul>
<br/>
</fieldset>
</form>
PUT THIS IN YOUR index.php
<?php
if (isset($_POST['Submit'])) {
$_SESSION['username'] = $_POST['username'];
// Use the following code to print out the variables.
echo 'Session: '.$_SESSION['username'];
echo '<br>';
echo 'POST: '.$_POST['username'];
}
?>

Categories